On 5/2/24 5:24 AM, Ján Tomko wrote:
On a Monday in 2024, Jim Fehlig via Devel wrote:
Similar to commit 57d084febe, another case of the libxl driver not
adapting to modular daemons. When converting configuration that
contains a type='network' interface, the converter calls
virNetworkLookupByName,
On Thu, May 02, 2024 at 12:16:32PM GMT, Andrea Bolognani wrote:
> On Thu, Apr 18, 2024 at 01:17:34PM GMT, Stefan Berger wrote:
> > On 4/17/24 09:29, Andrea Bolognani wrote:
> > > +static bool
> > > +virFileIsSharedFSOverride(const char *path,
> > > + char *const *overrides)
virFileIsSharedFS() is the function that ultimately decides
whether a filesystem should be considered shared, but the list
of manually configured shared filesystems is part of the QEMU
driver's configuration, so we need to pass the information
through several layers in order to make use of it.
Not
Up until this point, we have avoided setting labels for
incoming migration when the TPM state is stored on a shared
filesystem. This seems to make sense, because since the
underlying storage is shared surely the labels will be as
well.
There's one problem, though: when a guest is migrated, the
SEL
If the local admin has explicitly declared that a certain
filesystem is to be considered shared, we should treat it as
such.
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
---
src/util/virfile.c | 42 +-
1 file changed, 41 insertions(+), 1 del
As explained in the comment, this can help in scenarios where
a shared filesystem can't be detected as such by libvirt, by
giving the admin the opportunity to provide this information
manually.
Signed-off-by: Andrea Bolognani
---
src/qemu/libvirtd_qemu.aug | 3 +++
src/qemu/qemu.conf.in
Signed-off-by: Andrea Bolognani
Reviewed-by: Stefan Berger
---
src/security/security_selinux.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index aaec34ff8b..a4915dbc89 100644
--- a/src/security/securi
The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
Changes from [v2]:
On Thu, May 02, 2024 at 01:05:37PM -0400, Laine Stump wrote:
> On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
> > On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
> > > It still can have only one useful value ("iptables"), but once a 2nd
> > > value is supported, it will be selectable by
On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
It still can have only one useful value ("iptables"), but once a 2nd
value is supported, it will be selectable by setting
"firewall_backend=nftables" in /etc/libvirt/network.conf.
If firewa
On Thu, May 02, 2024 at 03:30:58PM +0200, Jinpu Wang wrote:
> Hi Michael, Hi Peter,
>
>
> On Thu, May 2, 2024 at 3:23 PM Michael Galaxy wrote:
> >
> > Yu Zhang / Jinpu,
> >
> > Any possibility (at your lesiure, and within the disclosure rules of
> > your company, IONOS) if you could share any of
On Thu, Apr 18, 2024 at 01:17:34PM GMT, Stefan Berger wrote:
> On 4/17/24 09:29, Andrea Bolognani wrote:
> > +static bool
> > +virFileIsSharedFSOverride(const char *path,
> > + char *const *overrides)
> > +{
> > +g_autofree char *dirpath = NULL;
> > +char *p = NULL;
On Wed, Apr 17, 2024 at 03:16:18PM GMT, Stefan Berger wrote:
> On 4/17/24 09:29, Andrea Bolognani wrote:
> > +#shared_filesystems = [
> > +# "/path/to/images",
> > +# "/path/to/nvram",
> > +# "/path/to/swtpm"
> > +#]
>
> May be worth considering: Would it ever be useful or necessary for libvirt
On Thu, May 02, 2024 at 01:35:06PM +, Dr. David Alan Gilbert wrote:
> * Markus Armbruster (arm...@redhat.com) wrote:
> > Fabiano Rosas writes:
> >
> > > The block migration is considered obsolete and has been deprecated in
> > > 8.2. Remove the migrate command option that enables it. This onl
On a Friday in 2024, Rayhan Faizel wrote:
virtio-sound-pci and virtio-sound-device were recently introduced
in QEMU 8.2.0.
The full documentation of the virtio sound implementation in QEMU
can be found here:
https://www.qemu.org/docs/master/system/devices/virtio-snd.html
Example:
[Changes in
Yu Zhang / Jinpu,
Any possibility (at your lesiure, and within the disclosure rules of
your company, IONOS) if you could share any of your performance
information to educate the group?
