Re: [libvirt] [PATCH v3.1 3/6] libxl: add support for CPUID features policy

On 01/04/2018 12:43 AM, Marek Marczykowski-Górecki wrote: > On Wed, Jan 03, 2018 at 05:00:10PM -0700, Jim Fehlig wrote: >> On 12/19/2017 06:19 AM, Joao Martins wrote: >>> On 12/13/2017 07:09 PM, Marek Marczykowski-Górecki wrote: +/* + * Translate CPU feature name from libvirt to libxl

Re: [libvirt] [PATCH v3.1 3/6] libxl: add support for CPUID features policy

On 01/04/2018 12:00 AM, Jim Fehlig wrote: > On 12/19/2017 06:19 AM, Joao Martins wrote: >> On 12/13/2017 07:09 PM, Marek Marczykowski-Górecki wrote: >>> Convert CPU features policy into libxl cpuid policy settings. Use new >>> ("libxl") syntax, which allow to enable/disable specific bits, using

Re: [libvirt] [PATCH v3 4/6] tests: check CPU features handling in libxl driver

On 12/09/2017 07:10 PM, Marek Marczykowski-Górecki wrote: Test enabling/disabling individual CPU features and also setting nested HVM support, which is also controlled by CPU features node. Signed-off-by: Marek Marczykowski-Górecki --- Changes since v1: -

Re: [libvirt] [PATCH v3 1/6] libxl: error out on not supported CPU mode, instead of silently ignoring

On 12/09/2017 07:10 PM, Marek Marczykowski-Górecki wrote: This change make libvirt XML with plain element invalid for libxl, which affect not only upcoming CPUID support, but also NUMA. In fact, default mode 'custom' does not match what the driver actually does, so it was a bug. Adjust

Re: [libvirt] [PATCH v3.1 3/6] libxl: add support for CPUID features policy

On Wed, Jan 03, 2018 at 05:00:10PM -0700, Jim Fehlig wrote: > On 12/19/2017 06:19 AM, Joao Martins wrote: > > On 12/13/2017 07:09 PM, Marek Marczykowski-Górecki wrote: > > > +/* > > > + * Translate CPU feature name from libvirt to libxl (from_libxl=false) > > > or from > > > + * libxl to libvirt

Re: [libvirt] [PATCH 8/9] qemu: Add support for resctrl

Need to beef up this commit message. On 12/13/2017 10:39 AM, Martin Kletzander wrote: > Signed-off-by: Martin Kletzander > --- > src/qemu/qemu_process.c | 61 > + > 1 file changed, 56 insertions(+), 5 deletions(-) > Is

Re: [libvirt] [PATCH 9/9] docs: Add CAT (resctrl) support into news.xml

On 12/13/2017 10:39 AM, Martin Kletzander wrote: > Signed-off-by: Martin Kletzander > --- > docs/news.xml | 9 + > 1 file changed, 9 insertions(+) > Just for completeness... Obviously this will need final tweaks... So far so good though... John > diff --git

Re: [libvirt] [PATCH 7/9] tests: Add virresctrltest

On 12/13/2017 10:39 AM, Martin Kletzander wrote: > This test initializes capabilities from vircaps2xmldata (since it exists there > already) and then requests list of free bitmaps (all unallocated space) from > virresctrl.c > > Desirable outputs are saved in virresctrldata. > > Signed-off-by:

Re: [libvirt] [PATCH v3.1 3/6] libxl: add support for CPUID features policy

On 12/19/2017 06:19 AM, Joao Martins wrote: On 12/13/2017 07:09 PM, Marek Marczykowski-Górecki wrote: Convert CPU features policy into libxl cpuid policy settings. Use new ("libxl") syntax, which allow to enable/disable specific bits, using host CPU as a base. For this reason, only

Re: [libvirt] [PATCH 6/9] conf: Add support for cputune/cachetune

On 12/13/2017 10:39 AM, Martin Kletzander wrote: > More info in the documentation, this is basically the XML parsing/formatting > support, schemas, tests and documentation for the new cputune/cachetune > element > that will get used by following patches. > > Signed-off-by: Martin Kletzander

Re: [libvirt] [PATCH] maint: Update to latest gnulib

On 01/03/2018 08:46 AM, Peter Krempa wrote: >> >> No bright ideas on this other than perhaps only including changes just >> prior to the particular one that breaks things or somehow revert just >> that one in our local copy. > > How about just killing that stupid syntax check in our local copy?

