August 2024 - Devel - Libvirt List Archives

libvirt-python: three patches on Makefile, tox.ini, and domstart.py

by Ariel Otilibili

Hello, I have been using libvirt for some years, and this is my first ever contribution; your feedback is more than welcome. This is a set of patches about changes done in Makefile, tox.ini, and domstart.py. Regards, Ariel

3 months, 2 weeks

3
5
0 / 0

[PATCH 00/12] Introduce SEV-SNP support

by Michal Privoznik

SEV-SNP support just landed in QEMU. Here is the first round of patches to incorporate support into libvirt. TODOs (aka problems of future me): - Teach tools/virt-qemu-sev-validate how to deal with SEV-SNP - Try to find a SEV-SNP machine a test these patches in real worl - Write a kbase article on attestation with SEV-SNP Michal Prívozník (12): qemu_monitor_json: Report error in error paths in SEV related code conf: Move some members of virDomainSEVDef into virDomainSEVCommonDef conf: Separate SEV formatting into a function Drop needless typecast to virDomainLaunchSecurity src: Convert some _virDomainSecDef::sectype checks to switch() qemu_monitor: Allow querying SEV-SNP state in 'query-sev' qemu: Report snp-policy in virDomainGetLaunchSecurityInfo() qemu_capabilities: Introduce QEMU_CAPS_SEV_SNP_GUEST conf: Introduce SEV-SNP support qemu: Build cmd line for SEV-SNP qemu: Allow setting launch security for SEV-SNP qemu_firmware: Pick the right firmware for SEV-SNP guests docs/formatdomain.rst | 108 ++++++++++++ include/libvirt/libvirt-domain.h | 10 ++ src/conf/domain_conf.c | 156 ++++++++++++++---- src/conf/domain_conf.h | 28 +++- src/conf/domain_validate.c | 44 +++++ src/conf/schemas/domaincommon.rng | 73 ++++++-- src/conf/virconftypes.h | 4 + src/qemu/qemu_capabilities.c | 4 + src/qemu/qemu_capabilities.h | 3 + src/qemu/qemu_cgroup.c | 19 ++- src/qemu/qemu_command.c | 56 ++++++- src/qemu/qemu_driver.c | 60 +++++-- src/qemu/qemu_firmware.c | 20 ++- src/qemu/qemu_monitor.c | 7 +- src/qemu/qemu_monitor.h | 41 ++++- src/qemu/qemu_monitor_json.c | 67 ++++++-- src/qemu/qemu_monitor_json.h | 8 +- src/qemu/qemu_namespace.c | 3 +- src/qemu/qemu_process.c | 34 ++-- src/qemu/qemu_validate.c | 13 +- src/security/security_dac.c | 34 +++- .../caps_9.1.0_x86_64.xml | 1 + .../firmware/60-edk2-ovmf-x64-amdsev.json | 1 + tests/qemumonitorjsontest.c | 65 +++++++- ...launch-security-sev-snp.x86_64-latest.args | 35 ++++ .../launch-security-sev-snp.x86_64-latest.xml | 1 + .../launch-security-sev-snp.xml | 47 ++++++ tests/qemuxmlconftest.c | 2 + 28 files changed, 817 insertions(+), 127 deletions(-) create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.args create mode 120000 tests/qemuxmlconfdata/launch-security-sev-snp.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/launch-security-sev-snp.xml -- 2.44.2

3 months, 2 weeks

4
29
0 / 0

[PATCH v2 0/8] New changes in v2:

by Purna Pavan Chandra

* Add version checks in save/restore validations * Add use_timeout in chSocketRecv * Address Praveen Paladugu's comments v1: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/PT... ch: support restore with network devices Current ch driver supports restore only for domains without any network configuration defined. This was because libvirt explicitly passes network fds and CH did not had support to restore with new net FDS. This support has been added recently, https://github.com/cloud-hypervisor/cloud-hypervisor/pull/6402 The changes in this patch series includes moving to socket communication for restore api, create new net fds and pass them via SCM_RIGHTS to CH. Purna Pavan Chandra (8): ch: report response message instead of just code ch: Pass net ids explicitly during vm creation ch: refactor chProcessAddNetworkDevices ch: support poll with -1 in chSocketRecv ch: use monitor socket fd to send restore request ch: refactor virCHMonitorSaveVM ch: support restore with net devices ch: kill CH process if restore fails src/ch/ch_capabilities.c | 6 + src/ch/ch_capabilities.h | 1 + src/ch/ch_driver.c | 29 +++-- src/ch/ch_monitor.c | 62 +++++++---- src/ch/ch_monitor.h | 6 +- src/ch/ch_process.c | 233 +++++++++++++++++++++++++++++++-------- 6 files changed, 254 insertions(+), 83 deletions(-) -- 2.34.1