NICs have indeed changed, but not everybody has 100ge mellanox cards at
their disposal. Some people don't.
On a Thursday in 2024, Daniel P. Berrangé wrote:
Users are seeing periodic segfaults from libvirt client apps,
especially thread heavy ones like virt-manager. A typical
stack trace would end up in the virNetClientIOEventFD method,
with illegal access to stale stack data. eg
==238721==ERROR: Addr
Users are seeing periodic segfaults from libvirt client apps,
especially thread heavy ones like virt-manager. A typical
stack trace would end up in the virNetClientIOEventFD method,
with illegal access to stale stack data. eg
==238721==ERROR: AddressSanitizer: stack-use-after-return on address
0x
On Tue, Apr 30, 2024 at 01:44:04PM -0400, Laine Stump wrote:
> If the VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK flag is set, each time
> an iptables command is executed that is adding a rule or chain, a
> corresponding command that will *delete* the same rule/chain is
> constructed and added to the li
On Tue, Apr 30, 2024 at 01:44:03PM -0400, Laine Stump wrote:
> In the past virFirewall required all rollback commands for a group
> (those commands necessary to "undo" any rules that had been added in
> that group in case of a later failure) to be manually added by
> switching into the virFirewall
On Tue, Apr 30, 2024 at 01:44:19PM -0400, Laine Stump wrote:
> The iptables backend (which was used as the model for the nftables
> backend) used the same "filter" and "nat" tables used by other
> services on the system (e.g. firewalld or any other host firewall
> management application), so it was
On Tue, Apr 30, 2024 at 01:44:18PM -0400, Laine Stump wrote:
> Because the chains added by the network driver nftables backend will
> go into a table used only by libvirt, we don't need to have "libvirt"
> in the chain names. Instead, we can make them more descriptive and
> less abrasive (by using
On Tue, Apr 30, 2024 at 01:44:17PM -0400, Laine Stump wrote:
> This way when we implement nftables for the nwfilter driver, we can
> create a separate table called "libvirt_nwfilter" and everything will
> look all symmetrical and stuff.
>
> Signed-off-by: Laine Stump
> ---
> src/network/network_
On Tue, Apr 30, 2024 at 01:44:16PM -0400, Laine Stump wrote:
> This makes it possible to uninstall iptables, as long as nftables is
> installed.
>
> Signed-off-by: Laine Stump
> ---
> libvirt.spec.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé
> dif
On Tue, Apr 30, 2024 at 01:44:14PM -0400, Laine Stump wrote:
> Run all the networkxml2firewall tests twice - once with iptables
> backend, and once with the nftables backend.
>
> The results files for the existing iptables tests were previously
> named *.args. That has been changed to *.iptables,
On Tue, Apr 30, 2024 at 01:44:11PM -0400, Laine Stump wrote:
> In the case that a new version of libvirt is started that uses
> different rules to build the network firewall, we need to re-save the
> status so that when the network is destroyed (or the *next* time
> libvirt is restarted and wants t
On Tue, Apr 30, 2024 at 01:44:10PM -0400, Laine Stump wrote:
> When destroying a network, the network driver has always assumed that
> it knew what firewall rules had been added as the network was
> started. This was usually correct - I only recall one time in the past
> that the firewall rules add
On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
> It still can have only one useful value ("iptables"), but once a 2nd
> value is supported, it will be selectable by setting
> "firewall_backend=nftables" in /etc/libvirt/network.conf.
>
> If firewall_backend isn't set in network.conf,
On Tue, Apr 30, 2024 at 01:43:59PM -0400, Laine Stump wrote:
> (This paragraph is for historical reference only, described only to
> avoid confusion of past use of the name with its new use) In a past
> life, virFirewallBackend had been a private static in virfirewall.c
> that was set at daemon ini
On Tue, Apr 16, 2024 at 08:59:36PM +0200, Philippe Mathieu-Daudé wrote:
> The pc-i440fx-2.3 machine was deprecated for the 8.2
> release (see commit c7437f0ddb "docs/about: Mark the
> old pc-i440fx-2.0 - 2.3 machine types as deprecated"),
> time to remove it.
