Re: [libvirt] [PATCH] news: Update for 3.9.0 release
On Wed, 2017-11-01 at 16:19 -0400, John Ferlan wrote:
> + </summary>
> + <description>
> + This new API, also exposed through the
> + <code>set-lifecycle-action</code>
<code>virsh</code> command, allows
> + the user to dynamically control how the guest will react to being
> + powered off, being restarted or crashing.
This one reads strangely to me... As a suggestion
Provided a new API to allow dynamic guest lifecycle control for guest
reactions to poweroff, restart, or crash type events related to the
domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and
<code>on_crash</code> elements. The <code>virsh
set-lifecycle-action<code> command was created to control the actions.
You forgot to close the <code> element here ;)
> + constraints that log have to be bigger than 100 KiB
before they can
> + be rotated solves the issue.
s/issue.$/issue. However, this may increase the number of files until
they are automatically rotated.
I don't think that's true: the same number of log files will be
created, it's just that now more files will be rotated. So I left
out that part.
(Personally, not quite sure how that rotation actually occurs).
Not sure myself. I think the logrotate profile is installed along
with libvirt, but you have to enable it explicitly for rotation to
actually occur?
> + <change>
> + <summary>
> + qemu: Ensure TLS clients always verify the server certificate
> + </summary>
> + <description>
> + While it's reasonable to turn off client certificate validation,
> + as setting it up can be non-trivial, clients should always verify
> + the server certificate to avoid MITM attacks. libvirt was, however,
> + using the same knob to control both checks, leading to
> + CVE-2017-1000256 / LSN-2017-0002.
> + </description>
> + </change>
As suggested by Peter, I've moved this to a separate "Security"
section, and pushed the whole thing.
Thanks for the review and all the improvements :)
--
Andrea Bolognani / Red Hat / Virtualization