On Thu, May 03, 2018 at 10:50:20PM +0300, Michael S. Tsirkin wrote:
> When pulling in headers that are in the same directory as C file (as
> opposed to one in include/), we should use its relative path, without a
> directory. Directory based path works more or less by accident.
This commit
On Wed, May 09, 2018 at 06:55:21PM +0200, Max Reitz wrote:
> Currently, you can give no encryption format for a qcow2 file while
> still passing a key-secret. That does not conform to the schema, so
> this patch changes the schema to allow it.
>
> Signed-off-by: Max Reitz
>
On Thu, May 10, 2018 at 09:24:24AM -0500, Eric Blake wrote:
> On 05/09/2018 11:55 AM, Max Reitz wrote:
> > Currently, you can give no encryption format for a qcow file while still
> > passing a key-secret. That does not conform to the schema, so this
> > patch changes the schema to allow it.
> >
On Mon, May 21, 2018 at 03:29:28PM -0300, Eduardo Habkost wrote:
> On Sat, May 19, 2018 at 08:05:06AM +0200, Markus Armbruster wrote:
> > Eduardo Habkost writes:
> >
> > [...]
> > > About being more expressive than just a single list of key,value
> > > pairs, I don't see any
On Fri, May 18, 2018 at 02:41:33PM -0300, Eduardo Habkost wrote:
> On Fri, May 18, 2018 at 06:09:56PM +0100, Daniel P. Berrangé wrote:
> > On Fri, May 18, 2018 at 06:30:38PM +0300, Michael S. Tsirkin wrote:
> > > Hi!
> > > Right now, QEMU supports multiple machine
On Fri, May 18, 2018 at 06:30:38PM +0300, Michael S. Tsirkin wrote:
> Hi!
> Right now, QEMU supports multiple machine types within
> a given architecture. This was the case for many architectures
> (like ARM) for a while, somewhat more recently this is the case
> for x86 with I440FX and Q35
On Wed, Jun 06, 2018 at 03:45:10PM +0200, Michal Suchánek wrote:
>
> I think that *if* we want an 'appliance' format that stores a whole VM
> in a single file to ease VM distribution then the logical place to look
> in qemu is qcow. The reason have been explained at length.
I rather disagree.
---
> qapi/block-core.json | 44
> block/qcow2.c| 3 +++
> 2 files changed, 43 insertions(+), 4 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/p
changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-http
reasonably fast.
>
> Signed-off-by: Max Reitz
> ---
> tests/qemu-iotests/087 | 65 +++---
> tests/qemu-iotests/087.out | 26 ++-
> 2 files changed, 64 insertions(+), 27 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
D
On Thu, Jun 07, 2018 at 09:50:41AM +0200, Thomas Huth wrote:
> On 07.06.2018 08:57, Markus Armbruster wrote:
> > Thomas Huth writes:
> >
> >> On 05.06.2018 00:40, Eric Blake wrote:
> >>> On 06/04/2018 05:34 AM, Thomas Huth wrote:
> On 04.06.2018 09:18, Markus Armbruster wrote:
> > Roman
On Thu, Jun 07, 2018 at 01:17:24PM +0200, Andrea Bolognani wrote:
> On Thu, 2018-06-07 at 11:22 +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> > > While hints might be considered a reasonable fit for qcow2, I think
>
On Thu, Jun 07, 2018 at 03:20:24PM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé writes:
>
> > On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> >> When hot-plugging a block device fails due to image locking errors,
> >> users won't see the hel
On Fri, Jun 08, 2018 at 09:21:30AM +0100, Dr. David Alan Gilbert wrote:
> * Laszlo Ersek (ler...@redhat.com) wrote:
> > On 06/07/18 12:54, Andrea Bolognani wrote:
> > > On Thu, 2018-06-07 at 11:36 +0100, Daniel P. Berrangé wrote:
> > >> On Thu, Jun 07, 2018 at 11:32:
On Thu, Jun 14, 2018 at 10:40:58AM +0200, Kevin Wolf wrote:
> Am 13.06.2018 um 17:23 hat Markus Armbruster geschrieben:
> > Kevin Wolf writes:
> >
> > > Am 12.06.2018 um 14:58 hat Markus Armbruster geschrieben:
> > >> When you mix scalar and non-scalar keys, whether you get an "already
> > >>
On Fri, Jun 15, 2018 at 06:54:23PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > From: "Daniel P. Berrange"
> >
> > The QEMU instance that runs as the server for the migration data
> > transport (ie the targe
On Tue, Jun 12, 2018 at 02:58:21PM +0200, Markus Armbruster wrote:
> Legacy -drive supports "password-secret" parameter that isn't
> available with -blockdev / blockdev-add. That's because we backed out
> our first try to provide it there due to interface design doubts, in
> commit 577d8c9a811,
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP
The various ACL related commands are obsolete now that the QAuthZ
framework for authorization is fully integrated throughout QEMU network
services. Mark it as deprecated with no replacement to be provided.
