[libvirt PATCH] kbase: sev: Provide more details on virtio-net configuration
by Erik Skultety
With virtio-net further configuration settings are required, so document
them and while at it, fix the Q35 machine XML example which wouldn't
work with SEV because of not disabling vhost and the option boot ROM.
Reported-by: Dr. David Alan Gilbert <dgilbert(a)redhat.com>
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
docs/kbase/launch_security_sev.rst | 28 +++++++++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst
index cfdc2a6120..9df4178aac 100644
--- a/docs/kbase/launch_security_sev.rst
+++ b/docs/kbase/launch_security_sev.rst
@@ -291,8 +291,9 @@ can still perform DoS on each other.
Virtio
------
-In order to make virtio devices work, we need to enable emulated IOMMU
-on the devices so that virtual DMA can work.
+In order to make virtio devices work, we need to use
+``<driver iommu='on'/>`` inside the given device XML element in order
+to enable DMA API in the virtio driver.
::
@@ -337,6 +338,26 @@ model, which means that virtio GPU cannot be used.
...
</domain>
+Virtio-net
+~~~~~~~~~~
+With virtio-net it's also necessary to disable the iPXE option ROM on the
+device as well as disable the vhost protocol as SEV doesn't support either
+(at the time of this writing). This translates to the following XML:
+
+::
+
+ <domain>
+ ...
+ <interface type='network'>
+ ...
+ <model type='virtio'/>
+ <driver name='qemu' iommu='on'/>
+ <rom enabled='no'/>
+ </interface>
+ ...
+ <domain>
+
+
Checking SEV from within the guest
==================================
@@ -423,7 +444,8 @@ Q35 machine
<mac address='52:54:00:cc:56:90'/>
<source network='default'/>
<model type='virtio'/>
- <driver iommu='on'/>
+ <driver name='qemu' iommu='on'/>
+ <rom enabled='no'/>
</interface>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
--
2.26.2
4 years, 3 months
- 2
- 2
[PATCH] meson: fix some FreeBSD checks regressions
by Roman Bogorodskiy
* Add missing prerequisite headers for checking link_addr(3)
in net/if_dl.h,
* Add missing prerequisite headers for checking BRDGSFD, BRDGADD,
BRDGDEL in net/if_bridgevar.h,
* When checking for ifconfig(8), set not only IFCONFIG value,
but also IFCONFIG_PATH as it's used in util/virnetdevip.c.
Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
---
meson.build | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/meson.build b/meson.build
index 19b4795527..0913308bec 100644
--- a/meson.build
+++ b/meson.build
@@ -770,7 +770,7 @@ symbols = [
[ 'linux/if_vlan.h', 'GET_VLAN_VID_CMD' ],
# Check for BSD approach for setting MAC addr
- [ 'net/if_dl.h', 'link_addr' ],
+ [ 'net/if_dl.h', 'link_addr', '#include <sys/types.h>\n#include <sys/socket.h>' ],
]
if host_machine.system() == 'linux'
@@ -791,15 +791,18 @@ if host_machine.system() == 'linux'
endif
foreach symbol : symbols
- if cc.has_header_symbol(symbol[0], symbol[1], args: '-D_GNU_SOURCE')
+ if cc.has_header_symbol(symbol[0], symbol[1], args: '-D_GNU_SOURCE', prefix: symbol.get(2, ''))
conf.set('HAVE_DECL_@0@'.format(symbol[1].to_upper()), 1)
endif
endforeach
# Check for BSD approach for bridge management
-if (cc.has_header_symbol('net/if_bridgevar.h', 'BRDGSFD') and
- cc.has_header_symbol('net/if_bridgevar.h', 'BRDGADD') and
- cc.has_header_symbol('net/if_bridgevar.h', 'BRDGDEL'))
+brd_required_headers = '''#include <stdint.h>
+#include <net/if.h>
+#include <net/ethernet.h>'''
+if (cc.has_header_symbol('net/if_bridgevar.h', 'BRDGSFD', prefix: brd_required_headers) and
+ cc.has_header_symbol('net/if_bridgevar.h', 'BRDGADD', prefix: brd_required_headers) and
+ cc.has_header_symbol('net/if_bridgevar.h', 'BRDGDEL', prefix: brd_required_headers))
conf.set('HAVE_BSD_BRIDGE_MGMT', 1)
endif
@@ -900,6 +903,7 @@ foreach name : required_programs
prog = find_program(name, required: true, dirs: libvirt_sbin_path)
varname = name.underscorify()
conf.set_quoted(varname.to_upper(), prog.path())
+ conf.set_quoted('@0@_PATH'.format(varname.to_upper()), prog.path())
set_variable('@0@_prog'.format(varname), prog)
endforeach
--
2.27.0
4 years, 3 months
- 2
- 2
[libvirt PATCH 00/20] Use SPDX-License-Identifier
by Ján Tomko
Replace the license blurb in every single file with:
SPDX-License-Identifier: <human-readable-string>
Coincidentally, this is also machine readable.
This identifies the few places that use GPL-3.0 (syntax-check),
some places that mistakenly changed the blurb
(patches 1/20 and 4/20).
The other variations were period vs. semicolon at various places
and double vs. single space before 'If not, write...'
Fabricated by calling:
git ls-tree -r HEAD: | grep ^100 | cut -f2 | xargs bash ~/rp
Where ~/rp is a bash script doing:
perl -077 -i -pe 's|LICENSE_BLURB|SPDX-License-Identifier: BLABLA-or-later|' $@
(with some escaping done in the LICENSE_BLURB)
https://gitlab.com/jano.tomko/libvirt/-/pipelines/174244608
Ján Tomko (20):
Use SPDX-License-Identifier for GPL-2.0-or-later-WITHEXP
Use SPDX-License-Identifier for GPL-2.0-or-later
Use SPDX-License-Identifier for GPL-3.0-or-later
Use SPDX-License-Identifier for LGPL-2.1-or-later-double
Use SPDX-License-Identifier for LGPL-2.1-or-later in non-C files
conf: Use SPDX-License-Identifier for LGPL-2.1-or-later
qemu: Use SPDX-License-Identifier for LGPL-2.1-or-later
storage: Use SPDX-License-Identifier for LGPL-2.1-or-later
util: Use SPDX-License-Identifier for LGPL-2.1-or-later
tests: Use SPDX-License-Identifier for LGPL-2.1-or-later
tools: Use SPDX-License-Identifier for LGPL-2.1-or-later
include: Use SPDX-License-Identifier for LGPL-2.1-or-later
bhyve: Use SPDX-License-Identifier for LGPL-2.1-or-later
cpu: Use SPDX-License-Identifier for LGPL-2.1-or-later
libxl: Use SPDX-License-Identifier for LGPL-2.1-or-later
esx: Use SPDX-License-Identifier for LGPL-2.1-or-later
locking: Use SPDX-License-Identifier for LGPL-2.1-or-later
lxc: Use SPDX-License-Identifier for LGPL-2.1-or-later
rpc: Use SPDX-License-Identifier for LGPL-2.1-or-later
Use SPDX-License-Identifier for LGPL-2.1-or-later
build-aux/Makefile.nonreentrant | 14 +-------------
build-aux/check-spacing.pl | 14 +-------------
build-aux/syntax-check.mk | 14 +-------------
build-aux/useless-if-before-free | 13 +------------
build-aux/vc-list-files | 13 +------------
config.h | 14 +-------------
examples/c/domain/dommigrate.c | 14 +-------------
examples/c/domain/domtop.c | 14 +-------------
examples/c/domain/rename.c | 14 +-------------
examples/c/domain/suspend.c | 14 +-------------
examples/sh/virt-lxc-convert | 14 +-------------
examples/systemtap/events.stp | 14 +-------------
examples/systemtap/qemu-monitor.stp | 14 +-------------
examples/systemtap/rpc-monitor.stp | 14 +-------------
include/libvirt/libvirt-admin.h | 14 +-------------
include/libvirt/libvirt-common.h.in | 14 +-------------
include/libvirt/libvirt-domain-checkpoint.h | 14 +-------------
include/libvirt/libvirt-domain-snapshot.h | 14 +-------------
include/libvirt/libvirt-domain.h | 14 +-------------
include/libvirt/libvirt-event.h | 14 +-------------
include/libvirt/libvirt-host.h | 14 +-------------
include/libvirt/libvirt-interface.h | 14 +-------------
include/libvirt/libvirt-lxc.h | 14 +-------------
include/libvirt/libvirt-network.h | 14 +-------------
include/libvirt/libvirt-nodedev.h | 14 +-------------
include/libvirt/libvirt-nwfilter.h | 14 +-------------
include/libvirt/libvirt-qemu.h | 14 +-------------
include/libvirt/libvirt-secret.h | 14 +-------------
include/libvirt/libvirt-storage.h | 14 +-------------
include/libvirt/libvirt-stream.h | 14 +-------------
include/libvirt/libvirt.h | 14 +-------------
include/libvirt/virterror.h | 14 +-------------
run.in | 14 +-------------
scripts/augeas-gentest.py | 14 +-------------
scripts/check-aclperms.py | 14 +-------------
scripts/check-aclrules.py | 14 +-------------
scripts/check-driverimpls.py | 14 +-------------
scripts/check-drivername.py | 14 +-------------
scripts/check-file-access.py | 14 +-------------
scripts/check-remote-protocol.py | 14 +-------------
scripts/check-symfile.py | 14 +-------------
scripts/check-symsorting.py | 14 +-------------
scripts/cocci-macro-file.h | 14 +-------------
scripts/dtrace2systemtap.py | 14 +-------------
scripts/esx_vi_generator.py | 14 +-------------
