[libvirt] [PATCH] news: Add the event name completion

Signed-off-by: Lin Ma --- docs/news.xml | 9 + 1 file changed, 9 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 76d1613d35..693d4a373b 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -84,6 +84,15 @@ and ich9 sound devices. +

[libvirt] [PATCH] storage: Add capability to use LUKS encryption for disk backend

https://bugzilla.redhat.com/show_bug.cgi?id=1560946 Following the model of the Logical backend, use qemu-img on the created device to set up for LUKS encryption. Signed-off-by: John Ferlan --- works much better with the settle patch applied from:

Re: [libvirt] [PATCH v3 2/4] qemu: support passing pre-opened UNIX socket listen FD

On 05/17/2018 08:40 AM, Daniel P. Berrangé wrote: There is a race condition when spawning QEMU where libvirt has spawned QEMU but the monitor socket is not yet open. Libvirt has to repeatedly try to connect() to QEMU's monitor until eventually it succeeds, or times out. We use kill() to check if

Re: [libvirt] Likely build race, "/usr/bin/ld: cannot find -lvirt"

On 05/24/2018 04:27 AM, Ian Jackson wrote: Ian Jackson writes ("Likely build race, "/usr/bin/ld: cannot find -lvirt""): tl;dr: I think there is a bug in libvirt's build system which, with low probability, causes a build failure containing this message: /usr/bin/ld: cannot find -lvirt

Re: [libvirt] [PATCH v8 13/18] security: Add swtpm paths to the domain's AppArmor profile

On 05/24/2018 04:26 PM, Stefan Berger wrote: This patch extends the AppArmor domain profile with file paths the swtpm accesses for state, log, pid, and socket files. Both, QEMU and swtpm, use this AppArmor profile. Signed-off-by: Stefan Berger Cc: Christian

[libvirt] [PATCH v8 16/18] conf: Audit TPM emulator device at domain startup

Extend the existing auditing with auditing for the TPM emulator. Signed-off-by: Stefan Berger --- docs/auditlog.html.in | 2 +- src/conf/domain_audit.c | 16 +--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/auditlog.html.in

[libvirt] [PATCH v8 07/18] qemu: Add support for external swtpm TPM emulator

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only start a TPM 1.2. Upon first start, libvirt will run `swtpm_setup`, which will simulate the manufacturing of a TPM and create certificates for it and

[libvirt] [PATCH v8 15/18] qemu: Validate chosen TPM model rather than overwriting it

TPM 1.2 does not support a CRB interface but only TIS. So, in this case we need to alert the user and request a change to the XML rather than silently overwriting it. Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 15 --- src/qemu/qemu_domain.c

[libvirt] [PATCH v8 10/18] conf: Add support for choosing emulation of a TPM 2

This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows: The swtpm process now has --tpm2 as an additional parameter: system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8 0.0 28364 3868 ? Rs

[libvirt] [PATCH v8 11/18] qemu: Add swtpm to emulator cgroup

Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. To enable this we need to have the swtpm write its process id (pid) into a file. We then read it from the file to configure the emulator cgroup. The PID file is created in

[libvirt] [PATCH v8 14/18] qemu: Run swtpm_setup in unprivileged mode for a TPM 2

swtpm_setup can be run for a TPM 2 in unprivileged mode assuming XDG_CONFIG_HOME has been set and the necessary configuration files have been put into that directory. For current reference also see this link: https://github.com/stefanberger/swtpm/pull/63 Signed-off-by: Stefan Berger

[libvirt] [PATCH v8 12/18] news: Update news with new TPM emulator feature

Signed-off-by: Stefan Berger --- docs/news.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 76d1613d35..88570a 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -33,6 +33,19 @@ --> + + +

[libvirt] [PATCH v8 00/18] Add support for TPM emulator (for 4.5)

This series of patches adds support for the TPM emulator backend that is available in QEMU and based on swtpm + libtpms. It allows to attach a TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm process, its Unix socket, and log file with the same label that the QEMU process