3 months, 2 weeks

3
12
0 / 0

Release of libvirt-10.6.0

by Jiri Denemark

The 10.6.0 release of both libvirt and libvirt-python is tagged and signed tarballs are available at https://download.libvirt.org/ https://download.libvirt.org/python/ Thanks everybody who helped with this release by sending patches, reviewing, testing, or providing feedback. Your work is greatly appreciated. * Removed features * qemu: Require QEMU-5.2.0 or newer The minimal required version of QEMU was bumped to 5.2.0. * New features * qemu: Add support for the 'pauth' Arm CPU feature * Introduce pstore device The aim of pstore device is to provide a bit of NVRAM storage for guest kernel to record oops/panic logs just before it crashes. Typical usage includes usage in combination with a watchdog so that the logs can be inspected after the watchdog rebooted the machine. * Improvements * qemu: Set 'passt' net backend if 'default' is unsupported If QEMU is compiled without SLIRP support, and if domain XML allows it, starting from this release libvirt will use passt as the default backend instead. Also, supported backends are now reported in the domain capabilities XML. * qemu: add a monitor to /proc/$pid when killing times out In cases when a QEMU process takes longer to be killed, libvirt might have skipped cleaning up after it. But now a /proc/$pid watch is installed so this does not happen ever again. * Bug fixes * virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf When binary version of edk2 is distributed, the files reside under /usr/share/edk2-ovmf. Allow virt-aa-helper to generate paths under that directory. * virt-host-validate: Allow longer list of CPU flags During its run, virt-host-validate parses /proc/cpuinfo to learn about CPU flags. But due to a bug it parsed only the first 1024 bytes worth of CPU flags leading to unexpected results. The file is now parsed properly. * capabilities: Be more forgiving when decoding OEM strings On some systems, OEM strings are scattered in multiple sections. This confused libvirt when generating capabilities XML. Not anymore. Enjoy. Jirka

3 months, 2 weeks

1
0
0 / 0

[PATCH] Revert "network: allow "modify" option for DNS-Srv records"

