[libvirt PATCH] tools: virsh: metadata: do not report error on missing metadata
by Ján Tomko
Similarly to `desc` and `net-desc`, return an empty string if
there is no metadata to be returned.
https://issues.redhat.com/browse/RHEL-27172
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
tools/virsh-domain.c | 10 ++++++++--
tools/virsh-network.c | 10 ++++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index f3da2f903f..e104aa909a 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -8480,8 +8480,14 @@ cmdMetadata(vshControl *ctl, const vshCmd *cmd)
g_autofree char *data = NULL;
/* get */
if (!(data = virDomainGetMetadata(dom, VIR_DOMAIN_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_DOMAIN_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
diff --git a/tools/virsh-network.c b/tools/virsh-network.c
index 6fcc7fd8ee..bcdb76ae36 100644
--- a/tools/virsh-network.c
+++ b/tools/virsh-network.c
@@ -604,8 +604,14 @@ cmdNetworkMetadata(vshControl *ctl, const vshCmd *cmd)
/* get */
if (!(data = virNetworkGetMetadata(net, VIR_NETWORK_METADATA_ELEMENT,
- uri, flags)))
- return false;
+ uri, flags))) {
+ if (virGetLastErrorCode() == VIR_ERR_NO_NETWORK_METADATA) {
+ virResetLastError();
+ data = g_strdup("");
+ } else {
+ return false;
+ }
+ }
vshPrint(ctl, "%s\n", data);
}
--
2.48.1
1 month
[PATCH 0/4] Allow xml-configured coredump format on VM crash
by Nikolai Barybin
When libvirt processes VM crash event it always dumps core in raw
format.
This series makes it possible to configure dump format via domain xml.
This would be especcialy helpful for Windows guests, because it requires
a lot effort to convert raw dump into wingdb.
Nikolai Barybin (4):
conf: schemas: add coredump_format element to events section
src: conf: add parsing/formatting for 'coredump_format' value
qemu: use configurable dump format in doCoreDumpToAutoDumpPath()
docs: formatdomain: document 'coredump_format' element
docs/formatdomain.rst | 9 +++++
src/conf/domain_conf.c | 64 +++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 2 +
src/conf/schemas/domaincommon.rng | 19 +++++++++
src/libvirt_private.syms | 2 +
src/qemu/qemu_driver.c | 2 +-
6 files changed, 97 insertions(+), 1 deletion(-)
--
2.43.5
1 month
[PATCH rfcv4 00/13] LIBVIRT: X86: TDX support
by Zhenzhong Duan
Hi,
This series brings libvirt the x86 TDX support.
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from
the virtual-machine manager (VMM)/hypervisor and any other software on
the platform.
To support TDX, multiple software components, not only KVM but also QEMU,
guest Linux and virtual bios, need to be updated. For more details, please
check link[1].
This patchset is another software component to extend libvirt to support TDX,
with which one can start a TDX guest from high level rather than running qemu
directly.
* Misc
As QEMU use a software emulated way to reset guest which isn't supported by TDX
guest for security reason. We simulate reboot for TDX guest by kill and create a
new one in FakeReboot framework.
Complete code can be found at [2], matching qemu code can be found at [3].
There is a 'debug' property for tdx-guest object which isn't in matching qemu[3]
yet. I keep them intentionally as they will be implemented in qemu as extention
series of [3].
* Test
start/stop/reboot with virsh
stop/reboot trigger in guest
stop with on_poweroff=destroy/restart
reboot with on_reboot=destroy/restart
* Patch organization
- patch 1-4: Support query of TDX capabilities.
- patch 5-8: Add TDX type to launchsecurity framework.
- patch 9-11: Add reboot support to TDX guest
- patch 12-13: Add test and docs
TODO:
- update QEMU capabilities data in tests, depending on qemu TDX merged beforehand
- add reconnect logic in virsh command
[1] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com
[2] https://github.com/intel/libvirt-tdx/commits/tdx_for_upstream_rfcv4
[3] https://github.com/intel/qemu-tdx/tree/tdx-qemu-upstream-v5
Thanks
Zhenzhong
Changelog:
rfcv4:
- add a check to tools/virt-host-validate-qemu.c (Daniel)
- remove check of q35 (Daniel)
- model 'SocktetAddress' QAPI in xml schema (Daniel)
- s/Quote-Generation-Service/quoteGenerationService/ (Daniel)
- define bits in tdx->policy and add validating logic (Daniel)
- presume QEMU choose split kernel irqchip for TDX guest by default (Daniel)
- utilize existing FakeReboot framework to do reboot for TDX guest (Daniel)
- drop patch11 'conf: Add support to keep same domid for hard reboot' (Daniel)
- add test in tests/ to validate parsing and formatting logic (Daniel)
- add doc in docs/formatdomain.rst (Daniel)
- add R-B
rfcv3:
- Change to generate qemu cmdline with -bios
- drop firmware auto match as -bios is used
- add a hard reboot method to reboot TDX guest
rfcv3: https://www.mail-archive.com/devel@lists.libvirt.org/msg00385.html
rfcv2:
- give up using qmp cmd and check TDX directly on host for TDX capabilities.