[libvirt] [PATCH v8 17/18] conf: Use resrc=tpm in case of TPM passthrough following docs

Fix the resrc field for the TPM passthrough case to show tpm. This fixes the code to follow the documentation. Signed-off-by: Stefan Berger --- src/conf/domain_audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf/domain_audit.c

[libvirt] [PATCH v8 18/18] conf: Use virDomainChrSourceDefClear() rather than VIR_FREE()

Signed-off-by: Stefan Berger --- src/conf/domain_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 0b244b2eac..2a7be083f9 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@

[libvirt] [PATCH v8 05/18] qemu: Extend qemu_conf with tpm-emulator support

Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: Stefan

[libvirt] [PATCH v8 13/18] security: Add swtpm paths to the domain's AppArmor profile

This patch extends the AppArmor domain profile with file paths the swtpm accesses for state, log, pid, and socket files. Both, QEMU and swtpm, use this AppArmor profile. Signed-off-by: Stefan Berger Cc: Christian Ehrhardt ---

[libvirt] [PATCH v8 04/18] security: Add DAC and SELinux security for tpm-emulator

Extend the DAC and SELinux modules with support for the tpm-emulator. We label the Unix socket that QEMU connects to after starting swtmp with DAC and SELinux labels. We do not have to restore the labels in this case since the tpm-emulator will remove the Unix socket when it terminates.

[libvirt] [PATCH v8 01/18] conf: Add support for external swtpm TPM emulator to domain XML

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: Stefan Berger

[libvirt] [PATCH v8 09/18] security: Label the external swtpm with SELinux labels

In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as well. We restore the old security labels once the swtpm has terminated. The file and process labels now look as follows: Directory:

[libvirt] [PATCH v8 06/18] qemu: Extend QEMU with external TPM support

Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which simulates the manufacturing of a TPM, which includes creation of certificates for the device. Further, the external TPM needs storage on the

[libvirt] [PATCH v8 02/18] qemu: Extend QEMU capabilities with 'tpm-emulator'

Extend the QEMU capabilities with tpm-emulator support. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/qemu/qemu_capabilities.c | 5 + src/qemu/qemu_capabilities.h | 1 +

[libvirt] [PATCH v8 08/18] tests: Add test cases for external swtpm TPM emulator

This patch adds extensions to existing test cases and specific test cases for the tpm-emulator. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- .../tpm-emulator.x86_64-latest.args| 33 ++

[libvirt] [PATCH v8 03/18] util: Implement virFileChownFiles()

Implement virFileChownFiles() which changes file ownership of all files in a given directory. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/libvirt_private.syms | 1 + src/util/virfile.c | 55

[libvirt] [PATCH] storage: Remove rwlocks during virStoragePoolObjListForEach

Remove the locks since they are unnecessary and would cause a hang for a driver reload/restart when a transient pool was previously active as a result of the call: virStoragePoolUpdateInactive: ... if (!virStoragePoolObjGetConfigFile(obj)) { virStoragePoolObjRemove(driver->pools,

Re: [libvirt] [GSoC] Design ideas for implementing cleanup attribute

On Wed, May 23, 2018 at 06:23:01PM +0200, Peter Krempa wrote: > On Wed, May 23, 2018 at 18:05:17 +0200, Pavel Hrdina wrote: > > [...] > > > I liked the way how GLib is solving the issue so we can simply use the > > same approach since it looks reasonable. > > > > There would be three different

Re: [libvirt] [GSoC] Design ideas for implementing cleanup attribute

On Thu, May 24, 2018 at 11:16:40PM +0530, Sukrit Bhatnagar wrote: > On 23 May 2018 at 21:35, Pavel Hrdina wrote: > > On Sun, Mar 25, 2018 at 01:55:07AM +0530, Sukrit Bhatnagar wrote: > >> Hi, > >> > >> I am interested in implementing the GCC cleanup attribute for automatic >

