July 2017 - Devel - libvirt List Archives

[libvirt] [RFC PATCH v2 0/4] numa: describe sibling nodes distances
by Wim Ten Have 18 Jul '17

18 Jul '17

From: Wim ten Have <wim.ten.have(a)oracle.com> This patch extents guest domain administration adding support to advertise node sibling distances when configuring HVM numa guests. NUMA (non-uniform memory access), a method of configuring a cluster of nodes within a single multiprocessing system such that it shares processor local memory amongst others improving performance and the ability of the system to be expanded. A NUMA system could be illustrated as shown below. Within this 4-node system, every socket is equipped with its own distinct memory. The whole typically resembles a SMP (symmetric multiprocessing) system being a "tightly-coupled," "share everything" system in which multiple processors are working under a single operating system and can access each others' memory over multiple "Bus Interconnect" paths. +-----+-----+-----+ +-----+-----+-----+ | M | CPU | CPU | | CPU | CPU | M | | E | | | | | | E | | M +- Socket0 -+ +- Socket3 -+ M | | O | | | | | | O | | R | CPU | CPU <---------> CPU | CPU | R | | Y | | | | | | Y | +-----+--^--+-----+ +-----+--^--+-----+ | | | Bus Interconnect | | | +-----+--v--+-----+ +-----+--v--+-----+ | M | | | | | | M | | E | CPU | CPU <---------> CPU | CPU | E | | M | | | | | | M | | O +- Socket1 -+ +- Socket2 -+ O | | R | | | | | | R | | Y | CPU | CPU | | CPU | CPU | Y | +-----+-----+-----+ +-----+-----+-----+ In contrast there is the limitation of a flat SMP system, not illustrated. Here, as sockets are added, the bus (data and address path), under high activity, gets overloaded and easily becomes a performance bottleneck. NUMA adds an intermediate level of memory shared amongst a few cores per socket as illustrated above, so that data accesses do not have to travel over a single bus. Unfortunately the way NUMA does this adds its own limitations. This, as visualized in the illustration above, happens when data is stored in memory associated with Socket2 and is accessed by a CPU (core) in Socket0. The processors use the "Bus Interconnect" to create gateways between the sockets (nodes) enabling inter-socket access to memory. These "Bus Interconnect" hops add data access delays when a CPU (core) accesses memory associated with a remote socket (node). For terminology we refer to sockets as "nodes" where access to each others' distinct resources such as memory make them "siblings" with a designated "distance" between them. A specific design is described under the ACPI (Advanced Configuration and Power Interface Specification) within the chapter explaining the system's SLIT (System Locality Distance Information Table). These patches extend core libvirt's XML description of a virtual machine's hardware to include NUMA distance information for sibling nodes, which is then passed to Xen guests via libxl. Recently qemu landed support for constructing the SLIT since commit 0f203430dd ("numa: Allow setting NUMA distance for different NUMA nodes"), hence these core libvirt extensions can also help other drivers in supporting this feature. The XML changes made allow to describe the <cell> (or node/sockets) <distances> amongst <sibling> node identifiers and propagate these towards the numa domain functionality finally adding support to libxl. [below is an example illustrating a 4 node/socket <cell> setup] <cpu> <numa> <cell id='0' cpus='0,4-7' memory='2097152' unit='KiB'> <distances> <sibling id='0' value='10'/> <sibling id='1' value='21'/> <sibling id='2' value='31'/> <sibling id='3' value='41'/> </distances> </cell> <cell id='1' cpus='1,8-10,12-15' memory='2097152' unit='KiB'> <distances> <sibling id='0' value='21'/> <sibling id='1' value='10'/> <sibling id='2' value='21'/> <sibling id='3' value='31'/> </distances> </cell> <cell id='2' cpus='2,11' memory='2097152' unit='KiB'> <distances> <sibling id='0' value='31'/> <sibling id='1' value='21'/> <sibling id='2' value='10'/> <sibling id='3' value='21'/> </distances> </cell> <cell id='3' cpus='3' memory='2097152' unit='KiB'> <distances> <sibling id='0' value='41'/> <sibling id='1' value='31'/> <sibling id='2' value='21'/> <sibling id='3' value='10'/> </distances> </cell> </numa> </cpu> By default on libxl, if no <distances> are given to describe the SLIT data between different <cell>s, this patch will default to a scheme using 10 for local and 21 for any remote node/socket, which is the assumption of guest OS when no SLIT is specified. While SLIT is optional, libxl requires that distances are set nonetheless. On Linux systems the SLIT detail can be listed with help of the 'numactl -H' command. An above HVM guest as described would on such prompt with below output. [root@f25 ~]# numactl -H available: 4 nodes (0-3) node 0 cpus: 0 4 5 6 7 node 0 size: 1988 MB node 0 free: 1743 MB node 1 cpus: 1 8 9 10 12 13 14 15 node 1 size: 1946 MB node 1 free: 1885 MB node 2 cpus: 2 11 node 2 size: 2011 MB node 2 free: 1912 MB node 3 cpus: 3 node 3 size: 2010 MB node 3 free: 1980 MB node distances: node 0 1 2 3 0: 10 21 31 41 1: 21 10 21 31 2: 31 21 10 21 3: 41 31 21 10 Wim ten Have (4): numa: describe siblings distances within cells libxl: vnuma support xenconfig: add domxml conversions for xen-xl xlconfigtest: add tests for numa cell sibling distances docs/formatdomain.html.in | 64 ++++- docs/schemas/basictypes.rng | 8 + docs/schemas/cputypes.rng | 18 ++ src/conf/cpu_conf.c | 2 +- src/conf/numa_conf.c | 260 +++++++++++++++++- src/conf/numa_conf.h | 25 +- src/libvirt_private.syms | 6 + src/libxl/libxl_conf.c | 124 +++++++++ src/xenconfig/xen_xl.c | 303 +++++++++++++++++++++ .../test-fullvirt-vnuma-nodistances.cfg | 26 ++ .../test-fullvirt-vnuma-nodistances.xml | 53 ++++ tests/xlconfigdata/test-fullvirt-vnuma.cfg | 26 ++ tests/xlconfigdata/test-fullvirt-vnuma.xml | 81 ++++++ tests/xlconfigtest.c | 4 + 14 files changed, 993 insertions(+), 7 deletions(-) create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.cfg create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma-nodistances.xml create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.cfg create mode 100644 tests/xlconfigdata/test-fullvirt-vnuma.xml -- 2.9.4