Signed-off-by: Daniel P. Berrangé
---
monitor.c | 23 +++
qemu
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute':
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a
specific clients, which avoids the need to setup
restricted child certificate authorities.
In VNC it also allows whitelisting based on SASL user names.
Based-on: <20180615154203.11347-1-berra...@redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd:
On Tue, Jun 19, 2018 at 03:10:12PM -0500, Eric Blake wrote:
> On 06/15/2018 10:50 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > As with the previous patch to qemu-nbd, the nbd-server-start QMP command
> > also needs to be able to sp
On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> When hot-plugging a block device fails due to image locking errors,
> users won't see the helpful 'Is another process using the image?'
> message in QMP because currently the error hint is not carried over
> there.
>
> Even though
On Fri, Jun 01, 2018 at 09:33:59PM +0800, Fam Zheng wrote:
> On Fri, 06/01 13:43, Daniel P. Berrangé wrote:
> > On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> > > When hot-plugging a block device fails due to image locking errors,
> > > users won't see the
On Wed, Jun 06, 2018 at 10:36:20AM -0500, Eric Blake wrote:
> On 06/06/2018 10:05 AM, Dr. David Alan Gilbert wrote:
>
> > > If that's the issue, add a UUID to qcow2 files and reference it from the
> > > config file.
> >
> > Is a UUID a small string :-)
>
> Even better, it's something that you
On Wed, Jun 06, 2018 at 11:14:32AM -0300, Eduardo Habkost wrote:
> On Wed, Jun 06, 2018 at 02:50:10PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Jun 06, 2018 at 03:45:10PM +0200, Michal Suchánek wrote:
> > >
> > > I think that *if* we want an 'appliance' fo
On Wed, Jun 06, 2018 at 03:31:35PM +0100, Dr. David Alan Gilbert wrote:
> > Not in this case because it'd still be a flat qcow2 file in a simple tar
> > archive.
> >
> > But you're right if we had a more complex format (like chunks stored in
> > a tar file).
>
> My only problem with using the
On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> On Wed, 2018-06-06 at 17:32 +0100, Daniel P. Berrangé wrote:
> > On Wed, Jun 06, 2018 at 10:36:20AM -0500, Eric Blake wrote:
> > > But for the new config to be useful, you have to modify at least one tool
>
On Thu, Jun 07, 2018 at 11:32:18AM +0100, Richard W.M. Jones wrote:
> On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> > Something that I haven't seen mentioned in the thread - and this
> > looks like as good a point as any to jump in - is that for q35
> > guests using EFI as
On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> diff --git a/crypto/tlssession.c b/crypto/tlssession.c
> index 96a02deb69..50df64e0a9 100644
> --- a/crypto/tlssession.c
> +++ b/crypto/tlssession.c
> @@ -21,6 +21,7 @@
> #include "qemu/osdep.h"
> #include
On Fri, Jun 29, 2018 at 06:40:29PM +0100, Richard W.M. Jones wrote:
> On Fri, Jun 29, 2018 at 06:03:43PM +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> > > diff --git a/crypto/tlssession.c b/crypto/tlssession.c
>
On Mon, Jul 02, 2018 at 06:54:41AM -0500, Eric Blake wrote:
> On 07/02/2018 02:52 AM, Daniel P. Berrangé wrote:
>
> > > > > +#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
> > > > > +#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PS
On Fri, Jun 22, 2018 at 07:54:00PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 17:40 hat Daniel P. Berrangé geschrieben:
> > On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> > > This was in fact one release longer than our deprecation policy says.
