[libvirt] [PATCH] apparmor: allow qemu abstraction to read /proc/pid/cmdline
by Jim Fehlig
Noticed the following denial in audit.log when shutting down
an apparmor confined domain
type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0
Squelch the denial by allowing read access to /proc/<pid>/cmdline.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
Note: In the audit.log snippet, PID 1475 is libvirtd and 2958 is the
qemu process. I must admit it is not clear to me why
/proc/<libvirtd-pid>/cmdline is read on domain shutdown.
examples/apparmor/libvirt-qemu | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 73bdbae87..3d9eed9ec 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -25,6 +25,7 @@
/dev/ptmx rw,
/dev/kqemu rw,
@{PROC}/*/status r,
+ @{PROC}/@{pid}/cmdline r,
# Per man(5) proc, the kernel enforces that a thread may
# only modify its comm value or those in its thread group.
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
--
2.15.0
7 years
[libvirt] [PATCH v2] libvirt: Adding POWER9 DD1.0/DD2.0 PVR value to cpu_map.xml
by Seeteena Thoufeek
DD1.0/DD2.0 PVR value is missing from cpu_map.xml. This patch
provides those details
Signed-off-by: Seeteena Thoufeek <s1seetee(a)linux.vnet.ibm.com>
---
src/cpu/cpu_map.xml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
index e5da7a8..be4e215 100644
--- a/src/cpu/cpu_map.xml
+++ b/src/cpu/cpu_map.xml
@@ -1729,6 +1729,8 @@
<model name='POWER9'>
<vendor name='IBM'/>
<pvr value='0x004e0000' mask='0xffff0000'/>
+ <pvr value='0x004e0100' mask='0xffff0000'/>
+ <pvr value='0x004e1200' mask='0xffff0000'/>
</model>
<!-- Freescale-based CPU models -->
--
1.8.3.1
7 years
[libvirt] CFP deadline extended for FOSDEM18 Virt & IaaS Devroom
by Stefan Hajnoczi
The call for papers for the Virtualization and IaaS Devroom at
FOSDEM18 is extended until December 7 midnight UTC. All other dates
remain the same as you can read below.
On behalf of oVirt and the Xen Project, we are excited to announce that the
call for proposals is now open for the Virtualization & IaaS devroom at the
upcoming FOSDEM 2018, to be hosted on February 3 and 4, 2017.
This year will mark FOSDEM’s 18th anniversary as one of the longest-running
free and open source software developer events, attracting thousands of
developers and users from all over the world. FOSDEM will be held once
again in Brussels, Belgium, on February 3 & 4, 2018.
This devroom is a collaborative effort, and is organized by dedicated folks
from projects such as OpenStack, Xen Project,, oVirt, QEMU, and
Foreman. We would like to invite all those who are involved in these fields
to submit your proposals by December 1st, 2017.
About the Devroom
The Virtualization & IaaS devroom will feature session topics such as open
source hypervisors and virtual machine managers such as Xen Project, KVM,
bhyve, and VirtualBox, and Infrastructure-as-a-Service projects such as
Apache CloudStack, OpenStack, oVirt, QEMU, OpenNebula, and Ganeti.
This devroom will host presentations that focus on topics of shared
interest, such as KVM; libvirt; shared storage; virtualized networking;
cloud security; clustering and high availability; interfacing with multiple
hypervisors; hyperconverged deployments; and scaling across hundreds or
thousands of servers.
Presentations in this devroom will be aimed at developers working on these
platforms who are looking to collaborate and improve shared infrastructure
or solve common problems. We seek topics that encourage dialog between
projects and continued work post-FOSDEM.
Important Dates
Submission deadline: 07 December 2017
Acceptance notifications: 14 December 2017
Final schedule announcement: 21 December 2017
Devroom: 03 and 04 February 2018 (two days- different rooms)
Submit Your Proposal
All submissions must be made via the Pentabarf event planning site[1]. If
you have not used Pentabarf before, you will need to create an account. If
you submitted proposals for FOSDEM in previous years, you can use your
existing account.
After creating the account, select Create Event to start the submission
process. Make sure to select Virtualization and IaaS devroom from the Track
list. Please fill out all the required fields, and provide a meaningful
abstract and description of your proposed session.
Submission Guidelines
We expect more proposals than we can possibly accept, so it is vitally
important that you submit your proposal on or before the deadline. Late
submissions are unlikely to be considered.
All presentation slots are 45 minutes, with 35 minutes planned for
presentations, and 10 minutes for Q&A.
All presentations will be recorded and made available under Creative
Commons licenses. In the Submission notes field, please indicate that you
agree that your presentation will be licensed under the CC-By-SA-4.0 or
CC-By-4.0 license and that you agree to have your presentation recorded.
For example:
"If my presentation is accepted for FOSDEM, I hereby agree to license all
recordings, slides, and other associated materials under the Creative
Commons Attribution Share-Alike 4.0 International License. Sincerely,
<NAME>."
