[PATCH] virtiofs: allow read only mode
by Adam Julis
Resolves: https://issues.redhat.com/browse/RHEL-72192
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
docs/formatdomain.rst | 2 +-
src/qemu/qemu_validate.c | 11 -----
src/qemu/qemu_virtiofs.c | 3 ++
.../vhost-user-fs-readonly.x86_64-latest.args | 34 ++++++++++++++
.../vhost-user-fs-readonly.x86_64-latest.err | 1 -
.../vhost-user-fs-readonly.x86_64-latest.xml | 45 +++++++++++++++++++
.../vhost-user-fs-readonly.xml | 1 +
tests/qemuxmlconftest.c | 2 +-
8 files changed, 85 insertions(+), 14 deletions(-)
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
delete mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 8d787ef59a..e8e8336708 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3824,7 +3824,7 @@ A directory on the host that can be accessed directly from the guest.
:since:`Since 10.0.0`
``readonly``
Enables exporting filesystem as a readonly mount for guest, by default
- read-write access is given (currently only works for QEMU/KVM driver; not
+ read-write access is given (works for QEMU/KVM driver and :since:`Since 11.0.0`
with virtiofs).
``space_hard_limit``
Maximum space available to this guest's filesystem. :since:`Since 0.9.13`
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index aaa056379e..086c66b602 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4540,11 +4540,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
case VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS:
if (!fs->sock) {
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not yet support read-only mode"));
- return -1;
- }
if (fs->accessmode != VIR_DOMAIN_FS_ACCESSMODE_PASSTHROUGH) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs only supports passthrough accessmode"));
@@ -4557,12 +4552,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
}
}
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not support read-only access"));
- return -1;
- }
-
if (fs->model != VIR_DOMAIN_FS_MODEL_DEFAULT) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs does not support model"));
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 87226be288..dd3e0dd9fe 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -228,6 +228,9 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
fs->idmap.gidmap[i].count);
}
+ if (fs->readonly)
+ virCommandAddArg(cmd, "--readonly");
+
return g_steal_pointer(&cmd);
}
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
new file mode 100644
index 0000000000..d3c71544f8
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
@@ -0,0 +1,34 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc,usb=off,dump-guest-core=off,acpi=off \
+-accel kvm \
+-cpu qemu64 \
+-m size=14680064k \
+-overcommit mem-lock=off \
+-smp 2,sockets=2,cores=1,threads=1 \
+-object '{"qom-type":"memory-backend-file","id":"ram-node0","mem-path":"/var/lib/libvirt/qemu/ram/-1-guest/ram-node0","share":true,"size":15032385536}' \
+-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \
+-uuid 126f2720-6f8e-45ab-a886-ec9277079a67 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-chardev socket,id=chr-vu-fs0,path=/var/lib/libvirt/qemu/domain--1-guest/fs0-fs.sock \
+-device '{"driver":"vhost-user-fs-pci","id":"fs0","chardev":"chr-vu-fs0","queue-size":1024,"tag":"mount_tag","bus":"pci.0","addr":"0x2"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
deleted file mode 100644
index fff45fac4b..0000000000
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: virtiofs does not yet support read-only mode
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
new file mode 100644
index 0000000000..c9c1e5c3d2
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
@@ -0,0 +1,45 @@
+<domain type='kvm'>
+ <name>guest</name>
+ <uuid>126f2720-6f8e-45ab-a886-ec9277079a67</uuid>
+ <memory unit='KiB'>14680064</memory>
+ <currentMemory unit='KiB'>14680064</currentMemory>
+ <memoryBacking>
+ <source type='file'/>
+ <access mode='shared'/>
+ </memoryBacking>
+ <vcpu placement='static'>2</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='14680064' unit='KiB' memAccess='shared'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <filesystem type='mount' accessmode='passthrough'>
+ <driver type='virtiofs' queue='1024'/>
+ <binary path='/usr/libexec/virtiofsd' xattr='on'>
+ <cache mode='always'/>
+ <lock posix='off' flock='off'/>
+ </binary>
+ <source dir='/path'/>
+ <target dir='mount_tag'/>
+ <readonly/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </filesystem>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
index 003ed41eb3..c9c1e5c3d2 100644
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
@@ -39,6 +39,7 @@
</filesystem>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 21b56dc94e..6a46bfc7a3 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2880,7 +2880,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-openfiles");
DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
- DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-readonly");
+ DO_TEST_CAPS_LATEST("vhost-user-fs-readonly");
DO_TEST_CAPS_ARCH_LATEST("vhost-user-fs-ccw", "s390x");
DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("vhost-user-fs-ccw-bootindex", "s390x");
--
2.47.1
1 month
Plans for 11.0.0 release (freeze on Thursday 09 Jan)
