Re: [libvirt] [PATCH v2/1] qemu: Move TCP and haveTLS checks into qemuDomainDelChardevTLSObjects

At 2017-12-20 19:49:41, "John Ferlan" wrote: >Similar to qemuDomainAddChardevTLSObjects let's move the chardev >source must be TCP and it has the @haveTLS flag set checks before >trying to delete the TLS objects. > >For the Chr device this represents no change; however, for

Re: [libvirt] [PATCH v5 3/3] libvirtd: fix crash on termination

[...] >> >> Now you've lost me. What are the back traces? and now does one >> reasonably reproduce? Are you trying to advocate here for [2] to be >> reviewed/accepted? > > Sorry for that. Unfortunately back trace was only emailed in the first version > of series [3]. The reproducer is there

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

On Mon, 2017-12-11 at 16:23 +0100, Cédric Bosdonnat wrote: ... > diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper > b/examples/apparmor/usr.lib.libvirt.virt-aa-helper > index bd6181d00..f3069d369 100644 > --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper > +++

Re: [libvirt] [PATCH 4/4] conf: Fix generating addresses for SCSI hostdev

On 12/20/2017 07:38 AM, Ján Tomko wrote: > On Wed, Dec 06, 2017 at 08:08:06AM -0500, John Ferlan wrote: >> https://bugzilla.redhat.com/show_bug.cgi?id=1519130 >> >> Commit id 'dc692438' reverted the automagic addition of a SCSI >> controller attempt during virDomainHostdevAssignAddress; however,

[libvirt] [PATCH 2/5] conf: expose APIs to let drivers load individual config / status files

Currently drivers can only do a bulk load of config / status files for their guests. This exposes some helper methods to allow individual guests to be loaded. Signed-off-by: Daniel P. Berrange --- src/conf/virdomainobjlist.c | 98

[libvirt] [PATCH 0/5] Proof of concept for libvirt_qemu shim process

This patch series provides a proof of concept impl of the libvirt_qemu shim process I previously suggested here: https://www.redhat.com/archives/libvir-list/2017-November/msg00526.html The end goal is that we'll be able to fully isolate managemen to each QEMU process. ie all the virDomain*

[libvirt] [PATCH 1/5] conf: allow different resource registration modes

Currently the QEMU driver has three ways of setting up cgroups. It either skips them entirely (if non-root), or uses systemd-machined, or uses cgroups directly. It is further possible to register directly with systemd and bypass machined. We don't support this by systemd-nsspawn does and we ought

[libvirt] [PATCH 4/5] qemu: implement the new virDomainQemuReconnect method

Signed-off-by: Daniel P. Berrange --- src/qemu/qemu_driver.c | 57 + src/qemu/qemu_process.c | 31 ++- src/qemu/qemu_process.h | 1 + 3 files changed, 79 insertions(+), 10 deletions(-) diff --git

[libvirt] [PATCH 5/5] qemu: implement the 'libvirt_qemu' shim for launching guests externally

This introduces a new binary 'libvirt_qemu' which can be used to launch guests externally from libvirtd. eg libvirt_qemu -c qemu:///system /path/to/xml/file This will launch a guest from the requested XML file and then connect to qemu:///system to register it with libvirtd. At this point all

[libvirt] [PATCH 3/5] qemu: add a public API to trigger QEMU driver to connect to running guest

Currently the QEMU driver will reconnect to running guests during libvirtd startup. To support the ability to launch a fully supported guest externally to the main libvirtd daemon, this adds a QEMU specific public API virDomainQemuReconnect(conn, name, flags); This accepts a domain name, and

Re: [libvirt] [PATCH 2/4] qemu: Use same model when adding hostdev SCSI controller

On 12/20/2017 07:46 AM, Ján Tomko wrote: > On Wed, Dec 06, 2017 at 08:08:04AM -0500, John Ferlan wrote: >> When qemuDomainFindOrCreateSCSIDiskController adds a controller, >> let's use the same model as a currently found controller under the >> assumption that the reason to add the controller in

Re: [libvirt] [PATCH 06/12] apparmor, libvirt-qemu: Allow access to hugepage mounts