by Adam Julis

This reverts commit cf934c87cca32149675020ea595712aad25978e6. The matching logic is flawed and it would complicate support of this command. Signed-off-by: Adam Julis <ajulis(a)redhat.com> --- See discussion: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/6... src/conf/network_conf.c | 27 +++++-------------- .../srv-not-existing.xml | 1 - .../srv-record-modify-few.xml | 1 - .../nat-network-dns-srv-modify-few.xml | 26 ------------------ tests/networkxml2xmlupdatetest.c | 10 +------ 5 files changed, 7 insertions(+), 58 deletions(-) delete mode 100644 tests/networkxml2xmlupdatein/srv-not-existing.xml delete mode 100644 tests/networkxml2xmlupdatein/srv-record-modify-few.xml delete mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 68eee367c4..3af4e1d036 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -3257,6 +3257,12 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def, command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST); int foundCt = 0; + if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("DNS SRV records cannot be modified, only added or deleted")); + goto cleanup; + } + if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "srv") < 0) goto cleanup; @@ -3306,27 +3312,6 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def, virNetworkDNSSrvDefClear(&dns->srvs[foundIdx]); VIR_DELETE_ELEMENT(dns->srvs, foundIdx, dns->nsrvs); - } else if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) { - - if (foundCt == 0) { - virReportError(VIR_ERR_OPERATION_INVALID, - _("couldn't locate a matching DNS SRV record in network %1$s"), - def->name); - goto cleanup; - } - - if (foundCt > 1) { - virReportError(VIR_ERR_OPERATION_INVALID, - _("multiple DNS SRV records matching all specified fields were found in network %1$s"), - def->name); - goto cleanup; - } - - virNetworkDNSSrvDefClear(&dns->srvs[foundIdx]); - - memcpy(&dns->srvs[foundIdx], &srv, sizeof(virNetworkDNSSrvDef)); - memset(&srv, 0, sizeof(virNetworkDNSSrvDef)); - } else { virNetworkDefUpdateUnknownCommand(command); goto cleanup; diff --git a/tests/networkxml2xmlupdatein/srv-not-existing.xml b/tests/networkxml2xmlupdatein/srv-not-existing.xml deleted file mode 100644 index 401e14c616..0000000000 --- a/tests/networkxml2xmlupdatein/srv-not-existing.xml +++ /dev/null @@ -1 +0,0 @@ -<srv service='name' protocol='tcp' domain='unknown-domain' target='.' port='666' priority='99' weight='10'/> diff --git a/tests/networkxml2xmlupdatein/srv-record-modify-few.xml b/tests/networkxml2xmlupdatein/srv-record-modify-few.xml deleted file mode 100644 index 88ec1b97d9..0000000000 --- a/tests/networkxml2xmlupdatein/srv-record-modify-few.xml +++ /dev/null @@ -1 +0,0 @@ -<srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1221' priority='42' weight='69'/> diff --git a/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml b/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml deleted file mode 100644 index a7e5fcffa6..0000000000 --- a/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml +++ /dev/null @@ -1,26 +0,0 @@ -<network> - <name>default</name> - <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> - <forward dev='eth1' mode='nat'> - <interface dev='eth1'/> - </forward> - <bridge name='virbr0' stp='on' delay='0'/> - <dns> - <srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1221' priority='42' weight='69'/> - </dns> - <ip address='192.168.122.1' netmask='255.255.255.0'> - <dhcp> - <range start='192.168.122.2' end='192.168.122.254'/> - <host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10'/> - <host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11'/> - </dhcp> - </ip> - <ip family='ipv4' address='192.168.123.1' netmask='255.255.255.0'> - </ip> - <ip family='ipv6' address='2001:db8:ac10:fe01::1' prefix='64'> - </ip> - <ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'> - </ip> - <ip family='ipv4' address='10.24.10.1'> - </ip> -</network> diff --git a/tests/networkxml2xmlupdatetest.c b/tests/networkxml2xmlupdatetest.c index 875cede035..60931a2eba 100644 --- a/tests/networkxml2xmlupdatetest.c +++ b/tests/networkxml2xmlupdatetest.c @@ -337,6 +337,7 @@ mymain(void) "nat-network-dns-srv-record", "nat-network-dns-srv-records", VIR_NETWORK_UPDATE_COMMAND_ADD_LAST); + DO_TEST_FAIL("delete-missing-srv-record-service", "srv-record-service", "nat-network", @@ -359,15 +360,6 @@ mymain(void) "nat-network-dns-srv-record", "nat-network", VIR_NETWORK_UPDATE_COMMAND_DELETE); - DO_TEST("modify-srv-record-protocol", - "srv-record-modify-few", - "nat-network-dns-srv-record", - "nat-network-dns-srv-modify-few", - VIR_NETWORK_UPDATE_COMMAND_MODIFY); - DO_TEST_FAIL("modify-not-existing-srv-record", - "srv-not-existing", - "nat-network-dns-srv-record", - VIR_NETWORK_UPDATE_COMMAND_MODIFY); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -- 2.45.2