scripts/genaclperms.py | 14 +-------------
scripts/genpolkit.py | 14 +-------------
scripts/gensystemtap.py | 14 +-------------
scripts/group-qemu-caps.py | 14 +-------------
scripts/header-ifdef.py | 14 +-------------
scripts/hvsupport.py | 14 +-------------
scripts/hyperv_wmi_generator.py | 14 +-------------
scripts/mock-noinline.py | 14 +-------------
scripts/prohibit-duplicate-header.py | 14 +-------------
scripts/test-wrap-argv.py | 14 +-------------
src/access/viraccessdriver.h | 14 +-------------
src/access/viraccessdrivernop.c | 14 +-------------
src/access/viraccessdrivernop.h | 14 +-------------
src/access/viraccessdriverpolkit.c | 14 +-------------
src/access/viraccessdriverpolkit.h | 14 +-------------
src/access/viraccessdriverstack.c | 14 +-------------
src/access/viraccessdriverstack.h | 14 +-------------
src/access/viraccessmanager.c | 14 +-------------
src/access/viraccessmanager.h | 14 +-------------
src/access/viraccessperm.c | 14 +-------------
src/access/viraccessperm.h | 14 +-------------
src/admin/admin_protocol.x | 14 +-------------
src/admin/admin_remote.c | 14 +-------------
src/admin/admin_server.c | 14 +-------------
src/admin/admin_server.h | 14 +-------------
src/admin/admin_server_dispatch.c | 14 +-------------
src/admin/admin_server_dispatch.h | 14 +-------------
src/admin/libvirt-admin.c | 14 +-------------
src/bhyve/bhyve_capabilities.c | 14 +-------------
src/bhyve/bhyve_capabilities.h | 14 +-------------
src/bhyve/bhyve_command.c | 14 +-------------
src/bhyve/bhyve_command.h | 14 +-------------
src/bhyve/bhyve_conf.c | 14 +-------------
src/bhyve/bhyve_conf.h | 14 +-------------
src/bhyve/bhyve_device.c | 14 +-------------
src/bhyve/bhyve_device.h | 14 +-------------
src/bhyve/bhyve_domain.c | 14 +-------------
src/bhyve/bhyve_domain.h | 14 +-------------
src/bhyve/bhyve_driver.c | 14 +-------------
src/bhyve/bhyve_driver.h | 14 +-------------
src/bhyve/bhyve_monitor.c | 14 +-------------
src/bhyve/bhyve_monitor.h | 14 +-------------
src/bhyve/bhyve_parse_command.c | 14 +-------------
src/bhyve/bhyve_parse_command.h | 14 +-------------
src/bhyve/bhyve_process.c | 14 +-------------
src/bhyve/bhyve_process.h | 14 +-------------
src/bhyve/bhyve_utils.h | 14 +-------------
src/conf/backup_conf.c | 14 +-------------
src/conf/backup_conf.h | 14 +-------------
src/conf/capabilities.c | 14 +-------------
src/conf/capabilities.h | 14 +-------------
src/conf/checkpoint_conf.c | 14 +-------------
src/conf/checkpoint_conf.h | 14 +-------------
src/conf/cpu_conf.c | 14 +-------------
src/conf/cpu_conf.h | 14 +-------------
src/conf/device_conf.c | 14 +-------------
src/conf/device_conf.h | 14 +-------------
src/conf/domain_addr.c | 14 +-------------
src/conf/domain_addr.h | 14 +-------------
src/conf/domain_audit.c | 14 +-------------
src/conf/domain_audit.h | 14 +-------------
src/conf/domain_capabilities.c | 14 +-------------
src/conf/domain_capabilities.h | 14 +-------------
src/conf/domain_conf.c | 14 +-------------
src/conf/domain_conf.h | 14 +-------------
src/conf/domain_event.c | 14 +-------------
src/conf/domain_event.h | 14 +-------------
src/conf/domain_nwfilter.c | 14 +-------------
src/conf/domain_nwfilter.h | 14 +-------------
src/conf/interface_conf.c | 14 +-------------
src/conf/interface_conf.h | 14 +-------------
src/conf/moment_conf.c | 14 +-------------
src/conf/moment_conf.h | 14 +-------------
src/conf/netdev_bandwidth_conf.c | 14 +-------------
src/conf/netdev_bandwidth_conf.h | 14 +-------------
src/conf/netdev_vlan_conf.c | 14 +-------------
src/conf/netdev_vlan_conf.h | 14 +-------------
src/conf/netdev_vport_profile_conf.c | 14 +-------------
src/conf/netdev_vport_profile_conf.h | 14 +-------------
src/conf/network_conf.c | 14 +-------------
src/conf/network_conf.h | 14 +-------------
src/conf/network_event.c | 14 +-------------
src/conf/network_event.h | 14 +-------------
src/conf/networkcommon_conf.c | 14 +-------------
src/conf/networkcommon_conf.h | 14 +-------------
src/conf/node_device_conf.c | 14 +-------------
src/conf/node_device_conf.h | 14 +-------------
src/conf/node_device_event.c | 14 +-------------
src/conf/node_device_event.h | 14 +-------------
src/conf/node_device_util.c | 14 +-------------
src/conf/node_device_util.h | 14 +-------------
src/conf/numa_conf.c | 14 +-------------
src/conf/numa_conf.h | 14 +-------------
src/conf/nwfilter_conf.c | 14 +-------------
src/conf/nwfilter_conf.h | 14 +-------------
src/conf/nwfilter_ipaddrmap.c | 14 +-------------
src/conf/nwfilter_ipaddrmap.h | 14 +-------------
src/conf/nwfilter_params.c | 14 +-------------
src/conf/nwfilter_params.h | 14 +-------------
src/conf/object_event.c | 14 +-------------
src/conf/object_event.h | 14 +-------------
src/conf/object_event_private.h | 14 +-------------
src/conf/secret_conf.c | 14 +-------------
src/conf/secret_conf.h | 14 +-------------
src/conf/secret_event.c | 14 +-------------
src/conf/secret_event.h | 14 +-------------
src/conf/snapshot_conf.c | 14 +-------------
src/conf/snapshot_conf.h | 14 +-------------
src/conf/snapshot_conf_priv.h | 14 +-------------
src/conf/storage_adapter_conf.c | 14 +-------------
src/conf/storage_adapter_conf.h | 14 +-------------
src/conf/storage_capabilities.c | 14 +-------------
src/conf/storage_capabilities.h | 14 +-------------
src/conf/storage_conf.c | 14 +-------------
src/conf/storage_conf.h | 14 +-------------
src/conf/storage_event.c | 14 +-------------
src/conf/storage_event.h | 14 +-------------
src/conf/virchrdev.c | 14 +-------------
src/conf/virchrdev.h | 14 +-------------
src/conf/virconftypes.h | 14 +-------------
src/conf/virdomaincheckpointobjlist.c | 14 +-------------
src/conf/virdomaincheckpointobjlist.h | 14 +-------------
src/conf/virdomainmomentobjlist.c | 14 +-------------
src/conf/virdomainmomentobjlist.h | 14 +-------------
src/conf/virdomainobjlist.c | 14 +-------------
src/conf/virdomainobjlist.h | 14 +-------------
src/conf/virdomainsnapshotobjlist.c | 14 +-------------
src/conf/virdomainsnapshotobjlist.h | 14 +-------------
src/conf/virinterfaceobj.c | 14 +-------------
src/conf/virinterfaceobj.h | 14 +-------------
src/conf/virnetworkobj.c | 14 +-------------
src/conf/virnetworkobj.h | 14 +-------------
src/conf/virnetworkportdef.c | 14 +-------------
src/conf/virnetworkportdef.h | 14 +-------------
src/conf/virnodedeviceobj.c | 14 +-------------
src/conf/virnodedeviceobj.h | 14 +-------------
src/conf/virnwfilterbindingdef.c | 14 +-------------
src/conf/virnwfilterbindingdef.h | 14 +-------------
src/conf/virnwfilterbindingobj.c | 14 +-------------
src/conf/virnwfilterbindingobj.h | 14 +-------------
src/conf/virnwfilterbindingobjlist.c | 14 +-------------
src/conf/virnwfilterbindingobjlist.h | 14 +-------------
src/conf/virnwfilterobj.c | 14 +-------------
src/conf/virnwfilterobj.h | 14 +-------------
src/conf/virsavecookie.c | 14 +-------------
src/conf/virsavecookie.h | 14 +-------------
src/conf/virsecretobj.c | 14 +-------------
src/conf/virsecretobj.h | 14 +-------------
src/conf/virstorageobj.c | 14 +-------------
src/conf/virstorageobj.h | 14 +-------------
src/cpu/cpu.c | 14 +-------------
src/cpu/cpu.h | 14 +-------------
src/cpu/cpu_arm.c | 14 +-------------
src/cpu/cpu_arm.h | 14 +-------------
src/cpu/cpu_arm_data.h | 14 +-------------
src/cpu/cpu_map.c | 14 +-------------
src/cpu/cpu_map.h | 14 +-------------
src/cpu/cpu_ppc64.c | 14 +-------------
src/cpu/cpu_ppc64.h | 14 +-------------
src/cpu/cpu_ppc64_data.h | 14 +-------------
src/cpu/cpu_s390.c | 14 +-------------
src/cpu/cpu_s390.h | 14 +-------------
src/cpu/cpu_x86.c | 14 +-------------
src/cpu/cpu_x86.h | 14 +-------------
src/cpu/cpu_x86_data.h | 14 +-------------
src/datatypes.c | 14 +-------------
src/datatypes.h | 14 +-------------
src/driver-hypervisor.h | 14 +-------------
src/driver-interface.h | 14 +-------------
src/driver-network.h | 14 +-------------
src/driver-nodedev.h | 14 +-------------
src/driver-nwfilter.h | 14 +-------------
src/driver-secret.h | 14 +-------------
src/driver-state.h | 14 +-------------
src/driver-storage.h | 14 +-------------
src/driver-stream.h | 14 +-------------
src/driver.c | 14 +-------------
src/driver.h | 14 +-------------