Re: [libvirt] [PATCH v2] maint: Update to latest gnulib

On 01/02/2018 11:20 PM, Michal Privoznik wrote: > On 01/02/2018 11:23 PM, Eric Blake wrote: >> From: Michal Privoznik >> >> Unfortunately, since gnulib's commit of 2c5d558745 there's an >> unused parameter to stat_time_normalize() function which gnulib >> developers don't

Re: [libvirt] [PATCH 5/9] resctrl: Add functions to work with resctrl allocations

On 12/13/2017 10:39 AM, Martin Kletzander wrote: > With this commit we finally have a way to read and manipulate basic resctrl > settings. Locking is done only on exposed functions that read/write from/to > resctrlfs. Not in functions that are exposed in virresctrlpriv.h as those are > only

Re: [libvirt] [PATCH] nodedev: Fix failing to parse PCI address for non-PCI network devices

On 01/03/2018 01:40 AM, Erik Skultety wrote: On Fri, Dec 22, 2017 at 01:05:26PM +0800, Fei Li wrote: Commit 8708ca01c added virNetDevSwitchdevFeature to check whether the NIC had Switchdev capabilities; however this causes errors for network devices whose address is not in PCI format, like qeth

[libvirt] [PATCH 4/4] apparmor, virt-aa-helper: drop static channel rule

This is now covered by DomainSetPathLabel being implemented in apparmor. Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index

[libvirt] [PATCH 1/4] security, apparmor: implement domainSetPathLabel

This came up in discussions around huge pages, but it will cover more per guest paths that should be added to the guests apparmor profile: - keys via qemuDomainWriteMasterKeyFile - per domain dirs via qemuProcessMakeDir - memory backing paths via qemuProcessBuildDestroyMemoryPathsImpl

[libvirt] [PATCH 2/4] security: full path option for DomainSetPathLabel

virSecurityManagerDomainSetPathLabel is used to make a path known to the security modules, but today is used interchangably for - paths to files/dirs to be accessed directly - paths to a dir, but the access will actually be to files therein Depending on the security module it is important to

[libvirt] [PATCH 3/4] security, apparmor: add (Set|Restore)ChardevLabel

Since 1b4f66e "security: introduce virSecurityManager (Set|Restore)ChardevLabel" this is a public API of security manager. Implementing this in apparmor avoids miss any rules that should be added for devices labeled via these calls. Signed-off-by: Christian Ehrhardt

[libvirt] [PATCH 0/4] apparmor: implement more domain callbacks

Based on a discussion in [1] I found that the AppArmor security module lacked some callbacks. Implementing those not only fixes the issue I had before but will also cover a few more cases I didn't even run into so far. [1]: https://www.redhat.com/archives/libvir-list/2017-December/msg00726.html

Re: [libvirt] [PATCH 06/12] apparmor, libvirt-qemu: Allow access to hugepage mounts

[...] >> To me, 1 feels most correct cause while the other two fix hugepages, >> there seem to be lurking bugs since we aren't implementing >> domainSetPathLabel. >> > > I work on #1 a while and I think we can do a lot good here. > Yet while I'm convinced at the changes this is currently a