Re: [libvirt] [Qemu-devel] [PATCH v7 1/3] qmp: adding 'wakeup-suspend-support' in query-target

On Wed, May 23, 2018 at 05:53:34PM +0200, Markus Armbruster wrote: > Eduardo Habkost writes: > > > On Wed, May 23, 2018 at 11:17:55AM +0200, Markus Armbruster wrote: > >> Eduardo Habkost writes: > >> > On Mon, May 21, 2018 at 04:46:36PM -0300, Daniel

Re: [libvirt] [GSoC] Design ideas for implementing cleanup attribute

On 23 May 2018 at 21:35, Pavel Hrdina wrote: > On Sun, Mar 25, 2018 at 01:55:07AM +0530, Sukrit Bhatnagar wrote: >> Hi, >> >> I am interested in implementing the GCC cleanup attribute for automatic >> resource freeing as part of GSoC'18. I have shared a proposal for the same.

Re: [libvirt] [Qemu-devel] [qemu PATCH v2] docs/interop: add "firmware.json"

On 05/24/18 18:23, Paolo Bonzini wrote: > On 24/05/2018 18:21, Laszlo Ersek wrote: >> On 05/15/18 11:49, Gerd Hoffmann wrote: >>> On Wed, May 09, 2018 at 05:26:08PM +0200, Laszlo Ersek wrote: Add a schema that describes the different uses and properties of virtual machine firmware.

Re: [libvirt] [PATCH 10/22] virsh: Introduce new hypervisor-cpu-compare command

On 05/16/2018 04:39 AM, Jiri Denemark wrote: > This command is a virsh wrapper for virConnectCompareHypervisorCPU. > > Signed-off-by: Jiri Denemark > --- > tools/virsh-host.c | 113 + > tools/virsh.pod| 29 +++- > 2

Re: [libvirt] [PATCH 07/13] qemu: Add hotpluging support for PCI devices on S390 guests

On Thu, 24 May 2018 14:24:32 +0200 Xiao Feng Ren wrote: > From: Yi Min Zhao > > This commit adds hotplug support for PCI devices on S390 guests. > There's no need to implement hot unplug for zPCI as QEMU implements > an unplug callback which

Re: [libvirt] [PATCH 5/5] qemu: domain: Use typecasted enum in qemuDomainDeviceDefPostParse

On Thu, May 24, 2018 at 05:22:07PM +0200, Peter Krempa wrote: Rather than a lot of checks use a switch statement. This optimizes the code as if one device is matched the rest will certainly not match. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 77

Re: [libvirt] [Qemu-devel] [qemu PATCH v2] docs/interop: add "firmware.json"

On 05/15/18 11:49, Gerd Hoffmann wrote: > On Wed, May 09, 2018 at 05:26:08PM +0200, Laszlo Ersek wrote: >> Add a schema that describes the different uses and properties of virtual >> machine firmware. >> >> Each firmware executable installed on a host system should come with at >> least one JSON

Re: [libvirt] [Qemu-devel] [qemu PATCH v2] docs/interop: add "firmware.json"

On 24/05/2018 18:21, Laszlo Ersek wrote: > On 05/15/18 11:49, Gerd Hoffmann wrote: >> On Wed, May 09, 2018 at 05:26:08PM +0200, Laszlo Ersek wrote: >>> Add a schema that describes the different uses and properties of virtual >>> machine firmware. >>> >>> Each firmware executable installed on a

Re: [libvirt] [PATCH 4/5] qemu: domain: Extract panic device def post parse code

On Thu, May 24, 2018 at 05:22:06PM +0200, Peter Krempa wrote: Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 27 +++ 1 file changed, 19 insertions(+), 8 deletions(-) Reviewed-by: Ján Tomko Jano signature.asc

Re: [libvirt] [PATCH 3/5] qemu: domain: Extract video device def post parse code

On Thu, May 24, 2018 at 05:22:05PM +0200, Peter Krempa wrote: Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 40 +--- 1 file changed, 25 insertions(+), 15 deletions(-) Reviewed-by: Ján Tomko Jano