- use launchsecurity framework to support TDX
- use <os>.<loader> for general loader
- add auto firmware match feature for TDX
A example TDVF fimware description file 70-edk2-x86_64-tdx.json:
{
"description": "UEFI firmware for x86_64, supporting Intel TDX",
"interface-types": [
"uefi"
],
"mapping": {
"device": "generic",
"filename": "/usr/share/OVMF/OVMF_CODE-tdx.fd"
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"intel-tdx",
"verbose-dynamic"
],
"tags": [
]
}
rfcv2: https://www.mail-archive.com/libvir-list@redhat.com/msg219378.html
Zhenzhong Duan (13):
tools: Secure guest check for Intel in virt-host-validate
qemu: Check if INTEL Trust Domain Extention support is enabled
qemu: Add TDX capability
conf: expose TDX feature in domain capabilities
conf: add tdx as launch security type
qemu: Add command line and validation for TDX type
qemu: force special parameters enabled for TDX guest
Add Intel TDX Quote Generation Service(QGS) support
qemu: add FakeReboot support for TDX guest
qemu: Support reboot command in guest
qemu: Avoid duplicate FakeReboot for secure guest
Add test cases for Intel TDX
docs: domain: Add documentation for Intel TDX guest
docs/formatdomain.rst | 68 ++++
docs/formatdomaincaps.rst | 1 +
src/conf/domain_capabilities.c | 1 +
src/conf/domain_capabilities.h | 1 +
src/conf/domain_conf.c | 312 ++++++++++++++++++
src/conf/domain_conf.h | 75 +++++
src/conf/schemas/domaincaps.rng | 9 +
src/conf/schemas/domaincommon.rng | 135 ++++++++
src/conf/virconftypes.h | 2 +
src/qemu/qemu_capabilities.c | 36 +-
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 139 ++++++++
src/qemu/qemu_firmware.c | 1 +
src/qemu/qemu_monitor.c | 28 +-
src/qemu/qemu_monitor.h | 2 +-
src/qemu/qemu_monitor_json.c | 6 +-
src/qemu/qemu_namespace.c | 1 +
src/qemu/qemu_process.c | 75 +++++
src/qemu/qemu_validate.c | 44 +++
...unch-security-tdx-qgs-fd.x86_64-latest.xml | 77 +++++
.../launch-security-tdx-qgs-fd.xml | 30 ++
...ch-security-tdx-qgs-inet.x86_64-latest.xml | 77 +++++
.../launch-security-tdx-qgs-inet.xml | 30 ++
...ch-security-tdx-qgs-unix.x86_64-latest.xml | 77 +++++
.../launch-security-tdx-qgs-unix.xml | 30 ++
...h-security-tdx-qgs-vsock.x86_64-latest.xml | 77 +++++
.../launch-security-tdx-qgs-vsock.xml | 30 ++
tests/qemuxmlconftest.c | 24 ++
tools/virt-host-validate-common.c | 22 +-
tools/virt-host-validate-common.h | 1 +
30 files changed, 1407 insertions(+), 5 deletions(-)
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-fd.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-inet.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-unix.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.x86_64-latest.xml
create mode 100644 tests/qemuxmlconfdata/launch-security-tdx-qgs-vsock.xml
--
2.34.1
1 month
[PATCH] virt-aa-helper: delete dynamic files
by Alessandro
We attempted multiple ways to clean up dynamic files; however, we must
preserve user overrides, which requires keeping the file
/etc/apparmor.d/libvirt/libvirt-uuid
This commit proposes to move user overrides into
/etc/apparmor.d/libvirt/libvirt-uuid.local and include it, if present,
unconditionally. When we stop the domain, we remove libvirt.uuid and
libvirt-uuid.files, whereas we preserve libvirt-uuid.local if present.
