On Tue, Jul 09, 2019 at 12:46:30 -0500, Eric Blake wrote:
> Even though we don't accept any flags, it is unfriendly to callers
> that use the modern API to have to fall back to the flag-free API.
>
> Signed-off-by: Eric Blake
> ---
> src/vbox/vbox_common.c | 24 ++--
> 1 file
On Tue, Jul 09, 2019 at 12:46:31 -0500, Eric Blake wrote:
> Even though we don't accept any flags, it is unfriendly to callers
> that use the modern API to have to fall back to the flag-free API.
>
> Signed-off-by: Eric Blake
> ---
> src/xenapi/xenapi_driver.c | 22 +++---
> 1 fi
On Tue, Jul 09, 2019 at 12:46:31 -0500, Eric Blake wrote:
> Even though we don't accept any flags, it is unfriendly to callers
> that use the modern API to have to fall back to the flag-free API.
>
> Signed-off-by: Eric Blake
> ---
> src/xenapi/xenapi_driver.c | 22 +++---
> 1 fi
On Tue, Jul 09, 2019 at 12:46:30 -0500, Eric Blake wrote:
> Even though we don't accept any flags, it is unfriendly to callers
> that use the modern API to have to fall back to the flag-free API.
>
> Signed-off-by: Eric Blake
> ---
> src/vbox/vbox_common.c | 24 ++--
> 1 file
On Tue, Jul 09, 2019 at 12:46:32 -0500, Eric Blake wrote:
> As shown in recent patches, several drivers provided only an older
> counterpart of an API, making it harder to uniformly use the newer
> preferred API form. We can prevent future instances of this by
> enhancing 'make syntax-check' to fla
On Tue, Jul 09, 2019 at 12:46:33 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, Jul 09, 2019 at 12:46:34 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, Jul 09, 2019 at 12:46:35 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, Jul 09, 2019 at 12:46:36 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, Jul 09, 2019 at 12:46:37 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, Jul 09, 2019 at 12:46:38 -0500, Eric Blake wrote:
> Copy what esx does in ignoring the SNAPSHOTS_METADATA flag as a no-op,
> and in line with the recent doc tweak in commit c049f022.
>
> Signed-off-by: Eric Blake
> ---
ACK
signature.asc
Description: PGP signature
--
libvir-list mailing
On Tue, 2019-07-09 at 18:48 +0200, Erik Skultety wrote:
> On Tue, Jul 09, 2019 at 06:15:39PM +0200, Andrea Bolognani wrote:
> > diff --git a/guests/host_vars/libvirt-debian-10/install.yml
> > b/guests/host_vars/libvirt-debian-10/install.yml
> > index 0a30571..d6452b6 100644
> > --- a/guests/host_v
On Wed, Jul 10, 2019 at 12:01:18AM +0200, Stephan von Krawczynski wrote:
> On Tue, 9 Jul 2019 14:26:08 +0200
> Pavel Hrdina wrote:
>
> > [...]
> >
> > In addition if you would like to have only one VM as root:root you
> > should keep the default config as nobody:kvm and use the root:root for
> >
On Wed, 10 Jul 2019 09:56:35 +0200
Pavel Hrdina wrote:
> On Wed, Jul 10, 2019 at 12:01:18AM +0200, Stephan von Krawczynski wrote:
> > On Tue, 9 Jul 2019 14:26:08 +0200
> > Pavel Hrdina wrote:
> >
> > > [...]
> > >
> > > In addition if you would like to have only one VM as root:root you
> > >
On 7/9/19 4:25 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger wrote:
Allow vTPM state encryption when swtpm_setup and swtpm support
passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does
not encrypt the state d
On 7/9/19 4:24 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger wrote:
Run 'swtpm socket --print-capabilities' and
'swtpm_setup --print-capabilities' to get the JSON object of the
features the programs are supporting and parse them into a bitmap.
Signed-off-by: Stefan
On 7/9/19 4:24 PM, Marc-André Lureau wrote:
On Tue, Jul 9, 2019 at 9:24 PM Stefan Berger wrote:
Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce
a few functions to query the executables needed for virCommands.
Signed-off-by: Stefan Berger
Couldn't there be a TOCTOU is
On 7/10/19 2:02 AM, Peter Krempa wrote:
> On Tue, Jul 09, 2019 at 12:46:30 -0500, Eric Blake wrote:
>> Even though we don't accept any flags, it is unfriendly to callers
>> that use the modern API to have to fall back to the flag-free API.