Re: [libvirt] [PATCH 2/5] qemu: domain: Extract network device def post parse code

On Thu, May 24, 2018 at 05:22:04PM +0200, Peter Krempa wrote: Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) Reviewed-by: Ján Tomko Jano signature.asc

Re: [libvirt] [PATCH 1/5] qemu: domain: Extract disk post parse code into a function

On Thu, May 24, 2018 at 05:22:03PM +0200, Peter Krempa wrote: Later on, more stuff will be added so prevent the main function growing out of control. We wouldn't want it to become sentient. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 77

Re: [libvirt] [PATCH v2 0/3] adding virGetLastErrorCode/Domain to paritally replace virGetLastError

Patch looks good, many thanks Eric. Ramy On Wed, May 9, 2018 at 12:58 PM, Erik Skultety wrote: > On Sat, May 05, 2018 at 01:04:18PM +0100, ramyelkest wrote: >> Changes from v1[1]: >> >> * removed virHasLastError() and s/virHasLastError/virGetLastErrorCode/g >> * replaced in

[libvirt] [PATCH] disk: Allow settling to occur after reading partitions

https://bugzilla.redhat.com/show_bug.cgi?id=1400475 In order to avoid a possible error as a result of kernel interactions with the partition helper, let's use virWaitForDevices to force things to settle down before attempting to open and read the partition. This is related to

[libvirt] [PATCH 3/5] qemu: domain: Extract video device def post parse code

Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 40 +--- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index dbdd94de2f..e9a8b0c332 100644 ---

[libvirt] [PATCH 5/5] qemu: domain: Use typecasted enum in qemuDomainDeviceDefPostParse

Rather than a lot of checks use a switch statement. This optimizes the code as if one device is matched the rest will certainly not match. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 77 ++ 1 file changed, 52

[libvirt] [PATCH 2/5] qemu: domain: Extract network device def post parse code

Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index ab0a823f1e..dbdd94de2f 100644 --- a/src/qemu/qemu_domain.c +++

[libvirt] [PATCH 4/5] qemu: domain: Extract panic device def post parse code

Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 27 +++ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index e9a8b0c332..a6b879aa76 100644 --- a/src/qemu/qemu_domain.c +++

[libvirt] [PATCH 1/5] qemu: domain: Extract disk post parse code into a function

Later on, more stuff will be added so prevent the main function growing out of control. Signed-off-by: Peter Krempa --- src/qemu/qemu_domain.c | 77 -- 1 file changed, 43 insertions(+), 34 deletions(-) diff --git

[libvirt] [PATCH 0/5] qemu: refactor device post parse callback

Main idea was to split the disk code since I'll be changing it later but as I was at it I refactored everything. Peter Krempa (5): qemu: domain: Extract disk post parse code into a function qemu: domain: Extract network device def post parse code qemu: domain: Extract video device def post

Re: [libvirt] [PATCH 10/22] virsh: Introduce new hypervisor-cpu-compare command

On Wed, May 16, 2018 at 10:39:29AM +0200, Jiri Denemark wrote: This command is a virsh wrapper for virConnectCompareHypervisorCPU. Signed-off-by: Jiri Denemark --- tools/virsh-host.c | 113 + tools/virsh.pod| 29 +++-

Re: [libvirt] [PATCH 08/22] Introduce virConnectCompareHypervisorCPU public API

On Wed, May 16, 2018 at 10:39:27AM +0200, Jiri Denemark wrote: This new API compares the given CPU description with the CPU the specified hypervisor is able to provide on the host. It is a more useful version of virConnectCompareCPU, which compares the CPU definition with the host CPU without

Re: [libvirt] [PATCH 09/22] remote: Implement virConnectCompareHypervisorCPU

On Wed, May 16, 2018 at 10:39:28AM +0200, Jiri Denemark wrote: Signed-off-by: Jiri Denemark --- src/remote/remote_driver.c | 3 ++- src/remote/remote_protocol.x | 21 - src/remote_protocol-structs | 12 3 files changed, 34 insertions(+), 2