src/esx/esx_driver.c | 14 +-------------
src/esx/esx_driver.h | 14 +-------------
src/esx/esx_interface_driver.c | 14 +-------------
src/esx/esx_interface_driver.h | 14 +-------------
src/esx/esx_network_driver.c | 14 +-------------
src/esx/esx_network_driver.h | 14 +-------------
src/esx/esx_private.h | 14 +-------------
src/esx/esx_storage_backend_iscsi.c | 14 +-------------
src/esx/esx_storage_backend_iscsi.h | 14 +-------------
src/esx/esx_storage_backend_vmfs.c | 14 +-------------
src/esx/esx_storage_backend_vmfs.h | 14 +-------------
src/esx/esx_storage_driver.c | 14 +-------------
src/esx/esx_storage_driver.h | 14 +-------------
src/esx/esx_stream.c | 14 +-------------
src/esx/esx_stream.h | 14 +-------------
src/esx/esx_util.c | 14 +-------------
src/esx/esx_util.h | 14 +-------------
src/esx/esx_vi.c | 14 +-------------
src/esx/esx_vi.h | 14 +-------------
src/esx/esx_vi_methods.c | 14 +-------------
src/esx/esx_vi_methods.h | 14 +-------------
src/esx/esx_vi_types.c | 14 +-------------
src/esx/esx_vi_types.h | 14 +-------------
src/hyperv/hyperv_driver.c | 14 +-------------
src/hyperv/hyperv_driver.h | 14 +-------------
src/hyperv/hyperv_private.h | 14 +-------------
src/hyperv/hyperv_util.c | 14 +-------------
src/hyperv/hyperv_util.h | 14 +-------------
src/hyperv/hyperv_wmi.c | 14 +-------------
src/hyperv/hyperv_wmi.h | 14 +-------------
src/hyperv/hyperv_wmi_classes.c | 14 +-------------
src/hyperv/hyperv_wmi_classes.h | 14 +-------------
src/hyperv/openwsman.h | 14 +-------------
src/hypervisor/domain_cgroup.c | 14 +-------------
src/hypervisor/domain_cgroup.h | 14 +-------------
src/hypervisor/domain_driver.c | 14 +-------------
src/hypervisor/domain_driver.h | 14 +-------------
src/hypervisor/virclosecallbacks.c | 14 +-------------
src/hypervisor/virclosecallbacks.h | 14 +-------------
src/hypervisor/virhostdev.c | 14 +-------------
src/hypervisor/virhostdev.h | 14 +-------------
src/interface/interface_backend_netcf.c | 14 +-------------
src/interface/interface_backend_udev.c | 14 +-------------
src/interface/interface_driver.c | 14 +-------------
src/interface/interface_driver.h | 14 +-------------
src/internal.h | 14 +-------------
src/libvirt-domain-checkpoint.c | 14 +-------------
src/libvirt-domain-snapshot.c | 14 +-------------
src/libvirt-domain.c | 14 +-------------
src/libvirt-host.c | 14 +-------------
src/libvirt-interface.c | 14 +-------------
src/libvirt-lxc.c | 14 +-------------
src/libvirt-network.c | 14 +-------------
src/libvirt-nodedev.c | 14 +-------------
src/libvirt-nwfilter.c | 14 +-------------
src/libvirt-qemu.c | 14 +-------------
src/libvirt-secret.c | 14 +-------------
src/libvirt-storage.c | 14 +-------------
src/libvirt-stream.c | 14 +-------------
src/libvirt.c | 14 +-------------
src/libvirt_internal.h | 14 +-------------
src/libxl/libxl_capabilities.c | 14 +-------------
src/libxl/libxl_capabilities.h | 14 +-------------
src/libxl/libxl_conf.c | 14 +-------------
src/libxl/libxl_conf.h | 14 +-------------
src/libxl/libxl_domain.c | 14 +-------------
src/libxl/libxl_domain.h | 14 +-------------
src/libxl/libxl_driver.c | 14 +-------------
src/libxl/libxl_driver.h | 14 +-------------
src/libxl/libxl_logger.c | 14 +-------------
src/libxl/libxl_logger.h | 14 +-------------
src/libxl/libxl_migration.c | 14 +-------------
src/libxl/libxl_migration.h | 14 +-------------
src/libxl/xen_common.c | 14 +-------------
src/libxl/xen_common.h | 14 +-------------
src/libxl/xen_xl.c | 14 +-------------
src/libxl/xen_xl.h | 14 +-------------
src/libxl/xen_xm.c | 14 +-------------
src/libxl/xen_xm.h | 14 +-------------
src/libxl/xenxs_private.h | 14 +-------------
src/locking/domain_lock.c | 14 +-------------
src/locking/domain_lock.h | 14 +-------------
src/locking/lock_daemon.c | 14 +-------------
src/locking/lock_daemon.h | 14 +-------------
src/locking/lock_daemon_config.c | 14 +-------------
src/locking/lock_daemon_config.h | 14 +-------------
src/locking/lock_daemon_dispatch.c | 14 +-------------
src/locking/lock_daemon_dispatch.h | 14 +-------------
src/locking/lock_driver.h | 14 +-------------
src/locking/lock_driver_lockd.c | 14 +-------------
src/locking/lock_driver_lockd.h | 14 +-------------
src/locking/lock_driver_nop.c | 14 +-------------
src/locking/lock_driver_nop.h | 14 +-------------
src/locking/lock_driver_sanlock.c | 14 +-------------
src/locking/lock_manager.c | 14 +-------------
src/locking/lock_manager.h | 14 +-------------
src/logging/log_daemon.c | 14 +-------------
src/logging/log_daemon.h | 14 +-------------
src/logging/log_daemon_config.c | 14 +-------------
src/logging/log_daemon_config.h | 14 +-------------
src/logging/log_daemon_dispatch.c | 14 +-------------
src/logging/log_daemon_dispatch.h | 14 +-------------
src/logging/log_handler.c | 14 +-------------
src/logging/log_handler.h | 14 +-------------
src/logging/log_manager.c | 14 +-------------
src/logging/log_manager.h | 14 +-------------
src/lxc/lxc_cgroup.c | 14 +-------------
src/lxc/lxc_cgroup.h | 14 +-------------
src/lxc/lxc_conf.c | 14 +-------------
src/lxc/lxc_conf.h | 14 +-------------
src/lxc/lxc_container.c | 14 +-------------
src/lxc/lxc_container.h | 14 +-------------
src/lxc/lxc_controller.c | 14 +-------------
src/lxc/lxc_domain.c | 14 +-------------
src/lxc/lxc_domain.h | 14 +-------------
src/lxc/lxc_driver.c | 14 +-------------
src/lxc/lxc_driver.h | 14 +-------------
src/lxc/lxc_fuse.c | 14 +-------------
src/lxc/lxc_fuse.h | 14 +-------------
src/lxc/lxc_hostdev.c | 14 +-------------
src/lxc/lxc_hostdev.h | 14 +-------------
src/lxc/lxc_monitor.c | 14 +-------------
src/lxc/lxc_monitor.h | 14 +-------------
src/lxc/lxc_native.c | 14 +-------------
src/lxc/lxc_native.h | 14 +-------------
src/lxc/lxc_process.c | 14 +-------------
src/lxc/lxc_process.h | 14 +-------------
src/network/bridge_driver.c | 14 +-------------
src/network/bridge_driver.h | 14 +-------------
src/network/bridge_driver_linux.c | 14 +-------------
src/network/bridge_driver_nop.c | 14 +-------------
src/network/bridge_driver_platform.c | 14 +-------------
src/network/bridge_driver_platform.h | 14 +-------------
src/network/leaseshelper.c | 14 +-------------
src/node_device/node_device_driver.c | 14 +-------------
src/node_device/node_device_driver.h | 14 +-------------
src/node_device/node_device_hal.c | 14 +-------------
src/node_device/node_device_hal.h | 14 +-------------
src/node_device/node_device_udev.c | 14 +-------------
src/node_device/node_device_udev.h | 14 +-------------
src/nwfilter/nwfilter_dhcpsnoop.c | 14 +-------------
src/nwfilter/nwfilter_dhcpsnoop.h | 14 +-------------
src/nwfilter/nwfilter_driver.c | 14 +-------------
src/nwfilter/nwfilter_driver.h | 14 +-------------
src/nwfilter/nwfilter_ebiptables_driver.c | 14 +-------------
src/nwfilter/nwfilter_ebiptables_driver.h | 14 +-------------
src/nwfilter/nwfilter_gentech_driver.c | 14 +-------------
src/nwfilter/nwfilter_gentech_driver.h | 14 +-------------
src/nwfilter/nwfilter_learnipaddr.c | 14 +-------------
src/nwfilter/nwfilter_learnipaddr.h | 14 +-------------
src/nwfilter/nwfilter_tech_driver.h | 14 +-------------
src/openvz/openvz_conf.c | 14 +-------------
src/openvz/openvz_conf.h | 14 +-------------
src/openvz/openvz_driver.c | 14 +-------------
src/openvz/openvz_driver.h | 14 +-------------
src/openvz/openvz_util.c | 14 +-------------
src/openvz/openvz_util.h | 14 +-------------
src/qemu/qemu_agent.c | 14 +-------------
src/qemu/qemu_agent.h | 14 +-------------
src/qemu/qemu_alias.c | 14 +-------------
src/qemu/qemu_alias.h | 14 +-------------
src/qemu/qemu_backup.c | 14 +-------------
src/qemu/qemu_backup.h | 14 +-------------
src/qemu/qemu_block.c | 14 +-------------
src/qemu/qemu_block.h | 14 +-------------
src/qemu/qemu_blockjob.c | 14 +-------------
src/qemu/qemu_blockjob.h | 14 +-------------
src/qemu/qemu_capabilities.c | 14 +-------------
src/qemu/qemu_capabilities.h | 14 +-------------
src/qemu/qemu_capspriv.h | 14 +-------------
src/qemu/qemu_cgroup.c | 14 +-------------
src/qemu/qemu_cgroup.h | 14 +-------------
src/qemu/qemu_checkpoint.c | 14 +-------------
src/qemu/qemu_checkpoint.h | 14 +-------------
src/qemu/qemu_command.c | 14 +-------------
src/qemu/qemu_command.h | 14 +-------------