3 9

[libvirt] [PATCH 0/2] Fix a couple issues found w/ vHBA logic
by John Ferlan 18 Jul '17

18 Jul '17

Patch 1 fixes something seen whilst working through patch 2. Long description in patch 2 describes the problem. John Ferlan (2): storage: Alter check for default managed setting conf: Fix vHBA checkParent logic for pool creation src/conf/node_device_conf.c | 50 ++++++++++++++++++++++++++++++++------ src/storage/storage_backend_scsi.c | 6 ++--- 2 files changed, 45 insertions(+), 11 deletions(-) -- 2.9.4

2 5

[libvirt] [PATCH] wireshark: Adapt to tvb_new_subset() rename
by Michal Privoznik 18 Jul '17

18 Jul '17

In Wireshark commit of 7cd6906056922e4b8 (contained in v2.4.0) the tvb_new_subset() function was renamed to tvb_new_subset_length_caplen(). However, we can take the extra step and rename to tvb_new_subset_remaining() directly (see Wireshark commit 0ecfc7280cf3d7). The reasoning is that there is no other protocol in the packet than libvirt. Therefore, from the point that libvirt dissector takes over till the end of the packet it's all libvirt packet. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- tools/wireshark/src/packet-libvirt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c index a1f5a34f4..c15e9c340 100644 --- a/tools/wireshark/src/packet-libvirt.c +++ b/tools/wireshark/src/packet-libvirt.c @@ -313,7 +313,12 @@ dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_l payload_length -= 4; } +#if WIRESHARK_VERSION < 200400 payload_tvb = tvb_new_subset(tvb, start, -1, payload_length); +#else + payload_tvb = tvb_new_subset_remaining(tvb, start); +#endif + #if WIRESHARK_VERSION < 1012000 payload_data = (caddr_t)tvb_memdup(payload_tvb, 0, payload_length); #else -- 2.13.0

2 1

[libvirt] [PATCH] nodedev: Fix call to virNodeDeviceObjListFree in nodeStateReload
by John Ferlan 18 Jul '17

18 Jul '17

Commit id '9c5d98fd8' missed changing this call to use driver->devs rather than @driver->devs. Signed-off-by: John Ferlan <jferlan(a)redhat.com> --- Pushed under build breaker rule (debian-8 and centos-6) src/node_device/node_device_hal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node_device/node_device_hal.c b/src/node_device/node_device_hal.c index b220798..7f246f0 100644 --- a/src/node_device/node_device_hal.c +++ b/src/node_device/node_device_hal.c @@ -744,7 +744,7 @@ nodeStateReload(void) VIR_INFO("Reloading HAL device state"); nodeDeviceLock(); VIR_INFO("Removing existing objects"); - virNodeDeviceObjListFree(&driver->devs); + virNodeDeviceObjListFree(driver->devs); nodeDeviceUnlock(); hal_ctx = DRV_STATE_HAL_CTX(driver); -- 2.9.4