> >
On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> >
> >
> > On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > >> On 06/15/2018 04:21 PM, Kevin Wolf
On Tue, Jun 26, 2018 at 10:48:10AM +0200, Paolo Bonzini wrote:
> On 26/06/2018 10:35, Markus Armbruster wrote:
> > We also want to deprecate usb-storage, but
> > I guess we're still not ready for that (it's a complicated story).
> >
> > To deprecate -drive without also deprecating usb-storage, we
On Fri, Jun 22, 2018 at 03:31:46PM +0100, Daniel P. Berrangé wrote:
> On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> > Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> > >
> > >
> > > On 06/22/2018 02:55 PM, Kevin Wolf wrote
On Mon, Jun 25, 2018 at 10:23:03AM +0200, Thomas Huth wrote:
> On 25.06.2018 09:16, Peter Krempa wrote:
> > On Fri, Jun 22, 2018 at 14:55:02 +0200, Kevin Wolf wrote:
> >> Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>>
> >>> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> The
On Fri, Jun 22, 2018 at 03:36:50PM +0200, Christian Borntraeger wrote:
>
>
> On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>
> >> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> >>> The -drive option serial was deprecated in QEMU 2.10.
On Fri, Jun 22, 2018 at 04:19:29PM +0200, Markus Armbruster wrote:
> Kevin Wolf writes:
>
> > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>
> >> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> >> > The -drive option serial was deprecated in QEMU 2.10. It's time to
> >> > remove
On Fri, Jun 22, 2018 at 03:25:19PM +0100, Daniel P. Berrangé wrote:
> On Fri, Jun 22, 2018 at 04:19:29PM +0200, Markus Armbruster wrote:
> > Kevin Wolf writes:
> >
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > &
On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> >
> >
> > On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > >> On 06/15/2018 04:21 PM, Kevin Wolf
On Fri, Jun 15, 2018 at 04:51:02PM +0100, Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> The VNC server has historically had support for ACLs to check both the
> SASL username and the TLS x509 distinguished name. The VNC server was
> responsible for
On Tue, Jun 19, 2018 at 03:06:06PM -0500, Eric Blake wrote:
> On 06/15/2018 10:50 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The serv
ypto-tls-psk-helpers.c | 50 ++
> tests/crypto-tls-psk-helpers.h | 29
> tests/test-crypto-tlssession.c | 185 +---
> 11 files changed, 777 insertions(+), 26 deletions(-)
Signed-off-by: Daniel P. Berrangé
I'll send a pull request with it shortly
Regards,
Daniel
On Tue, Jul 03, 2018 at 01:32:29PM +0200, Kevin Wolf wrote:
> Am 03.07.2018 um 13:22 hat Daniel P. Berrangé geschrieben:
> > On Tue, Jul 03, 2018 at 12:53:44PM +0200, Christian Borntraeger wrote:
> > >
> > >
> > > On 07/02/2018 10:04 AM, Kevin Wolf wrote:
>
On Tue, Jul 03, 2018 at 12:53:44PM +0200, Christian Borntraeger wrote:
>
>
> On 07/02/2018 10:04 AM, Kevin Wolf wrote:
> > Am 25.06.2018 um 13:45 hat Peter Krempa geschrieben:
> >> On Mon, Jun 25, 2018 at 13:41:06 +0200, Kevin Wolf wrote:
> >>> Am 25.06.
ping, does any block maintainer want to queue this one ?