src/qemu/qemu_conf.c | 14 +-------------
src/qemu/qemu_conf.h | 14 +-------------
src/qemu/qemu_dbus.c | 14 +-------------
src/qemu/qemu_dbus.h | 14 +-------------
src/qemu/qemu_domain.c | 14 +-------------
src/qemu/qemu_domain.h | 14 +-------------
src/qemu/qemu_domain_address.c | 14 +-------------
src/qemu/qemu_domain_address.h | 14 +-------------
src/qemu/qemu_domainjob.c | 14 +-------------
src/qemu/qemu_domainjob.h | 14 +-------------
src/qemu/qemu_driver.c | 14 +-------------
src/qemu/qemu_driver.h | 14 +-------------
src/qemu/qemu_extdevice.c | 14 +-------------
src/qemu/qemu_extdevice.h | 14 +-------------
src/qemu/qemu_firmware.c | 14 +-------------
src/qemu/qemu_firmware.h | 14 +-------------
src/qemu/qemu_hostdev.c | 14 +-------------
src/qemu/qemu_hostdev.h | 14 +-------------
src/qemu/qemu_hotplug.c | 14 +-------------
src/qemu/qemu_hotplug.h | 14 +-------------
src/qemu/qemu_interface.c | 14 +-------------
src/qemu/qemu_interface.h | 14 +-------------
src/qemu/qemu_interop_config.c | 14 +-------------
src/qemu/qemu_interop_config.h | 14 +-------------
src/qemu/qemu_migration.c | 14 +-------------
src/qemu/qemu_migration.h | 14 +-------------
src/qemu/qemu_migration_cookie.c | 14 +-------------
src/qemu/qemu_migration_cookie.h | 14 +-------------
src/qemu/qemu_migration_params.c | 14 +-------------
src/qemu/qemu_migration_params.h | 14 +-------------
src/qemu/qemu_migration_paramspriv.h | 14 +-------------
src/qemu/qemu_monitor.c | 14 +-------------
src/qemu/qemu_monitor.h | 14 +-------------
src/qemu/qemu_monitor_json.c | 14 +-------------
src/qemu/qemu_monitor_json.h | 14 +-------------
src/qemu/qemu_monitor_priv.h | 14 +-------------
src/qemu/qemu_monitor_text.c | 14 +-------------
src/qemu/qemu_monitor_text.h | 14 +-------------
src/qemu/qemu_namespace.c | 14 +-------------
src/qemu/qemu_namespace.h | 14 +-------------
src/qemu/qemu_process.c | 14 +-------------
src/qemu/qemu_process.h | 14 +-------------
src/qemu/qemu_processpriv.h | 14 +-------------
src/qemu/qemu_qapi.c | 14 +-------------
src/qemu/qemu_qapi.h | 14 +-------------
src/qemu/qemu_security.c | 14 +-------------
src/qemu/qemu_security.h | 14 +-------------
src/qemu/qemu_shim.c | 14 +-------------
src/qemu/qemu_slirp.c | 14 +-------------
src/qemu/qemu_slirp.h | 14 +-------------
src/qemu/qemu_tpm.c | 14 +-------------
src/qemu/qemu_tpm.h | 14 +-------------
src/qemu/qemu_validate.c | 14 +-------------
src/qemu/qemu_validate.h | 14 +-------------
src/qemu/qemu_vhost_user.c | 14 +-------------
src/qemu/qemu_vhost_user.h | 14 +-------------
src/qemu/qemu_vhost_user_gpu.c | 14 +-------------
src/qemu/qemu_vhost_user_gpu.h | 14 +-------------
src/qemu/qemu_virtiofs.c | 14 +-------------
src/qemu/qemu_virtiofs.h | 14 +-------------
src/remote/libvirtd.policy | 14 +-------------
src/remote/lxc_protocol.x | 14 +-------------
src/remote/qemu_protocol.x | 14 +-------------
src/remote/remote_daemon.c | 14 +-------------
src/remote/remote_daemon.h | 14 +-------------
src/remote/remote_daemon_config.c | 14 +-------------
src/remote/remote_daemon_config.h | 14 +-------------
src/remote/remote_daemon_dispatch.c | 14 +-------------
src/remote/remote_daemon_dispatch.h | 14 +-------------
src/remote/remote_daemon_stream.c | 14 +-------------
src/remote/remote_daemon_stream.h | 14 +-------------
src/remote/remote_driver.c | 14 +-------------
src/remote/remote_driver.h | 14 +-------------
src/remote/remote_protocol.x | 14 +-------------
src/rpc/gendispatch.pl | 14 +-------------
src/rpc/genprotocol.pl | 14 +-------------
src/rpc/virkeepalive.c | 14 +-------------
src/rpc/virkeepalive.h | 14 +-------------
src/rpc/virnetclient.c | 14 +-------------
src/rpc/virnetclient.h | 14 +-------------
src/rpc/virnetclientprogram.c | 14 +-------------
src/rpc/virnetclientprogram.h | 14 +-------------
src/rpc/virnetclientstream.c | 14 +-------------
src/rpc/virnetclientstream.h | 14 +-------------
src/rpc/virnetdaemon.c | 14 +-------------
src/rpc/virnetdaemon.h | 14 +-------------
src/rpc/virnetlibsshsession.c | 14 +-------------
src/rpc/virnetlibsshsession.h | 14 +-------------
src/rpc/virnetmessage.c | 14 +-------------
src/rpc/virnetmessage.h | 14 +-------------
src/rpc/virnetprotocol.x | 14 +-------------
src/rpc/virnetsaslcontext.c | 14 +-------------
src/rpc/virnetsaslcontext.h | 14 +-------------
src/rpc/virnetserver.c | 14 +-------------
src/rpc/virnetserver.h | 14 +-------------
src/rpc/virnetserverclient.c | 14 +-------------
src/rpc/virnetserverclient.h | 14 +-------------
src/rpc/virnetserverprogram.c | 14 +-------------
src/rpc/virnetserverprogram.h | 14 +-------------
src/rpc/virnetserverservice.c | 14 +-------------
src/rpc/virnetserverservice.h | 14 +-------------
src/rpc/virnetsocket.c | 14 +-------------
src/rpc/virnetsocket.h | 14 +-------------
src/rpc/virnetsshsession.c | 14 +-------------
src/rpc/virnetsshsession.h | 14 +-------------
src/rpc/virnettlscontext.c | 14 +-------------
src/rpc/virnettlscontext.h | 14 +-------------
src/secret/secret_driver.c | 14 +-------------
src/secret/secret_driver.h | 14 +-------------
src/security/security_apparmor.c | 14 +-------------
src/security/security_apparmor.h | 14 +-------------
src/security/security_dac.c | 14 +-------------
src/security/security_dac.h | 14 +-------------
src/security/security_driver.c | 14 +-------------
src/security/security_driver.h | 14 +-------------
src/security/security_manager.c | 14 +-------------
src/security/security_manager.h | 14 +-------------
src/security/security_nop.c | 14 +-------------
src/security/security_nop.h | 14 +-------------
src/security/security_selinux.c | 14 +-------------
src/security/security_selinux.h | 14 +-------------
src/security/security_stack.c | 14 +-------------
src/security/security_stack.h | 14 +-------------
src/security/security_util.c | 14 +-------------
src/security/security_util.h | 14 +-------------
src/security/virt-aa-helper.c | 14 +-------------
src/storage/parthelper.c | 14 +-------------
src/storage/storage_backend.c | 14 +-------------
src/storage/storage_backend.h | 14 +-------------
src/storage/storage_backend_disk.c | 14 +-------------
src/storage/storage_backend_disk.h | 14 +-------------
src/storage/storage_backend_fs.c | 14 +-------------
src/storage/storage_backend_fs.h | 14 +-------------
src/storage/storage_backend_gluster.c | 14 +-------------
src/storage/storage_backend_gluster.h | 14 +-------------
src/storage/storage_backend_iscsi.c | 14 +-------------
src/storage/storage_backend_iscsi.h | 14 +-------------
src/storage/storage_backend_iscsi_direct.c | 14 +-------------
src/storage/storage_backend_iscsi_direct.h | 14 +-------------
src/storage/storage_backend_logical.c | 14 +-------------
src/storage/storage_backend_logical.h | 14 +-------------
src/storage/storage_backend_mpath.c | 14 +-------------
src/storage/storage_backend_mpath.h | 14 +-------------
src/storage/storage_backend_rbd.c | 14 +-------------
src/storage/storage_backend_rbd.h | 14 +-------------
src/storage/storage_backend_scsi.c | 14 +-------------
src/storage/storage_backend_scsi.h | 14 +-------------
src/storage/storage_backend_sheepdog.c | 14 +-------------
src/storage/storage_backend_sheepdog.h | 14 +-------------
src/storage/storage_backend_sheepdog_priv.h | 14 +-------------
src/storage/storage_backend_vstorage.h | 14 +-------------
src/storage/storage_backend_zfs.c | 14 +-------------
src/storage/storage_backend_zfs.h | 14 +-------------
src/storage/storage_driver.c | 14 +-------------
src/storage/storage_driver.h | 14 +-------------
src/storage/storage_file_fs.c | 14 +-------------
src/storage/storage_file_fs.h | 14 +-------------
src/storage/storage_file_gluster.c | 14 +-------------
src/storage/storage_file_gluster.h | 14 +-------------
src/storage/storage_util.c | 14 +-------------
src/storage/storage_util.h | 14 +-------------
src/test/test_driver.c | 14 +-------------
src/test/test_driver.h | 14 +-------------
src/util/glibcompat.c | 14 +-------------
src/util/glibcompat.h | 14 +-------------
src/util/iohelper.c | 14 +-------------
src/util/viralloc.c | 14 +-------------
src/util/viralloc.h | 14 +-------------
src/util/virarch.c | 14 +-------------
src/util/virarch.h | 14 +-------------
