[PATCH] spec: Enable ch driver
by Praveen K Paladugu
Enabling building and packaging ch driver in the spec file.
Signed-off-by: Praveen K Paladugu <praveenkpaladugu(a)gmail.com>
---
libvirt.spec.in | 51 ++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 48 insertions(+), 3 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 3d5164b534..303d7cb34a 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -35,6 +35,7 @@
%define with_lxc 0%{!?_without_lxc:1}
%define with_libxl 0%{!?_without_libxl:1}
%define with_vbox 0%{!?_without_vbox:1}
+%define with_ch 0%{!?_without_ch:1}
%ifarch %{arches_qemu_kvm}
%define with_qemu_kvm %{with_qemu}
@@ -1026,6 +1027,20 @@ Server side daemon and driver required to manage the virtualization
capabilities of VirtualBox
%endif
+ %if %{with_ch}
+%package daemon-driver-ch
+Summary: Cloud-Hypervisor driver plugin for libvirtd daemon
+Requires: libvirt-daemon-common = %{version}-%{release}
+Requires: libvirt-daemon-log = %{version}-%{release}
+Requires: libvirt-libs = %{version}-%{release}
+
+%description daemon-driver-ch
+The ch driver plugin for the libvirtd daemon, providing
+an implementation of the hypervisor driver APIs by
+Cloud-Hypervisor
+ %endif
+
+
%package client
Summary: Client side utilities of the libvirt library
Requires: libvirt-libs = %{version}-%{release}
@@ -1188,9 +1203,15 @@ exit 1
%endif
%if %{with_esx}
- %define arg_esx -Ddriver_esx=enabled -Dcurl=enabled
+ %define arg_esx -Ddriver_esx=enabled
+%else
+ %define arg_esx -Ddriver_esx=disabled
+%endif
+
+%if %{with_esx} || %{with_ch}
+ %define arg_curl -Dcurl=enabled
%else
- %define arg_esx -Ddriver_esx=disabled -Dcurl=disabled
+ %define arg_curl -Dcurl=disabled
%endif
%if %{with_hyperv}
@@ -1205,6 +1226,12 @@ exit 1
%define arg_vmware -Ddriver_vmware=disabled
%endif
+%if %{with_ch}
+ %define arg_ch -Ddriver_ch=enabled
+%else
+ %define arg_ch -Ddriver_ch=disabled
+%endif
+
%if %{with_storage_rbd}
%define arg_storage_rbd -Dstorage_rbd=enabled
%else
@@ -1335,11 +1362,12 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
-Ddriver_remote=enabled \
-Ddriver_test=enabled \
%{?arg_esx} \
+ %{?arg_curl} \
%{?arg_hyperv} \
%{?arg_vmware} \
+ %{?arg_ch} \
-Ddriver_vz=disabled \
-Ddriver_bhyve=disabled \
- -Ddriver_ch=disabled \
%{?arg_remote_mode} \
-Ddriver_interface=enabled \
-Ddriver_network=enabled \
@@ -1541,6 +1569,10 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
%endif
+ %if ! %{with_ch}
+rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_ch.aug
+rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_ch.aug
+ %endif
# Copied into libvirt-docs subpackage eventually
mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt libvirt-docs
@@ -2405,6 +2437,19 @@ exit 0
%attr(0755, root, root) %{_libexecdir}/libvirt_sanlock_helper
%endif
+ %if %{with_ch}
+%files daemon-driver-ch
+%attr(0755, root, root) %{_sbindir}/virtchd
+%config(noreplace) %{_sysconfdir}/libvirt/virtchd.conf
+%{_datadir}/augeas/lenses/virtchd.aug
+%{_datadir}/augeas/lenses/tests/test_virtchd.aug
+%{_unitdir}/virtchd-admin.socket
+%{_unitdir}/virtchd-ro.socket
+%{_unitdir}/virtchd.service
+%{_unitdir}/virtchd.socket
+%{_libdir}/libvirt/connection-driver/libvirt_driver_ch.so
+ %endif
+
%files client
%{_mandir}/man1/virsh.1*
%{_mandir}/man1/virt-xml-validate.1*
--
2.47.0
1 month
[PATCH] meson: Drop devmapper_dep for libvirt_admin_lib
by Michal Privoznik
Nothing inside libvirt-admin library calls devmapper nor it
should. This is a historic artefact that was just copied over
from autotools era.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
NB, I think there are more deps that can be dropped. I've built
successfully with capng_dep, gnutls_dep, json_c_dep, libssh2_dep,
libssh_dep and sasl_dep removed. Those libraries are required by
libvirt.so which libvirt_admin.so links with.