3 months, 2 weeks

2
1
0 / 0

[PATCH] network: allow "modify" option for DNS-Srv records

by Adam Julis

The "modify" command allows to replace an existing Srv record (some of its elements respectively: port, priority and weight). The primary key used to choose the modify record is the remaining parameters, only one of them is required. Not using some of these parameters may cause duplicate records and error message. This logic is there because of the previous implementation (Add and Delete options) in the function. Tests in networkxml2xmlupdatetest.c contain replacements of an existing DNS-Srv record and failure due to non-existing record. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/639 Signed-off-by: Adam Julis <ajulis(a)redhat.com> --- src/conf/network_conf.c | 27 ++++++++++++++----- .../srv-not-existing.xml | 1 + .../srv-record-modify-few.xml | 1 + .../nat-network-dns-srv-modify-few.xml | 26 ++++++++++++++++++ tests/networkxml2xmlupdatetest.c | 10 ++++++- 5 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 tests/networkxml2xmlupdatein/srv-not-existing.xml create mode 100644 tests/networkxml2xmlupdatein/srv-record-modify-few.xml create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index 2a541cd5b0..fc387f9566 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -3255,12 +3255,6 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def, command == VIR_NETWORK_UPDATE_COMMAND_ADD_LAST); int foundCt = 0; - if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("DNS SRV records cannot be modified, only added or deleted")); - goto cleanup; - } - if (virNetworkDefUpdateCheckElementName(def, ctxt->node, "srv") < 0) goto cleanup; @@ -3310,6 +3304,27 @@ virNetworkDefUpdateDNSSrv(virNetworkDef *def, virNetworkDNSSrvDefClear(&dns->srvs[foundIdx]); VIR_DELETE_ELEMENT(dns->srvs, foundIdx, dns->nsrvs); + } else if (command == VIR_NETWORK_UPDATE_COMMAND_MODIFY) { + + if (foundCt == 0) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("couldn't locate a matching DNS SRV record in network %1$s"), + def->name); + goto cleanup; + } + + if (foundCt > 1) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("multiple DNS SRV records matching all specified fields were found in network %1$s"), + def->name); + goto cleanup; + } + + virNetworkDNSSrvDefClear(&dns->srvs[foundIdx]); + + memcpy(&dns->srvs[foundIdx], &srv, sizeof(virNetworkDNSSrvDef)); + memset(&srv, 0, sizeof(virNetworkDNSSrvDef)); + } else { virNetworkDefUpdateUnknownCommand(command); goto cleanup; diff --git a/tests/networkxml2xmlupdatein/srv-not-existing.xml b/tests/networkxml2xmlupdatein/srv-not-existing.xml new file mode 100644 index 0000000000..401e14c616 --- /dev/null +++ b/tests/networkxml2xmlupdatein/srv-not-existing.xml @@ -0,0 +1 @@ +<srv service='name' protocol='tcp' domain='unknown-domain' target='.' port='666' priority='99' weight='10'/> diff --git a/tests/networkxml2xmlupdatein/srv-record-modify-few.xml b/tests/networkxml2xmlupdatein/srv-record-modify-few.xml new file mode 100644 index 0000000000..88ec1b97d9 --- /dev/null +++ b/tests/networkxml2xmlupdatein/srv-record-modify-few.xml @@ -0,0 +1 @@ +<srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1221' priority='42' weight='69'/> diff --git a/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml b/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml new file mode 100644 index 0000000000..a7e5fcffa6 --- /dev/null +++ b/tests/networkxml2xmlupdateout/nat-network-dns-srv-modify-few.xml @@ -0,0 +1,26 @@ +<network> + <name>default</name> + <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> + <forward dev='eth1' mode='nat'> + <interface dev='eth1'/> + </forward> + <bridge name='virbr0' stp='on' delay='0'/> + <dns> + <srv service='name' protocol='tcp' domain='test-domain-name' target='.' port='1221' priority='42' weight='69'/> + </dns> + <ip address='192.168.122.1' netmask='255.255.255.0'> + <dhcp> + <range start='192.168.122.2' end='192.168.122.254'/> + <host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10'/> + <host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11'/> + </dhcp> + </ip> + <ip family='ipv4' address='192.168.123.1' netmask='255.255.255.0'> + </ip> + <ip family='ipv6' address='2001:db8:ac10:fe01::1' prefix='64'> + </ip> + <ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'> + </ip> + <ip family='ipv4' address='10.24.10.1'> + </ip> +</network> diff --git a/tests/networkxml2xmlupdatetest.c b/tests/networkxml2xmlupdatetest.c index 383cbf85ce..59e6ce98e5 100644 --- a/tests/networkxml2xmlupdatetest.c +++ b/tests/networkxml2xmlupdatetest.c @@ -328,7 +328,6 @@ mymain(void) "nat-network-dns-srv-record", "nat-network-dns-srv-records", VIR_NETWORK_UPDATE_COMMAND_ADD_LAST); - DO_TEST_FAIL("delete-missing-srv-record-service", "srv-record-service", "nat-network", @@ -351,6 +350,15 @@ mymain(void) "nat-network-dns-srv-record", "nat-network", VIR_NETWORK_UPDATE_COMMAND_DELETE); + DO_TEST("modify-srv-record-protocol", + "srv-record-modify-few", + "nat-network-dns-srv-record", + "nat-network-dns-srv-modify-few", + VIR_NETWORK_UPDATE_COMMAND_MODIFY); + DO_TEST_FAIL("modify-not-existing-srv-record", + "srv-not-existing", + "nat-network-dns-srv-record", + VIR_NETWORK_UPDATE_COMMAND_MODIFY); return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -- 2.45.2