On Fri, Dec 08, 2017 at 01:34:16PM +, Daniel P. Berrange wrote:
> qemu-io puts the TTY into non-canonical mode, which means no EOF processing is
> done and thus getchar() will never return the EOF constant. Instead we have to
> query
On Wed, Jan 31, 2018 at 11:20:16PM +0800, Zihan Yang wrote:
> Hi, Daniel
>
> >You've added all this extra functionality to pass arbitrary
> >options, but then not used it in any of the later patches.
> >We've been trying to remove complexity from this code, so
> >I'm not in favour of adding new
On Mon, Feb 05, 2018 at 09:40:20AM -0600, Eric Blake wrote:
> On 02/05/2018 06:50 AM, Vladimir Sementsov-Ogievskiy wrote:
> > The test is about qmp interface to NBD server, so there no reasons
> > to run it for various disk formats. Also it actually do not support
> > luks format, so, disable all
On Tue, Jan 30, 2018 at 03:13:42AM +0800, Zihan Yang wrote:
> Currently, socket_connect doesn't allow custom socket options,
> which is inconvenient when the caller wants a different kind of
> socket from that the socket_connect provides. This patch allows
> custom config in socket_connect by
On Tue, Feb 06, 2018 at 08:57:38PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> 06.02.2018 20:29, Daniel P. Berrangé wrote:
> > On Tue, Feb 06, 2018 at 08:16:42PM +0300, Vladimir Sementsov-Ogievskiy
> > wrote:
> > > Support default luks options in VM.add_drive and in ne
On Tue, Feb 06, 2018 at 08:16:42PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Support default luks options in VM.add_drive and in new library
> function qemu_img_create. Use it in 205 iotests.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy
> ---
>
> instead of
>
ster", "path": "luks.qcow2", "server.0.type":
"tcp", "server.0.port": "24007", "volume": "gv0"}
Of course the root cause problem still exists, but now we know
what actually needs fixing.
Signed-off-by: Daniel P.
On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote:
> On 10/02/2018 00:07, John Snow wrote:
> >> +/* Early check to avoid creating target */
> >> +if (bdrv_op_is_blocked(bs, BLOCK_OP_TYPE_MIRROR_SOURCE, errp)) {
> >> +return;
> >> +}
> >> +
> >> aio_context =
On Mon, Feb 12, 2018 at 01:42:11PM +0100, Kevin Wolf wrote:
> Am 12.02.2018 um 11:02 hat Daniel P. Berrangé geschrieben:
> > On Mon, Feb 12, 2018 at 10:58:31AM +0100, Paolo Bonzini wrote:
> > > On 10/02/2018 00:07, John Snow wrote:
> > > >> +/* Ear
From: "Daniel P. Berrange"
qemu-io puts the TTY into non-canonical mode, which means no EOF processing is
done and thus getchar() will never return the EOF constant. Instead we have to
query the TTY attributes to determine the configured EOF character (usually
Ctrl-D / 0x4),
Re-ping.
On Thu, Jan 25, 2018 at 05:05:01PM +, Daniel P. Berrangé wrote:
> ping, does any block maintainer want to queue this one ?