[libvirt] [PATCH 08/13] conf: Introduce parser, formatter for uid and fid

From: Yi Min Zhao This patch introduces new XML parser/formatter functions. Uid is 16-bit and non-zero. Fid is 32-bit. They are added as two new attributes of PCI address, and parsed/formatted along with PCI address parser/formatter. Signed-off-by: Yi Min Zhao

[libvirt] [PATCH 00/13] PCI passthrough support on s390

The PCI representation in QEMU has recently been extended for S390 allowing configuration of zPCI attributes like uid (user-defined identifier) and fid (PCI function identifier). The details can be found here: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg07262.html To support the new

[libvirt] [PATCH 13/13] news: Update news for PCI address extension attributes

From: Yi Min Zhao Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Stefan Zimmermann --- docs/news.xml | 11 +++ 1 file changed, 11 insertions(+) diff --git

[libvirt] [PATCH 06/13] qemu: Generate and use zPCI device in QEMU command line

From: Yi Min Zhao Add new functions to generate zPCI command string and append it to QEMU command line. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Stefan Zimmermann

[libvirt] [PATCH 04/13] qemu: Enable PCI multi bus for S390 guests

From: Yi Min Zhao QEMU on s390 supports PCI multibus since forever. But zPCI, as extension of PCI device on s390, is the significant capability. Only when zPCI capability is existing, we consider QEMU supports PCI multibus properly. So let enable PCI multibus only if zPCI

[libvirt] [PATCH 12/13] docs: Add 'uid' and 'fid' information

From: Yi Min Zhao Update 'Device address' section to describe the 'uid' and 'fid' attributes. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Stefan Zimmermann ---

[libvirt] [PATCH 11/13] tests: Add new tests for zPCI

From: Yi Min Zhao This patch adds new test cases for zPCI when 'uid' and 'fid' are defined with different conditions in XML. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Bjoern Walk

[libvirt] [PATCH 10/13] conf: Allocate/release 'uid' and 'fid' in PCI address

From: Yi Min Zhao This patch adds new functions for reservation, assignment and release to handle the uid/fid. If the uid/fid is defined in the domain XML, they will be reserved directly in collecting phase. If any of them is not defined, we will find out an available value

[libvirt] [PATCH 07/13] qemu: Add hotpluging support for PCI devices on S390 guests

From: Yi Min Zhao This commit adds hotplug support for PCI devices on S390 guests. There's no need to implement hot unplug for zPCI as QEMU implements an unplug callback which will unplug both PCI and zPCI device in a cascaded way. Currently, the following PCI devices are

[libvirt] [PATCH 01/13] conf: Add definitions for 'uid' and 'fid' PCI address attributes

From: Yi Min Zhao Add zPCI definitions in preparation of extending the PCI address with parameters uid (user-defined identifier) and fid (PCI function identifier). Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski

[libvirt] [PATCH 02/13] qemu: Introduce zPCI capability

From: Yi Min Zhao Let's introduce zPCI capability. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Stefan Zimmermann Reviewed-by: Bjoern Walk ---

[libvirt] [PATCH 05/13] qemu: Auto add pci-root for s390/s390x guests

From: Yi Min Zhao The pci-root depends on zpci capability. So autogenerate pci-root if zpci exists. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski Reviewed-by: Stefan Zimmermann Reviewed-by:

[libvirt] [PATCH 09/13] conf: Introduce address caching for PCI extensions

From: Yi Min Zhao This patch provides a caching mechanism for the device address extensions uid and fid on S390. For efficient sparse address allocation, we introduce two hash tables for uid/fid which hold the address set information per domain. Also in order to improve

[libvirt] [PATCH 03/13] conf: Introduce a new PCI address extension flag

From: Yi Min Zhao This patch introduces a new attribute PCI address extension flag to deal with the extension PCI attributes such as 'uid' and 'fid' on the S390 platform. Signed-off-by: Yi Min Zhao Reviewed-by: Boris Fiuczynski