by Jiri Denemark
We are getting close to 11.0.0 release of libvirt. To aim for the
release on Wednesday 15 Jan I suggest entering the freeze on Thursday
09 Jan and tagging RC2 on Monday 13 Jan.
I hope this works for everyone.
Jirka
1 month
[libvirt PATCH v2 0/2] conf: Adjust hyperv tlbflush formatting
by Ján Tomko
Including the refactor.
Ján Tomko (1):
conf: refactor hyperv features formatting
Martin Kletzander (1):
conf: Adjust hyperv tlbflush formatting
src/conf/domain_conf.c | 57 ++++++++++---------
.../qemuxmlconfdata/hyperv.x86_64-latest.xml | 5 +-
2 files changed, 33 insertions(+), 29 deletions(-)
--
2.47.0
1 month
[PATCH] security: apparmor: Remove hardcoded "libvirtd" profile name
by Jim Fehlig
The apparmor driver probe function checks for an active profile matching
the full path of the running daemon binary. If not found, it checks for
a profile named "libvirtd". This works fine when the running daemon is the
old monolithic libvirtd, but fails with modular daemons.
Remove the check for a hardcoded "libvirtd" profile and replace with the
basename of the running daemon binary.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
src/security/security_apparmor.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index c8e77c6cd2..eed0f265d6 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -239,7 +239,9 @@ use_apparmor(void)
*/
rc = profile_status(libvirt_daemon, 1);
if (rc < 0) {
- rc = profile_status("libvirtd", 1);
+ g_autofree char *basename = g_path_get_basename(libvirt_daemon);
+
+ rc = profile_status(basename, 1);
/* Error or unconfined should all result in -1 */
if (rc < 0)
rc = -1;
--
2.43.0
1 month
[PATCH] conf: Adjust hyperv tlbflush formatting
by Martin Kletzander
Commi 247357cc292a added support for direct and extended modes for
tlbflush, but forgot to do the formatting as well. Instead of rewriting
the whole hyperv feature formatting to use yet another attribute and
child buffers, just fix it in a way the other features are and leave the
refactoring to later. One reason for that is that we should fix this
ASAP since without this patch the features will be stripped when
formatting the XML on the disk and lost after next daemon reload.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
src/conf/domain_conf.c | 20 ++++++++++++++++++-
.../qemuxmlconfdata/hyperv.x86_64-latest.xml | 5 ++++-
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 785eb0e539b4..ae56b292ad1e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -27972,7 +27972,6 @@ virDomainDefFormatFeatures(virBuffer *buf,
case VIR_DOMAIN_HYPERV_RESET:
case VIR_DOMAIN_HYPERV_FREQUENCIES:
case VIR_DOMAIN_HYPERV_REENLIGHTENMENT:
- case VIR_DOMAIN_HYPERV_TLBFLUSH:
case VIR_DOMAIN_HYPERV_IPI:
case VIR_DOMAIN_HYPERV_EVMCS:
case VIR_DOMAIN_HYPERV_AVIC:
@@ -28016,6 +28015,25 @@ virDomainDefFormatFeatures(virBuffer *buf,
def->hyperv_vendor_id);
break;
+ case VIR_DOMAIN_HYPERV_TLBFLUSH:
+ if (def->hyperv_features[j] != VIR_TRISTATE_SWITCH_ON) {
+ virBufferAddLit(&childBuf, "/>\n");
+ break;
+ }
+ if (def->hyperv_tlbflush_direct == VIR_TRISTATE_SWITCH_ON ||
+ def->hyperv_tlbflush_extended == VIR_TRISTATE_SWITCH_ON) {
+ virBufferAddLit(&childBuf, ">\n");
+ virBufferAdjustIndent(&childBuf, 2);
+ if (def->hyperv_tlbflush_direct == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&childBuf, "<direct state='on'/>\n");
+ if (def->hyperv_tlbflush_extended == VIR_TRISTATE_SWITCH_ON)
+ virBufferAddLit(&childBuf, "<extended state='on'/>\n");
+ virBufferAdjustIndent(&childBuf, -2);
+ virBufferAddLit(&childBuf, "</tlbflush>\n");