src/meson.build | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/meson.build b/src/meson.build
index cce89fac27..74fbe43667 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -556,7 +556,6 @@ if conf.has('WITH_REMOTE')
],
dependencies: [
capng_dep,
- devmapper_dep,
gnutls_dep,
json_c_dep,
libssh2_dep,
--
2.45.2
1 month
[PATCH] tools: fix ordering mistake in virt-admin daemon-set-timeout code
by Daniel P. Berrangé
Most of the impl for the 'daemon-set-timeout' command was ordered under
the heading for the 'daemon-log-filters' command.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
tools/virt-admin.c | 67 +++++++++++++++++++++++-----------------------
1 file changed, 34 insertions(+), 33 deletions(-)
diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 3eb4f0f3fd..325b7aa827 100644
--- a/tools/virt-admin.c
+++ b/tools/virt-admin.c
@@ -1005,27 +1005,38 @@ static const vshCmdInfo info_daemon_log_outputs = {
"daemon."),
};
-static const vshCmdOptDef opts_daemon_timeout[] = {
- {.name = "timeout",
- .type = VSH_OT_INT,
- .required = true,
+static const vshCmdOptDef opts_daemon_log_outputs[] = {
+ {.name = "outputs",
+ .type = VSH_OT_STRING,
.positional = true,
- .help = N_("number of seconds the daemon will run without any active connection"),
+ .help = N_("redefine the existing set of logging outputs"),
+ .allowEmpty = true
},
{.name = NULL}
};
static bool
-cmdDaemonTimeout(vshControl *ctl, const vshCmd *cmd)
+cmdDaemonLogOutputs(vshControl *ctl, const vshCmd *cmd)
{
vshAdmControl *priv = ctl->privData;
- unsigned int timeout = 0;
- if (vshCommandOptUInt(ctl, cmd, "timeout", &timeout) < 0)
- return false;
+ if (vshCommandOptBool(cmd, "outputs")) {
+ const char *outputs = NULL;
+ if ((vshCommandOptString(ctl, cmd, "outputs", &outputs) < 0 ||
+ virAdmConnectSetLoggingOutputs(priv->conn, outputs, 0) < 0)) {
+ vshError(ctl, _("Unable to change daemon logging settings"));
+ return false;
+ }
+ } else {
+ g_autofree char *outputs = NULL;
+ if (virAdmConnectGetLoggingOutputs(priv->conn, &outputs, 0) < 0) {
+ vshError(ctl, _("Unable to get daemon logging outputs information"));
+ return false;
+ }
- if (virAdmConnectSetDaemonTimeout(priv->conn, timeout, 0) < 0)
- return false;
+ vshPrintExtra(ctl, " %-15s", _("Logging outputs: "));
+ vshPrint(ctl, "%s\n", NULLSTR_EMPTY(outputs));
+ }
return true;
}
@@ -1040,42 +1051,32 @@ static const vshCmdInfo info_daemon_timeout = {
.desc = N_("set the auto shutdown timeout of the daemon"),
};
-static const vshCmdOptDef opts_daemon_log_outputs[] = {
- {.name = "outputs",
- .type = VSH_OT_STRING,
+static const vshCmdOptDef opts_daemon_timeout[] = {
+ {.name = "timeout",
+ .type = VSH_OT_INT,
+ .required = true,
.positional = true,
- .help = N_("redefine the existing set of logging outputs"),
- .allowEmpty = true
+ .help = N_("number of seconds the daemon will run without any active connection"),
},
{.name = NULL}
};
static bool
-cmdDaemonLogOutputs(vshControl *ctl, const vshCmd *cmd)
+cmdDaemonTimeout(vshControl *ctl, const vshCmd *cmd)
{
vshAdmControl *priv = ctl->privData;
+ unsigned int timeout = 0;
- if (vshCommandOptBool(cmd, "outputs")) {
- const char *outputs = NULL;
- if ((vshCommandOptString(ctl, cmd, "outputs", &outputs) < 0 ||
- virAdmConnectSetLoggingOutputs(priv->conn, outputs, 0) < 0)) {
- vshError(ctl, _("Unable to change daemon logging settings"));
- return false;
- }
- } else {
- g_autofree char *outputs = NULL;