Re: [libvirt] [PATCH 07/22] qemu_capabilities: Introduce virQEMUCapsCacheLookupDefault

On Wed, May 16, 2018 at 10:39:26AM +0200, Jiri Denemark wrote: virConnectGetDomainCapabilities needs to lookup QEMU capabilities matching a specified binary, architecture, virt type, and machine type while using default values when any of the parameters are not provided by the user. Let's

Re: [libvirt] [PATCH] tools: virsh: Add virshCellnoCompleter.

On 05/24/2018 11:04 AM, Roland Schulz wrote: > Signed-off-by: Roland Schulz > --- > tools/virsh-completer.c | 58 + > tools/virsh-completer.h | 3 +++ > tools/virsh-host.c | 3 +++ > 3 files changed, 64 insertions(+) I'm

Re: [libvirt] [PATCH v2] Fix indentation of virshAllocpagesPagesizeCompleter arguments.

On 05/24/2018 11:04 AM, Roland Schulz wrote: > Signed-off-by: Roland Schulz > --- > tools/virsh-completer.c | 4 ++-- > tools/virsh-completer.h | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) ACKed and pushed. Michal -- libvir-list mailing list

Re: [libvirt] [PATCH 06/22] vshExtractCPUDefXML: Accept domain capabilities XML

On Wed, May 16, 2018 at 10:39:25AM +0200, Jiri Denemark wrote: The domain capabilities XML contains host CPU model tailored to a specific hypervisor and since it's enclosed in element rather then the required it's impossible to directly use the host CPU model as an input to, e.g., cpu-compare

Re: [libvirt] [PATCH 05/22] Improve documentation of virConnectGetCPUModelNames

On Wed, May 16, 2018 at 10:39:24AM +0200, Jiri Denemark wrote: Signed-off-by: Jiri Denemark --- src/libvirt-host.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/libvirt-host.c b/src/libvirt-host.c index 76087badd8..ed689b9ec2 100644 ---

Re: [libvirt] [PATCH 04/22] virsh: Enhance documentation of cpu-models command

On Wed, May 16, 2018 at 10:39:23AM +0200, Jiri Denemark wrote: Signed-off-by: Jiri Denemark --- tools/virsh.pod | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/virsh.pod b/tools/virsh.pod index 5f72e11dec..5fc8201893 100644 ---

Re: [libvirt] [PATCH v7 00/12] Add support for TPM emulator

On 05/24/2018 09:21 AM, John Ferlan wrote: On 05/24/2018 09:02 AM, Stefan Berger wrote: This series of patches adds support for the TPM emulator backend that is available in QEMU and based on swtpm + libtpms. It allows to attach a TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling

Re: [libvirt] [PATCH 03/22] virsh: Enhance documentation of cpu-compare command

On Wed, May 16, 2018 at 10:39:22AM +0200, Jiri Denemark wrote: Signed-off-by: Jiri Denemark --- tools/virsh.pod | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Reviewed-by: Ján Tomko Jano signature.asc Description: Digital signature --

Re: [libvirt] [PATCH 02/22] virsh: Extract common code from cmdCPU{Compare, Baseline}

On Wed, May 16, 2018 at 10:39:21AM +0200, Jiri Denemark wrote: Both cpu-compare and cpu-baseline commands accept more that just CPU definition XML(s). For users' convenience they are able to extract the CPU definition(s) even from domain XML or capabilities XML. The main differences between the

Re: [libvirt] [PATCH] Fix indentation of virshAllocpagesPagesizeCompleter arguments.

On 05/24/2018 03:51 PM, Michal Privoznik wrote: > On 05/23/2018 04:08 PM, Roland Schulz wrote: >> --- >> tools/virsh-completer.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > This patch is missing SoB line. I cannot push this patch without it. Can > you please confirm here

Re: [libvirt] [PATCH] Fix indentation of virshAllocpagesPagesizeCompleter arguments.