+ } else {
+ virBufferAddLit(&childBuf, "/>\n");
+ }
+
case VIR_DOMAIN_HYPERV_LAST:
break;
}
diff --git a/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml b/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
index 36d9161fa811..49537188af3f 100644
--- a/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
+++ b/tests/qemuxmlconfdata/hyperv.x86_64-latest.xml
@@ -22,7 +22,10 @@
<vendor_id state='on' value='KVM Hv'/>
<frequencies state='on'/>
<reenlightenment state='on'/>
- <tlbflush state='on'/>
+ <tlbflush state='on'>
+ <direct state='on'/>
+ <extended state='on'/>
+ </tlbflush>
<ipi state='on'/>
<evmcs state='on'/>
<avic state='on'/>
--
2.47.1
1 month
[PATCH v2 1/3] Revert "qemu: explicit swtpm state locking"
by marcandre.lureau@redhat.com
From: Marc-André Lureau <marcandre.lureau(a)redhat.com>
This reverts commit bb5e26749fe5b5856a3541be2cbe147701e6e121.
swtpm-setup doesn't have "tpmstate-lock", only swtpm.
Signed-off-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
---
src/qemu/qemu_tpm.c | 11 ++---------
src/util/virtpm.c | 1 -
src/util/virtpm.h | 1 -
tests/testutilsqemu.c | 1 -
4 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f5e0184e54..476e3dd224 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -344,23 +344,16 @@ static char *
qemuTPMGetSwtpmSetupStateArg(const virDomainTPMSourceType source_type,
const char *source_path)
{
- const char *lock = ",lock";
-
- if (!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK)) {
- VIR_WARN("This swtpm version doesn't support explicit locking");
- lock = "";
- }
-
switch (source_type) {
case VIR_DOMAIN_TPM_SOURCE_TYPE_FILE:
/* the file:// prefix is supported since swtpm_setup 0.7.0 */
/* assume the capability check for swtpm is redundant. */
- return g_strdup_printf("file://%s%s", source_path, lock);
+ return g_strdup_printf("file://%s", source_path);
case VIR_DOMAIN_TPM_SOURCE_TYPE_DIR:
case VIR_DOMAIN_TPM_SOURCE_TYPE_DEFAULT:
case VIR_DOMAIN_TPM_SOURCE_TYPE_LAST:
default:
- return g_strdup_printf("%s%s", source_path, lock);
+ return g_strdup_printf("%s", source_path);
}
}
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 4016ad8fc4..f90839debe 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -53,7 +53,6 @@ VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
"cmdarg-reconfigure-pcr-banks",
"tpm-1.2",
"tpm-2.0",
- "tpmstate-opt-lock",
"cmdarg-profile",
);
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 03fb92629a..4119a903e5 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -45,7 +45,6 @@ typedef enum {
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_1_2,
VIR_TPM_SWTPM_SETUP_FEATURE_TPM_2_0,
- VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK,
VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE,
VIR_TPM_SWTPM_SETUP_FEATURE_LAST
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
index 5caccbc6b4..abc425b9b7 100644
--- a/tests/testutilsqemu.c
+++ b/tests/testutilsqemu.c
@@ -71,7 +71,6 @@ virTPMSwtpmSetupCapsGet(virTPMSwtpmSetupFeature cap)
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_CREATE_CONFIG_FILES:
case VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS:
- case VIR_TPM_SWTPM_SETUP_FEATURE_TPMSTATE_OPT_LOCK:
case VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_PROFILE:
case VIR_TPM_SWTPM_SETUP_FEATURE_LAST:
break;
--
2.47.0
1 month
[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
by Xianglai Li
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
"/usr/lib/u-boot/",
--
2.39.1
1 month
[PATCH] hyperv: Introduce and export 'facility' variable.