>
> Signed-off-by: Philippe Mathieu-Da
On Tue, Apr 16, 2024 at 08:59:17PM +0200, Philippe Mathieu-Daudé wrote:
> Similarly to the commit c7437f0ddb "docs/about: Mark the
> old pc-i440fx-2.0 - 2.3 machine types as deprecated",
> deprecate the 2.4 to 2.12 machines.
>
> Suggested-by: Thomas Huth
> Signed-off-by: Philippe Mathieu-Daudé
>
Fabiano Rosas writes:
> The block migration is considered obsolete and has been deprecated in
> 8.2. Remove the migrate command option that enables it. This only
> affects the QMP and HMP commands, the feature can still be accessed by
> setting the migration 'block' capability. The whole feature
In the commit summary:
s/Git/Get/
On a Monday in 2024, Michal Privoznik wrote:
When meson runs a dist script it set both MESON_BUILD_ROOT and
*sets
MESON_DIST_ROOT envvars [1]. But for some reason, we took the
former as an argument and obtained the latter via env.
Well, obtain both via env.
On a Monday in 2024, Jiri Denemark wrote:
See 3/4 for details.
Jiri Denemark (3):
conf: Change return value of some CPU feature APIs
cpu: Add removedPolicy parameter to virCPUUpdate
qemu: Enable removing features from CPU models
Tim Wiederhake (1):
cpu_map: Drop 'mpx' from x86 cpu models
s
ping v3
--
Rayhan Faizel
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le...@lists.libvirt.org
On a Monday in 2024, Jim Fehlig via Devel wrote:
Similar to commit 57d084febe, another case of the libxl driver not
adapting to modular daemons. When converting configuration that
contains a type='network' interface, the converter calls
virNetworkLookupByName, passing the hypervisor connection ob
On a Tuesday in 2024, Kristina Hanicova wrote:
This is v2 of:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/VXSUCODTU5GNLAD4L55DF3AZN7THQ7WR/
changes since v1:
* edited documentation
* added validation for when the feature is ON as well as OFF
(the first version checked
Somehow I forgot to make rc2 on Tuesday, but the only commits after rc1
at that time were translations so I guess it's not a big deal.
The 10.3.0 release of both libvirt and libvirt-python is tagged and
signed tarballs are available at
https://download.libvirt.org/
https://download.libvir
On Thu, May 02, 2024 at 09:41:09 +0200, Michal Prívozník wrote:
> On 5/2/24 09:33, Peter Krempa wrote:
> > On Thu, May 02, 2024 at 08:52:17 +0200, Michal Privoznik wrote:
> >> Signed-off-by: Michal Privoznik
> >> ---
> >>
> >> Rebased version of the patch sent earlier, because the file was changed
On 4/26/24 16:50, Daniel P. Berrangé wrote:
> On Fri, Apr 26, 2024 at 11:44:38AM -0300, Fabiano Rosas wrote:
>> Daniel P. Berrangé writes:
>>
>>> On Fri, Apr 26, 2024 at 10:03:29AM -0300, Fabiano Rosas wrote:
Daniel P. Berrangé writes:
> On Wed, Apr 17, 2024 at 05:12:27PM -0600, Jim
On Thu, May 02, 2024 at 08:52:17 +0200, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik
> ---
>
> Rebased version of the patch sent earlier, because the file was changed
> meanwhile.
>
> NEWS.rst | 22 ++
> 1 file changed, 22 insertions(+)
>
> diff --git a/NEWS.rs
On 5/2/24 09:33, Peter Krempa wrote:
> On Thu, May 02, 2024 at 08:52:17 +0200, Michal Privoznik wrote:
>> Signed-off-by: Michal Privoznik
>> ---
>>
>> Rebased version of the patch sent earlier, because the file was changed
>> meanwhile.
>
> Sorry for that. I've changed what Jirka requested and fo
On Thu, May 02, 2024 at 08:52:17 +0200, Michal Privoznik wrote:
> Signed-off-by: Michal Privoznik
> ---
>
> Rebased version of the patch sent earlier, because the file was changed
> meanwhile.
Sorry for that. I've changed what Jirka requested and forgot to push my
patches on Tuesday :/
>
> NE
43 matches
Mail list logo