On 05/23/2018 04:08 PM, Roland Schulz wrote: > --- > tools/virsh-completer.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) This patch is missing SoB line. I cannot push this patch without it. Can you please confirm here that I can add is there (funny, because your other patches

Re: [libvirt] [PATCH] Add virshAllocpagesPagesizeCompleter to opts_freepages.

On 05/24/2018 03:11 PM, Roland Schulz wrote: > Signed-off-by: Roland Schulz > --- > For the time being virshAllocpagesPagesizeCompleter can be used with > other commands that use --pagesize option. > > tools/virsh-host.c | 1 + > 1 file changed, 1 insertion(+) ACKed and

Re: [libvirt] [ [PATCH v3 4/8] virsh: Add event name completion to 'event' command

On 05/23/2018 08:32 AM, Lin Ma wrote: > Signed-off-by: Lin Ma > --- > tools/virsh-completer.c | 31 +++ > tools/virsh-completer.h | 3 +++ > tools/virsh-domain.c| 1 + > 3 files changed, 35 insertions(+) > > diff --git a/tools/virsh-completer.c

Re: [libvirt] [ [PATCH v3 0/8] virsh completion for event, secret-event, pool-event and nodedev-event

On 05/23/2018 08:32 AM, Lin Ma wrote: > v2 -> v3: > Most of patches in original v2 patchset were pushed, only 2 patches left, > So create a new patchset for including the 2 patches and 6 new completion > patches which about secret-event, pool-event and nodedev-event. > > (Borrowed code & idea

Re: [libvirt] [PATCH 01/22] virsh: Move cpu-{baseline, compare} commands

On Wed, May 16, 2018 at 10:39:20AM +0200, Jiri Denemark wrote: Similarly to cpu-models these two commands do not operate on a domain and should be listed in the "Host and Hypervisor" commands section. Signed-off-by: Jiri Denemark --- tools/virsh-domain.c | 223

Re: [libvirt] [ [PATCH v3 3/8] virsh: Move vshEventCallback structure definition to virsh-domain.h

On 05/23/2018 08:32 AM, Lin Ma wrote: > The next patch will use it in virsh-completer.c for returning the strings > of domain event name. > > Signed-off-by: Lin Ma > --- > tools/virsh-domain.c | 8 +--- > tools/virsh-domain.h | 8 > 2 files changed, 9 insertions(+),

Re: [libvirt] [ [PATCH v3 1/8] virsh-secret: Rename vshEventCallback to vshSecretEventCallback

On 05/23/2018 08:32 AM, Lin Ma wrote: > The next patch will use it in virsh-completer.c for returning the name > list of secret events. > > The patch code originally authored by Michal Privoznik, Please refer to > https://www.redhat.com/archives/libvir-list/2018-May/msg01022.html > > I splitted

Re: [libvirt] [PATCH v7 00/12] Add support for TPM emulator

On 05/24/2018 09:02 AM, Stefan Berger wrote: > This series of patches adds support for the TPM emulator backend that > is available in QEMU and based on swtpm + libtpms. It allows to attach a > TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm > process, its Unix socket,

[libvirt] [PATCH] Add virshAllocpagesPagesizeCompleter to opts_freepages.

Signed-off-by: Roland Schulz --- For the time being virshAllocpagesPagesizeCompleter can be used with other commands that use --pagesize option. tools/virsh-host.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/virsh-host.c b/tools/virsh-host.c index

[libvirt] [PATCH v7 10/12] conf: Add support for choosing emulation of a TPM 2

This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows: The swtpm process now has --tpm2 as an additional parameter: system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8 0.0 28364 3868 ? Rs

Re: [libvirt] [PATCH 10/12] conf: Add support for choosing emulation of a TPM 2

On Thu, May 24, 2018 at 07:22:30AM -0400, Stefan Berger wrote: On 05/24/2018 03:08 AM, Ján Tomko wrote: On Wed, May 23, 2018 at 02:33:08PM -0400, Stefan Berger wrote: swtpm doesn't have all the bells and whistles of QEMU that we would have a JSON interface to query the features from. With

