On 6/15/21 2:42 AM, Daniel P. Berrangé wrote:
On Mon, Jun 14, 2021 at 05:22:22PM -0600, Jim Fehlig wrote:
> On 6/10/21 7:43 AM, Daniel P. Berrangé wrote:
>> This series first improves driver probing when using modular daemons.
>>
>> Currently when URI is NULL, we connect to virtproxyd and it looks
>> at which UNIX sockets exist and what binaries exist, to decide which
>> modular hypervisor daemon to connect to.
>>
>> This means the common case results in all traffic going via virtproxyd.
>> Moving the logic out of virtproxyd into the remote client means we can
>> avoid using virtproxyd by default.
>>
>> With this, we can now switch to the modular daemons by default. The
>> latter change primarily impacts how autostart works
>>
>> When running as root we simply connect to whatever UNIX socket exists
>> and rely on systemd to autostart if needed. Whether the UNIX sockets
>> are for the modular daemon or libvirt doesn't matter - we'll look for
>> both. Defaults are dependent on the distros' systemd presets. I intend
>> to get Fedora / RHEL-9 presets changed to use the modular daemons.
>
> I'll need to do the same for the SUSE presets, along with adjusting zypper
> patterns that include libvirtd, and other downstream tweaks. Additional
> testing may uncover other issues I haven't considered. I don't _think_
> apparmor will prevent things from working since there are no profiles for
> the modular daemons. But yes, I'll need to work on some profiles :-).
FWIW, with SELinux we have just copied the existing libvirtd profile
to the modular daemons. That is not optimal of course, but it is as
least no worse than current system. Over time we can refine the profile
to be more strict.
I started with the approach of copying the libvirtd profile to
virt{lxc,qemu,xen}d and removing the obvious stuff from each
https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html
The xen one in particular can be further reduced. I'm working on that and
addressing other comments for V2.
Also note if you're not ready to switch SUSE, you can just pass
the
-Dremote_default_mode=legacy option to meson, which will retain
current behaviour when autostarting.
Nod. I'll make the change after gaining more confidence at the packaging level,
e.g. upgrades, etc.
BTW, I've been testing the apparmor work on top of this series and haven't
noticed any problems beyond the s/libxl/xen/ issue you already fixed. I didn't
review the changes thoroughly but can certainly give a
Tested-by: Jim Fehlig <jfehlig(a)suse.com>
Regards,
Jim