>
> On Fri, Dec 08, 2017 at 01:34:16PM +, Daniel P. Berrange wrote:
> > qemu-io puts the TTY into non-canonical mode, which means no
On Tue, Feb 13, 2018 at 11:43:55AM +, Dr. David Alan Gilbert wrote:
> * Kevin Wolf (kw...@redhat.com) wrote:
> > Am 11.01.2018 um 14:04 hat Daniel P. Berrange geschrieben:
> > > On Thu, Jan 11, 2018 at 01:46:38PM +0100, Max Reitz wrote:
> > > > On 2018-01-08 14:52, Eric Blake wrote:
> > > > >
On Tue, Feb 13, 2018 at 02:20:00PM +0100, Kevin Wolf wrote:
> Am 13.02.2018 um 12:51 hat Daniel P. Berrangé geschrieben:
> > On Tue, Feb 13, 2018 at 11:43:55AM +, Dr. David Alan Gilbert wrote:
> > > * Kevin Wolf (kw...@redhat.com) wrote:
> > > > Am 11.01.2018 u
On Tue, Feb 13, 2018 at 03:43:10PM +0100, Kevin Wolf wrote:
> Am 13.02.2018 um 15:30 hat Roman Kagan geschrieben:
> > On Tue, Feb 13, 2018 at 11:50:24AM +0100, Kevin Wolf wrote:
> > > Am 11.01.2018 um 14:04 hat Daniel P. Berrange geschrieben:
> > > > Then you could just use the regular migrate QMP
On Tue, Feb 13, 2018 at 04:23:21PM +0100, Kevin Wolf wrote:
> Am 13.02.2018 um 15:58 hat Daniel P. Berrangé geschrieben:
> > On Tue, Feb 13, 2018 at 03:43:10PM +0100, Kevin Wolf wrote:
> > > Am 13.02.2018 um 15:30 hat Roman Kagan geschrieben:
> > > > On Tue, Feb 13, 2
On Tue, Feb 13, 2018 at 03:45:21PM +0100, Kevin Wolf wrote:
> Am 13.02.2018 um 15:36 hat Daniel P. Berrangé geschrieben:
> > On Tue, Feb 13, 2018 at 05:30:02PM +0300, Roman Kagan wrote:
> > > On Tue, Feb 13, 2018 at 11:50:24AM +0100, Kevin Wolf wrote:
> > > > Am 11
On Tue, Feb 13, 2018 at 05:30:02PM +0300, Roman Kagan wrote:
> On Tue, Feb 13, 2018 at 11:50:24AM +0100, Kevin Wolf wrote:
> > Am 11.01.2018 um 14:04 hat Daniel P. Berrange geschrieben:
> > > Then you could just use the regular migrate QMP commands for loading
> > > and saving snapshots.
> >
> >
On Thu, Feb 22, 2018 at 01:02:05PM +0100, Peter Lieven wrote:
> Am 22.02.2018 um 13:00 schrieb Daniel P. Berrangé:
> > On Thu, Feb 22, 2018 at 12:51:58PM +0100, Peter Lieven wrote:
> >> Am 22.02.2018 um 12:40 schrieb Daniel P. Berrangé:
> >>> On Thu, Feb 22, 2018 a
On Thu, Feb 22, 2018 at 01:06:33PM +0100, Peter Lieven wrote:
> Am 22.02.2018 um 13:03 schrieb Daniel P. Berrangé:
> > On Thu, Feb 22, 2018 at 01:02:05PM +0100, Peter Lieven wrote:
> >> Am 22.02.2018 um 13:00 schrieb Daniel P. Berrangé:
> >>> On Thu, Feb 22, 2018 at
On Thu, Feb 22, 2018 at 12:32:04PM +0100, Kevin Wolf wrote:
> Am 22.02.2018 um 12:01 hat Peter Lieven geschrieben:
> > Am 22.02.2018 um 11:57 schrieb Kevin Wolf:
> > > Am 20.02.2018 um 22:54 hat Paolo Bonzini geschrieben:
> > >> On 20/02/2018 18:04, Peter Lieven wrote:
> > >>> Hi,
> > >>>
> > >>>
On Thu, Feb 22, 2018 at 12:51:58PM +0100, Peter Lieven wrote:
> Am 22.02.2018 um 12:40 schrieb Daniel P. Berrangé:
> > On Thu, Feb 22, 2018 at 12:32:04PM +0100, Kevin Wolf wrote:
> >> Am 22.02.2018 um 12:01 hat Peter Lieven geschrieben:
> >>> Am 22.02.2018 um 11:57
Ping, can this be queued in the block tree, since it appears the no-op impl
is ok ?