by Michal Privoznik
In its upstream commit [1] openwsman dropped 'facility' variable
which is documented as:
* all processes that use the libu must define a "facility" variable somewhere
* to satisfy this external linkage reference.
*
* Such variable will be used as the syslog(3) facility argument.
Well, prior to that commit, openwsman itself declared the
variable (and set it to LOG_DAEMON). Now it's up to us.
Yeah, the variable naming is terrible and also I we are not using
libu directly, but apparently libwsman.so requires it anyway:
$ objdump -T /usr/lib64/libwsman.so | grep facility
0000000000000000 D *UND* 0000000000000000 Base facility
1: https://github.com/Openwsman/openwsman/commit/d72c51f21b9c85a773b7955ac58...
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/hyperv/hyperv_wmi.c | 3 +++
src/libvirt_hyperv.syms | 11 +++++++++++
src/meson.build | 6 ++++++
3 files changed, 20 insertions(+)
create mode 100644 src/libvirt_hyperv.syms
diff --git a/src/hyperv/hyperv_wmi.c b/src/hyperv/hyperv_wmi.c
index 0b82f1f131..040bcfec11 100644
--- a/src/hyperv/hyperv_wmi.c
+++ b/src/hyperv/hyperv_wmi.c
@@ -28,6 +28,7 @@
#include <wsman-soap.h>
#include <wsman-xml.h>
#include <wsman-xml-binding.h>
+#include <u/syslog.h>
#include "internal.h"
#include "virerror.h"
@@ -47,6 +48,8 @@
VIR_LOG_INIT("hyperv.hyperv_wmi");
+int facility = LOG_DAEMON;
+
int
hypervGetWmiClassList(hypervPrivate *priv, hypervWmiClassInfo *wmiInfo,
virBuffer *query, hypervObject **wmiClass)
diff --git a/src/libvirt_hyperv.syms b/src/libvirt_hyperv.syms
new file mode 100644
index 0000000000..60e98db473
--- /dev/null
+++ b/src/libvirt_hyperv.syms
@@ -0,0 +1,11 @@
+#
+# HyperV-specific symbols
+#
+
+# hyperv/hyperv_wmi.c
+facility;
+
+# Let emacs know we want case-insensitive sorting
+# Local Variables:
+# sort-fold-case: t
+# End:
diff --git a/src/meson.build b/src/meson.build
index b53ea2a71f..cce89fac27 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -125,6 +125,12 @@ else
sym_files += 'libvirt_libssh2.syms'
endif
+if conf.has('WITH_HYPERV')
+ used_sym_files += 'libvirt_hyperv.syms'
+else
+ sym_files += 'libvirt_hyperv.syms'
+endif
+
# variables filled by subdirectories
libvirt_libs = []
--
2.45.2
1 month
[PATCH v2 0/3] po: handle translation of polkit policy file strings
by Daniel P. Berrangé
There was a proposal
https://gitlab.com/libvirt/libvirt/-/merge_requests/387
to add translations for the polkit files. In reviewing this we came
to the conclusion the approach was undesirable. After getting misled
by a Debian/Ubuntu specific downstream only patch to polkit which
auto-translated polkit files at runtime, this implements the manual
approach of merging translations into the polkit files at build time.
