October 2017 - Devel - libvirt List Archives

[libvirt] [PATCH] qemu: logrotate: drop minsize directive
by Jim Fehlig 26 Oct '17

26 Oct '17

On a cloud host it is possible to create 100's of unique instances per day, each leaving behind a /var/log/libvirt/qemu/instance-name.log file that is < 100k. With the current 'minsize 100k' directive, these files are never rotated and hence never removed. Over months of time, tens of thousands of these files can accumulate on the host. Dropping 'minsize 100k' allows rotating small files, which will increase the number of log files, but 'rotate 4' ensures they will be removed after a month. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- daemon/libvirtd.qemu.logrotate.in | 1 - 1 file changed, 1 deletion(-) diff --git a/daemon/libvirtd.qemu.logrotate.in b/daemon/libvirtd.qemu.logrotate.in index 15cf019b2..cdb399ef2 100644 --- a/daemon/libvirtd.qemu.logrotate.in +++ b/daemon/libvirtd.qemu.logrotate.in @@ -5,5 +5,4 @@ compress delaycompress copytruncate - minsize 100k } -- 2.14.2

2 4

[libvirt] RFC: how to help to detect backing chain when no backing format info in images
by Nikolay Shirokovskiy 26 Oct '17

26 Oct '17

I create transient domain with disk based on qcow2 image with 2 backing images. I specify qcow2 format explicitly for the top image and omit the backing chain in xml for create becase libvirt does not utilize this data anyway. Top image and its backing file don't have backing file format information and format autodetection is off by default thus I get wrong backing chain for the disk. Second image have format raw and there is no third backing image obviously. How can I get correct backing chain in domain xml in this case? I don't want to set backing file format on this images because they are backup images and I don't want to touch them in any way. Can we add option to create API not to drop backing chain info that I can specify on start? (Drop is forced on start in qemuDomainDetermineDiskChain)

2 2

[libvirt] [PATCH] qemu: treat iso images as raw
by Nikolay Shirokovskiy 26 Oct '17

26 Oct '17

if image format probing is on and image format of iso file is not specified qemu fail to start a domain or change disk media giving errors like [1]. The problem is format is being detected as 'iso' and qemu expect format to be raw for iso images. It makes sense to me because iso refers to filesystem format in image not image format itself. Thus let's just convert iso to raw in case of qemu. There is a similar patch for storage pools - 0e5db762. [1] Unknown driver 'iso' --- ISO as image format was added right at the beginning by e266ded2f without any further comments. Maybe we just can drop ISO from image formats entirely as it is not image format or some hypervisors treat it in a special way? src/qemu/qemu_domain.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c7c9e94..3da9271 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -6023,8 +6023,13 @@ qemuDomainDetermineDiskChain(virQEMUDriverPtr driver, if (virStorageFileGetMetadata(disk->src, uid, gid, cfg->allowDiskFormatProbing, - report_broken) < 0) + report_broken) < 0) { ret = -1; + goto cleanup; + } + + if (virDomainDiskGetFormat(disk) == VIR_STORAGE_FILE_ISO) + virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_RAW); cleanup: virObjectUnref(cfg); -- 1.8.3.1

3 4

[libvirt] [PATCH 0/4] misc virt-aa-helper fixes
by Christian Ehrhardt 26 Oct '17

26 Oct '17

Hi, this was mostly created by clearing old libvirt bugs in Ubuntu. USB passthrough so far often used workarounds but can be fixed in virt-aa-helper. I have some more changes planned but these seem to become longer term activities so I didn't want to postpone those easier ones due to that and submit them today. Christian Ehrhardt (4): virt-aa-helper: fix paths for usb hostdevs virt-aa-helper: fix libusb access to udev usb data virt-aa-helper: allow spaces in vm names virt-aa-helper: put static rules in quotes examples/apparmor/libvirt-qemu | 3 +++ src/security/virt-aa-helper.c | 12 ++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) -- 2.7.4

3 12

[libvirt] [PATCH] virt-aa-helper: grant locking permission on -f
by Christian Ehrhardt 26 Oct '17

26 Oct '17

Hot-adding disks does not parse the full XML to generate apparmor rules. Instead it uses -f <PATH> to append a generic rule for that file path. 580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented the qemu 2.10 requirement to allow locking on disks images that are part of the domain xml. But on attach-device a user will still trigger an apparmor deny by going through virt-aa-helper -f, to fix that add the lock "k" permission to the append file case of virt-aa-helper. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- src/security/virt-aa-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index ef1bf01..ee3913d 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1157,7 +1157,7 @@ get_files(vahControl * ctl) } if (ctl->newfile) - if (vah_add_file(&buf, ctl->newfile, "rw") != 0) + if (vah_add_file(&buf, ctl->newfile, "rwk") != 0) goto cleanup; if (virBufferError(&buf)) { @@ -1341,7 +1341,7 @@ main(int argc, char **argv) vah_error(ctl, 1, _("profile exists")); if (ctl->append && ctl->newfile) { - if (vah_add_file(&buf, ctl->newfile, "rw") != 0) + if (vah_add_file(&buf, ctl->newfile, "rwk") != 0) goto cleanup; } else { if (ctl->def->virtType == VIR_DOMAIN_VIRT_QEMU || -- 2.7.4