On Thu, Jan 18, 2018 at 10:31:43AM +, Daniel P. Berrange wrote:
> If the bdrv_reopen_prepare helper isn't provided, the qemu-img commit
> command fails to re-open the base layer after committing changes into
>
On Wed, Jun 20, 2018 at 08:58:40AM -0500, Eric Blake wrote:
> On 06/20/2018 07:14 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The serv
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP
parameters on services
- Fix 2.13 -> 3.0 version tags
- Remove redundant conditionals around g_strdup
- Fix arg syntax for qemu-nbd s/-/--/
- Remove QAPI (optional) annotation
- Fix some outdated usage example
Based-on: <20180620103555.1342-1-berra...@redhat.com>
Daniel P. Berrangé (6
On Wed, Jun 20, 2018 at 09:05:32AM -0500, Eric Blake wrote:
> On 06/20/2018 07:14 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
>
> I thought you preferred the UTF-8 accent in your Author lines these days?
> Or is this because this patch has been sitti
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
-authz' parameters to the VNC server, and
equivalent for other network services.
Signed-off-by: Daniel P. Berrangé
---
monitor.c | 23 +++
qemu-doc.texi | 8
2 files changed, 31 insertions(+)
diff --git a/monitor.c b/monitor.c
index 07d14f53f9..cbcfbf912b 100644
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute':
On Wed, Jun 20, 2018 at 03:22:53PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The
On Tue, Jun 19, 2018 at 01:31:40PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > The various ACL related commands are obsolete now that the QAuthZ
> > framework for authorization is fully integrated throughout QEMU network
>
On Wed, Jul 25, 2018 at 06:23:45PM +0300, Leonid Bloch wrote:
> On 07/25/2018 04:32 PM, Kevin Wolf wrote:
> > > Another interesting question is whether 'full' shouldn't keep
> > > meaning
> > > full throughout the lifetime of the BlockDriverState, i.e.
> > > should it
> > >
On Wed, Jul 25, 2018 at 10:56:48AM -0500, Eric Blake wrote:
> On 07/25/2018 10:10 AM, Markus Armbruster wrote:
> > qemu_rbd_parse_filename() builds a keypairs QList, converts it to JSON, and
> > stores the resulting QString in a QDict.
> >
> > qemu_rbd_co_create_opts() and qemu_rbd_open() get the
d392
Author: Kevin Wolf
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Signed-off-by: Daniel P. Berrangé
d392
Author: Kevin Wolf
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Signed-off-by: Daniel P. Berrangé
On Tue, Aug 14, 2018 at 01:38:24PM +0200, Kevin Wolf wrote:
> Am 14.08.2018 um 11:35 hat Daniel P. Berrangé geschrieben:
> > When the convert command is creating an output file that needs
> > secrets, we need to ensure those secrets are passed to both the
> > blk_new_open and
On Thu, Jul 19, 2018 at 09:50:00PM +0300, Nir Soffer wrote:
> On Mon, Jul 16, 2018 at 11:56 AM Daniel P. Berrangé
> wrote:
> ...