In the Submission notes field, please also confirm that if your talk is
accepted, you will be able to attend FOSDEM and deliver your presentation.
We will not consider proposals from prospective speakers who are unsure
whether they will be able to secure funds for travel and lodging to attend
FOSDEM. (Sadly, we are not able to offer travel funding for prospective
speakers.)
Speaker Mentoring Program
As a part of the rising efforts to grow our communities and encourage a
diverse and inclusive conference ecosystem, we're happy to announce that
we'll be offering mentoring for new speakers. Our mentors can help you with
tasks such as reviewing your abstract, reviewing your presentation outline
or slides, or practicing your talk with you.
You may apply to the mentoring program as a newcomer speaker if you:
Never presented before or
Presented only lightning talks or
Presented full-length talks at small meetups (<50 ppl)
Submission Guidelines
Mentored presentations will have 25-minute slots, where 20 minutes will
include the presentation and 5 minutes will be reserved for questions.
The number of newcomer session slots is limited, so we will probably not be
able to accept all applications.
You must submit your talk and abstract to apply for the mentoring program,
our mentors are volunteering their time and will happily provide feedback
but won't write your presentation for you!
If you are experiencing problems with Pentabarf, the proposal submission
interface, or have other questions, you can email our devroom mailing
list[2] and we will try to help you.
How to Apply
In addition to agreeing to video recording and confirming that you can
attend FOSDEM in case your session is accepted, please write "speaker
mentoring program application" in the "Submission notes" field, and list
any prior speaking experience or other relevant information for your
application.
Call for Mentors
Interested in mentoring newcomer speakers? We'd love to have your help!
Please email iaas-virt-devroom at lists.fosdem.org with a short speaker
biography and any specific fields of expertise (for example, KVM,
OpenStack, storage, etc.) so that we can match you with a newcomer speaker
from a similar field. Estimated time investment can be as low as a 5-10
hours in total, usually distributed weekly or bi-weekly.
Never mentored a newcomer speaker but interested to try? As the mentoring
program coordinator, email Brian Proffitt[3] and he will be happy to answer
your questions!
Code of Conduct
Following the release of the updated code of conduct for FOSDEM, we'd like
to remind all speakers and attendees that all of the presentations and
discussions in our devroom are held under the guidelines set in the CoC and
we expect attendees, speakers, and volunteers to follow the CoC at all
times.
If you submit a proposal and it is accepted, you will be required to
confirm that you accept the FOSDEM CoC. If you have any questions about the
CoC or wish to have one of the devroom organizers review your presentation
slides or any other content for CoC compliance, please email us and we will
do our best to assist you.
Call for Volunteers
We are also looking for volunteers to help run the devroom. We need
assistance watching time for the speakers, and helping with video for the
devroom. Please contact me, Brian Proffitt, for more information.
Questions?
If you have any questions about this devroom, please send your questions to
our devroom mailing list. You can also subscribe to the list to receive
updates about important dates, session announcements, and to connect with
other attendees.
See you all at FOSDEM!
[1] https://penta.fosdem.org/submission/FOSDEM18
[2] iaas-virt-devroom at lists.fosdem.org
[3] bkp at redhat.com
7 years
[libvirt] [PATCH] Adjust backslash alignment syntax-check
by Martin Kletzander
We have a check for backslash alignment that checks for two blanks preceding a
backslash. However there can be alignment done using a tabulator and in some
cases one might be enough. There are none currently, but I found out that was
the case before. at some point. so let's check for \t preceding the final
backslash as well.
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
cfg.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cfg.mk b/cfg.mk
index 5321a52b7ee2..ea10ca19f512 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -1038,7 +1038,7 @@ sc_prohibit_http_urls:
$(_sc_search_regexp)
sc_prohibit_backslash_alignment:
- @prohibit='[[:blank:]][[:blank:]]\\$$' \
+ @prohibit='([[:blank:]][[:blank:]]| )\\$$' \
in_vc_files='*\.([chx]|am|mk)$$' \
halt='Do not attempt to right-align backslashes' \
$(_sc_search_regexp)
--
2.15.0
7 years
[libvirt] [PATCH 0/2] fix chardev security labels
by Pavel Hrdina
Pavel Hrdina (2):
security: introduce virSecurityManager(Set|Restore)ChardevLabel
qemu: fix security labeling for attach/detach of char devices
src/libvirt_private.syms | 2 ++
src/qemu/qemu_hotplug.c | 10 +++++++
src/qemu/qemu_security.c | 60 +++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_security.h | 8 ++++++
src/security/security_dac.c | 3 +++
src/security/security_driver.h | 11 ++++++++
src/security/security_manager.c | 40 +++++++++++++++++++++++++++
src/security/security_manager.h | 10 +++++++
src/security/security_nop.c | 20 ++++++++++++++
src/security/security_selinux.c | 3 +++
src/security/security_stack.c | 43 +++++++++++++++++++++++++++++
11 files changed, 210 insertions(+)
--
2.14.3
7 years
[libvirt] [PATCH v3 0/4] Move ide validation from qemuBuildControllerDevStr to qemuDomainDeviceDefValidate
by Lin Ma
Validate IDE controllers in qemuDomainDeviceDefValidate for reminding users earlier.
v2->v3:
* split original patch to multiple patches.
