[PATCH] tools: fix ordering mistake in virt-admin daemon-set-timeout code
by Daniel P. Berrangé
Most of the impl for the 'daemon-set-timeout' command was ordered under
the heading for the 'daemon-log-filters' command.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
tools/virt-admin.c | 67 +++++++++++++++++++++++-----------------------
1 file changed, 34 insertions(+), 33 deletions(-)
diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 3eb4f0f3fd..325b7aa827 100644
--- a/tools/virt-admin.c
+++ b/tools/virt-admin.c
@@ -1005,27 +1005,38 @@ static const vshCmdInfo info_daemon_log_outputs = {
"daemon."),
};
-static const vshCmdOptDef opts_daemon_timeout[] = {
- {.name = "timeout",
- .type = VSH_OT_INT,
- .required = true,
+static const vshCmdOptDef opts_daemon_log_outputs[] = {
+ {.name = "outputs",
+ .type = VSH_OT_STRING,
.positional = true,
- .help = N_("number of seconds the daemon will run without any active connection"),
+ .help = N_("redefine the existing set of logging outputs"),
+ .allowEmpty = true
},
{.name = NULL}
};
static bool
-cmdDaemonTimeout(vshControl *ctl, const vshCmd *cmd)
+cmdDaemonLogOutputs(vshControl *ctl, const vshCmd *cmd)
{
vshAdmControl *priv = ctl->privData;
- unsigned int timeout = 0;
- if (vshCommandOptUInt(ctl, cmd, "timeout", &timeout) < 0)
- return false;
+ if (vshCommandOptBool(cmd, "outputs")) {
+ const char *outputs = NULL;
+ if ((vshCommandOptString(ctl, cmd, "outputs", &outputs) < 0 ||
+ virAdmConnectSetLoggingOutputs(priv->conn, outputs, 0) < 0)) {
+ vshError(ctl, _("Unable to change daemon logging settings"));
+ return false;
+ }
+ } else {
+ g_autofree char *outputs = NULL;
+ if (virAdmConnectGetLoggingOutputs(priv->conn, &outputs, 0) < 0) {
+ vshError(ctl, _("Unable to get daemon logging outputs information"));
+ return false;
+ }
- if (virAdmConnectSetDaemonTimeout(priv->conn, timeout, 0) < 0)
- return false;
+ vshPrintExtra(ctl, " %-15s", _("Logging outputs: "));
+ vshPrint(ctl, "%s\n", NULLSTR_EMPTY(outputs));
+ }
return true;
}
@@ -1040,42 +1051,32 @@ static const vshCmdInfo info_daemon_timeout = {
.desc = N_("set the auto shutdown timeout of the daemon"),
};
-static const vshCmdOptDef opts_daemon_log_outputs[] = {
- {.name = "outputs",
- .type = VSH_OT_STRING,
+static const vshCmdOptDef opts_daemon_timeout[] = {
+ {.name = "timeout",
+ .type = VSH_OT_INT,
+ .required = true,
.positional = true,
- .help = N_("redefine the existing set of logging outputs"),
- .allowEmpty = true
+ .help = N_("number of seconds the daemon will run without any active connection"),
},
{.name = NULL}
};
static bool
-cmdDaemonLogOutputs(vshControl *ctl, const vshCmd *cmd)
+cmdDaemonTimeout(vshControl *ctl, const vshCmd *cmd)
{
vshAdmControl *priv = ctl->privData;
+ unsigned int timeout = 0;
- if (vshCommandOptBool(cmd, "outputs")) {
- const char *outputs = NULL;
- if ((vshCommandOptString(ctl, cmd, "outputs", &outputs) < 0 ||
- virAdmConnectSetLoggingOutputs(priv->conn, outputs, 0) < 0)) {
- vshError(ctl, _("Unable to change daemon logging settings"));
- return false;
- }
- } else {
- g_autofree char *outputs = NULL;
- if (virAdmConnectGetLoggingOutputs(priv->conn, &outputs, 0) < 0) {
- vshError(ctl, _("Unable to get daemon logging outputs information"));
- return false;
- }
+ if (vshCommandOptUInt(ctl, cmd, "timeout", &timeout) < 0)
+ return false;
- vshPrintExtra(ctl, " %-15s", _("Logging outputs: "));
- vshPrint(ctl, "%s\n", NULLSTR_EMPTY(outputs));
- }
+ if (virAdmConnectSetDaemonTimeout(priv->conn, timeout, 0) < 0)
+ return false;
return true;
}
+
static void *
vshAdmConnectionHandler(vshControl *ctl)
{
--
2.47.1
3 weeks, 6 days
[PATCH] conf: Restrict model type to enum members
by Adam Julis
Historically, we supported any string as the model type for
network devices. This approach allowed us to stay up-to-date with
QEMU's frequent introduction of new model types. However, this
solution now causes more problems than benefits. A clearly
nonsensical model name can pass validation but result in a QEMU
internal error when the VM is started.