>
> > Recommendation is to run 'qemu-img info' to extract the metadata and sanity
> > check results eg no backing file list, not unre
On Thu, Jul 19, 2018 at 09:39:35PM +0100, Richard W.M. Jones wrote:
> I did the original work using AFL to fuzz qemu-img and find
> problematic images. From that work Dan & I suggested some fairly low
> limits (10 seconds IIRC). See:
>
> https://bugs.launchpad.net/qemu/+bug/1462944
>
ebug:
> output = sys.stdout
> verbosity = 2
> sys.argv.remove('-d')
> else:
> -output = StringIO.StringIO()
> +output = StringIO()
>
> logging.basicConfig(level=(logging.DEBUG if debug else logging.WARN))
Reviewed-by: Daniel
On Tue, Jul 17, 2018 at 08:37:58PM -0300, Philippe Mathieu-Daudé wrote:
> I noticed this while running "make docker-test-block@fedora":
>
> $ make docker-test-block@fedora NETWORK=1
> BUILD fedora
> RUN test-block in qemu:fedora
> Configure options:
> --enable-werror
On Thu, Jul 12, 2018 at 05:47:00PM +0200, Thomas Huth wrote:
> On 12.07.2018 08:32, Markus Armbruster wrote:
> > Daniel P. Berrangé writes:
> [...]
> >> For libvirt, I think whenever something is proposed for deprecation
> >> we could just CC libvir-list, or
On Wed, Jul 11, 2018 at 02:17:18PM +0300, Adam Litke wrote:
> Adding some kubevirt developers to the thread. Thanks guys for the
> information! I think this could work perfectly for on the fly conversion
> of qcow2 images to raw format on our PVCs.
FYI if you are intending to accept qcow2
On Mon, Jul 23, 2018 at 03:53:45PM +0200, Kevin Wolf wrote:
> Am 13.07.2018 um 20:12 hat John Snow geschrieben:
> >
> >
> > On 07/13/2018 03:10 AM, Kevin Wolf wrote:
> > > The test case uses block devices with driver=file, which causes the test
> > > to fail after commit 230ff73904 added a
On Tue, Jul 10, 2018 at 05:01:22PM +0200, Cornelia Huck wrote:
> Who is, in general, testing which libvirt version? I can think of:
> - libvirt developers, which will probably run libvirt current git, but
> more likely a released QEMU?
In general libvirt devs tend to run a mixture of whatever
On Tue, Jul 10, 2018 at 04:09:38PM +0100, Peter Maydell wrote:
> On 10 July 2018 at 15:22, Cornelia Huck wrote:
> > On Tue, 10 Jul 2018 07:59:15 +0200
> > Markus Armbruster wrote:
> >
> >> In addition to actively pulling libvirt developers into review of
> >> deprecation patches, we should
On Fri, Jul 06, 2018 at 04:56:46PM +0200, Kevin Wolf wrote:
> Am 06.07.2018 um 13:11 hat Cornelia Huck geschrieben:
> > On Wed, 4 Jul 2018 17:14:02 +0100
> > Peter Maydell wrote:
> >
> > > On 4 July 2018 at 14:34, Kevin Wolf wrote:
> > > > Essentially, what is important to me isn't getting
On Mon, Jul 09, 2018 at 01:08:38PM +0200, Cornelia Huck wrote:
> On Mon, 09 Jul 2018 08:33:05 +0200
> Markus Armbruster wrote:
>
> > Peter Maydell writes:
> >
> > > On 6 July 2018 at 15:56, Kevin Wolf wrote:
> > >> Am 06.07.2018 um 13:11 hat Cornelia Huck geschrieben:
> > >>> That way, we
0) {
> -return ret;
> +goto fail;
> }
>
> bs = bdrv_open(filename, NULL, NULL,
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https
On Wed, Jul 04, 2018 at 03:34:40PM +0200, Kevin Wolf wrote:
> Am 04.07.2018 um 15:02 hat Cornelia Huck geschrieben:
> > On Tue, 3 Jul 2018 13:32:29 +0200
> > Kevin Wolf wrote:
> >
> > > > > > Has serial/gemoetry been fixed meanwhile and will it make it into
> > > > > > the
> > > > > > next
On Wed, Mar 07, 2018 at 07:59:09PM +0100, Kevin Wolf wrote:
> This series implements a minimal QMP command that allows to create an
> image file on the protocol level or an image format on a given block
> node.
>
> Eventually, the interface is going to change to some kind of an async
> command
1 - 100 of 1680 matches
Mail list logo