钅艮 彳亍 卡 出 售 他人账户洗￥钱专用，送礼专用 加球球 4 4 5 4 9 6 1 0 8 备用，以防不时之需

钅艮 彳亍 卡 出 售 他人账户洗￥钱专用，送礼专用 加球球 4 4 5 4 9 6 1 0 8备用，以防不时之需           应晖当然知道她要和他商量什么，接口说：“正好，我也有事情请你帮忙。” 当她睁开一双倦眼，橡眺地，见到一个人。 "道具吧，我没见过么？张牙舞爪的，小角色！" 我问： 见她迷惑，便问：

Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile

On Wed, 2018-01-03 at 10:55 +0100, Cédric Bosdonnat wrote: > Fix rule introduced by commit 0f33025a: > * to handle /var/run not being a symlink to /run > * to be properly parsed: missing comma at the end. > --- > examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- > 1 file changed, 1

Re: [libvirt] [PATCH] storage: Fixing missing 'backingStore' tag from volume XML dumps.

On Tue, Jan 02, 2018 at 16:53:13 -0200, Julio Faracco wrote: > Hi guys, > > Any possibility to include a test case for this scenario? You can look into adding it to virstoragetest if you want to pursue adding the test. I'll push this patch in the meanwhile. signature.asc Description: PGP

Re: [libvirt] [PATCH] maint: Update to latest gnulib

On 01/03/2018 03:46 PM, Peter Krempa wrote: > On Tue, Jan 02, 2018 at 08:09:37 -0500, John Ferlan wrote: >> >> >> On 01/02/2018 04:28 AM, Michal Privoznik wrote: >>> Unfortunately, since gnulib's commit of 2c5d558745 there's an >>> unused parameter to stat_time_normalize() function which gnulib

Re: [libvirt] [PATCH v2] qemuBuildMemPathStr: Forbid memoryBacking/access for non-numa case

On Wed, Jan 03, 2018 at 07:06:01AM +0100, Michal Privoznik wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1448149 If a domain has no numa nodes, that means we don't put any memory-backend-file onto the qemu command line. That in turn means we can't set access='shared'. Therefore, we should

Re: [libvirt] [PATCH v2 0/3] Storage pool common object fixes

ping? Tks - John On 12/18/2017 07:56 AM, John Ferlan wrote: > v1: https://www.redhat.com/archives/libvir-list/2017-December/msg00543.html > > Changes since v1... > > * Added a patch to handle a NULL return with pool obj lock > > * Alter the IsDuplicate API to use a bool parameter > > *

Re: [libvirt] [PATCH v4 00/13] Move qemu command line controller checks to qemuDomainDeviceDefValidateController* checks

ping? Tks - John On 12/12/2017 10:06 AM, John Ferlan wrote: > v3: https://www.redhat.com/archives/libvir-list/2017-December/msg00209.html > > Differences since v3: > > * Pushed first 4 ACK'd patches of v3 > > * Rework/Separate out a few patches for the SCSI handling > > * Alter the PCI

Re: [libvirt] [PATCH] maint: Update to latest gnulib

On Tue, Jan 02, 2018 at 08:09:37 -0500, John Ferlan wrote: > > > On 01/02/2018 04:28 AM, Michal Privoznik wrote: > > Unfortunately, since gnulib's commit of 2c5d558745 there's an > > unused parameter to stat_time_normalize() function which gnulib > > developers don't want to fix [1]. Therefore,

Re: [libvirt] [PATCH 0/2] qemu: Don't log partial buffer reads from qemu monitor

On Thu, Dec 21, 2017 at 12:16:50PM +0100, Peter Krempa wrote: I was debugging a case where 200 snapshots of a disk would result in a VERY long reconnect time after libvirtd restart when debug logging was enabled. I've figured out that qemu responds with 9MiB of json after calling

Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile

On Wed, 2018-01-03 at 11:54 +0100, intrigeri wrote: > Cédric Bosdonnat: > > * to handle /var/run not being a symlink to /run > > Does this still really exist in any distro that has chances to run > a recent libvirt? At least some people tweak their distro for that, since the openSUSE AppArmor