- if (virAdmConnectGetLoggingOutputs(priv->conn, &outputs, 0) < 0) {
- vshError(ctl, _("Unable to get daemon logging outputs information"));
- return false;
- }
+ if (vshCommandOptUInt(ctl, cmd, "timeout", &timeout) < 0)
+ return false;
- vshPrintExtra(ctl, " %-15s", _("Logging outputs: "));
- vshPrint(ctl, "%s\n", NULLSTR_EMPTY(outputs));
- }
+ if (virAdmConnectSetDaemonTimeout(priv->conn, timeout, 0) < 0)
+ return false;
return true;
}
+
static void *
vshAdmConnectionHandler(vshControl *ctl)
{
--
2.47.1
1 month
[PATCH] conf: Restrict model type to enum members
by Adam Julis
Historically, we supported any string as the model type for
network devices. This approach allowed us to stay up-to-date with
QEMU's frequent introduction of new model types. However, this
solution now causes more problems than benefits. A clearly
nonsensical model name can pass validation but result in a QEMU
internal error when the VM is started.
This patch restricts model types to members of the
'virDomainNetModelType' enum. The enum has been extended to include
all model types currently supported by QEMU. If QEMU introduces
new models in the future, the enum must be updated to support
them.
Resolves: https://issues.redhat.com/browse/RHEL-72082
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
I'm not sure if the virtio-net-pci should be in this enum, since its not
located in qemu repo in hw/net/ but in hw/virtio/. When I manually
tested it, the qemu this option supported. The last two members have not
been supported for several years but I wanted to keep backward compatibility.
src/conf/domain_conf.c | 23 +++++++++++++++++++++++
src/conf/domain_conf.h | 23 +++++++++++++++++++++++
src/conf/domain_validate.c | 7 +++++++
3 files changed, 53 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index af88d0bcfd..5e8ca0015d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -613,6 +613,29 @@ VIR_ENUM_IMPL(virDomainNetModel,
"82540EM",
"82545EM",
"82543GC",
+ "dp8393x",
+ "eepro100",
+ "ftgmac100",
+ "igbvf",
+ "lasi_i82596",
+ "mcf_fec",
+ "mipsnet",
+ "ne2000-isa",
+ "ne2000-pci",
+ "npcm7xx_emc",
+ "npcm_gmac",
+ "opencores_eth",
+ "pcnet-pci",
+ "rocker",
+ "spapr_llan",
+ "sungem",
+ "sunhme",
+ "tulip",
+ "virtio-net",
+ "xen_nic",
+ "virtio-net-pci",
+ "etraxfs_eth",
+ "milkymist-minimac2",
);
VIR_ENUM_IMPL(virDomainNetDriver,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 9f7c28343f..d7f0073ba5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -951,6 +951,29 @@ typedef enum {
VIR_DOMAIN_NET_MODEL_82540EM,
VIR_DOMAIN_NET_MODEL_82545EM,
VIR_DOMAIN_NET_MODEL_82543GC,
+ VIR_DOMAIN_NET_MODEL_DP8393X,
+ VIR_DOMAIN_NET_MODEL_EEPRO100,
+ VIR_DOMAIN_NET_MODEL_FTGMAC100,
+ VIR_DOMAIN_NET_MODEL_IGBVF,
+ VIR_DOMAIN_NET_MODEL_LASI_I82596,
+ VIR_DOMAIN_NET_MODEL_MCF_FEC,
+ VIR_DOMAIN_NET_MODEL_MIPSNET,
+ VIR_DOMAIN_NET_MODEL_NE2000_ISA,
+ VIR_DOMAIN_NET_MODEL_NE2000_PCI,
+ VIR_DOMAIN_NET_MODEL_NPCM7XX_EMC,
+ VIR_DOMAIN_NET_MODEL_NPCM_GMAC,
+ VIR_DOMAIN_NET_MODEL_OPENCORES_ETH,
+ VIR_DOMAIN_NET_MODEL_PCNET_PCI,
+ VIR_DOMAIN_NET_MODEL_ROCKER,
+ VIR_DOMAIN_NET_MODEL_SPARP_LLAN,
+ VIR_DOMAIN_NET_MODEL_SUNGEM,
+ VIR_DOMAIN_NET_MODEL_SUNHME,
+ VIR_DOMAIN_NET_MODEL_TULIP,
+ VIR_DOMAIN_NET_MODEL_VIRTIO_NET,
+ VIR_DOMAIN_NET_MODEL_XEN_NIC,
+ VIR_DOMAIN_NET_MODEL_VIRTIO_NET_PCI,
+ VIR_DOMAIN_NET_MODEL_ETRAXFS_ETH,
+ VIR_DOMAIN_NET_MODEL_MILKYMIST_MINIMAC2,
VIR_DOMAIN_NET_MODEL_LAST