>>
>> Signed-off-by: Eric Blake
>> ---
>> src/vbox/vbox_c
On Wed, 2019-07-10 at 09:42 +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-09 at 18:48 +0200, Erik Skultety wrote:
> > On Tue, Jul 09, 2019 at 06:15:39PM +0200, Andrea Bolognani wrote:
> > > diff --git a/guests/host_vars/libvirt-debian-10/install.yml
> > > b/guests/host_vars/libvirt-debian-10/in
On 7/10/19 2:09 AM, Peter Krempa wrote:
> On Tue, Jul 09, 2019 at 12:46:30 -0500, Eric Blake wrote:
>> Even though we don't accept any flags, it is unfriendly to callers
>> that use the modern API to have to fall back to the flag-free API.
>>
>> Signed-off-by: Eric Blake
>> ---
>> src/vbox/vbox_c
Currently we don't have a consolidated approach for managing
asynchronous long-running domain jobs. Historically there were
long-running jobs which interlocked with each other and thus there was
only one such job possible at given time (migration, save, restore, dump)
These jobs have a not very fl
On Tue, Jul 09, 2019 at 02:45:18PM +0200, Stephan von Krawczynski wrote:
On Tue, 9 Jul 2019 14:26:08 +0200
Pavel Hrdina wrote:
On Tue, Jul 09, 2019 at 02:03:15PM +0200, Stephan von Krawczynski wrote:
> On Tue, 9 Jul 2019 09:40:23 +0100
> Daniel P. Berrangé wrote:
>
> > On Mon, Jul 08, 2019 at
On 7/10/19 7:27 AM, Peter Krempa wrote:
> Currently we don't have a consolidated approach for managing
> asynchronous long-running domain jobs. Historically there were
> long-running jobs which interlocked with each other and thus there was
> only one such job possible at given time (migration, sav
On Tue, 2019-07-09 at 18:15 +0100, Daniel P. Berrangé wrote:
> Way back in the past, the "no_tty=1" option was added for the remote
> driver to disable local password prompting by disabling use of the local
> tty:
>
> commit b32f42984994a397441a1c48f1a002e906624c51
> Author: Daniel P. Berrange
On Wed, 10 Jul 2019 14:48:14 +0200
Martin Kletzander wrote:
> On Tue, Jul 09, 2019 at 02:45:18PM +0200, Stephan von Krawczynski wrote:
> >On Tue, 9 Jul 2019 14:26:08 +0200
> >Pavel Hrdina wrote:
> >
> >> On Tue, Jul 09, 2019 at 02:03:15PM +0200, Stephan von Krawczynski wrote:
> >> > On Tue,
On Wed, Jul 10, 2019 at 03:44:54PM +0200, Stephan von Krawczynski wrote:
On Wed, 10 Jul 2019 14:48:14 +0200
Martin Kletzander wrote:
On Tue, Jul 09, 2019 at 02:45:18PM +0200, Stephan von Krawczynski wrote:
>On Tue, 9 Jul 2019 14:26:08 +0200
>Pavel Hrdina wrote:
>
>> On Tue, Jul 09, 2019 at 02
On Wed, Jul 10, 2019 at 08:38:20 -0500, Eric Blake wrote:
> On 7/10/19 7:27 AM, Peter Krempa wrote:
> > Currently we don't have a consolidated approach for managing
> > asynchronous long-running domain jobs. Historically there were
> > long-running jobs which interlocked with each other and thus th
Am Sa., 15. Juni 2019 um 14:59 Uhr schrieb Michal Prívozník <
mpriv...@redhat.com>:
> On 5/28/19 2:55 PM, Silvan Kaiser wrote:
> > Adds detection of a Quobyte shared file system for
> > live migration.
> >
> > Signed-off-by: Silvan Kaiser
> > ---
> > src/util/virfile.c| 13 ++
Previous commit:
commit faceedaf7170903065807e2c37dd0d1bd06a6ef5
Author: Jonathon Jongsma
Date: Tue Jun 18 11:13:12 2019 -0500
src/vz: use #pragma once in headers
accidentally chomped the "#" in a "#define" when re-indenting
Signed-off-by: Daniel P. Berrangé
---
src/vz/vz_utils.h
On Thu, Jun 27, 2019 at 10:54:30AM +0100, Daniel P. Berrangé wrote:
It doesn't make sense to have the admin socket active if the main
socket is not running, so bind their lifecycle together.
This ensures that if primary socket is stopped, the corresponding
admin socket is also stopped.