This patch restricts model types to members of the
'virDomainNetModelType' enum. The enum has been extended to include
all model types currently supported by QEMU. If QEMU introduces
new models in the future, the enum must be updated to support
them.
Resolves: https://issues.redhat.com/browse/RHEL-72082
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
I'm not sure if the virtio-net-pci should be in this enum, since its not
located in qemu repo in hw/net/ but in hw/virtio/. When I manually
tested it, the qemu this option supported. The last two members have not
been supported for several years but I wanted to keep backward compatibility.
src/conf/domain_conf.c | 23 +++++++++++++++++++++++
src/conf/domain_conf.h | 23 +++++++++++++++++++++++
src/conf/domain_validate.c | 7 +++++++
3 files changed, 53 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index af88d0bcfd..5e8ca0015d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -613,6 +613,29 @@ VIR_ENUM_IMPL(virDomainNetModel,
"82540EM",
"82545EM",
"82543GC",
+ "dp8393x",
+ "eepro100",
+ "ftgmac100",
+ "igbvf",
+ "lasi_i82596",
+ "mcf_fec",
+ "mipsnet",
+ "ne2000-isa",
+ "ne2000-pci",
+ "npcm7xx_emc",
+ "npcm_gmac",
+ "opencores_eth",
+ "pcnet-pci",
+ "rocker",
+ "spapr_llan",
+ "sungem",
+ "sunhme",
+ "tulip",
+ "virtio-net",
+ "xen_nic",
+ "virtio-net-pci",
+ "etraxfs_eth",
+ "milkymist-minimac2",
);
VIR_ENUM_IMPL(virDomainNetDriver,
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 9f7c28343f..d7f0073ba5 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -951,6 +951,29 @@ typedef enum {
VIR_DOMAIN_NET_MODEL_82540EM,
VIR_DOMAIN_NET_MODEL_82545EM,
VIR_DOMAIN_NET_MODEL_82543GC,
+ VIR_DOMAIN_NET_MODEL_DP8393X,
+ VIR_DOMAIN_NET_MODEL_EEPRO100,
+ VIR_DOMAIN_NET_MODEL_FTGMAC100,
+ VIR_DOMAIN_NET_MODEL_IGBVF,
+ VIR_DOMAIN_NET_MODEL_LASI_I82596,
+ VIR_DOMAIN_NET_MODEL_MCF_FEC,
+ VIR_DOMAIN_NET_MODEL_MIPSNET,
+ VIR_DOMAIN_NET_MODEL_NE2000_ISA,
+ VIR_DOMAIN_NET_MODEL_NE2000_PCI,
+ VIR_DOMAIN_NET_MODEL_NPCM7XX_EMC,
+ VIR_DOMAIN_NET_MODEL_NPCM_GMAC,
+ VIR_DOMAIN_NET_MODEL_OPENCORES_ETH,
+ VIR_DOMAIN_NET_MODEL_PCNET_PCI,
+ VIR_DOMAIN_NET_MODEL_ROCKER,
+ VIR_DOMAIN_NET_MODEL_SPARP_LLAN,
+ VIR_DOMAIN_NET_MODEL_SUNGEM,
+ VIR_DOMAIN_NET_MODEL_SUNHME,
+ VIR_DOMAIN_NET_MODEL_TULIP,
+ VIR_DOMAIN_NET_MODEL_VIRTIO_NET,
+ VIR_DOMAIN_NET_MODEL_XEN_NIC,
+ VIR_DOMAIN_NET_MODEL_VIRTIO_NET_PCI,
+ VIR_DOMAIN_NET_MODEL_ETRAXFS_ETH,
+ VIR_DOMAIN_NET_MODEL_MILKYMIST_MINIMAC2,
VIR_DOMAIN_NET_MODEL_LAST
} virDomainNetModelType;
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1034bb57f5..fed013835d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2218,6 +2218,13 @@ virDomainNetDefValidate(const virDomainNetDef *net)
break;
case VIR_DOMAIN_NET_TYPE_NETWORK:
+ if (net->modelstr) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unsupported model type '%s'"),
+ net->modelstr);
+ return -1;
+ }
+ break;
case VIR_DOMAIN_NET_TYPE_VDPA:
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_CLIENT:
--
2.47.1
3 weeks, 6 days
[RFC v3 PATCH 0/4] iproute2 bridge vlan support
by Leigh Brown
As requested by Laine, I have converted the code to use netlink rather
than executing bridge vlan commands. I have also checked it compiles
under FreeBSD.
Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.
The first patch adds a new function virNetDevBridgeSetupVlans() that
will, given a virNetDevVlan structure, execute the required bridge vlan
commands to configure the given interface accordingly.
The second patch updates the virNetDevBridgeAddPort() function to allow
a virNetDevVlan parameter to be passed, and to call the
virNetDevBridgeSetupVlans() function.
The third patch updates the lxc and tap code to pass the virNetDevLan
parameter from the configuration and to update the XML domain and
network validation to permit the VLAN-related tags for standard
bridges.
The fourth patch updates documentation to match the new capability.
Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.
Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.
Usage example
-------------
Configure the host with systemd-networkd as follows:
/etc/systemd/network/br0.netdev (br0.network not shown)
[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on
/etc/systemd/network/eno1.network
[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60
Then add <vlan> tags into the lxc or qemu config:
lxc interface definition:
<interface type='bridge'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source bridge='br0'/>
<vlan>
<tag id='40'/>
</vlan>
</interface>
qemu interface definition:
<interface type='network'>
<mac address='xx:xx:xx:xx:xx:xx'/>
<source network='br0'/>
<vlan>
<tag id='60'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000'
bus='0x01' slot='0x00' function='0x0'/>
</interface>
Then, after starting them, you will see the following
$ sudo bridge vlan
port vlan-id
eno1 1 PVID Egress Untagged
40
60
br0 1 PVID Egress Untagged
vnet0 60 PVID Egress Untagged
vnet1 40 PVID Egress Untagged
Regards,
Leigh Brown (4):
util: add netlink bridge vlan filtering
util: Add vlan support to virNetDevBridgeAddPort
Enable vlan support for standard linux bridges
docs: standard linux bridges now support vlans
docs/formatdomain.rst | 37 +++++++++---------
docs/formatnetwork.rst | 45 +++++++++++-----------
src/conf/domain_validate.c | 3 +-
src/lxc/lxc_process.c | 3 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c | 75 +++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h | 4 +-
src/util/virnetdevtap.c | 2 +-
src/util/virnetlink.c | 66 ++++++++++++++++++++++++++++++++
src/util/virnetlink.h | 7 ++++
10 files changed, 202 insertions(+), 53 deletions(-)
--
2.39.5
3 weeks, 6 days
[PATCH] qemu: allow migration of guest with mdev vGPU to VF vGPU
by Laine Stump
GPU vendors are moving away from using mdev to create virtual GPUs
towards using SRIOV VFs that are vGPUs. In both cases, once created
the vGPUs are assigned to guests via <hostdev> (i.e. VFIO device
assignment), and inside the guest the devices look identical, but mdev
vGPUs are located by QEMU/VFIO using a uuid, while VF vGPUs are
located with a PCI address. So although we generally require the
device on the source host to exactly match the device on the
destination host, in the case of mdev-created vGPU vs. VF vGPU
migration *can* potentially work, except that libvirt has a hard-coded
check that prevents us from even trying.
This patch loosens up that check so that we will allow attempts to
migrate a guest from a source host that has mdev-created vGPUs to a
destination host that has VF vGPUs (and vice versa). The expectation
is that if this doesn't actually work then QEMU will fail and generate
an error that we can report.
Based-on-patch-by: Zhiyi Guo <zhguo(a)redhat.com>
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
Zhiyi's original patch removed the check for subsys type completely,
and this worked. My modified patch keeps the check in place, but
allows it to pass if the src type is pci and dst is mdev, or vice
versa.