} virDomainNetModelType;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1034bb57f5..fed013835d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2218,6 +2218,13 @@ virDomainNetDefValidate(const virDomainNetDef *net)
break;
case VIR_DOMAIN_NET_TYPE_NETWORK:
+ if (net->modelstr) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported model type '%s'"),
+ net->modelstr);
+ return -1;
+ }
+ break;
case VIR_DOMAIN_NET_TYPE_VDPA:
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_CLIENT:
--
2.47.1
1 month
[RFC v3 PATCH 0/4] iproute2 bridge vlan support
by Leigh Brown
As requested by Laine, I have converted the code to use netlink rather
than executing bridge vlan commands. I have also checked it compiles
under FreeBSD.
Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.
The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.
The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.
The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.
The fourth patch updates documentation to match the new capability.
Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.
Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.
Usage example
-------------
Configure the host with systemd-networkd as follows:
/etc/systemd/network/br0.netdev (br0.network not shown)
[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on
/etc/systemd/network/eno1.network
[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60
Then add <vlan> tags into the lxc or qemu config:
lxc interface definition:
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br0'/>
<vlan>
<tag id='40'/>
</vlan>
</interface>
qemu interface definition:
<interface type='network'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source network='br0'/>
<vlan>
<tag id='60'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000'
bus='0x01' slot='0x00' function='0x0'/>
</interface>
Then, after starting them, you will see the following
$ sudo bridge vlan
port vlan-id
eno1 1 PVID Egress Untagged
40
60
br0 1 PVID Egress Untagged
vnet0 60 PVID Egress Untagged
vnet1 40 PVID Egress Untagged
Regards,
Leigh Brown (4):
util: add netlink bridge vlan filtering
util: Add vlan support to virNetDevBridgeAddPort
Enable vlan support for standard linux bridges
docs: standard linux bridges now support vlans
docs/formatdomain.rst | 37 +++++++++---------
docs/formatnetwork.rst | 45 +++++++++++-----------
src/conf/domain_validate.c | 3 +-
src/lxc/lxc_process.c | 3 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c | 75 +++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h | 4 +-
src/util/virnetdevtap.c | 2 +-
src/util/virnetlink.c | 66 ++++++++++++++++++++++++++++++++
src/util/virnetlink.h | 7 ++++
10 files changed, 202 insertions(+), 53 deletions(-)
--
2.39.5
1 month
[PATCH] qemu: allow migration of guest with mdev vGPU to VF vGPU
by Laine Stump
GPU vendors are moving away from using mdev to create virtual GPUs
towards using SRIOV VFs that are vGPUs. In both cases, once created
the vGPUs are assigned to guests via <hostdev> (i.e. VFIO device
assignment), and inside the guest the devices look identical, but mdev
vGPUs are located by QEMU/VFIO using a uuid, while VF vGPUs are
located with a PCI address. So although we generally require the
device on the source host to exactly match the device on the
destination host, in the case of mdev-created vGPU vs. VF vGPU
migration *can* potentially work, except that libvirt has a hard-coded
check that prevents us from even trying.