src/util/virarptable.c | 14 +-------------
src/util/virarptable.h | 14 +-------------
src/util/viraudit.c | 14 +-------------
src/util/viraudit.h | 14 +-------------
src/util/virauth.c | 14 +-------------
src/util/virauth.h | 14 +-------------
src/util/virauthconfig.c | 14 +-------------
src/util/virauthconfig.h | 14 +-------------
src/util/virbitmap.c | 14 +-------------
src/util/virbitmap.h | 14 +-------------
src/util/virbpf.c | 14 +-------------
src/util/virbpf.h | 14 +-------------
src/util/virbuffer.c | 14 +-------------
src/util/virbuffer.h | 14 +-------------
src/util/vircgroup.c | 14 +-------------
src/util/vircgroup.h | 14 +-------------
src/util/vircgroupbackend.c | 14 +-------------
src/util/vircgroupbackend.h | 14 +-------------
src/util/vircgrouppriv.h | 14 +-------------
src/util/vircgroupv1.c | 14 +-------------
src/util/vircgroupv1.h | 14 +-------------
src/util/vircgroupv2.c | 14 +-------------
src/util/vircgroupv2.h | 14 +-------------
src/util/vircgroupv2devices.c | 14 +-------------
src/util/vircgroupv2devices.h | 14 +-------------
src/util/vircommand.c | 14 +-------------
src/util/vircommand.h | 14 +-------------
src/util/vircommandpriv.h | 14 +-------------
src/util/virconf.c | 14 +-------------
src/util/virconf.h | 14 +-------------
src/util/vircrypto.c | 14 +-------------
src/util/vircrypto.h | 14 +-------------
src/util/virdaemon.c | 14 +-------------
src/util/virdaemon.h | 14 +-------------
src/util/virdbus.c | 14 +-------------
src/util/virdbus.h | 14 +-------------
src/util/virdbuspriv.h | 14 +-------------
src/util/virdevmapper.c | 14 +-------------
src/util/virdevmapper.h | 14 +-------------
src/util/virdnsmasq.c | 14 +-------------
src/util/virdnsmasq.h | 14 +-------------
src/util/virebtables.c | 14 +-------------
src/util/virebtables.h | 14 +-------------
src/util/virendian.h | 14 +-------------
src/util/virenum.c | 14 +-------------
src/util/virenum.h | 14 +-------------
src/util/virerror.c | 14 +-------------
src/util/virerror.h | 14 +-------------
src/util/virerrorpriv.h | 14 +-------------
src/util/virevent.c | 14 +-------------
src/util/virevent.h | 14 +-------------
src/util/vireventglib.c | 14 +-------------
src/util/vireventglib.h | 14 +-------------
src/util/vireventglibwatch.c | 14 +-------------
src/util/vireventglibwatch.h | 14 +-------------
src/util/vireventthread.c | 14 +-------------
src/util/vireventthread.h | 14 +-------------
src/util/virfcp.c | 14 +-------------
src/util/virfcp.h | 14 +-------------
src/util/virfdstream.c | 14 +-------------
src/util/virfdstream.h | 14 +-------------
src/util/virfile.c | 14 +-------------
src/util/virfile.h | 14 +-------------
src/util/virfilecache.c | 14 +-------------
src/util/virfilecache.h | 14 +-------------
src/util/virfirewall.c | 14 +-------------
src/util/virfirewall.h | 14 +-------------
src/util/virfirewalld.c | 14 +-------------
src/util/virfirewalld.h | 14 +-------------
src/util/virfirewalldpriv.h | 14 +-------------
src/util/virfirewallpriv.h | 14 +-------------
src/util/virfirmware.c | 14 +-------------
src/util/virfirmware.h | 14 +-------------
src/util/virgettext.c | 14 +-------------
src/util/virgettext.h | 14 +-------------
src/util/virgic.c | 14 +-------------
src/util/virgic.h | 14 +-------------
src/util/virhashcode.c | 14 +-------------
src/util/virhashcode.h | 14 +-------------
src/util/virhook.c | 14 +-------------
src/util/virhook.h | 14 +-------------
src/util/virhostcpu.c | 14 +-------------
src/util/virhostcpu.h | 14 +-------------
src/util/virhostcpupriv.h | 14 +-------------
src/util/virhostmem.c | 14 +-------------
src/util/virhostmem.h | 14 +-------------
src/util/virhostuptime.c | 14 +-------------
src/util/virhostuptime.h | 14 +-------------
src/util/viridentity.c | 14 +-------------
src/util/viridentity.h | 14 +-------------
src/util/virinitctl.c | 14 +-------------
src/util/virinitctl.h | 14 +-------------
src/util/viriptables.c | 14 +-------------
src/util/viriptables.h | 14 +-------------
src/util/viriscsi.c | 14 +-------------
src/util/viriscsi.h | 14 +-------------
src/util/virjson.c | 14 +-------------
src/util/virjson.h | 14 +-------------
src/util/virkeycode.c | 14 +-------------
src/util/virkeycode.h | 14 +-------------
src/util/virkmod.c | 14 +-------------
src/util/virkmod.h | 14 +-------------
src/util/virlease.c | 14 +-------------
src/util/virlease.h | 14 +-------------
src/util/virlockspace.c | 14 +-------------
src/util/virlockspace.h | 14 +-------------
src/util/virlog.c | 14 +-------------
src/util/virlog.h | 14 +-------------
src/util/virmacaddr.c | 14 +-------------
src/util/virmacaddr.h | 14 +-------------
src/util/virmacmap.c | 14 +-------------
src/util/virmacmap.h | 14 +-------------
src/util/virmdev.c | 14 +-------------
src/util/virmdev.h | 14 +-------------
src/util/virmodule.c | 14 +-------------
src/util/virmodule.h | 14 +-------------
src/util/virnetdev.c | 14 +-------------
src/util/virnetdev.h | 14 +-------------
src/util/virnetdevbandwidth.c | 14 +-------------
src/util/virnetdevbandwidth.h | 14 +-------------
src/util/virnetdevbridge.c | 14 +-------------
src/util/virnetdevbridge.h | 14 +-------------
src/util/virnetdevip.c | 14 +-------------
src/util/virnetdevip.h | 14 +-------------
src/util/virnetdevmacvlan.c | 14 +-------------
src/util/virnetdevmacvlan.h | 14 +-------------
src/util/virnetdevmidonet.c | 14 +-------------
src/util/virnetdevmidonet.h | 14 +-------------
src/util/virnetdevopenvswitch.c | 14 +-------------
src/util/virnetdevopenvswitch.h | 14 +-------------
src/util/virnetdevtap.c | 14 +-------------
src/util/virnetdevtap.h | 14 +-------------
src/util/virnetdevveth.c | 14 +-------------
src/util/virnetdevveth.h | 14 +-------------
src/util/virnetdevvlan.c | 14 +-------------
src/util/virnetdevvlan.h | 14 +-------------
src/util/virnetdevvportprofile.c | 14 +-------------
src/util/virnetdevvportprofile.h | 14 +-------------
src/util/virnetlink.c | 14 +-------------
src/util/virnetlink.h | 14 +-------------
src/util/virnodesuspend.c | 14 +-------------
src/util/virnodesuspend.h | 14 +-------------
src/util/virnuma.c | 14 +-------------
src/util/virnuma.h | 14 +-------------
src/util/virnvme.c | 14 +-------------
src/util/virnvme.h | 14 +-------------
src/util/virobject.c | 14 +-------------
src/util/virobject.h | 14 +-------------
src/util/virpci.c | 14 +-------------
src/util/virpci.h | 14 +-------------
src/util/virperf.c | 14 +-------------
src/util/virperf.h | 14 +-------------
src/util/virpidfile.c | 14 +-------------
src/util/virpidfile.h | 14 +-------------
src/util/virpolkit.c | 14 +-------------
src/util/virpolkit.h | 14 +-------------
src/util/virportallocator.c | 14 +-------------
src/util/virportallocator.h | 14 +-------------
src/util/virprobe.h | 14 +-------------
src/util/virprocess.c | 14 +-------------
src/util/virprocess.h | 14 +-------------
src/util/virqemu.c | 14 +-------------
src/util/virqemu.h | 14 +-------------
src/util/virrandom.c | 14 +-------------
src/util/virrandom.h | 14 +-------------
src/util/virresctrl.c | 14 +-------------
src/util/virresctrl.h | 14 +-------------
src/util/virresctrlpriv.h | 14 +-------------
src/util/virrotatingfile.c | 14 +-------------
src/util/virrotatingfile.h | 14 +-------------
src/util/virscsi.c | 14 +-------------
src/util/virscsi.h | 14 +-------------
src/util/virscsihost.c | 14 +-------------
src/util/virscsihost.h | 14 +-------------
src/util/virscsivhost.c | 14 +-------------
src/util/virscsivhost.h | 14 +-------------
src/util/virseclabel.c | 14 +-------------
src/util/virseclabel.h | 14 +-------------
src/util/virsecret.c | 14 +-------------
src/util/virsecret.h | 14 +-------------
src/util/virsocket.c | 14 +-------------
src/util/virsocket.h | 14 +-------------
src/util/virsocketaddr.c | 14 +-------------
src/util/virsocketaddr.h | 14 +-------------
src/util/virstorageencryption.c | 14 +-------------
src/util/virstorageencryption.h | 14 +-------------
src/util/virstoragefile.c | 14 +-------------
src/util/virstoragefile.h | 14 +-------------
src/util/virstoragefilebackend.c | 14 +-------------
src/util/virstoragefilebackend.h | 14 +-------------
src/util/virstring.c | 14 +-------------
src/util/virstring.h | 14 +-------------