Re: [libvirt] [PATCH] util: fix another wrong description

On Wed, Jan 03, 2018 at 05:56:35PM +0800, Chen Hanxiao wrote: > From: Chen Hanxiao > > commit 9026d1152c236ac7a7ab25845220a8e14d6bc630 > forgot to change the referenced @result variable. > This patch completed this. > > Signed-off-by: Chen Hanxiao

Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile

Cédric Bosdonnat: > * to handle /var/run not being a symlink to /run Does this still really exist in any distro that has chances to run a recent libvirt? If yes, then: > - /run/libvirt/**/[sv]d[a-z] r > + /{,var/}run/libvirt/**/[sv]d[a-z] r, +1 And in any case, +1 the missing comma. --

[libvirt] [PATCH] util: fix another wrong description

From: Chen Hanxiao commit 9026d1152c236ac7a7ab25845220a8e14d6bc630 forgot to change the referenced @result variable. This patch completed this. Signed-off-by: Chen Hanxiao --- src/util/virstring.c | 2 +- 1 file changed, 1 insertion(+), 1

Re: [libvirt] [PATCH] util: fix a wrong description

At 2018-01-03 17:46:02, "Ján Tomko" wrote: >On Sat, Dec 23, 2017 at 05:49:08PM +0800, Chen Hanxiao wrote: >>From: Chen Hanxiao >> >>We don't have @result. Use the right one: @matches >> >>Signed-off-by: Chen Hanxiao >>--- >>

[libvirt] [PATCH] apparmor: fix virt-aa-helper profile

Fix rule introduced by commit 0f33025a: * to handle /var/run not being a symlink to /run * to be properly parsed: missing comma at the end. --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

Re: [libvirt] [PATCH] Fixed documentation for destroy storage pool

On Sat, Dec 30, 2017 at 09:15:34AM +0100, fran...@telecos.upc.edu wrote: > From: Francesc Guasch > > --- > lib/Sys/Virt/StoragePool.pm | 7 ++- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/lib/Sys/Virt/StoragePool.pm

Re: [libvirt] [PATCH] util: fix a wrong description

On Sat, Dec 23, 2017 at 05:49:08PM +0800, Chen Hanxiao wrote: From: Chen Hanxiao We don't have @result. Use the right one: @matches Signed-off-by: Chen Hanxiao --- src/util/virstring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

Re: [libvirt] [PATCH] util: fix a wrong description

On Sat, Dec 23, 2017 at 05:49:08PM +0800, Chen Hanxiao wrote: > From: Chen Hanxiao > > We don't have @result. Use the right one: @matches > > Signed-off-by: Chen Hanxiao I slightly adjusted the commit message, but Reviewed-by: Erik Skultety

Re: [libvirt] [PATCH] apparmor: allow unix stream for p2p migrations

On 12/19/2017 02:13 PM, Christian Ehrhardt wrote: > On live migration with --p2p like: > $ virsh migrate --live --p2p kvmguest-bionic-normal \ >qemu+ssh://10.6.221.80/system > > We hit an apparmor deny like: > apparmor="DENIED" operation="file_inherit" > profile="/usr/sbin/libvirtd"

Re: [libvirt] [PATCH 0/2] Set hostname in lxc containers

On 12/18/2017 03:56 PM, Cédric Bosdonnat wrote: > Hey there, > > Here are two commits to set a transient hostname on lxc containers based > on the guest name. > > Cédric Bosdonnat (2): > Add virStringFilterChars() string utility > lxc: set a hostname based on the container name > >

Re: [libvirt] [PATCH] nodedev: Fix failing to parse PCI address for non-PCI network devices

On Fri, Dec 22, 2017 at 01:05:26PM +0800, Fei Li wrote: > Commit 8708ca01c added virNetDevSwitchdevFeature to check whether > the NIC had Switchdev capabilities; however this causes errors for > network devices whose address is not in PCI format, like qeth device > whose address is 0.0.0800, when