This patch loosens up that check so that we will allow attempts to
migrate a guest from a source host that has mdev-created vGPUs to a
destination host that has VF vGPUs (and vice versa). The expectation
is that if this doesn't actually work then QEMU will fail and generate
an error that we can report.
Based-on-patch-by: Zhiyi Guo <zhguo(a)redhat.com>
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
Zhiyi's original patch removed the check for subsys type completely,
and this worked. My modified patch keeps the check in place, but
allows it to pass if the src type is pci and dst is mdev, or vice
versa.
src/conf/domain_conf.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4ad8289b89..9d5fda0469 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -20647,13 +20647,27 @@ virDomainHostdevDefCheckABIStability(virDomainHostdevDef *src,
return false;
}
- if (src->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
- src->source.subsys.type != dst->source.subsys.type) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Target host device subsystem %1$s does not match source %2$s"),
- virDomainHostdevSubsysTypeToString(dst->source.subsys.type),
- virDomainHostdevSubsysTypeToString(src->source.subsys.type));
- return false;
+ if (src->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
+ virDomainHostdevSubsysType srcType = src->source.subsys.type;
+ virDomainHostdevSubsysType dstType = dst->source.subsys.type;
+
+ /* If the source and destination subsys types aren't the same,
+ * then migration can't be supported, *except* that it might
+ * be supported to migrate from subsys type 'pci' to 'mdev'
+ * and vice versa. (libvirt can't know for certain whether or
+ * not it will actually work, so we have to just allow it and
+ * count on QEMU to provide us with an error if it fails)
+ */
+
+ if (srcType != dstType
+ && ((srcType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && srcType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV)
+ || (dstType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && dstType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV))) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target host device subsystem type %1$s is not compatible with source subsystem type %2$s"),
+ virDomainHostdevSubsysTypeToString(dstType),
+ virDomainHostdevSubsysTypeToString(srcType));
+ return false;
+ }
}
if (!virDomainDeviceInfoCheckABIStability(src->info, dst->info))
--
2.47.1
1 month
[PATCH] util: fix off-by-1 in inhibitor constants
by Daniel P. Berrangé
The inhibitor constant values were off-by-1, so when converted into
string format, we picked the wrong names
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virinhibitor.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/util/virinhibitor.h b/src/util/virinhibitor.h
index 0a1c445d41..49cf32fbeb 100644
--- a/src/util/virinhibitor.h
+++ b/src/util/virinhibitor.h
@@ -26,13 +26,13 @@ typedef struct _virInhibitor virInhibitor;
typedef enum {
VIR_INHIBITOR_WHAT_NONE = 0,
- VIR_INHIBITOR_WHAT_SLEEP = (1 << 1),
- VIR_INHIBITOR_WHAT_SHUTDOWN = (1 << 2),
- VIR_INHIBITOR_WHAT_IDLE = (1 << 3),
- VIR_INHIBITOR_WHAT_POWER_KEY = (1 << 4),
- VIR_INHIBITOR_WHAT_SUSPEND_KEY = (1 << 5),
- VIR_INHIBITOR_WHAT_HIBERNATE_KEY = (1 << 6),
- VIR_INHIBITOR_WHAT_LID_SWITCH = (1 << 7),
+ VIR_INHIBITOR_WHAT_SLEEP = (1 << 0),
+ VIR_INHIBITOR_WHAT_SHUTDOWN = (1 << 1),
+ VIR_INHIBITOR_WHAT_IDLE = (1 << 2),
+ VIR_INHIBITOR_WHAT_POWER_KEY = (1 << 3),
+ VIR_INHIBITOR_WHAT_SUSPEND_KEY = (1 << 4),
+ VIR_INHIBITOR_WHAT_HIBERNATE_KEY = (1 << 5),
+ VIR_INHIBITOR_WHAT_LID_SWITCH = (1 << 6),
} virInhibitorWhat;
typedef enum {
--
2.47.1
1 month
[PATCH] qemu: Add audit entries for suspend and resume
by Jim Fehlig
We recently received a request from certification auditors to provide
audit entries for suspend and resume. This small patch uses the existing
virtDomainAudit{Start,Stop} functions with new reasons "suspended" and
"resumed".