src/conf/domain_conf.c | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4ad8289b89..9d5fda0469 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -20647,13 +20647,27 @@ virDomainHostdevDefCheckABIStability(virDomainHostdevDef *src,
return false;
}
- if (src->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
- src->source.subsys.type != dst->source.subsys.type) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Target host device subsystem %1$s does not match source %2$s"),
- virDomainHostdevSubsysTypeToString(dst->source.subsys.type),
- virDomainHostdevSubsysTypeToString(src->source.subsys.type));
- return false;
+ if (src->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) {
+ virDomainHostdevSubsysType srcType = src->source.subsys.type;
+ virDomainHostdevSubsysType dstType = dst->source.subsys.type;
+
+ /* If the source and destination subsys types aren't the same,
+ * then migration can't be supported, *except* that it might
+ * be supported to migrate from subsys type 'pci' to 'mdev'
+ * and vice versa. (libvirt can't know for certain whether or
+ * not it will actually work, so we have to just allow it and
+ * count on QEMU to provide us with an error if it fails)
+ */
+
+ if (srcType != dstType
+ && ((srcType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && srcType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV)
+ || (dstType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && dstType != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV))) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target host device subsystem type %1$s is not compatible with source subsystem type %2$s"),
+ virDomainHostdevSubsysTypeToString(dstType),
+ virDomainHostdevSubsysTypeToString(srcType));
+ return false;
+ }
}
if (!virDomainDeviceInfoCheckABIStability(src->info, dst->info))
--
2.47.1
3 weeks, 6 days
[PATCH] util: fix off-by-1 in inhibitor constants
by Daniel P. Berrangé
The inhibitor constant values were off-by-1, so when converted into
string format, we picked the wrong names
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/util/virinhibitor.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/util/virinhibitor.h b/src/util/virinhibitor.h
index 0a1c445d41..49cf32fbeb 100644
--- a/src/util/virinhibitor.h
+++ b/src/util/virinhibitor.h
@@ -26,13 +26,13 @@ typedef struct _virInhibitor virInhibitor;
typedef enum {
VIR_INHIBITOR_WHAT_NONE = 0,
- VIR_INHIBITOR_WHAT_SLEEP = (1 << 1),
- VIR_INHIBITOR_WHAT_SHUTDOWN = (1 << 2),
- VIR_INHIBITOR_WHAT_IDLE = (1 << 3),
- VIR_INHIBITOR_WHAT_POWER_KEY = (1 << 4),
- VIR_INHIBITOR_WHAT_SUSPEND_KEY = (1 << 5),
- VIR_INHIBITOR_WHAT_HIBERNATE_KEY = (1 << 6),
- VIR_INHIBITOR_WHAT_LID_SWITCH = (1 << 7),
+ VIR_INHIBITOR_WHAT_SLEEP = (1 << 0),
+ VIR_INHIBITOR_WHAT_SHUTDOWN = (1 << 1),
+ VIR_INHIBITOR_WHAT_IDLE = (1 << 2),
+ VIR_INHIBITOR_WHAT_POWER_KEY = (1 << 3),
+ VIR_INHIBITOR_WHAT_SUSPEND_KEY = (1 << 4),
+ VIR_INHIBITOR_WHAT_HIBERNATE_KEY = (1 << 5),
+ VIR_INHIBITOR_WHAT_LID_SWITCH = (1 << 6),
} virInhibitorWhat;
typedef enum {
--
2.47.1
4 weeks
[PATCH] qemu: Add audit entries for suspend and resume
by Jim Fehlig
We recently received a request from certification auditors to provide
audit entries for suspend and resume. This small patch uses the existing
virtDomainAudit{Start,Stop} functions with new reasons "suspended" and
"resumed".
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
For suspend, I initially wrote the following
virDomainAuditStart(vm, virDomainPausedReasonTypeToString(reason), true);
but I'm not sure it makes sense in resume, where we have reasons such as
VIR_DOMAIN_CRASHED_PANICKED. For symmetry, it seemed best to go with
"suspended" and "resumed".
src/qemu/qemu_driver.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index f1a633fdd3..c670bb681e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1682,6 +1682,7 @@ static int qemuDomainSuspend(virDomainPtr dom)
goto endjob;
}
qemuDomainSaveStatus(vm);
+ virDomainAuditStart(vm, "suspended", true);
ret = 0;
endjob:
@@ -1738,6 +1739,7 @@ static int qemuDomainResume(virDomainPtr dom)
}
}
qemuDomainSaveStatus(vm);
+ virDomainAuditStop(vm, "resumed");
ret = 0;
endjob:
--
2.43.0
4 weeks
[PATCH v2 0/4] fix AppArmor policy restore for runtime rules
by Georgia Garcia
Some rules are generated dynamically during boot and added to the
AppArmor policy. An example of that is macvtap devices that call the
AppArmorSetFDLabel hook to add a rule for the tap device path.
Since this information is dynamic, it is not available in the xml
config, therefore whenever a "Restore" hook is called, the entire
profile is regenerated by virt-aa-helper based only the information
from the VM definition, so the dynamic/runtime information is lost.