On Wed, 2017-12-20 at 14:43 +0100, Christian Ehrhardt wrote: > On Tue, Dec 19, 2017 at 5:21 PM, Jamie Strandboge m> wrote: > > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: > > > From: Serge Hallyn > > > > > > Allows owner access to

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: add default pki path of libvirt-spice

On Wed, 2017-12-20 at 12:41 +0100, Christian Ehrhardt wrote: > Adding the PKI path that is used as default suggestion in > src/qemu/qemu.conf > If people use non-default paths they should use local overrides but > the > suggested defaults we should open up. > > This is the default path as

Re: [libvirt] [PATCH v2] apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices

On Wed, 2017-12-20 at 11:56 +0100, Christian Ehrhardt wrote: > From: Jamie Strandboge > > Required to generate correct profiles when using usb passthrough. > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691 > > Signed-off-by: Stefan Bader >

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: Allow qemu-block-extra libraries

On Wed, 2017-12-20 at 08:41 +0100, Christian Ehrhardt wrote: > From: Jamie Strandboge > > Allows (multi-arch enabled) access to libraries under the > /usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu > qemu-block-extra package and all such libs for the paths > of rpm

Re: [libvirt] [PATCH 06/12] apparmor, libvirt-qemu: Allow access to hugepage mounts

On Tue, Dec 19, 2017 at 5:21 PM, Jamie Strandboge wrote: > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >> From: Serge Hallyn >> >> Allows owner access to hugepage mounts (both, the old and >> new systemd variant). >> >> Bug-Ubuntu:

Re: [libvirt] [PATCH 2/2] qemuBuildMemPathStr: Forbid memoryBacking/access for non-numa case

On Mon, Dec 18, 2017 at 09:28:24AM +0100, Michal Privoznik wrote: On 12/15/2017 08:48 PM, John Ferlan wrote: On 12/12/2017 08:36 AM, Michal Privoznik wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1448149 If a domain has no numa nodes, that means we don't put any memory-backend-file

Re: [libvirt] [PATCH 3/4] conf: Use existing SCSI hostdev model to create new

On Wed, Dec 06, 2017 at 08:08:05AM -0500, John Ferlan wrote: In virDomainDefMaybeAddHostdevSCSIcontroller when we add a new controller because someone neglected to add one or we're adding one because the existing one is full, we should copy over the model number from the existing controller

Re: [libvirt] [PATCH 2/4] qemu: Use same model when adding hostdev SCSI controller

On Wed, Dec 06, 2017 at 08:08:04AM -0500, John Ferlan wrote: When qemuDomainFindOrCreateSCSIDiskController adds a controller, let's use the same model as a currently found controller under the assumption that the reason to add the controller in hotplug is because virDomainHostdevAssignAddress

Re: [libvirt] [PATCH 02/12] apparmor, libvirt-qemu: Silence lttng related deny messages

On Wed, Dec 20, 2017 at 10:30 AM, intrigeri wrote: > Hi, > > Christian Ehrhardt: >> --- a/examples/apparmor/libvirt-qemu >> +++ b/examples/apparmor/libvirt-qemu >> @@ -191,3 +191,7 @@ >>/sys/devices/system/node/ r, >>/sys/devices/system/node/node[0-9]*/meminfo

Re: [libvirt] [PATCH 4/4] conf: Fix generating addresses for SCSI hostdev

On Wed, Dec 06, 2017 at 08:08:06AM -0500, John Ferlan wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1519130 Commit id 'dc692438' reverted the automagic addition of a SCSI controller attempt during virDomainHostdevAssignAddress; however, the logic to determine where to place the next_unit

[libvirt] [PATCH] qemu_hotplug: use VIR_ERR_NO_DEVICE when target detaching device is not found

From: Chen Hanxiao We used VIR_ERR_OPERATION_FAILED when target detaching device is not found. That error code VIR_ERR_OPERATION_FAILED is widely used, so the tools powered by libvirt, such as nova, can't catch the exact errors from libvirt. This patch uses

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: add default pki path of libvirt-spice

Christian Ehrhardt: > Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf > If people use non-default paths they should use local overrides but the > suggested defaults we should open up. > This is the default path as referenced by src/qemu/qemu.conf in libvirt. > While