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
For suspend, I initially wrote the following
virDomainAuditStart(vm, virDomainPausedReasonTypeToString(reason), true);
but I'm not sure it makes sense in resume, where we have reasons such as
VIR_DOMAIN_CRASHED_PANICKED. For symmetry, it seemed best to go with
"suspended" and "resumed".
src/qemu/qemu_driver.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f1a633fdd3..c670bb681e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1682,6 +1682,7 @@ static int qemuDomainSuspend(virDomainPtr dom)
goto endjob;
}
qemuDomainSaveStatus(vm);
+ virDomainAuditStart(vm, "suspended", true);
ret = 0;
endjob:
@@ -1738,6 +1739,7 @@ static int qemuDomainResume(virDomainPtr dom)
}
}
qemuDomainSaveStatus(vm);
+ virDomainAuditStop(vm, "resumed");
ret = 0;
endjob:
--
2.43.0
1 month
[PATCH v2 0/4] fix AppArmor policy restore for runtime rules
by Georgia Garcia
Some rules are generated dynamically during boot and added to the
AppArmor policy. An example of that is macvtap devices that call the
AppArmorSetFDLabel hook to add a rule for the tap device path.
Since this information is dynamic, it is not available in the xml
config, therefore whenever a "Restore" hook is called, the entire
profile is regenerated by virt-aa-helper based only the information
from the VM definition, so the dynamic/runtime information is lost.
This patchset fixes that by storing these rules in a different file
called libvirt-uuid.runtime_files, which is included by
libvirt-uuid.files that already exists. It also includes other fixes
like memory leaks, adoption of the GLib API in the apparmor files and
a fix on the AppArmor policy that incorrectly applies apparmor policy
syntax.
Georgia Garcia (4):
security_apparmor: fix memleaks in AppArmorSetFDLabel
security: replace uses of label and VIR_FREE by g_autofree
apparmor: fix UUID specification
virt-aa-helper: store dynamically generated rules
.../usr.lib.libvirt.virt-aa-helper.in | 5 +-
src/security/apparmor/usr.sbin.libvirtd.in | 7 +-
src/security/security_apparmor.c | 83 +++++-----
src/security/virt-aa-helper.c | 145 +++++++++---------
4 files changed, 120 insertions(+), 120 deletions(-)
--
2.34.1
1 month
[PATCH] meson: remove unneeded dependency on libdevmapper for
storage_disk
by Stefan Hellermann
In commit dfa0e11 the last direct usage of devmapper for storage_disk was
removed. There is one stale include remaining, which is unused even longer
since df1011ca. Remove the include and change meson.build so we can use
storage_disk without devmapper.
I'm running it right now with a stripped-down config on a small arm64
router with openwrt.
Signed-off-by: Stefan Hellermann <stefan(a)the2masters.de>
---
meson.build | 4 ++--
src/storage/parthelper.c | 1 -
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
index ca1b915737..ffe91dbd46 100644
--- a/meson.build
+++ b/meson.build
@@ -1787,11 +1787,11 @@ if conf.has('WITH_LIBVIRTD')
conf.set('WITH_STORAGE_DIR', 1)
endif
- if not get_option('storage_disk').disabled() and devmapper_dep.found() and libparted_dep.found()
+ if not get_option('storage_disk').disabled() and libparted_dep.found()
use_storage = true
conf.set('WITH_STORAGE_DISK', 1)
elif get_option('storage_disk').enabled()
- error('You must install libparted and libdevmapper to compile libvirt with disk storage driver')
+ error('You must install libparted to compile libvirt with disk storage driver')
endif
if not get_option('storage_fs').disabled()
diff --git a/src/storage/parthelper.c b/src/storage/parthelper.c
index ee07ba41bb..1169ebfb64 100644
--- a/src/storage/parthelper.c
+++ b/src/storage/parthelper.c
@@ -31,7 +31,6 @@
#include <config.h>
#include <parted/parted.h>
-#include <libdevmapper.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
--
2.47.1
1 month
