[libvirt] [PATCH 0/2] qemu: Improve and document states handled in qemuProcessHandleAcpiOstInfo
by Peter Krempa
We did not handle all the possible error states of memory unplug. Add
more ACPI table documentation and fix the code to conform to it.
Peter Krempa (2):
qemu: process: Improve documentation of values handled by
qemuProcessHandleAcpiOstInfo
qemu: process: Handle all failure values for dimms in
qemuProcessHandleAcpiOstInfo
src/qemu/qemu_process.c | 44 +++++++++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 8 deletions(-)
--
2.20.1
5 years, 11 months
[libvirt] [PATCH] rpm spec: remove %{extra_release} from spec
by Daniel P. Berrangé
The %{extra_release} field was previously populated by data from the old
autobuild.sh file but is no longer used.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
libvirt.spec.in | 2 +-
mingw-libvirt.spec.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 567721f424..2e572e2a01 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -214,7 +214,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: @VERSION@
-Release: 1%{?dist}%{?extra_release}
+Release: 1%{?dist}
License: LGPLv2+
URL: https://libvirt.org/
diff --git a/mingw-libvirt.spec.in b/mingw-libvirt.spec.in
index 7c7ab4146d..249abb8475 100644
--- a/mingw-libvirt.spec.in
+++ b/mingw-libvirt.spec.in
@@ -35,7 +35,7 @@
Name: mingw-libvirt
Version: @VERSION@
-Release: 1%{?dist}%{?extra_release}
+Release: 1%{?dist}
Summary: MinGW Windows libvirt virtualization library
License: LGPLv2+
--
2.20.1
5 years, 11 months
[libvirt] [PATCH] virt-aa-helper: generate rules for gl enabled graphics devices
by Christian Ehrhardt
This adds the virt-aa-helper support for gl enabled graphics devices to
generate rules for the needed rendernode paths.
Example in domain xml:
<graphics type='spice'>
<gl enable='yes' rendernode='/dev/dri/bar'/>
</graphics>
results in:
"/dev/dri" r,
"/dev/dri/bar" rw,
Special cases are:
- multiple devices with rendernodes -> all are added
- non explicit rendernodes -> follow recently added virHostGetDRMRenderNode
- rendernode without opengl (in egl-headless for example) -> still add
the node
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 64a425671d..327a8a0202 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -938,7 +938,7 @@ get_files(vahControl * ctl)
size_t i;
char *uuid;
char uuidstr[VIR_UUID_STRING_BUFLEN];
- bool needsVfio = false, needsvhost = false;
+ bool needsVfio = false, needsvhost = false, needDefaultRenderNode = false;
/* verify uuid is same as what we were given on the command line */
virUUIDFormat(ctl->def->uuid, uuidstr);
@@ -1062,6 +1062,10 @@ get_files(vahControl * ctl)
for (i = 0; i < ctl->def->ngraphics; i++) {
virDomainGraphicsDefPtr graphics = ctl->def->graphics[i];
size_t n;
+ const char *rendernode = virDomainGraphicsGetRenderNode(graphics);
+
+ if (rendernode)
+ vah_add_file(&buf, rendernode, "rw");
for (n = 0; n < graphics->nListens; n++) {
virDomainGraphicsListenDef listenObj = graphics->listens[n];
@@ -1071,6 +1075,20 @@ get_files(vahControl * ctl)
vah_add_file(&buf, listenObj.socket, "rw"))
goto cleanup;
}
+
+ if (graphics->data.spice.gl == VIR_TRISTATE_BOOL_YES) {
+ if (!rendernode)
+ needDefaultRenderNode = true;
+ }
+ }
+
+ if (virDomainGraphicsDefHasOpenGL(ctl->def))
+ vah_add_file(&buf, "/dev/dri", "r");
+
+ if (needDefaultRenderNode) {
+ const char *rendernode = virHostGetDRMRenderNode();
+ if (rendernode)
+ vah_add_file(&buf, virHostGetDRMRenderNode(), "rw");
}
if (ctl->def->ngraphics == 1 &&
--
2.17.1
5 years, 11 months
[libvirt] [PATCHv2 0/8]
by Ján Tomko
For:
https://bugzilla.redhat.com/show_bug.cgi?id=1602418
v1:
https://www.redhat.com/archives/libvir-list/2019-January/msg00490.html
v2:
* fixed memory leaks pointed out by John in v1
Patches without R-b:
[4/8] cowardly refused to unref the private data in Secret.*Destroy
[8/8] fixed the logic to include checking whether the domain actually
has a VNC graphics and amended the commit message
Ján Tomko (8):
conf: introduce virDomainGraphicsNew
