Re: [libvirt PATCH] docs: add page describing the libvirt daemons
On Thu, Mar 05, 2020 at 03:49:46PM +0100, Andrea Bolognani wrote:
On Mon, 2020-02-24 at 18:20 +0000, Daniel P. Berrangé wrote:
> Now that we have more than just the libvirtd daemon, we should be
> explaining to users what they are all for & important aspects of their
> configuration.
>
> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
> ---
> docs/daemons.rst | 682 ++++++++++++++++++++++++++++++++++++++++++++++
> docs/docs.html.in | 3 +
> 2 files changed, 685 insertions(+)
> create mode 100644 docs/daemons.rst
I've spotted a few minor issues and I've fixed them, along with the
ones that Erik had already pointed out, in the attached patch. Please
squash it in before pushing.
There's no patch attached.
Everything else looks good, so
Reviewed-by: Andrea Bolognani <abologna(a)redhat.com>
I've enabled split-daemon mode on my laptop and it seems to work
quite seamlessly; however, I had to put SELinux into Permissive mode
because I was getting
audit[470365]: AVC avc: denied { search } for
pid=470365 comm="virtlogd" name="470092" dev="proc"
ino=1314622
scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0
tclass=dir permissive=0
There is an RFE open with SELinux maintainers to apply labelling to
the new daemons.
They all currently run unconfined_service_t.
We requested to make them use virtd_t to have parity with libvirtd
policy.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|