On Wed, 2017-11-01 at 16:19 -0400, John Ferlan wrote:
+ </summary> + <description> + This new API, also exposed through the + <code>set-lifecycle-action</code> <code>virsh</code> command, allows + the user to dynamically control how the guest will react to being + powered off, being restarted or crashing.
This one reads strangely to me... As a suggestion
Provided a new API to allow dynamic guest lifecycle control for guest reactions to poweroff, restart, or crash type events related to the domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and <code>on_crash</code> elements. The <code>virsh set-lifecycle-action<code> command was created to control the actions.
You forgot to close the <code> element here ;)
+ constraints that log have to be bigger than 100 KiB before they can + be rotated solves the issue.
s/issue.$/issue. However, this may increase the number of files until they are automatically rotated.
I don't think that's true: the same number of log files will be created, it's just that now more files will be rotated. So I left out that part.
(Personally, not quite sure how that rotation actually occurs).
Not sure myself. I think the logrotate profile is installed along with libvirt, but you have to enable it explicitly for rotation to actually occur?
+ <change> + <summary> + qemu: Ensure TLS clients always verify the server certificate + </summary> + <description> + While it's reasonable to turn off client certificate validation, + as setting it up can be non-trivial, clients should always verify + the server certificate to avoid MITM attacks. libvirt was, however, + using the same knob to control both checks, leading to + CVE-2017-1000256 / LSN-2017-0002. + </description> + </change>
As suggested by Peter, I've moved this to a separate "Security" section, and pushed the whole thing. Thanks for the review and all the improvements :) -- Andrea Bolognani / Red Hat / Virtualization