Applying the patch, it produces the following:
root@virt-hv-lab002:/etc/apparmor.d/libvirt# ls -1 libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033*
libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033
libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files
root@virt-hv-lab002:/etc/apparmor.d/libvirt# cat libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033
profile libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033 flags=(attach_disconnected) {
#include <abstractions/libvirt-qemu>
#include if exists <libvirt/libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files>
#include if exists <libvirt/libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.local>
}
root@virt-hv-lab002:/etc/apparmor.d/libvirt# cat libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files
"/var/log/libvirt/**/testing-9a4be628.log" w,
"/var/lib/libvirt/qemu/domain-testing-9a4be628/monitor.sock" rw,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/*" rw,
"/var/run/libvirt/**/testing-9a4be628.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.testing-9a4be628" rw,
"/var/lib/libvirt/images/testing-9a4be628.qcow2" rwk,
"/var/lib/libvirt/images/noble-server-cloudimg-amd64.img" rk,
# don't audit writes to readonly files
deny "/var/lib/libvirt/images/noble-server-cloudimg-amd64.img" w,
"/var/lib/libvirt/images/testing-9a4be628-ds.qcow2" rwk,
"/usr/share/OVMF/OVMF_CODE_4M.fd" rk,
# don't audit writes to readonly files
deny "/usr/share/OVMF/OVMF_CODE_4M.fd" w,
"/var/lib/libvirt/qemu/nvram/testing-9a4be628_VARS.fd" rwk,
"/dev/vhost-net" rw,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/{,**}" rwk,
"/run/libvirt/qemu/channel/4-testing-9a4be628/{,**}" rwk,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/master-key.aes" rwk,
"/dev/net/tun" rwk,
"/dev/userfaultfd" rwk,
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/451
Signed-off-by: Alessandro <alessandro(a)0x65c.net>
---
src/security/virt-aa-helper.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 034c042..6a1fb85 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1495,8 +1495,10 @@ main(int argc, char **argv)
rc = parserLoad(ctl->uuid);
} else if (ctl->cmd == 'R' || ctl->cmd == 'D') {
rc = parserRemove(ctl->uuid);
- if (ctl->cmd == 'D')
+ if (ctl->cmd == 'D') {
unlink(include_file);
+ unlink(profile);
+ }
} else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
g_autofree char *included_files = NULL;
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
@@ -1561,12 +1563,18 @@ main(int argc, char **argv)
/* create the profile from TEMPLATE */
if (ctl->cmd == 'c' || purged) {
g_autofree char *tmp = NULL;
+ g_autofree char *tmp_local = NULL;
+ char *new_tmp = NULL;
#if defined(WITH_APPARMOR_3)
const char *ifexists = "if exists ";
#else
const char *ifexists = "";
#endif
tmp = g_strdup_printf(" #include %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
+ tmp_local = g_strdup_printf(" #include %s<libvirt/%s.local>\n", ifexists, ctl->uuid);
+ new_tmp = g_strconcat(tmp, tmp_local, NULL);
+ g_free(tmp);
+ tmp = g_steal_pointer(&new_tmp);
if (ctl->dryrun) {
vah_info(profile);
--
2.49.0
1 month, 1 week
[PATCH 0/8] Support FD passing for the NBD server socket used for backup
by Peter Krempa
See 6/8 for justification.