* making the validation is preferred over the PostParse for avoiding guests disappear.
* remove ide from the pseries and the ccw tests.
Lin Ma (4):
tests: qemuxml2argv: Use scsi controller instead of ide in pseries
tests: qemuhotplugtest: Drop ide controller in ccw
qemu_command: Drop IDE validation code in qemuBuildControllerDevStr
qemu_domain: Error out earlier when configuring IDE controller
incorrectly
src/qemu/qemu_command.c | 10 +------
src/qemu/qemu_domain.c | 35 +++++++++++++++++++++-
.../qemuhotplug-base-ccw-live+ccw-virtio.xml | 4 ---
...ive-with-2-ccw-virtio+ccw-virtio-1-explicit.xml | 4 ---
...live-with-2-ccw-virtio+ccw-virtio-1-reverse.xml | 4 ---
...qemuhotplug-base-ccw-live-with-2-ccw-virtio.xml | 4 ---
...-live-with-ccw-virtio+ccw-virtio-2-explicit.xml | 4 ---
...-base-ccw-live-with-ccw-virtio+ccw-virtio-2.xml | 4 ---
.../qemuhotplug-base-ccw-live-with-ccw-virtio.xml | 4 ---
.../qemuhotplug-base-ccw-live.xml | 4 ---
.../qemuxml2argv-disk-floppy-pseries.args | 2 +-
.../qemuxml2argv-disk-floppy-pseries.xml | 4 +--
12 files changed, 38 insertions(+), 45 deletions(-)
--
2.9.2
7 years
[libvirt] [PATCH jenkins-ci] Make args to 'go test' configurable
by Daniel P. Berrange
Each module has its own set of tags it may wish to pass to 'go test',
so set it based on an env variable
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
jobs/go.yaml | 2 +-
projects/libvirt-go-xml.yaml | 2 ++
projects/libvirt-go.yaml | 2 ++
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/jobs/go.yaml b/jobs/go.yaml
index 93b61ca..29a9f51 100644
--- a/jobs/go.yaml
+++ b/jobs/go.yaml
@@ -80,7 +80,7 @@
- shell: |
{global_env}
{local_env}
- go test -tags api
+ go test $TEST_ARGS
publishers:
- email:
recipients: '{obj:spam}'
diff --git a/projects/libvirt-go-xml.yaml b/projects/libvirt-go-xml.yaml
index 1c42e3d..3083b9f 100644
--- a/projects/libvirt-go-xml.yaml
+++ b/projects/libvirt-go-xml.yaml
@@ -11,6 +11,8 @@
- libvirt-freebsd-10
- libvirt-freebsd-11
title: Libvirt Go XML
+ local_env: |
+ export TEST_ARGS="-tags xmlroundtrip"
jobs:
- go-build-job:
parent_jobs:
diff --git a/projects/libvirt-go.yaml b/projects/libvirt-go.yaml
index faa5265..141c862 100644
--- a/projects/libvirt-go.yaml
+++ b/projects/libvirt-go.yaml
@@ -11,6 +11,8 @@
- libvirt-freebsd-10
- libvirt-freebsd-11
title: Libvirt Go
+ local_env: |
+ export TEST_ARGS="-tags api"
jobs:
- go-build-job:
parent_jobs: 'libvirt-master-build'
--
2.14.3
7 years
[libvirt] [PATCH 0/3] Couple of memleak fixes
by Michal Privoznik
Ideally, I'd like to merge these to the release.
Michal Privoznik (3):
virDomainDiskSourceNetworkParse: Don't leak @tlsCfg or @haveTLS
virDomainDiskBackingStoreParse: Don't leak @idx
qemuStateInitialize: Don't leak @memoryBackingPath
src/conf/domain_conf.c | 3 +++
src/qemu/qemu_driver.c | 1 +
2 files changed, 4 insertions(+)
--
2.13.6
7 years
[libvirt] [PATCH 0/3] Adjust some formatting for numa distance code and resolve a memory leak
by John Ferlan
While reviewing the recent distance adjustments for Michal, I noted a
couple of minor formatting things as well as a memory leak when removing
the distances.
John Ferlan (3):
conf: Clean up virDomainNumaDefNodeDistanceParseXML
conf: Clean up virDomainNumaDefCPUFormatXML
conf: Fix memory leak for distances in virDomainNumaFree
src/conf/numa_conf.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--
2.13.6
7 years