src/util/virsysinfo.c | 14 +-------------
src/util/virsysinfo.h | 14 +-------------
src/util/virsysinfopriv.h | 14 +-------------
src/util/virsystemd.c | 14 +-------------
src/util/virsystemd.h | 14 +-------------
src/util/virsystemdpriv.h | 14 +-------------
src/util/virthread.c | 14 +-------------
src/util/virthread.h | 14 +-------------
src/util/virthreadjob.c | 14 +-------------
src/util/virthreadjob.h | 14 +-------------
src/util/virthreadpool.c | 14 +-------------
src/util/virthreadpool.h | 14 +-------------
src/util/virtime.c | 14 +-------------
src/util/virtime.h | 14 +-------------
src/util/virtpm.c | 14 +-------------
src/util/virtpm.h | 14 +-------------
src/util/virtypedparam-public.c | 14 +-------------
src/util/virtypedparam.c | 14 +-------------
src/util/virtypedparam.h | 14 +-------------
src/util/viruri.c | 14 +-------------
src/util/viruri.h | 14 +-------------
src/util/virusb.c | 14 +-------------
src/util/virusb.h | 14 +-------------
src/util/virutil.c | 14 +-------------
src/util/virutil.h | 14 +-------------
src/util/viruuid.c | 14 +-------------
src/util/viruuid.h | 14 +-------------
src/util/virvhba.c | 14 +-------------
src/util/virvhba.h | 14 +-------------
src/util/virvsock.c | 14 +-------------
src/util/virvsock.h | 14 +-------------
src/util/virxdrdefs.h | 14 +-------------
src/util/virxml.c | 14 +-------------
src/util/virxml.h | 14 +-------------
src/vbox/vbox_common.c | 14 +-------------
src/vbox/vbox_common.h | 14 +-------------
src/vbox/vbox_get_driver.h | 14 +-------------
src/vbox/vbox_network.c | 14 +-------------
src/vbox/vbox_snapshot_conf.c | 14 +-------------
src/vbox/vbox_snapshot_conf.h | 14 +-------------
src/vbox/vbox_storage.c | 14 +-------------
src/vbox/vbox_uniformed_api.h | 14 +-------------
src/vmware/vmware_conf.c | 14 +-------------
src/vmware/vmware_conf.h | 14 +-------------
src/vmware/vmware_driver.c | 14 +-------------
src/vmware/vmware_driver.h | 14 +-------------
src/vmx/vmx.c | 14 +-------------
src/vmx/vmx.h | 14 +-------------
src/vz/vz_driver.c | 14 +-------------
src/vz/vz_driver.h | 14 +-------------
src/vz/vz_sdk.c | 14 +-------------
src/vz/vz_sdk.h | 14 +-------------
src/vz/vz_utils.c | 14 +-------------
src/vz/vz_utils.h | 14 +-------------
tests/commandhelper.c | 14 +-------------
tests/commandtest.c | 14 +-------------
tests/cputest.c | 14 +-------------
tests/domaincapsmock.c | 14 +-------------
tests/domaincapstest.c | 14 +-------------
tests/domainconftest.c | 14 +-------------
tests/eventtest.c | 14 +-------------
tests/fchosttest.c | 14 +-------------
tests/fdstreamtest.c | 14 +-------------
tests/libxlmock.c | 14 +-------------
tests/libxlxml2domconfigtest.c | 14 +-------------
tests/metadatatest.c | 14 +-------------
tests/networkxml2firewalltest.c | 14 +-------------
tests/nsslinktest.c | 14 +-------------
tests/nssmock.c | 14 +-------------
tests/nsstest.c | 14 +-------------
tests/nwfilterebiptablestest.c | 14 +-------------
tests/nwfilterxml2firewalltest.c | 14 +-------------
tests/objecteventtest.c | 14 +-------------
tests/qemuagenttest.c | 14 +-------------
tests/qemublocktest.c | 14 +-------------
tests/qemucapabilitiestest.c | 14 +-------------
tests/qemucaps2xmlmock.c | 14 +-------------
tests/qemucaps2xmltest.c | 14 +-------------
tests/qemucapsprobe.c | 14 +-------------
tests/qemucapsprobemock.c | 14 +-------------
tests/qemucommandutiltest.c | 14 +-------------
tests/qemucpumock.c | 14 +-------------
tests/qemuhotplugmock.c | 14 +-------------
tests/qemuhotplugtest.c | 14 +-------------
tests/qemumigparamstest.c | 14 +-------------
tests/qemumonitorjsontest.c | 14 +-------------
tests/qemumonitortestutils.c | 14 +-------------
tests/qemumonitortestutils.h | 14 +-------------
tests/qemusecuritymock.c | 14 +-------------
tests/qemusecuritytest.c | 14 +-------------
tests/qemusecuritytest.h | 14 +-------------
tests/qemuxml2argvmock.c | 14 +-------------
tests/scsihosttest.c | 14 +-------------
tests/securityselinuxhelper.c | 14 +-------------
tests/securityselinuxlabeltest.c | 15 +--------------
tests/securityselinuxtest.c | 14 +-------------
tests/shunloadhelper.c | 14 +-------------
tests/shunloadtest.c | 14 +-------------
tests/sockettest.c | 14 +-------------
tests/ssh.c | 14 +-------------
tests/storagebackendsheepdogtest.c | 14 +-------------
tests/storagepoolcapstest.c | 14 +-------------
tests/sysinfotest.c | 14 +-------------
tests/test-lib.sh | 14 +-------------
tests/testutils.c | 14 +-------------
tests/testutils.h | 14 +-------------
tests/testutilshostcpus.h | 14 +-------------
tests/testutilslxc.h | 14 +-------------
tests/testutilsqemu.h | 14 +-------------
tests/testutilsqemuschema.c | 14 +-------------
tests/testutilsqemuschema.h | 14 +-------------
tests/testutilsxen.h | 14 +-------------
tests/viralloctest.c | 14 +-------------
tests/virauthconfigtest.c | 14 +-------------
tests/virbitmaptest.c | 14 +-------------
tests/vircaps2xmltest.c | 14 +-------------
tests/vircapstest.c | 14 +-------------
tests/vircgroupmock.c | 14 +-------------
tests/vircgrouptest.c | 14 +-------------
tests/virconftest.c | 14 +-------------
tests/vircryptotest.c | 14 +-------------
tests/virdbusmock.c | 14 +-------------
tests/virdbustest.c | 14 +-------------
tests/virdeterministichashmock.c | 14 +-------------
tests/virdriverconnvalidatetest.c | 14 +-------------
tests/virdrivermoduletest.c | 14 +-------------
tests/virendiantest.c | 14 +-------------
tests/virerrortest.c | 14 +-------------
tests/virfilecachemock.c | 14 +-------------
tests/virfilecachetest.c | 14 +-------------
tests/virfilemock.c | 14 +-------------
tests/virfiletest.c | 14 +-------------
tests/virfilewrapper.c | 14 +-------------
tests/virfilewrapper.h | 14 +-------------
tests/virfirewalltest.c | 14 +-------------
tests/virhashdata.h | 14 +-------------
tests/virhostcpumock.c | 14 +-------------
tests/virhostdevtest.c | 14 +-------------
tests/viridentitytest.c | 14 +-------------
tests/viriscsitest.c | 14 +-------------
tests/virkeycodetest.c | 14 +-------------
tests/virkmodtest.c | 14 +-------------
tests/virlockspacetest.c | 14 +-------------
tests/virlogtest.c | 14 +-------------
tests/virmacmaptest.c | 14 +-------------
tests/virmock.h | 14 +-------------
tests/virmockstathelpers.c | 14 +-------------
tests/virnetdaemonmock.c | 14 +-------------
tests/virnetdaemontest.c | 14 +-------------
tests/virnetdevbandwidthmock.c | 14 +-------------
tests/virnetdevbandwidthtest.c | 14 +-------------
tests/virnetdevmock.c | 14 +-------------
tests/virnetdevopenvswitchtest.c | 14 +-------------
tests/virnetdevtest.c | 14 +-------------
tests/virnetmessagetest.c | 14 +-------------
tests/virnetserverclientmock.c | 14 +-------------
tests/virnetserverclienttest.c | 14 +-------------
tests/virnetsockettest.c | 14 +-------------
tests/virnettlscontexttest.c | 14 +-------------
tests/virnettlshelpers.c | 14 +-------------
tests/virnettlshelpers.h | 14 +-------------
tests/virnettlssessiontest.c | 14 +-------------
tests/virnetworkportxml2xmltest.c | 14 +-------------
tests/virnumamock.c | 14 +-------------
tests/virnwfilterbindingxml2xmltest.c | 14 +-------------
tests/virpcimock.c | 14 +-------------
tests/virpcitest.c | 14 +-------------
tests/virpolkittest.c | 14 +-------------
tests/virportallocatormock.c | 14 +-------------
tests/virportallocatortest.c | 14 +-------------
tests/virprocessmock.c | 14 +-------------
tests/virrandommock.c | 14 +-------------
tests/virrotatingfiletest.c | 14 +-------------
tests/virschematest.c | 14 +-------------
tests/virscsitest.c | 14 +-------------
tests/virsh-auth | 14 +-------------
tests/virsh-checkpoint | 14 +-------------
tests/virsh-cpuset | 14 +-------------
tests/virsh-optparse | 14 +-------------
tests/virsh-read-bufsiz | 14 +-------------
tests/virsh-read-non-seekable | 14 +-------------
tests/virsh-schedinfo | 14 +-------------
tests/virsh-self-test | 14 +-------------
tests/virsh-snapshot | 14 +-------------
tests/virsh-start | 14 +-------------
tests/virsh-undefine | 14 +-------------
tests/virsh-vcpupin | 14 +-------------
tests/virstoragetest.c | 14 +-------------
tests/virstorageutiltest.c | 14 +-------------
tests/virstringtest.c | 14 +-------------