Re: [libvirt] [PATCH 08/12] apparmor, libvirt-qemu: add generic base vfio device

On Tue, Dec 19, 2017 at 5:26 PM, Jamie Strandboge wrote: > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >> vfio devices are generated on the fly, but the generic base is >> missing. >> >> The base vfio has not much functionality but to provide a custom >>

[libvirt] [PATCH v2/1] qemu: Move TCP and haveTLS checks into qemuDomainDelChardevTLSObjects

Similar to qemuDomainAddChardevTLSObjects let's move the chardev source must be TCP and it has the @haveTLS flag set checks before trying to delete the TLS objects. For the Chr device this represents no change; however, for RNG device this is an additionaly check that was missed in commit id

Re: [libvirt] [PATCH 07/12] apparmor, libvirt-qemu: add default pki path of lbvirt-spice

On Wed, Dec 20, 2017 at 10:45 AM, intrigeri wrote: > Jamie Strandboge: >>> + # for use by libvirt-spice (LP: #1690140) >>> + /etc/pki/libvirt-spice/ r, >>> + /etc/pki/libvirt-spice/** r, > >> +1 to apply > > +1 as well, although I'd prefer some minor refactoring to

[libvirt] [PATCH v2] apparmor, libvirt-qemu: add default pki path of libvirt-spice

Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf If people use non-default paths they should use local overrides but the suggested defaults we should open up. This is the default path as referenced by src/qemu/qemu.conf in libvirt. While doing so merge the several

Re: [libvirt] [PATCH 04/12] apparmor, libvirt-qemu: Allow read access to max_mem_regions

On Wed, Dec 20, 2017 at 10:35 AM, intrigeri wrote: > Christian Ehrhardt: >> Allows read access to /sys/module/vhost/parameters/max_mem_regions. > > Same as patch 03, already done back in August. Yes, thank for doing so (also same reason)! TL;DR ignore this commit in the

Re: [libvirt] [PATCH 03/12] apparmor, libvirt-qemu: Allow read access to sysfs system info

On Wed, Dec 20, 2017 at 10:35 AM, intrigeri wrote: > Hi, > > Christian Ehrhardt: >> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >> index 651d841..b9e45bd 100644 >> --- a/examples/apparmor/libvirt-qemu >> +++

Re: [libvirt] [PATCH 11/12] apparmor, virt-aa-helper: Allow access to ecryptfs files

On Wed, Dec 20, 2017 at 10:50 AM, intrigeri wrote: > Jamie Strandboge: >> On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >>> + # Alow access to ecryptfs files (LP: #591769) >>> + @{HOME}/.Private/** mrwlk, >>> + @{HOMEDIRS}/.ecryptfs/*/.Private/**

[libvirt] [PATCH v2] apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices

From: Jamie Strandboge Required to generate correct profiles when using usb passthrough. Bug-Ubuntu: https://bugs.launchpad.net/bugs/565691 Signed-off-by: Stefan Bader Signed-off-by: Christian Ehrhardt Acked-by:

Re: [libvirt] RFC: Introduce a dlm-corosync for Lock manager plugin

On Wed, Dec 20, 2017 at 03:11:48PM +0800, Fu.Lin wrote: > Hi, > > Currently the lock manager infrastructure has implementation of nop, sanlock > and lockd. The first do nothing, while sanlock and lockd all requires the > share > stroage, and lockd is not provided fence mechanism, sanlock would

Re: [libvirt] [PATCH 12/12] apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices

Hi, Jamie Strandboge: > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >> examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper >>

Re: [libvirt] [PATCH 11/12] apparmor, virt-aa-helper: Allow access to ecryptfs files

Jamie Strandboge: > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >> + # Alow access to ecryptfs files (LP: #591769) >> + @{HOME}/.Private/** mrwlk, >> + @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk, > Hrmm, these rules were never meant to last as long as they have. That > said,

Re: [libvirt] [PATCH] treat host models as case-insensitive strings

On Tue, Dec 19, 2017 at 02:24:47PM -0600, Scott Garfinkle wrote: > On Tue, 2017-12-19 at 20:05 +0100, Jiri Denemark wrote: > > On Tue, Dec 19, 2017 at 12:39:26 -0600, Scott Garfinkle wrote: > > > Qemu now allows case-insensitive specification of CPU models. This fixes > > > the > > > resulting