3 2

[libvirt] [PATCH] virt-aa-helper: fix libusb access to udev usb descriptions
by Christian Ehrhardt 26 Oct '17

26 Oct '17

In bf3a4140 "virt-aa-helper: fix libusb access to udev usb data" the libusb access to properly detect the device/bus ids was fixed. The path /run/udev/data/+usb* contains a subset of that information we already allow to be read and are currently not needed for the function qemu needs libusb for. But on the init of libusb all those files are still read so a lot of apparmor denials can be seen when using usb host devices, like: apparmor="DENIED" operation="open" name="/run/udev/data/+usb:2-1.2:1.0" comm="qemu-system-x86" requested_mask="r" denied_mask="r" Today we could silence the warnings with a deny rule without breaking current use cases. But since the data in there is only a subset of those it can read already it is no additional information exposure. And on the other hand a future udev/libusb/qemu combination might need it so allow the access in the default apparmor profile. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com> --- examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index b341e31..97dd2d4 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -32,6 +32,7 @@ # libusb needs udev data about usb devices (~equal to content of lsusb -v) /run/udev/data/c16[6,7]* r, /run/udev/data/c18[0,8,9]* r, + /run/udev/data/+usb* r, # WARNING: this gives the guest direct access to host hardware and specific # portions of shared memory. This is required for sound using ALSA with kvm, -- 2.7.4

3 2

[libvirt] Libvirt xl to xml converter only picks up first occurrence of an option
by Wei Liu 26 Oct '17

26 Oct '17

Hi Jim I discovered that libvirt's native config file to xml converter for libxl only pick up the first occurrence of an option. For example in a xl cfg file: extra = "abc" ... extra = "def" xl will pick up "def" because that shows up later and takes precedence, while the converter picks up "abc". I think this is a bug in the converter and should be fixed. Thanks Wei.

2 2

[libvirt] [PATCH] conf: Avoid leaking blockers from virDomainCapsCPUModel
by Jiri Denemark 26 Oct '17

26 Oct '17

When adding CPU usability blockers I forgot to properly free them when in virDomainCapsCPUModelsDispose. Reported-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com> Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> --- src/conf/domain_capabilities.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 729d905e2..7f96ff386 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -94,8 +94,10 @@ virDomainCapsCPUModelsDispose(void *obj) virDomainCapsCPUModelsPtr cpuModels = obj; size_t i; - for (i = 0; i < cpuModels->nmodels; i++) + for (i = 0; i < cpuModels->nmodels; i++) { VIR_FREE(cpuModels->models[i].name); + virStringListFree(cpuModels->models[i].blockers); + } VIR_FREE(cpuModels->models); } -- 2.14.3

2 1

[libvirt] [PATCH 0/2] Further Increase default file handle limits
by Christian Ehrhardt 26 Oct '17

26 Oct '17

In 27cd7635 new default limits were set: Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Mar 15 16:51:51 2017 +0000 Increase default file handle limits for daemons But I faced some constraints with these values and think it is time to reconsider the defaults to only have to be tweaked in really uncommon cases. Christian Ehrhardt (2): Increase default file handle limits for virtlogd Increase default file handle limits for virtlockd src/locking/virtlockd.service.in | 4 ++-- src/logging/virtlogd.service.in | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) -- 2.7.4

2 3

[libvirt] [PATCH] docs: Drop mention that WWN for disks must be unique
by Peter Krempa 26 Oct '17

26 Oct '17

For multipath disks it might be useful to have the same WWN for multiple disks. It's the users choice to do so. Since we dropped the check that disallows using duplicate WWNs drop the docs as well. https://bugzilla.redhat.com/show_bug.cgi?id=1464975 --- Pushed as trivial. docs/formatdomain.html.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 4609e2ec2..4f28dce35 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -3184,8 +3184,7 @@ <dt><code>wwn</code></dt> <dd>If present, this element specifies the WWN (World Wide Name) of a virtual hard disk or CD-ROM drive. It must be composed - of 16 hexadecimal digits and must be unique (at least among - disks of a single domain) + of 16 hexadecimal digits. <span class='since'>Since 0.10.1</span> </dd> <dt><code>vendor</code></dt> -- 2.13.6

1 0