Peter Krempa (8):
virDomainStorageNetworkParseHost: Remove unpopulated 'transport'
variable
virDomainStorageNetworkParseHost: Refactor cleanup
conf: Introduce VIR_STORAGE_NET_HOST_TRANS_FD
virStorageNetHostDefClear: Move into virStorageNetHostDefFree
qemu: monitor: Support FD passing of sockets to
'qemuMonitorJSONNBDServerStart'
backup: Add support for passing server socket file descriptor to
backup NBD server
tests: domainbackupxml2xml: Add test case for pull-mode backup with
NBD transport='fd'
qemu: monitor: Improve field annotations in QEMU_CHECK_MONITOR
docs/formatbackup.rst | 21 +++++
src/conf/backup_conf.c | 3 +-
src/conf/domain_conf.c | 93 ++++++++++++-------
src/conf/domain_conf.h | 3 +-
src/conf/schemas/domainbackup.rng | 6 ++
src/conf/storage_source_conf.c | 20 ++--
src/conf/storage_source_conf.h | 7 +-
src/libvirt_private.syms | 1 -
src/qemu/qemu_backup.c | 28 ++++++
src/qemu/qemu_block.c | 1 +
src/qemu/qemu_monitor.c | 2 +-
src/qemu/qemu_monitor_json.c | 21 +++++
.../storage_file_backend_gluster.c | 1 +
.../domainbackupxml2xmlin/backup-pull-fd.xml | 22 +++++
.../domainbackupxml2xmlout/backup-pull-fd.xml | 23 +++++
tests/genericxml2xmltest.c | 1 +
16 files changed, 198 insertions(+), 55 deletions(-)
create mode 100644 tests/domainbackupxml2xmlin/backup-pull-fd.xml
create mode 100644 tests/domainbackupxml2xmlout/backup-pull-fd.xml
--
2.49.0
1 month, 1 week
[PATCH] virt-aa-helper: delete dynamic files
by Alessandro
We attempted multiple ways to clean up dynamic files; however, we must
preserve user overrides, which requires keeping the file
/etc/apparmor.d/libvirt/libvirt-uuid
This commit proposes to move user overrides into
/etc/apparmor.d/libvirt/libvirt-uuid.local and include it, if present,
unconditionally. When we stop the domain, we remove libvirt.uuid and
libvirt-uuid.files, whereas we preserve libvirt-uuid.local if present.
Applying the patch, it produces the following:
root@virt-hv-lab002:/etc/apparmor.d/libvirt# ls -1 libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033*
libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033
libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files
root@virt-hv-lab002:/etc/apparmor.d/libvirt# cat libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033
profile libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033 flags=(attach_disconnected) {
#include <abstractions/libvirt-qemu>
#include if exists <libvirt/libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files>
#include if exists <libvirt/libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.local>
}
root@virt-hv-lab002:/etc/apparmor.d/libvirt# cat libvirt-e7424556-ffc1-4f6e-bafa-84e66c4dc033.files
"/var/log/libvirt/**/testing-9a4be628.log" w,
"/var/lib/libvirt/qemu/domain-testing-9a4be628/monitor.sock" rw,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/*" rw,
"/var/run/libvirt/**/testing-9a4be628.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.testing-9a4be628" rw,
"/var/lib/libvirt/images/testing-9a4be628.qcow2" rwk,
"/var/lib/libvirt/images/noble-server-cloudimg-amd64.img" rk,
# don't audit writes to readonly files
deny "/var/lib/libvirt/images/noble-server-cloudimg-amd64.img" w,
"/var/lib/libvirt/images/testing-9a4be628-ds.qcow2" rwk,
"/usr/share/OVMF/OVMF_CODE_4M.fd" rk,
# don't audit writes to readonly files
deny "/usr/share/OVMF/OVMF_CODE_4M.fd" w,
"/var/lib/libvirt/qemu/nvram/testing-9a4be628_VARS.fd" rwk,
"/dev/vhost-net" rw,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/{,**}" rwk,
"/run/libvirt/qemu/channel/4-testing-9a4be628/{,**}" rwk,
"/var/lib/libvirt/qemu/domain-4-testing-9a4be628/master-key.aes" rwk,
"/dev/net/tun" rwk,
"/dev/userfaultfd" rwk,
Fixes: https://gitlab.com/libvirt/libvirt/-/issues/451
Signed-off-by: Alessandro <alessandro(a)0x65c.net>
---
src/security/virt-aa-helper.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 034c042..8f044a1 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1495,8 +1495,10 @@ main(int argc, char **argv)
rc = parserLoad(ctl->uuid);
} else if (ctl->cmd == 'R' || ctl->cmd == 'D') {
rc = parserRemove(ctl->uuid);
- if (ctl->cmd == 'D')
+ if (ctl->cmd == 'D'){
unlink(include_file);
+ unlink(profile);
+ }
} else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
g_autofree char *included_files = NULL;
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
@@ -1561,12 +1563,15 @@ main(int argc, char **argv)
/* create the profile from TEMPLATE */
if (ctl->cmd == 'c' || purged) {
g_autofree char *tmp = NULL;
+ g_autofree char *tmp_local = NULL:
#if defined(WITH_APPARMOR_3)
const char *ifexists = "if exists ";
#else
const char *ifexists = "";
#endif
tmp = g_strdup_printf(" #include %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
+ tmp_local = g_strdup_printf(" #include %s<libvirt/%s.local>\n", ifexists, ctl->uuid);
+ tmp = g_strconcat(tmp,tmp_local, NULL);
if (ctl->dryrun) {
vah_info(profile);
--
2.49.0
1 month, 1 week
[PATCH 0/4] ch: timeout fix (GitLab issue #743)
by Kirill Shchetiniuk
This patch series is supposed to fix the following reported issue on GitLab:
virtchd times out even with an active guest running
https://gitlab.com/libvirt/libvirt/-/issues/743
During further investigation, we found that there are in fact two bugs:
1. The CH driver does not store any domains' XMLs onto disk, and as a result it
does not have any information about running domains when it restarts.
