v4 of:
https://www.redhat.com/archives/libvir-list/2018-October/msg00861.html
diff to v3:
- Introduced a config knob to enable/disable metadata locking (except
not really). We want to have a knob that enables/disables remembering
of original owner. This knob in turn enables metadata locking. The
reason is that metadata locking on its own doesn't make any sense.
Anyway, the qemu.conf change is not done (it'll be done in upcoming
patch set that implements original owner remembering), so if you want
to see these patches in action you'll need to apply the following
patch:
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 32da9a7351..0080b0d021 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -347,6 +347,8 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool
privileged)
if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
goto error;
+ cfg->rememberOwner = true;
+
if (privileged &&
qemuDomainNamespaceAvailable(QEMU_DOMAIN_NS_MOUNT) &&
virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
- I've fixed small issues raised in review of v3.
Note that patches 01 and 02 are ACKed already but I'm sending them for
completeness (probably doesn't make much sense to merge them while this
is still under review, does it?).
Michal Prívozník (15):
virprocess: Introduce virProcessRunInFork
virprocess: Make virProcessRunInMountNamespace use virProcessRunInFork
qemu_tpm: Pass virDomainObjPtr instead of virDomainDefPtr
qemu_domain: Track if domain remembers original owner
virSecurityManagerTransactionCommit: Do metadata locking iff enabled
in config
security_manager: Rework metadata locking
Revert "security_manager: Load lock plugin on init"
Revert "qemu_conf: Introduce metadata_lock_manager"
Revert "lock_manager: Allow disabling configFile for
virLockManagerPluginNew"
Revert "lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK"
Revert "lock_driver: Introduce
VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA"
Revert "_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom
union"
Revert "lock_driver: Introduce new
VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON"
Revert "lock_driver_lockd: Introduce
VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag"
Revert "virlockspace: Allow caller to specify start and length offset
in virLockSpaceAcquireResource"
cfg.mk | 4 +-
src/libvirt_private.syms | 1 +
src/locking/lock_daemon_dispatch.c | 11 +-
src/locking/lock_driver.h | 12 -
src/locking/lock_driver_lockd.c | 421 ++++++++++-------------------
src/locking/lock_driver_lockd.h | 1 -
src/locking/lock_driver_sanlock.c | 44 +--
src/locking/lock_manager.c | 10 +-
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 2 +-
src/qemu/qemu_conf.c | 1 -
src/qemu/qemu_conf.h | 2 +-
src/qemu/qemu_domain.c | 7 +
src/qemu/qemu_domain.h | 3 +
src/qemu/qemu_driver.c | 3 -
src/qemu/qemu_extdevice.c | 16 +-
src/qemu/qemu_extdevice.h | 4 +-
src/qemu/qemu_process.c | 9 +-
src/qemu/qemu_security.c | 87 ++++--
src/qemu/qemu_security.h | 4 +-
src/qemu/qemu_tpm.c | 24 +-
src/qemu/qemu_tpm.h | 4 +-
src/security/security_dac.c | 54 ++--
src/security/security_driver.h | 3 +-
src/security/security_manager.c | 259 +++++++++---------
src/security/security_manager.h | 22 +-
src/security/security_selinux.c | 53 ++--
src/security/security_stack.c | 5 +-
src/util/virlockspace.c | 15 +-
src/util/virlockspace.h | 4 -
src/util/virprocess.c | 82 ++++--
src/util/virprocess.h | 16 ++
tests/seclabeltest.c | 2 +-
tests/securityselinuxlabeltest.c | 2 +-
tests/securityselinuxtest.c | 2 +-
tests/testutilsqemu.c | 2 +-
tests/virlockspacetest.c | 29 +-
37 files changed, 573 insertions(+), 650 deletions(-)
--
2.18.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