1 0

[libvirt] [PATCH] security: dac: relabel spice rendernode
by Cole Robinson 18 Jul '17

18 Jul '17

For a logged in user this a path like /dev/dri/renderD128 will have default ownership root:video which won't work for the qemu:qemu user, so we need to chown it. Thankfully with the namespace work we don't need to worry about this shutting out other legitimate users https://bugzilla.redhat.com/show_bug.cgi?id=1460804 Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- Sidenote: Not sure about security_selinux changes... Fedora selinux policy doesn't require relabeling /dev/dri/* nowadays so it isn't required to get qemu to startup, and infact will probably cause issues for qemu:///session and non-namespace qemu:///system src/security/security_dac.c | 61 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index ca7a6af6d..4c86e5fe8 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1371,6 +1371,57 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr, static int +virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def, + virDomainGraphicsDefPtr gfx) + +{ + virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); + virSecurityLabelDefPtr seclabel; + uid_t user; + gid_t group; + + seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); + if (seclabel && !seclabel->relabel) + return 0; + + if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0) + return -1; + + if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE && + gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES && + gfx->data.spice.rendernode) { + if (virSecurityDACSetOwnership(priv, NULL, + gfx->data.spice.rendernode, + user, group) < 0) + return -1; + } + + return 0; +} + + +static int +virSecurityDACRestoreGraphicsLabel(virSecurityManagerPtr mgr, + virDomainDefPtr def ATTRIBUTE_UNUSED, + virDomainGraphicsDefPtr gfx) + +{ + virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); + + if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE && + gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES && + gfx->data.spice.rendernode) { + if (virSecurityDACRestoreFileLabel(priv, + gfx->data.spice.rendernode) < 0) + return -1; + } + + return 0; +} + + +static int virSecurityDACSetInputLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, virDomainInputDefPtr input) @@ -1481,6 +1532,11 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr, rc = -1; } + for (i = 0; i < def->ngraphics; i++) { + if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i]) < 0) + return -1; + } + for (i = 0; i < def->ninputs; i++) { if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0) rc = -1; @@ -1601,6 +1657,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, return -1; } + for (i = 0; i < def->ngraphics; i++) { + if (virSecurityDACSetGraphicsLabel(mgr, def, def->graphics[i]) < 0) + return -1; + } + for (i = 0; i < def->ninputs; i++) { if (virSecurityDACSetInputLabel(mgr, def, def->inputs[i]) < 0) return -1; -- 2.13.3

2 3

[libvirt] backingStore info adding late breaks virt-aa-helper
by Christian Ehrhardt 18 Jul '17

18 Jul '17

Hi, there is a behavioral change I try to track down that affects virt-aa-helper. TL;DR: - it seems backingStore info gets added "later" in recent versions which causes issues in virt-aa-helper Details: For a guest containing a qcow2 disk like this: <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow'/> <target dev='vda' bus='virtio'/> </disk> And said qcow disk having a backing file: $ qemu-img info /var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow image: /var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow [...] backing file: /var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw== Now when instantiating the guest this gets the backingStore info added like: <backingStore type='file' index='1'> <format type='qcow2'/> <source file='/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw=='/> <backingStore/> </backingStore> But this now seems to come in "too late" for virt-aa-helper. That tool is reading the guest definition to create custom rules for that guest that opens up the apparmor profile. And in relation to the devices the following in src/security/virt-aa-helper.c is the important part: Loops over disks and in those "down" the chain of backing stores: 929 for (i = 0; i < ctl->def->ndisks; i++) { [...] 947 if (virDomainDiskDefForeachPath(disk, true, add_file_path, &buf) < 0) If you pass virt-aa-helper as in libvirt 3.5 a full snippet with backingStore info it behaves the same as back in 2.5 emmitting a rule for the backing store. But when starting a guest on libvirt 3.5 this does no more work, so it seems that on instantiating the guest Past (2.5) 1. add backingStore info to guest representation 2. virt-aa-helper parses guest representation and creates rules 3. guest starts fine changed to now (3.5): 1. virt-aa-helper parses guest representation and creates rules 2. add backingStore info to guest representation 3. guest fails to start as the apparmor rule to allow it access to its backing file is missing. I've verified that recent libvirt properly adds the backingStore eventually (by disabling the apparmor profile and then starting the guest). Once fully started the live xml representation has the backing store info added. But as outlined above, at the point virt-aa-helper runs now the necessary backingStore data seems to be missing. I couldn't find the related change or a way to fix it so far, so any hints are welcome. -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd

