[libvirt] [PATCH] qemu: turn on virtlockd by default
The virtlockd daemon has existed for years now, but we have never
turned it on by default, requiring explicit user opt-in. This leaves
users unprotected against accidents out of the box.
By turning it on by default, users will at least be protected for
mistakes involving local files, and files on shared filesystems
that support fcntl() (eg NFS).
In turning it on the various services files are updated to have
the same dependancies for virtlockd as we have for virtlogd
now, since turning the latter on exposed some gaps.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
daemon/libvirtd.service.in | 1 +
src/locking/virtlockd.service.in | 1 +
src/locking/virtlockd.socket.in | 1 +
src/qemu/qemu.conf | 2 +-
src/qemu/qemu_conf.c | 3 +++
5 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index bbf27da..c72dde5 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -6,6 +6,7 @@
[Unit]
Description=Virtualization daemon
Requires=virtlogd.socket
+Requires=virtlockd.socket
Before=libvirt-guests.service
After=network.target
After=dbus.service
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 57089b0..69b568f 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,6 +1,7 @@
[Unit]
Description=Virtual machine lock manager
Requires=virtlockd.socket
+Before=libvirtd.service
Documentation=man:virtlockd(8)
Documentation=http://libvirt.org
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index 9808bbb..45e0f20 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -1,5 +1,6 @@
[Unit]
Description=Virtual machine lock manager socket
+Before=libvirtd.service
[Socket]
ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index a8cd369..3239f7b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -535,7 +535,7 @@
# share one writable disk, libvirt offers two approaches for
# locking files. The first one is sanlock, the other one,
# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# are "sanlock", "lockd", "nop". The default is
"lockd".
#
#lock_manager = "lockd"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 6613d59..d4c6cdc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -314,6 +314,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
cfg->glusterDebugLevel = 4;
cfg->stdioLogD = true;
+ if (VIR_STRDUP(cfg->lockManagerName, "lockd") < 0)
+ goto error;
+
if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
goto error;
--
2.9.3