This patchset fixes that by storing these rules in a different file
called libvirt-uuid.runtime_files, which is included by
libvirt-uuid.files that already exists. It also includes other fixes
like memory leaks, adoption of the GLib API in the apparmor files and
a fix on the AppArmor policy that incorrectly applies apparmor policy
syntax.
Georgia Garcia (4):
security_apparmor: fix memleaks in AppArmorSetFDLabel
security: replace uses of label and VIR_FREE by g_autofree
apparmor: fix UUID specification
virt-aa-helper: store dynamically generated rules
.../usr.lib.libvirt.virt-aa-helper.in | 5 +-
src/security/apparmor/usr.sbin.libvirtd.in | 7 +-
src/security/security_apparmor.c | 83 +++++-----
src/security/virt-aa-helper.c | 145 +++++++++---------
4 files changed, 120 insertions(+), 120 deletions(-)
--
2.34.1
4 weeks
[PATCH] meson: remove unneeded dependency on libdevmapper for
storage_disk
by Stefan Hellermann
In commit dfa0e11 the last direct usage of devmapper for storage_disk was
removed. There is one stale include remaining, which is unused even longer
since df1011ca. Remove the include and change meson.build so we can use
storage_disk without devmapper.
I'm running it right now with a stripped-down config on a small arm64
router with openwrt.
Signed-off-by: Stefan Hellermann <stefan(a)the2masters.de>
---
meson.build | 4 ++--
src/storage/parthelper.c | 1 -
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
index ca1b915737..ffe91dbd46 100644
--- a/meson.build
+++ b/meson.build
@@ -1787,11 +1787,11 @@ if conf.has('WITH_LIBVIRTD')
conf.set('WITH_STORAGE_DIR', 1)
endif
- if not get_option('storage_disk').disabled() and devmapper_dep.found() and libparted_dep.found()
+ if not get_option('storage_disk').disabled() and libparted_dep.found()
use_storage = true
conf.set('WITH_STORAGE_DISK', 1)
elif get_option('storage_disk').enabled()
- error('You must install libparted and libdevmapper to compile libvirt with disk storage driver')
+ error('You must install libparted to compile libvirt with disk storage driver')
endif
if not get_option('storage_fs').disabled()
diff --git a/src/storage/parthelper.c b/src/storage/parthelper.c
index ee07ba41bb..1169ebfb64 100644
--- a/src/storage/parthelper.c
+++ b/src/storage/parthelper.c
@@ -31,7 +31,6 @@
#include <config.h>
#include <parted/parted.h>
-#include <libdevmapper.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
--
2.47.1
4 weeks
[PATCH] virtiofs: allow read only mode
by Adam Julis
Resolves: https://issues.redhat.com/browse/RHEL-72192
Signed-off-by: Adam Julis <ajulis(a)redhat.com>
---
docs/formatdomain.rst | 2 +-
src/qemu/qemu_validate.c | 11 -----
src/qemu/qemu_virtiofs.c | 3 ++
.../vhost-user-fs-readonly.x86_64-latest.args | 34 ++++++++++++++
.../vhost-user-fs-readonly.x86_64-latest.err | 1 -
.../vhost-user-fs-readonly.x86_64-latest.xml | 45 +++++++++++++++++++
.../vhost-user-fs-readonly.xml | 1 +
tests/qemuxmlconftest.c | 2 +-
8 files changed, 85 insertions(+), 14 deletions(-)
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
delete mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
create mode 100644 tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 8d787ef59a..e8e8336708 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3824,7 +3824,7 @@ A directory on the host that can be accessed directly from the guest.
:since:`Since 10.0.0`
``readonly``
Enables exporting filesystem as a readonly mount for guest, by default
- read-write access is given (currently only works for QEMU/KVM driver; not
+ read-write access is given (works for QEMU/KVM driver and :since:`Since 11.0.0`
with virtiofs).