conf: add privateData to virDomainGraphicsDef
qemu: add qemuDomainGraphicsPrivate data with a tlsAlias
qemu: prepare secret for the graphics upfront
qemu_process: fix debug message
qemu.conf: add vnc_tls_x509_secret_uuid
qemu: add support for encrypted VNC TLS keys
qemu: error out when vnc vncTLSx509secretUUID is unsupported
src/conf/domain_conf.c | 30 ++++-
src/conf/domain_conf.h | 5 +
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 6 +
src/qemu/qemu_command.c | 19 +++-
src/qemu/qemu_conf.c | 4 +
src/qemu/qemu_conf.h | 1 +
src/qemu/qemu_domain.c | 107 ++++++++++++++++++
src/qemu/qemu_domain.h | 13 +++
src/qemu/qemu_process.c | 2 +-
src/qemu/test_libvirtd_qemu.aug.in | 1 +
...graphics-vnc-tls-secret.x86_64-latest.args | 36 ++++++
.../graphics-vnc-tls-secret.xml | 30 +++++
tests/qemuxml2argvtest.c | 5 +
14 files changed, 250 insertions(+), 10 deletions(-)
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml
--
2.20.1
5 years, 11 months
[libvirt] [PATCH] docs: use JavaScript based PolicyKit .rules files
by Mark McLoughlin
PolicyKit authentication rules have switched to a JavaScript based
format quite some time ago. See:
http://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html
While backwards compat for the old .pkla format is still available, it
makes sense to point people first at the new format.
The SSHPolicyKitSetup wiki page seems pretty stale, so remove the
reference to it.
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
---
docs/auth.html.in | 32 +++++++++++++++++++++-----------
1 file changed, 21 insertions(+), 11 deletions(-)
diff --git a/docs/auth.html.in b/docs/auth.html.in
index afd6cd7f9b..33afe0a8ad 100644
--- a/docs/auth.html.in
+++ b/docs/auth.html.in
@@ -184,15 +184,29 @@ Default policy will still allow any application to connect to the RO socket.
</p>
<p>
The default policy can be overridden by creating a new policy file in the
-local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
-Policy files should have a unique name ending with .pkla. Using reverse DNS
-naming works well. Information on the options available can be found by
-reading the pklocalauthority man page. The two libvirt daemon actions
-available are named <code>org.libvirt.unix.manage</code> for full management
-access, and <code>org.libvirt.unix.monitor</code> for read-only access.
+<code>/etc/polkit-1/rules.d</code> directory. Information on the options
+available can be found by reading the <code>polkit(8)</code> man page. The
+two libvirt actions are named <code>org.libvirt.unix.manage</code> for full
+management access, and <code>org.libvirt.unix.monitor</code> for read-only
+access.
+</p>
+ <p>
+As an example, creating <code>/etc/polkit-1/rules.d/80-libvirt-manage.rules</code>
+with the following gives the user <code>fred</code> full management access
+when accessing from an active local session:
</p>
+<pre>polkit.addRule(function(action, subject) {
+ if (action.id == "org.libvirt.unix.manage" &&
+ subject.local && subject.active && subject.user == "fred") {
+ return polkit.Result.YES;
+ }
+});</pre>
<p>
-As an example, this gives the user <code>fred</code> full management access:
+Older versions of PolicyKit used policy files ending with .pkla in the
+local override directory <code>/etc/polkit-1/localauthority/50-local.d/</code>.
+Compatibility with this older format is provided by <a
+href="https://pagure.io/polkit-pkla-compat">polkit-pkla-compat</a>. As an
+example, this gives the user <code>fred</code> full management access:
</p>
<pre>[Allow fred libvirt management permissions]
Identity=unix-user:fred
@@ -200,10 +214,6 @@ Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes</pre>
- <p>
-Further examples of PolicyKit setup can be found on the
-<a href="http://wiki.libvirt.org/page/SSHPolicyKitSetup">wiki page</a>.
- </p>
<h2><a id="ACL_server_sasl">SASL pluggable authentication</a></h2>
<p>
--
2.20.1
5 years, 11 months
[libvirt] [PATCH 0/2] qemu: Don't format 'cache' for empty cdroms
by Peter Krempa
See patch 2/2 for explanation.