[libvirt] [PATCH v7 11/12] qemu: Add swtpm to emulator cgroup

Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. To enable this we need to have the swtpm write its process id (pid) into a file. We then read it from the file to configure the emulator cgroup. The PID file is created in

[libvirt] [PATCH v7 00/12] Add support for TPM emulator

This series of patches adds support for the TPM emulator backend that is available in QEMU and based on swtpm + libtpms. It allows to attach a TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm process, its Unix socket, and log file with the same label that the QEMU process

[libvirt] [PATCH v7 02/12] qemu: Extend QEMU capabilities with 'tpm-emulator'

Extend the QEMU capabilities with tpm-emulator support. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/qemu/qemu_capabilities.c | 5 + src/qemu/qemu_capabilities.h | 1 +

[libvirt] [PATCH v7 06/12] qemu: Extend QEMU with external TPM support

Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which simulates the manufacturing of a TPM, which includes creation of certificates for the device. Further, the external TPM needs storage on the

Re: [libvirt] [PATCH 10/12] conf: Add support for choosing emulation of a TPM 2

On Thu, May 24, 2018 at 02:17:13PM +0200, Marc Hartmayer wrote: On Tue, May 22, 2018 at 10:44 PM +0200, Stefan Berger wrote: This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows:

[libvirt] [PATCH v7 08/12] tests: Add test cases for external swtpm TPM emulator

This patch adds extensions to existing test cases and specific test cases for the tpm-emulator. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- .../tpm-emulator.x86_64-latest.args| 33 ++

[libvirt] [PATCH v7 05/12] qemu: Extend qemu_conf with tpm-emulator support

Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: Stefan

[libvirt] [PATCH v7 09/12] security: Label the external swtpm with SELinux labels

In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as well. We restore the old security labels once the swtpm has terminated. The file and process labels now look as follows: Directory:

[libvirt] [PATCH v7 04/12] security: Add DAC and SELinux security for tpm-emulator

Extend the DAC and SELinux modules with support for the tpm-emulator. We label the Unix socket that QEMU connects to after starting swtmp with DAC and SELinux labels. We do not have to restore the labels in this case since the tpm-emulator will remove the Unix socket when it terminates.

[libvirt] [PATCH v7 12/12] news: Update news with new TPM emulator feature

Signed-off-by: Stefan Berger --- docs/news.xml | 9 + 1 file changed, 9 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 76d1613d35..7c401e42de 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -64,6 +64,15 @@ TLS environment which is

[libvirt] [PATCH v7 07/12] qemu: Add support for external swtpm TPM emulator

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only start a TPM 1.2. Upon first start, libvirt will run `swtpm_setup`, which will simulate the manufacturing of a TPM and create certificates for it and

[libvirt] [PATCH v7 01/12] conf: Add support for external swtpm TPM emulator to domain XML

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: Stefan Berger

[libvirt] [PATCH v7 03/12] util: Implement virFileChownFiles()

Implement virFileChownFiles() which changes file ownership of all files in a given directory. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/libvirt_private.syms | 1 + src/util/virfile.c | 55

Re: [libvirt] [PATCHv2 0/7] qemu: add vhost-vsock-pci support

On Thu, May 24, 2018 at 12:39:08PM +0200, Ján Tomko wrote: v1: https://www.redhat.com/archives/libvir-list/2018-May/msg01517.html v2: * use instead of * use for the guest address * add attribute and auto-assign the guest CID * fixed PCI address allocation

Re: [libvirt] [PATCH 10/12] conf: Add support for choosing emulation of a TPM 2

On 05/24/2018 08:17 AM, Marc Hartmayer wrote: On Tue, May 22, 2018 at 10:44 PM +0200, Stefan Berger wrote: This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows: The

  1   2   >