Changed in v2:
- Fix introduction of 'polkitactionsdir'
- Also introduce 'polkitrulesdir'
- Fix syntax check rules for POFILES with generated polkit
- Remove incorrect 'install: true' rule for policy.in file
Daniel P. Berrangé (3):
po: add its rules for translating polkit file strings
meson: remove duplication of polkit dirs construction
remote: apply translations to polkit files
build-aux/syntax-check.mk | 5 +++--
meson.build | 6 ++++++
po/POTFILES | 2 ++
po/its/polkit.its | 8 ++++++++
po/its/polkit.loc | 6 ++++++
po/meson.build | 5 ++---
src/access/meson.build | 20 +++++++++++++++----
.../{libvirtd.policy => libvirtd.policy.in} | 0
src/remote/meson.build | 15 ++++++++------
9 files changed, 52 insertions(+), 15 deletions(-)
create mode 100644 po/its/polkit.its
create mode 100644 po/its/polkit.loc
rename src/remote/{libvirtd.policy => libvirtd.policy.in} (100%)
--
2.47.1
1 month
[PATCH] Remove the deprecated "-runas" command line option
by Thomas Huth
It has been marked as deprecated two releases ago, so it should
be fine now to remove this command line option.
Signed-off-by: Thomas Huth <thuth(a)redhat.com>
---
docs/about/deprecated.rst | 6 ------
docs/about/removed-features.rst | 6 ++++++
system/vl.c | 9 ---------
qemu-options.hx | 15 +--------------
4 files changed, 7 insertions(+), 29 deletions(-)
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
index d6809f94ea..63b46fd520 100644
--- a/docs/about/deprecated.rst
+++ b/docs/about/deprecated.rst
@@ -74,12 +74,6 @@ configurations (e.g. -smp drawers=1,books=1,clusters=1 for x86 PC machine) is
marked deprecated since 9.0, users have to ensure that all the topology members
described with -smp are supported by the target machine.
-``-runas`` (since 9.1)
-''''''''''''''''''''''
-
-Use ``-run-with user=..`` instead.
-
-
User-mode emulator command line arguments
-----------------------------------------
diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
index cb1388049a..c6616ce05e 100644
--- a/docs/about/removed-features.rst
+++ b/docs/about/removed-features.rst
@@ -555,6 +555,12 @@ to produce an odd effect (rotating input but not display output). But
this was never intended or documented behaviour, so we have dropped
the options along with the machine models they were intended for.
+``-runas`` (removed in 10.0)
+''''''''''''''''''''''''''''
+
+Use ``-run-with user=..`` instead.
+
+
User-mode emulator command line arguments
-----------------------------------------
diff --git a/system/vl.c b/system/vl.c
index 0843b7ab49..3c5bd36d7d 100644
--- a/system/vl.c
+++ b/system/vl.c
@@ -3611,15 +3611,6 @@ void qemu_init(int argc, char **argv)
/* Nothing to be parsed here. Especially, do not error out below. */
break;
#if defined(CONFIG_POSIX)
- case QEMU_OPTION_runas:
- warn_report("-runas is deprecated, use '-run-with user=...' instead");
- if (!os_set_runas(optarg)) {
- error_report("User \"%s\" doesn't exist"
- " (and is not <uid>:<gid>)",
- optarg);
- exit(1);
- }
- break;
case QEMU_OPTION_daemonize:
os_set_daemonize(true);
break;
diff --git a/qemu-options.hx b/qemu-options.hx
index cc694d3b89..7090d59f6f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4976,19 +4976,6 @@ SRST
``-nodefaults`` option will disable all those default devices.
ERST
-#ifndef _WIN32
-DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
- "-runas user change to user id user just before starting the VM\n" \
- " user can be numeric uid:gid instead\n",
- QEMU_ARCH_ALL)
-#endif
-SRST
-``-runas user``
- Immediately before starting guest execution, drop root privileges,
- switching to the specified user. This option is deprecated, use
- ``-run-with user=...`` instead.
-ERST
-
DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
"-prom-env variable=value\n"
" set OpenBIOS nvram variables\n",
@@ -5176,7 +5163,7 @@ SRST
``chroot=dir`` can be used for doing a chroot to the specified directory
immediately before starting the guest execution. This is especially useful
- in combination with -runas.
+ in combination with ``user=...``.
``user=username`` or ``user=uid:gid`` can be used to drop root privileges
before starting guest execution. QEMU will use the ``setuid`` and ``setgid``
--
2.47.1
1 month, 1 week