Peter Krempa (2):
tests: qemuxml2argv: Add test case for empty CDROM with cache mode
qemu: command: Don't format image properties for empty -drive
src/qemu/qemu_command.c | 47 ++++++++++---------
tests/qemuxml2argvdata/disk-cdrom.args | 6 ++-
.../disk-cdrom.x86_64-2.12.0.args | 9 ++--
.../disk-cdrom.x86_64-latest.args | 9 ++--
tests/qemuxml2argvdata/disk-cdrom.xml | 6 +++
tests/qemuxml2xmloutdata/disk-cdrom.xml | 6 +++
6 files changed, 52 insertions(+), 31 deletions(-)
--
2.20.1
5 years, 11 months
[libvirt] [PATCH 0/4] qemu_conf: use VIR_AUTOFREE in the recently created
by Ján Tomko
Ján Tomko (4):
virQEMUDriverConfigLoadProcessEntry: use VIR_AUTOFREE
virQEMUDriverConfigLoadNVRAMEntry: use VIR_AUTOFREE
virQEMUDriverConfigLoadSecurityEntry: use VIR_AUTOFREE
virQEMUDriverConfigLoadSWTPMEntry: use VIR_AUTOFREE
src/qemu/qemu_conf.c | 131 +++++++++++++++++++++------------------------------
1 file changed, 55 insertions(+), 76 deletions(-)
--
2.16.4
5 years, 11 months
[libvirt] [PATCH] rpm spec: don't assume %{fedora} exists as a macro
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
Pushed under the "fix the previous build breaker fix" rule :-( Sorry.
libvirt.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 567721f424..823f0753ae 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -110,7 +110,7 @@
%endif
# Ceph dropping support for 32-bit hosts
-%if 0%{fedora} >= 30
+%if 0%{?fedora} >= 30
%ifarch %{arm} %{ix86}
%define with_storage_rbd 0
%endif
--
2.20.1
5 years, 11 months
[libvirt] [PATCH] config-post: Remove duplicated 'undef WITH_CAPNG'
by Radostin Stoyanov
Signed-off-by: Radostin Stoyanov <rstoyanov1(a)gmail.com>
---
config-post.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/config-post.h b/config-post.h
index dd4ef8fc0b..54731feff7 100644
--- a/config-post.h
+++ b/config-post.h
@@ -69,7 +69,6 @@
# undef WITH_VIRTUALPORT
# undef WITH_SECDRIVER_SELINUX
# undef WITH_SECDRIVER_APPARMOR
-# undef WITH_CAPNG
#endif /* LIBVIRT_NSS */
#ifndef __GNUC__
--
2.20.1
5 years, 11 months
[libvirt] [PATCH 0/8] qemu: VNC: support encrypted server TLS keys
by Ján Tomko
Applies on top of my qemu.conf cleanups:
https://www.redhat.com/archives/libvir-list/2019-January/msg00401.html
https://bugzilla.redhat.com/show_bug.cgi?id=1602418
Ján Tomko (8):
conf: introduce virDomainGraphicsNew
conf: add privateData to virDomainGraphicsDef
qemu: add qemuDomainGraphicsPrivate data with a tlsAlias
qemu: prepare secret for the graphics upfront
qemu_process: fix debug message
qemu.conf: add vnc_tls_x509_secret_uuid
qemu: add support for encrypted VNC TLS keys
qemu: error out when vnc vncTLSx509secretUUID is unsupported
src/conf/domain_conf.c | 27 ++++-
src/conf/domain_conf.h | 5 +
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 6 ++
src/qemu/qemu_command.c | 19 +++-
src/qemu/qemu_conf.c | 3 +
src/qemu/qemu_conf.h | 1 +
src/qemu/qemu_domain.c | 102 ++++++++++++++++++
src/qemu/qemu_domain.h | 13 +++
src/qemu/qemu_process.c | 2 +-
src/qemu/test_libvirtd_qemu.aug.in | 1 +
...graphics-vnc-tls-secret.x86_64-latest.args | 36 +++++++
.../graphics-vnc-tls-secret.xml | 30 ++++++
tests/qemuxml2argvtest.c | 5 +
14 files changed, 241 insertions(+), 10 deletions(-)
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls-secret.xml
--
2.20.1
5 years, 11 months