tests/virsystemdtest.c | 14 +-------------
tests/virtestmock.c | 14 +-------------
tests/virtimetest.c | 14 +-------------
tests/virtypedparamtest.c | 14 +-------------
tests/viruritest.c | 14 +-------------
tests/virusbmock.c | 14 +-------------
tests/virusbtest.c | 14 +-------------
tests/vmwarevertest.c | 14 +-------------
tests/vshtabletest.c | 14 +-------------
tests/xlconfigtest.c | 14 +-------------
tests/xmconfigtest.c | 14 +-------------
tools/libvirt-guests.sh.in | 14 +-------------
tools/nss/libvirt_nss.c | 14 +-------------
tools/nss/libvirt_nss.h | 14 +-------------
tools/nss/libvirt_nss_leases.c | 14 +-------------
tools/nss/libvirt_nss_leases.h | 14 +-------------
tools/nss/libvirt_nss_macs.c | 14 +-------------
tools/nss/libvirt_nss_macs.h | 14 +-------------
tools/virsh-backup.c | 14 +-------------
tools/virsh-backup.h | 14 +-------------
tools/virsh-checkpoint.c | 14 +-------------
tools/virsh-checkpoint.h | 14 +-------------
tools/virsh-completer-checkpoint.c | 14 +-------------
tools/virsh-completer-checkpoint.h | 14 +-------------
tools/virsh-completer-domain.c | 14 +-------------
tools/virsh-completer-domain.h | 14 +-------------
tools/virsh-completer-host.c | 14 +-------------
tools/virsh-completer-host.h | 14 +-------------
tools/virsh-completer-interface.c | 14 +-------------
tools/virsh-completer-interface.h | 14 +-------------
tools/virsh-completer-network.c | 14 +-------------
tools/virsh-completer-network.h | 14 +-------------
tools/virsh-completer-nodedev.c | 14 +-------------
tools/virsh-completer-nodedev.h | 14 +-------------
tools/virsh-completer-nwfilter.c | 14 +-------------
tools/virsh-completer-nwfilter.h | 14 +-------------
tools/virsh-completer-pool.c | 14 +-------------
tools/virsh-completer-pool.h | 14 +-------------
tools/virsh-completer-secret.c | 14 +-------------
tools/virsh-completer-secret.h | 14 +-------------
tools/virsh-completer-snapshot.c | 14 +-------------
tools/virsh-completer-snapshot.h | 14 +-------------
tools/virsh-completer-volume.c | 14 +-------------
tools/virsh-completer-volume.h | 14 +-------------
tools/virsh-completer.c | 14 +-------------
tools/virsh-completer.h | 14 +-------------
tools/virsh-console.c | 14 +-------------
tools/virsh-console.h | 14 +-------------
tools/virsh-domain-monitor.c | 14 +-------------
tools/virsh-domain-monitor.h | 14 +-------------
tools/virsh-domain.c | 14 +-------------
tools/virsh-domain.h | 14 +-------------
tools/virsh-edit.c | 14 +-------------
tools/virsh-host.c | 14 +-------------
tools/virsh-host.h | 14 +-------------
tools/virsh-interface.c | 14 +-------------
tools/virsh-interface.h | 14 +-------------
tools/virsh-network.c | 14 +-------------
tools/virsh-network.h | 14 +-------------
tools/virsh-nodedev.c | 14 +-------------
tools/virsh-nodedev.h | 14 +-------------
tools/virsh-nwfilter.c | 14 +-------------
tools/virsh-nwfilter.h | 14 +-------------
tools/virsh-pool.c | 14 +-------------
tools/virsh-pool.h | 14 +-------------
tools/virsh-secret.c | 14 +-------------
tools/virsh-secret.h | 14 +-------------
tools/virsh-snapshot.c | 14 +-------------
tools/virsh-snapshot.h | 14 +-------------
tools/virsh-util.c | 14 +-------------
tools/virsh-util.h | 14 +-------------
tools/virsh-volume.c | 14 +-------------
tools/virsh-volume.h | 14 +-------------
tools/virsh.c | 14 +-------------
tools/virsh.h | 14 +-------------
tools/virt-admin-completer.c | 14 +-------------
tools/virt-admin-completer.h | 14 +-------------
tools/virt-admin.c | 14 +-------------
tools/virt-admin.h | 14 +-------------
tools/virt-host-validate-bhyve.c | 14 +-------------
tools/virt-host-validate-bhyve.h | 14 +-------------
tools/virt-host-validate-common.c | 14 +-------------
tools/virt-host-validate-common.h | 14 +-------------
tools/virt-host-validate-lxc.c | 14 +-------------
tools/virt-host-validate-lxc.h | 14 +-------------
tools/virt-host-validate-qemu.c | 14 +-------------
tools/virt-host-validate-qemu.h | 14 +-------------
tools/virt-host-validate.c | 14 +-------------
tools/virt-login-shell-helper.c | 14 +-------------
tools/virt-login-shell.c | 14 +-------------
tools/virt-pki-validate.in | 14 +-------------
tools/virt-sanlock-cleanup.in | 14 +-------------
tools/virt-xml-validate.in | 13 +------------
tools/vsh-table.c | 14 +-------------
tools/vsh-table.h | 14 +-------------
tools/vsh.c | 14 +-------------
tools/vsh.h | 14 +-------------
tools/wireshark/src/packet-libvirt.c | 14 +-------------
tools/wireshark/src/packet-libvirt.h | 14 +-------------
tools/wireshark/util/genxdrstub.pl | 14 +-------------
1051 files changed, 1051 insertions(+), 13661 deletions(-)
--
2.26.2
4 years, 3 months
- 5
- 28
[PATCH 0/4] Don't leak /dev/mapper/control to QEMU
by Michal Privoznik
These were sent to the libvirt-security list, where they were reviewed.
And before that, I've sent them to the public list:
https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
Anyway, I'm resending here for future reference. Patches are merged so
no need to review.
We are still using libdevmapper after these in
src/storage/storage_backend_mpath.c and thus I'm not removing configure
check. But in time for the next release I will look into it.
Michal Prívozník (4):
virdevmapper.c: Join two WITH_DEVMAPPER sections together
virDevMapperGetTargetsImpl: Use VIR_AUTOSTRINGLIST
virdevmapper: Don't use libdevmapper to obtain dependencies
virDevMapperGetTargets: Don't ignore EBADF
po/POTFILES.in | 1 +
src/qemu/qemu_cgroup.c | 2 +-
src/qemu/qemu_domain.c | 4 +-
src/util/virdevmapper.c | 337 +++++++++++++++++++++++++++-------------
4 files changed, 232 insertions(+), 112 deletions(-)
--
2.26.2
4 years, 3 months
- 4
- 8
[PATCH v2 0/5] Further Debian/Ubuntu Apparmor Delta
by Christian Ehrhardt
Hi,
I don't even remember which number of submissions that is #5 maybe?
Anyway - I'm hereby continuing to bring Debian and Ubuntu apparmor
Delta into upstream libvirt.
I have kept out all patches that are either Distro-specific or we ran
into trouble/discussions in the past. But there are enough left for a
new submission.
I have kept the most-original (read the earliest - as some patches
appeared in Ubuntu and later with a different Author in Debian) patch
author that I could find intact and git-send-email should auto-cc them.
I added some more bug links and descriptions so one can understand the
case a commit tries to fix without knowing too much context.
Update since v1:
- drop a few commits that in discussion turned out to be not/no-more needed
- fixed a few typos
- added the ack's that I received by Jamie Strandboge
Christian Ehrhardt (1):
apparmor: let qemu load old shared objects after upgrades
Jamie Strandboge (1):
apparmor: read only access to overcommit_memory
Sam Hartman (1):
apparmor: allow default pki path
Stefan Bader (2):
apparmor: allow libvirtd to call pygrub
apparmor: qemu access to @{PROC}/*/auxv for hw_cap
src/security/apparmor/libvirt-qemu | 10 ++++++++++
src/security/apparmor/usr.sbin.libvirtd.in | 1 +
2 files changed, 11 insertions(+)
--
2.27.0
4 years, 3 months
- 2
- 8
[PATCH] virnetserver: fix some memory leaks in virNetTLSContextReloadForServer
by Jin Yan
From 55fce33e9cf2d5ea58ebc44b4d78f9c12122fdcb Mon Sep 17 00:00:00 2001
From: Jin Yan <jinyan12(a)huawei.com>
Date: Fri, 7 Aug 2020 15:59:45 +0800
Subject: [PATCH] virnetserver: fix some memory leaks in
virNetTLSContextReloadForServer
These leaks were introduced in commit 15d280fa97b0, use g_autofree for all
cert_path pointers.
Signed-off-by: Jin Yan <jinyan12(a)huawei.com>
---
src/rpc/virnettlscontext.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 168f3010ae..37564db14e 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -921,10 +921,10 @@ int
virNetTLSContextReloadForServer(virNetTLSContextPtr ctxt,
{
gnutls_certificate_credentials_t x509credBak;
int err;
- char *cacert = NULL;
- char *cacrl = NULL;
- char *cert = NULL;
- char *key = NULL;
+ g_autofree char *cacert = NULL;
+ g_autofree char *cacrl = NULL;
+ g_autofree char *cert = NULL;
+ g_autofree char *key = NULL;
x509credBak = ctxt->x509cred;
ctxt->x509cred = NULL;
--
2.23.0
4 years, 3 months
- 2
- 2
[PATCH 0/2] qemu: Add a last-resort warning if object-add/device_add are QAPIfied
by Peter Krempa
See patch 2/2.