Previously, the CH driver did not save any XMLs onto the disk, neither transient nor
persistent definitions. To address this issue, add transient domain XML saving when
a new domain is defined, as well as saving transient domain XML when a domain starts, to
enable reconnecting to running domains when the driver restarts. Now all persistent
and transient definitions are stored onto the disk. Also add running domain
reconnection helper functions to restore the connection between the driver and running
VMM when the driver restarts, to be able to continue work with running domains.
2. Timeout should not be active while a client is connected or there is a running
domain.
The second bug led to a situation where the CH driver timed out (e.g., --timeout 60)
even when some domains were still running. Previously, only an active virsh session
prevented the driver from timing out. To address this issue, an inhibitor for the CH
driver has been added to prevent the timeout. The inhibitor now stores the count of
running domains and prevents the timeout if the count is above zero.
NOTE: This series patch series is depend on followin patch series:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/O3...
Kirill Shchetiniuk (4):
ch: add persistent definition save and load
ch: add transient definition save and load
ch: add reconnection to running domains
ch: fix timeout while domain is still running
src/ch/ch_conf.c | 10 ++-
src/ch/ch_conf.h | 6 ++
src/ch/ch_domain.c | 15 +++++
src/ch/ch_domain.h | 3 +
src/ch/ch_driver.c | 49 ++++++++++++++-
src/ch/ch_monitor.c | 65 ++++++++++++++++++++
src/ch/ch_monitor.h | 2 +
src/ch/ch_process.c | 147 ++++++++++++++++++++++++++++++++++++++++++++
src/ch/ch_process.h | 2 +
9 files changed, 293 insertions(+), 6 deletions(-)
--
2.48.1
1 month, 1 week
[PATCH v2 0/5] apparmor: assume at least version 3
by Daniel P. Berrangé
In v2:
- Do upfront check for apparmor >= 3.0.0
- Add further revert commit
Daniel P. Berrangé (5):
meson: mandate apparmor >= 3.0.0
apparmor: assume at least apparmor >= 3
Revert "apparmor: Allow version-specific bits in abstractions too"
Revert "apparmor: Allow version-specific bits in profiles"
meson: drop remaining checks for apparmor version
meson.build | 7 +-
.../apparmor/{libvirt-lxc.in => libvirt-lxc} | 2 -
.../{libvirt-qemu.in => libvirt-qemu} | 4 --
src/security/apparmor/meson.build | 64 ++-----------------
.../usr.lib.libvirt.virt-aa-helper.in | 5 --
src/security/apparmor/usr.sbin.libvirtd.in | 2 -
src/security/apparmor/usr.sbin.virtqemud.in | 2 -
src/security/apparmor/usr.sbin.virtxend.in | 2 -
src/security/virt-aa-helper.c | 9 +--
9 files changed, 10 insertions(+), 87 deletions(-)
rename src/security/apparmor/{libvirt-lxc.in => libvirt-lxc} (99%)
rename src/security/apparmor/{libvirt-qemu.in => libvirt-qemu} (99%)
--
2.48.1
1 month, 1 week
[PATCH 0/3] apparmor: assume at least version 3
by Daniel P. Berrangé
Daniel P. Berrangé (3):
apparmor: assume at least apparmor >= 3
Revert "apparmor: Allow version-specific bits in profiles"
meson: drop remaining checks for apparmor version
meson.build | 3 --
src/security/apparmor/libvirt-lxc.in | 2 -
src/security/apparmor/libvirt-qemu.in | 4 --
src/security/apparmor/meson.build | 45 +------------------
.../usr.lib.libvirt.virt-aa-helper.in | 5 ---
src/security/apparmor/usr.sbin.libvirtd.in | 2 -
src/security/apparmor/usr.sbin.virtqemud.in | 2 -
src/security/apparmor/usr.sbin.virtxend.in | 2 -
src/security/virt-aa-helper.c | 9 +---
9 files changed, 3 insertions(+), 71 deletions(-)
--
2.48.1
1 month, 1 week