2 5

[libvirt] [PATCH v4 0/4] Host device isolation for pSeries guests
by Andrea Bolognani 17 Jul '17

17 Jul '17

Changes from [v3]: * correctly handle interfaces connected to hostdev-backed networks; * drop patches implementing support for multiple PHBs, as they have been merged already; * some minor cleanups. Changes from [v2]: * support hot(un)plug properly; * add documentation. Changes from [v1]: * address review comments; * implement a much better isolation algorithm that doesn't require parsing and formatting the isolation group and can handle more dynamic scenarios, such as empty PHBs changing their isolation groups to accomodate hotplugged hostdevs; * add more test cases. [v3] https://www.redhat.com/archives/libvir-list/2017-June/msg01018.html [v2] https://www.redhat.com/archives/libvir-list/2017-June/msg00695.html [v1] https://www.redhat.com/archives/libvir-list/2017-June/msg00110.html Andrea Bolognani (4): conf: Introduce isolation groups conf: Implement isolation rules qemu: Isolate hostdevs on pSeries guests news: Update for hostdev isolation docs/news.xml | 10 + src/bhyve/bhyve_device.c | 4 +- src/conf/device_conf.h | 10 + src/conf/domain_addr.c | 86 ++++++- src/conf/domain_addr.h | 12 +- src/conf/domain_conf.c | 2 + src/qemu/qemu_domain_address.c | 276 +++++++++++++++++++-- src/qemu/qemu_domain_address.h | 4 + src/qemu/qemu_hotplug.c | 7 + tests/qemumemlocktest.c | 2 +- .../qemuxml2argv-pseries-hostdevs-1.args | 8 +- .../qemuxml2argv-pseries-hostdevs-2.args | 3 +- .../qemuxml2argv-pseries-hostdevs-3.args | 2 +- .../qemuxml2xmlout-pseries-hostdevs-1.xml | 14 +- .../qemuxml2xmlout-pseries-hostdevs-2.xml | 6 +- .../qemuxml2xmlout-pseries-hostdevs-3.xml | 2 +- 16 files changed, 410 insertions(+), 38 deletions(-) -- 2.7.5

2 8

[libvirt] [v2 RESEND PATCH] qemu: reduce packet loss rate for vm with macvtap passthrough mode in migration
by ZhiPeng Lu 17 Jul '17

17 Jul '17

Before libvirt that calls virNetDevMacVLanCreateWithVPortProfile sets mac address or vlan of a Virtual Function(VF) linked to a macvtap passthrough device of migration destination host in migration start step. If we ping the migrating vm, we get the network does not pass. Because VFs of migration source and destination have the same MAC address. The patch later calling qemuMigrationVPAssociatePortProfiles sets mac address of VF in migration finish step instead of start step. The patch aims to reduce packet loss rate. Signed-off-by: ZhiPeng Lu <lu.zhipeng(a)zte.com.cn> --- src/qemu/qemu_migration.c | 18 ++++++++++++++++-- src/util/virnetdevmacvlan.c | 17 +++++++++++------ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 09adb04..795ed71 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -5004,7 +5004,7 @@ qemuMigrationPerform(virQEMUDriverPtr driver, } static int -qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def) +qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def, const char *stateDir) { size_t i; int last_good_net = -1; @@ -5013,6 +5013,20 @@ qemuMigrationVPAssociatePortProfiles(virDomainDefPtr def) for (i = 0; i < def->nnets; i++) { net = def->nets[i]; if (virDomainNetGetActualType(net) == VIR_DOMAIN_NET_TYPE_DIRECT) { + if ((!virDomainNetGetActualVirtPortProfile(net) || (virDomainNetGetActualVirtPortProfile(net) && + virDomainNetGetActualVirtPortProfile(net)->virtPortType != VIR_NETDEV_VPORT_PROFILE_8021QBG && + virDomainNetGetActualVirtPortProfile(net)->virtPortType != VIR_NETDEV_VPORT_PROFILE_8021QBH)) && + virDomainNetGetActualDirectMode(net) == + VIR_NETDEV_MACVLAN_MODE_PASSTHRU) { + if (virNetDevSaveNetConfig(virDomainNetGetActualDirectDev(net), + -1, stateDir, false) < 0) { + goto err_exit; + } + if (virNetDevSetNetConfig(virDomainNetGetActualDirectDev(net), + -1, NULL, virDomainNetGetActualVlan(net), &net->mac, false) < 0) { + goto err_exit; + } + } if (virNetDevVPortProfileAssociate(net->ifname, virDomainNetGetActualVirtPortProfile(net), &net->mac, @@ -5187,7 +5201,7 @@ qemuMigrationFinish(virQEMUDriverPtr driver, goto endjob; } - if (qemuMigrationVPAssociatePortProfiles(vm->def) < 0) + if (qemuMigrationVPAssociatePortProfiles(vm->def, cfg->stateDir) < 0) goto endjob; if (mig->network && qemuDomainMigrateOPDRelocate(driver, vm, mig) < 0) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index 7222b0f..682dcd1 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -1020,12 +1020,17 @@ virNetDevMacVLanCreateWithVPortProfile(const char *ifnameRequested, */ setVlan = false; } - - if (virNetDevSaveNetConfig(linkdev, -1, stateDir, setVlan) < 0) - return -1; - - if (virNetDevSetNetConfig(linkdev, -1, NULL, vlan, macaddress, setVlan) < 0) - return -1; + if (vmOp != VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START && + virtPortProfile && (virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_8021QBH || + virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_8021QBG)) { + if (virNetDevSaveNetConfig(linkdev, -1, stateDir, setVlan) < 0) { + return -1; + } + if (virNetDevSetNetConfig(linkdev, -1, NULL, vlan, macaddress, + setVlan) < 0) { + return -1; + } + } } if (ifnameRequested) { -- 1.8.3.1