Peter Krempa (2):
testutilsqemuschema: Add template checker for schema entries
qemumonitorjsontest: Add a last-resort warning if
object-add/device_add are QAPIfied
tests/qemumonitorjsontest.c | 53 +++++++++++++++++
tests/testutilsqemuschema.c | 115 ++++++++++++++++++++++++++++++++++++
tests/testutilsqemuschema.h | 5 ++
3 files changed, 173 insertions(+)
--
2.26.2
4 years, 3 months
- 2
- 3
[libvirt PATCH] Adds e1000e/vmxnet3 Vnet_hdr suuport
by Patrick Magauran
Libvirt bases its decision about whether to apply the vnet_hdr flag to the tap interface on whether or not the selected model is VirtIO. Originally, VirtIO was the only model to support the vnet_hdr in QEMU; however, the e1000e & vmxnet3 adapters also support it(seemingly from introduction based on commits). This passes the whole packet to the host, reducing emulation overhead and improving performance.
Signed-off-by: Patrick Magauran <patmagauran.j(a)gmail.com>
---
src/conf/domain_conf.c | 8 +++++++-
src/conf/domain_conf.h | 1 +
src/libvirt_private.syms | 1 +
src/qemu/qemu_interface.c | 8 ++++----
4 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 69e0439e7e..cb184110f7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -30981,7 +30981,13 @@ virDomainNetIsVirtioModel(const virDomainNetDef *net)
net->model == VIR_DOMAIN_NET_MODEL_VIRTIO_TRANSITIONAL ||
net->model == VIR_DOMAIN_NET_MODEL_VIRTIO_NON_TRANSITIONAL);
}
-
+bool
+virDomainNetIsVnetCompatModel(const virDomainNetDef *net)
+{
+ return (virDomainNetIsVirtioModel(net) ||
+ net->model == VIR_DOMAIN_NET_MODEL_E1000E ||
+ net->model == VIR_DOMAIN_NET_MODEL_VMXNET3);
+}
/* Return listens[i] from the appropriate union for the graphics
* type, or NULL if this is an unsuitable type, or the index is out of
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 011bf66cb4..cbc46fdf78 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3371,6 +3371,7 @@ const char *virDomainNetGetModelString(const virDomainNetDef *net);
int virDomainNetSetModelString(virDomainNetDefPtr et,
const char *model);
bool virDomainNetIsVirtioModel(const virDomainNetDef *net);
+bool virDomainNetIsVnetCompatModel(const virDomainNetDef *net);
int virDomainNetAppendIPAddress(virDomainNetDefPtr def,
const char *address,
int family,
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 01c2e710cd..2b64042dd2 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -525,6 +525,7 @@ virDomainNetGetActualVlan;
virDomainNetGetModelString;
virDomainNetInsert;
virDomainNetIsVirtioModel;
+virDomainNetIsVnetCompatModel;
virDomainNetModelTypeFromString;
virDomainNetModelTypeToString;
virDomainNetNotifyActualDevice;
diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
index ffec992596..8397ed8645 100644
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -255,7 +255,7 @@ qemuInterfaceDirectConnect(virDomainDefPtr def,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
unsigned int macvlan_create_flags = VIR_NETDEV_MACVLAN_CREATE_WITH_TAP;
- if (virDomainNetIsVirtioModel(net))
+ if (virDomainNetIsVnetCompatModel(net))
macvlan_create_flags |= VIR_NETDEV_MACVLAN_VNET_HDR;
if (virNetDevMacVLanCreateWithVPortProfile(net->ifname,
@@ -417,7 +417,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
}
}
- if (virDomainNetIsVirtioModel(net))
+ if (virDomainNetIsVnetCompatModel(net))
tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
if (net->managed_tap == VIR_TRISTATE_BOOL_NO) {
@@ -436,7 +436,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
if (virNetDevMacVLanTapOpen(net->ifname, tapfd, tapfdSize) < 0)
goto cleanup;
if (virNetDevMacVLanTapSetup(tapfd, tapfdSize,
- virDomainNetIsVirtioModel(net)) < 0) {
+ virDomainNetIsVnetCompatModel(net)) < 0) {
goto cleanup;
}
} else {
@@ -559,7 +559,7 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def,
template_ifname = true;
}
- if (virDomainNetIsVirtioModel(net))
+ if (virDomainNetIsVnetCompatModel(net))
tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
if (driver->privileged) {
--
2.26.2
4 years, 3 months
- 4
- 3
[libvirt PATCH 0/3] some vcpupin/emulatorpin/iothreadpin fixes
by Pavel Hrdina
We should really unify the code and create helpers used by all of these
to prevent all of the bugs fixed by this series.
It started by failing libvirt-dbus test suite. After fixing it I checked
other relevant APIs and drivers and managed to find other issues.
Pavel Hrdina (3):
conf: fix detection of available host CPUs for vcpupin
test: fix emulator pin info in test driver
qemu: consider available CPUs in iothread info output
src/conf/domain_conf.c | 18 +++++-------------
src/conf/domain_conf.h | 4 ++--
src/libxl/libxl_driver.c | 7 ++++++-
src/qemu/qemu_driver.c | 13 ++++++-------
src/test/test_driver.c | 12 ++++++++----
5 files changed, 27 insertions(+), 27 deletions(-)
--
2.26.2
4 years, 3 months
- 2
- 6
[PATCH] remote: use SocketMode=0600 when polkit is not compiled
by Daniel P. Berrangé
The systemd .socket unit files we ship for libvirt daemons use
SocketMode=0666 on the assumption that libvirt is built with
polkit which provides access control.
Some people, however, may have explicitly turned off polkit at
build time and not realize that leaves them insecure unless
they also change the SocketMode. This addresses that problem
by making the SocketMode default to 0600 when polkit is
disabled at compile time.
Note we cannot automatically fix the case where the user
compiles polkit, but then overrides the libvirtd.conf defaults
to disable polkit. This is what lead to CVE-2020-15708 in
Ubuntu 20.10. We can at least improve the inline comments
in the config file to give a clearer warning though, which
may have helped avoid the mistaken config.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/meson.build | 5 +++++
src/remote/libvirtd.conf.in | 38 ++++++++++++++++++++++++++---------
src/remote/libvirtd.socket.in | 2 +-
3 files changed, 35 insertions(+), 10 deletions(-)
diff --git a/src/meson.build b/src/meson.build
index b1c9993bc0..fd23fc55a8 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -776,6 +776,11 @@ if conf.has('WITH_LIBVIRTD')
unit_conf.set('service', unit['service'])
unit_conf.set('sockprefix', unit['sockprefix'])
unit_conf.set('deps', unit.get('deps', ''))
+ if conf.has('WITH_POLKIT')
+ unit_conf.set('mode', '0666')
+ else
+ unit_conf.set('mode', '0600')
+ endif
configure_file(
input: unit['service_in'],
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 2607fbad86..1615f33502 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -127,6 +127,8 @@
#
# Authentication.
#
+# There are choices available:
+#
# - none: do not perform auth checks. If you can connect to the
# socket you are allowed. This is suitable if there are
# restrictions on connecting to the socket (eg, UNIX
@@ -144,21 +146,39 @@
# full read/write access (aka sudo like), while anyone
# is allowed read/only access.
#
+
# Set an authentication scheme for UNIX read-only sockets
+#
# By default socket permissions allow anyone to connect
#
-# To restrict monitoring of domains you may wish to enable
-# an authentication mechanism here
+# If libvirt was compiled without support for 'polkit', then
+# no access control checks are done, but libvirt still only
+# allows execution of APIs which don't change state.
+#
+# If libvirt was compiled with support for 'polkit', then
+# the libvirt socket will perform a check with polkit after
+# connections. The default policy still allows any local
+# user access.
+#
+# To restrict monitoring of domains you may wish to either
+# enable 'sasl' here, or change the polkit policy definition.
#auth_unix_ro = "none"
-# Set an authentication scheme for UNIX read-write sockets
-# By default socket permissions only allow root. If PolicyKit
-# support was compiled into libvirt, the default will be to
-# use 'polkit' auth.
+# Set an authentication scheme for UNIX read-write sockets.
+#
+# If libvirt was compiled without support for 'polkit', then
+# the systemd .socket files will use SocketMode=0600 by default
+# thus only allowing root user to connect, and 'auth_unix_rw'
+# will default to 'none'.
+#
+# If libvirt was compiled with support for 'polkit', then
+# the systemd .socket files will use SocketMode=0666 which
+# allows any user to connect and 'auth_iunix_rw' will default
+# to 'polkit'. If you disable use of 'polkit' here, then it
+# is essential to change the systemd SocketMode parameter
+# back to 0600, to avoid an insecure configuration.
#
-# If the unix_sock_rw_perms are changed you may wish to enable
-# an authentication mechanism here
-#auth_unix_rw = "none"
+#auth_unix_rw = "polkit"
@CUT_ENABLE_IP@
# Change the authentication scheme for TCP sockets.
diff --git a/src/remote/libvirtd.socket.in b/src/remote/libvirtd.socket.in
index df36df2125..85b4aa800a 100644
--- a/src/remote/libvirtd.socket.in
+++ b/src/remote/libvirtd.socket.in
@@ -8,7 +8,7 @@ Before=@service@.service
# when using systemd version < 227
ListenStream=@runstatedir@/libvirt/@sockprefix@-sock
Service=@service@.service
-SocketMode=0666
+SocketMode=@mode@
[Install]
WantedBy=sockets.target
--
2.25.4
4 years, 3 months
- 2
- 1