3 months, 2 weeks

3
2
0 / 0

[PATCH v2 0/7] introduce job-change qmp command

by Vladimir Sementsov-Ogievskiy

Hi all! This is an updated first part of my "[RFC 00/15] block job API" Supersedes: <20240313150907.623462-1-vsementsov(a)yandex-team.ru> v2: - only job-change for now, as a first step - drop "type-based unions", and keep type parameter as is for now (I now doubt that this was good idea, as it makes QAPI protocol dependent on context) 03: improve documentation 06: deprecated only block-job-change for now 07: new Vladimir Sementsov-Ogievskiy (7): qapi: rename BlockJobChangeOptions to JobChangeOptions blockjob: block_job_change_locked(): check job type qapi: block-job-change: make copy-mode parameter optional blockjob: move change action implementation to job from block-job qapi: add job-change qapi/block-core: derpecate block-job-change iotests/mirror-change-copy-mode: switch to job-change command block/mirror.c | 13 +++++--- blockdev.c | 4 +-- blockjob.c | 20 ------------ docs/about/deprecated.rst | 5 +++ include/block/blockjob.h | 11 ------- include/block/blockjob_int.h | 7 ----- include/qemu/job.h | 12 +++++++ job-qmp.c | 15 +++++++++ job.c | 23 ++++++++++++++ qapi/block-core.json | 31 ++++++++++++++----- .../tests/mirror-change-copy-mode | 2 +- 11 files changed, 90 insertions(+), 53 deletions(-) -- 2.34.1

3 months, 3 weeks

2
15
0 / 0

[PATCH v5 00/11] qemu: Introduce shared_filesystems configuration option

by Peter Krempa

v4: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/F... For justification see v3: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P... This version includes patches that deal with seclabel remembering without instructing users to disable it. Diff to v4: - added patch 7 cleaning up a helper function (noticed just while reading the code) - added patch 8 properly unrefing security labels in dac/selinux drivers on outgoing migration - patch 11: added handling of the 'nvram' image file (and refactored the function to allow reuse) Tested migrating both ways including uefi nvram image. Didn't test TPM though. Diff to v3 (numbering fixed): - Patch 2/8 was modified to change the docs for the new option. - Patches 1-5 will get an R-b by me as I've adopted them. - Patches 6, 9-11 are new. - Patches 7, 8 were not part of v3 Andrea Bolognani (5): security: Fix alignment qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state Peter Krempa (6): virFileIsSharedFSOverride: Export virParseOwnershipIds: Refactor virSecuritySELinuxRestoreImageLabelInt: Move FD image relabeling after 'migrated' check security_(dac|selinux): Unref remebered security labels on outgoing migration storage_source: Add field for skipping seclabel remembering qemu: migration: Don't remember seclabel for images shared from current host src/conf/storage_source_conf.c | 3 + src/conf/storage_source_conf.h | 9 +++ src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 3 + src/qemu/qemu.conf.in | 26 +++++++++ src/qemu/qemu_conf.c | 31 ++++++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 7 ++- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 86 +++++++++++++++++++++++---- src/qemu/qemu_security.c | 85 ++++++++++++++++++++------- src/qemu/qemu_tpm.c | 38 ++++++------ src/qemu/qemu_tpm.h | 10 ++-- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 8 ++- src/security/security_dac.c | 53 +++++++++++++---- src/security/security_driver.h | 8 ++- src/security/security_manager.c | 33 ++++++++--- src/security/security_manager.h | 9 ++- src/security/security_nop.c | 5 ++ src/security/security_selinux.c | 94 +++++++++++++++++++++--------- src/security/security_stack.c | 32 +++++++--- src/util/virfile.c | 63 +++++++++++++++++++- src/util/virfile.h | 5 +- src/util/virutil.c | 20 +++---- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 30 files changed, 517 insertions(+), 134 deletions(-) -- 2.45.2