3 2

[libvirt] [PATCH] Revert "nwfilter: Move save of config until after successful assign"
by John Ferlan 17 Jul '17

17 Jul '17

This reverts commit b3e71a8830b2683ee88fa10cb048eabb99a446c0. As it turns out this ends up very badly as the @def could be Free'd even though it's owned by @obj as a result of the AssignDef. Signed-off-by: John Ferlan <jferlan(a)redhat.com> --- src/conf/virnwfilterobj.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/conf/virnwfilterobj.c b/src/conf/virnwfilterobj.c index b5aaa6b..b36eda1 100644 --- a/src/conf/virnwfilterobj.c +++ b/src/conf/virnwfilterobj.c @@ -501,14 +501,14 @@ virNWFilterObjListLoadConfig(virNWFilterObjListPtr nwfilters, goto error; } - if (!(obj = virNWFilterObjListAssignDef(nwfilters, def))) - goto error; - /* We generated a UUID, make it permanent by saving the config to disk */ if (!def->uuid_specified && virNWFilterSaveConfig(configDir, def) < 0) goto error; + if (!(obj = virNWFilterObjListAssignDef(nwfilters, def))) + goto error; + VIR_FREE(configFile); return obj; -- 2.9.4

2 4

[libvirt] [PATCH] security: Use VIR_DEBUG instead of VIR_INFO in virSecurityDACSetOwnershipInternal
by xinhua.Cao 17 Jul '17

17 Jul '17

virSecurityDACSetOwnershipInternal was called by libvirt child process, so if we log message by VIR_INFO at normal scene, it would probability occurs dead lock sence, then libvirtd will also by dead lock because libvirtd is waitting for child message. so our suggest is use VIR_DEBUG instead of VIR_INFO to avoid this sence. --- src/security/security_dac.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index ca7a6af..7bfd090 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -552,8 +552,8 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv, else if (rc > 0) return 0; - VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'", - NULLSTR(src ? src->path : path), (long) uid, (long) gid); + VIR_DEBUG("Setting DAC user and group on '%s' to '%ld:%ld'", + NULLSTR(src ? src->path : path), (long) uid, (long) gid); if (priv && src && priv->chownCallback) { rc = priv->chownCallback(src, uid, gid); @@ -591,17 +591,17 @@ virSecurityDACSetOwnershipInternal(const virSecurityDACData *priv, if (rc < 0) { if (errno == EOPNOTSUPP || errno == EINVAL) { - VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " - "supported by filesystem", - (long) uid, (long) gid, path); + VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not " + "supported by filesystem", + (long) uid, (long) gid, path); } else if (errno == EPERM) { - VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " - "permitted", - (long) uid, (long) gid, path); + VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not " + "permitted", + (long) uid, (long) gid, path); } else if (errno == EROFS) { - VIR_INFO("Setting user and group to '%ld:%ld' on '%s' not " - "possible on readonly filesystem", - (long) uid, (long) gid, path); + VIR_DEBUG("Setting user and group to '%ld:%ld' on '%s' not " + "possible on readonly filesystem", + (long) uid, (long) gid, path); } else { virReportSystemError(errno, _("unable to set user and group to '%ld:%ld' " -- 2.8.3

3 6