Re: [libvirt] [PATCH v3 2/6] libxl: do not enable nested HVM by mere presence of element

On Tue, Dec 19, 2017 at 08:44:48PM +0100, Marek Marczykowski-Górecki wrote: > On Tue, Dec 19, 2017 at 01:45:57PM +, Daniel P. Berrange wrote: > > On Tue, Dec 19, 2017 at 01:43:24PM +, Joao Martins wrote: > > > On 12/19/2017 01:13 PM, Daniel P. Berrange wrote: > > > > On Tue, Dec 19, 2017

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: Allow qemu-block-extra libraries

Christian Ehrhardt: > From: Jamie Strandboge > Allows (multi-arch enabled) access to libraries under the > /usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu > qemu-block-extra package and all such libs for the paths > of rpm qemu-block-* packages. > Bug-Ubuntu:

Re: [libvirt] [PATCH 07/12] apparmor, libvirt-qemu: add default pki path of lbvirt-spice

Jamie Strandboge: >> + # for use by libvirt-spice (LP: #1690140) >> + /etc/pki/libvirt-spice/ r, >> + /etc/pki/libvirt-spice/** r, > +1 to apply +1 as well, although I'd prefer some minor refactoring to merge this with the 2 already existing libvirt-vnc PKI sections (that were added in two

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

On Wed, 2017-12-20 at 10:17 +0100, intrigeri wrote: > Hi, > > Cedric Bosdonnat: > > Has that one landed in abyssal depths of the mailing list? > > Well, no, it's waiting for your comments about my feedback: > https://www.redhat.com/archives/libvir-list/2017-December/msg00389.html > > Thanks for

Re: [libvirt] [PATCH 03/12] apparmor, libvirt-qemu: Allow read access to sysfs system info

Hi, Christian Ehrhardt: > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index 651d841..b9e45bd 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -34,6 +34,10 @@ >owner @{PROC}/@{pid}/task/@{tid}/comm rw, >

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

On Tue, 2017-12-12 at 15:01 +0100, intrigeri wrote: > Hi, > > Cédric Bosdonnat: > > This commit helps users allowing access to their images by adding their > > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper. > > […] > > profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper

Re: [libvirt] [PATCH 04/12] apparmor, libvirt-qemu: Allow read access to max_mem_regions

Christian Ehrhardt: > Allows read access to /sys/module/vhost/parameters/max_mem_regions. Same as patch 03, already done back in August. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 02/12] apparmor, libvirt-qemu: Silence lttng related deny messages

Hi, Christian Ehrhardt: > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -191,3 +191,7 @@ >/sys/devices/system/node/ r, >/sys/devices/system/node/node[0-9]*/meminfo r, >/sys/module/vhost/parameters/max_mem_regions r, > + > + # silence refusals to

Re: [libvirt] [PATCH 01/12] apparmor, libvirt-qemu: Allow use of sgabios

Jamie Strandboge: >> --- a/examples/apparmor/libvirt-qemu >> +++ b/examples/apparmor/libvirt-qemu >> @@ -81,6 +81,7 @@ >>/usr/share/proll/** r, >>/usr/share/vgabios/** r, >>/usr/share/seabios/** r, >> + /usr/share/misc/sgabios.bin r, >>/usr/share/ovmf/** r, >>

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

Hi, Cedric Bosdonnat: > Has that one landed in abyssal depths of the mailing list? Well, no, it's waiting for your comments about my feedback: https://www.redhat.com/archives/libvir-list/2017-December/msg00389.html Thanks for pinging! (Sorry I did not put you in explicit copy, I assumed you

Re: [libvirt] [PATCH] qemu: hotplug: unify "not found" logs when detaching device

At 2017-12-18 21:57:11, "John Ferlan" wrote: > > >On 12/15/2017 09:50 PM, Chen Hanxiao wrote: >> >> >> At 2017-12-16 09:26:32, "John Ferlan" wrote: >>> >>> >>> On 12/14/2017 06:16 AM, Chen Hanxiao wrote: From: Chen Hanxiao