3 months, 3 weeks

1
11
0 / 0

[PATCH v4 0/8] qemu: Introduce shared_filesystems configuration option

by Peter Krempa

For justification see v3: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/P... This version includes patches that deal with seclabel remembering without instructing users to disable it. Patch 2/8 was modified to change the docs for the new option. Patches 1-5 will get an R-b by me as I've adopted them. Patches 6-8 are new. Andrea Bolognani (5): security: Fix alignment qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state Peter Krempa (3): virFileIsSharedFSOverride: Export storage_source: Add field for skipping seclabel remembering qemu: migration: Don't remember seclabel for images shared from current host src/conf/storage_source_conf.c | 3 ++ src/conf/storage_source_conf.h | 9 ++++ src/libvirt_private.syms | 1 + src/lxc/lxc_controller.c | 3 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 3 ++ src/qemu/qemu.conf.in | 26 +++++++++ src/qemu/qemu_conf.c | 31 +++++++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 7 ++- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 72 +++++++++++++++++++++---- src/qemu/qemu_security.c | 85 +++++++++++++++++++++++------- src/qemu/qemu_tpm.c | 38 +++++++------ src/qemu/qemu_tpm.h | 10 ++-- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 8 ++- src/security/security_dac.c | 50 ++++++++++++++---- src/security/security_driver.h | 8 ++- src/security/security_manager.c | 33 +++++++++--- src/security/security_manager.h | 9 +++- src/security/security_nop.c | 5 ++ src/security/security_selinux.c | 59 ++++++++++++++++----- src/security/security_stack.c | 32 ++++++++--- src/util/virfile.c | 63 ++++++++++++++++++++-- src/util/virfile.h | 5 +- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 29 files changed, 472 insertions(+), 107 deletions(-) -- 2.45.2

3 months, 3 weeks

2
13
0 / 0

[PATCH 0/2] qemu: Strip <acpi/> from configs on s390

by Peter Krempa

See patch 1 for the rationale. Peter Krempa (2): qemu_domain: Strip <acpi/> from s390(x) definitions qemuxmlconftest: Add tests for the ACPI stripping hack on s390 src/qemu/qemu_domain.c | 94 +++++++++++++++++++ .../aarch64-nousb-acpi.aarch64-latest.err | 1 + tests/qemuxmlconfdata/aarch64-nousb-acpi.xml | 18 ++++ ...ngarch64-virt-acpi.loongarch64-latest.args | 31 ++++++ ...ongarch64-virt-acpi.loongarch64-latest.xml | 26 +++++ .../qemuxmlconfdata/loongarch64-virt-acpi.xml | 15 +++ .../misc-acpi.x86_64-latest.args | 34 ------- .../misc-acpi.x86_64-latest.xml | 41 -------- tests/qemuxmlconfdata/misc-acpi.xml | 33 ------- .../riscv64-virt-acpi.riscv64-latest.args | 33 +++++++ .../riscv64-virt-acpi.riscv64-latest.xml | 36 +++++++ tests/qemuxmlconfdata/riscv64-virt-acpi.xml | 15 +++ .../s390x-ccw-acpi.s390x-latest.args | 32 +++++++ .../s390x-ccw-acpi.s390x-latest.xml | 27 ++++++ tests/qemuxmlconfdata/s390x-ccw-acpi.xml | 15 +++ .../x86_64-q35-acpi.x86_64-latest.args | 38 ++++++++ .../x86_64-q35-acpi.x86_64-latest.xml | 53 +++++++++++ tests/qemuxmlconfdata/x86_64-q35-acpi.xml | 15 +++ tests/qemuxmlconftest.c | 13 ++- 19 files changed, 461 insertions(+), 109 deletions(-) create mode 100644 tests/qemuxmlconfdata/aarch64-nousb-acpi.aarch64-latest.err create mode 100644 tests/qemuxmlconfdata/aarch64-nousb-acpi.xml create mode 100644 tests/qemuxmlconfdata/loongarch64-virt-acpi.loongarch64-latest.args create mode 100644 tests/qemuxmlconfdata/loongarch64-virt-acpi.loongarch64-latest.xml create mode 100644 tests/qemuxmlconfdata/loongarch64-virt-acpi.xml delete mode 100644 tests/qemuxmlconfdata/misc-acpi.x86_64-latest.args delete mode 100644 tests/qemuxmlconfdata/misc-acpi.x86_64-latest.xml delete mode 100644 tests/qemuxmlconfdata/misc-acpi.xml create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.args create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.riscv64-latest.xml create mode 100644 tests/qemuxmlconfdata/riscv64-virt-acpi.xml create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.args create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.s390x-latest.xml create mode 100644 tests/qemuxmlconfdata/s390x-ccw-acpi.xml create mode 100644 tests/qemuxmlconfdata/x86_64-q35-acpi.x86_64-latest.args create mode 100644 tests/qemuxmlconfdata/x86_64-q35-acpi.x86_64-latest.xml create mode 100644 tests/qemuxmlconfdata/x86_64-q35-acpi.xml -- 2.45.2

3 months, 3 weeks

3
11
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel August 2024