``space_hard_limit``
Maximum space available to this guest's filesystem. :since:`Since 0.9.13`
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index aaa056379e..086c66b602 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4540,11 +4540,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
case VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS:
if (!fs->sock) {
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not yet support read-only mode"));
- return -1;
- }
if (fs->accessmode != VIR_DOMAIN_FS_ACCESSMODE_PASSTHROUGH) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs only supports passthrough accessmode"));
@@ -4557,12 +4552,6 @@ qemuValidateDomainDeviceDefFS(virDomainFSDef *fs,
}
}
- if (fs->readonly) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("virtiofs does not support read-only access"));
- return -1;
- }
-
if (fs->model != VIR_DOMAIN_FS_MODEL_DEFAULT) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("virtiofs does not support model"));
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 87226be288..dd3e0dd9fe 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -228,6 +228,9 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
fs->idmap.gidmap[i].count);
}
+ if (fs->readonly)
+ virCommandAddArg(cmd, "--readonly");
+
return g_steal_pointer(&cmd);
}
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
new file mode 100644
index 0000000000..d3c71544f8
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.args
@@ -0,0 +1,34 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/var/lib/libvirt/qemu/domain--1-guest \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
+XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
+XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=guest,debug-threads=on \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+-machine pc,usb=off,dump-guest-core=off,acpi=off \
+-accel kvm \
+-cpu qemu64 \
+-m size=14680064k \
+-overcommit mem-lock=off \
+-smp 2,sockets=2,cores=1,threads=1 \
+-object '{"qom-type":"memory-backend-file","id":"ram-node0","mem-path":"/var/lib/libvirt/qemu/ram/-1-guest/ram-node0","share":true,"size":15032385536}' \
+-numa node,nodeid=0,cpus=0-1,memdev=ram-node0 \
+-uuid 126f2720-6f8e-45ab-a886-ec9277079a67 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-boot strict=on \
+-chardev socket,id=chr-vu-fs0,path=/var/lib/libvirt/qemu/domain--1-guest/fs0-fs.sock \
+-device '{"driver":"vhost-user-fs-pci","id":"fs0","chardev":"chr-vu-fs0","queue-size":1024,"tag":"mount_tag","bus":"pci.0","addr":"0x2"}' \
+-audiodev '{"id":"audio1","driver":"none"}' \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
deleted file mode 100644
index fff45fac4b..0000000000
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: virtiofs does not yet support read-only mode
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
new file mode 100644
index 0000000000..c9c1e5c3d2
--- /dev/null
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.x86_64-latest.xml
@@ -0,0 +1,45 @@
+<domain type='kvm'>
+ <name>guest</name>
+ <uuid>126f2720-6f8e-45ab-a886-ec9277079a67</uuid>
+ <memory unit='KiB'>14680064</memory>
+ <currentMemory unit='KiB'>14680064</currentMemory>
+ <memoryBacking>
+ <source type='file'/>
+ <access mode='shared'/>
+ </memoryBacking>
+ <vcpu placement='static'>2</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <cpu mode='custom' match='exact' check='none'>
+ <model fallback='forbid'>qemu64</model>
+ <numa>
+ <cell id='0' cpus='0-1' memory='14680064' unit='KiB' memAccess='shared'/>
+ </numa>
+ </cpu>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0' model='none'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <filesystem type='mount' accessmode='passthrough'>
+ <driver type='virtiofs' queue='1024'/>
+ <binary path='/usr/libexec/virtiofsd' xattr='on'>
+ <cache mode='always'/>
+ <lock posix='off' flock='off'/>
+ </binary>
+ <source dir='/path'/>
+ <target dir='mount_tag'/>
+ <readonly/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </filesystem>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
+ <memballoon model='none'/>
+ </devices>
+</domain>
diff --git a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
index 003ed41eb3..c9c1e5c3d2 100644
--- a/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
+++ b/tests/qemuxmlconfdata/vhost-user-fs-readonly.xml
@@ -39,6 +39,7 @@
</filesystem>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
+ <audio id='1' type='none'/>
<memballoon model='none'/>
</devices>
</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 21b56dc94e..6a46bfc7a3 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2880,7 +2880,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-memory");
DO_TEST_CAPS_LATEST("vhost-user-fs-fd-openfiles");
DO_TEST_CAPS_LATEST("vhost-user-fs-hugepages");
- DO_TEST_CAPS_LATEST_PARSE_ERROR("vhost-user-fs-readonly");
+ DO_TEST_CAPS_LATEST("vhost-user-fs-readonly");
DO_TEST_CAPS_ARCH_LATEST("vhost-user-fs-ccw", "s390x");
DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("vhost-user-fs-ccw-bootindex", "s390x");
--
2.47.1
4 weeks
Plans for 11.0.0 release (freeze on Thursday 09 Jan)
by Jiri Denemark
We are getting close to 11.0.0 release of libvirt. To aim for the
release on Wednesday 15 Jan I suggest entering the freeze on Thursday
09 Jan and tagging RC2 on Monday 13 Jan.
I hope this works for everyone.
Jirka
4 weeks