In the r
On Thu, Jun 27, 2019 at 10:54:31AM +0100, Daniel P. Berrangé wrote:
Signed-off-by: Daniel P. Berrangé
---
src/libvirt_private.syms | 1 +
src/util/virsocketaddr.c | 42
src/util/virsocketaddr.h | 2 ++
3 files changed, 45 insertions(+)
diff --git a/src/li
On Thu, Jun 27, 2019 at 10:54:32AM +0100, Daniel P. Berrangé wrote:
Signed-off-by: Daniel P. Berrangé
---
src/libvirt_remote.syms | 1 +
src/rpc/virnetsocket.c | 8
src/rpc/virnetsocket.h | 1 +
3 files changed, 10 insertions(+)
Reviewed-by: Ján Tomko
Jano
signature.asc
Descriptio
On Thu, Jun 27, 2019 at 10:54:33AM +0100, Daniel P. Berrangé wrote:
The current VIR_AUTOPTR macro assumes that the struct needs to have a
auto-free function auto-generated to call the real free function.
The new VIR_AUTOSTRUCT macro allows for structs which already have a
free function which tak
On Thu, Jun 27, 2019 at 10:54:34AM +0100, Daniel P. Berrangé wrote:
The getservent() APIs are not re-entrant safe so cannot be used in any
threaded program. Add a wrapper around getaddrinfo() for resolving the
service names to a port number.
Signed-off-by: Daniel P. Berrangé
---
src/libvirt_pri
Ilias Stamatis (2):
domain_conf: move DomainParseBlkioDeviceStr out of QEMU and LXC
drivers
domain_conf: move DomainMergeBlkioDevice out of QEMU and LXC drivers
src/conf/domain_conf.c | 185 ++
src/conf/domain_conf.h | 13 +++
src/libvirt_private.syms
The qemuDomainParseBlkioDeviceStr and lxcDomainParseBlkioDeviceSts
functions residing in the QEMU and LXC drivers respectively are
completely identical.
By moving the code to src/conf we avoid code duplication and we make the
function available to other drivers that might need to call it such as
t
The qemuDomainMergeBlkioDevice and lxcDomainMergeBlkioDevice
functions residing in the QEMU and LXC drivers respectively are
completely identical.
By moving the code to src/conf we avoid code duplication and we make the
function available to other drivers that might need to call it such as
the tes
As part of the proposal to introduce an embedded driver feature, we
decided we ought to have each driver acquire a lock against the virtual
root it is configured to use. This will prevent two apps from running an
embedded driver with the same root.
https://www.redhat.com/archives/libvir-list/201
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/qemu/driver.pid
In unprivileged libvirtd this ends up lo
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/storage/driver.pid
In unprivileged libvirtd this ends up
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/interface/driver.pid
In unprivileged libvirtd this ends
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/nodedev/driver.pid
In unprivileged libvirtd this ends up
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/secrets/driver.pid
In unprivileged libvirtd this ends up
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/network/driver.pid
In unprivileged libvirtd this ends up
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/nwfilter/driver.pid
In unprivileged libvirtd this ends u
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/vz/driver.pid
In unprivileged libvirtd this ends up lock
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/lxc/driver.pid
In unprivileged libvirtd this ends up loc
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/libxl/driver.pid
In unprivileged libvirtd this ends up l
No supported build targets for libvirt still ship xend, so there is no
need for the libxl driver to check for it anymore.
Signed-off-by: Daniel P. Berrangé
---
src/libxl/libxl_driver.c | 26 --
1 file changed, 4 insertions(+), 22 deletions(-)
diff --git a/src/libxl/libxl
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/bhyve/driver.pid
In unprivileged libvirtd this ends up l
On Thu, Jun 27, 2019 at 10:54:35AM +0100, Daniel P. Berrangé wrote:
When receiving multiple FDs from systemd during service activation it is
neccessary to identify which purpose each FD is used for. While this
could be inferred by looking for the specific IP ports or UNIX socket
paths, this requi
It was dropped by commit 277bab7b5aa4, but as it turns out
doing so was not the correct course of action.
The corresponding libvirt-jenkins-ci commit is 864210561aac.
Signed-off-by: Andrea Bolognani
---
buildenv-ubuntu-16.Dockerfile | 91 +++
1 file changed, 91 i
All patches pushed under the Dockerfiles refresh and trivial rule.
Andrea Bolognani (3):
Refresh after recent changes
Re-introduce Ubuntu 16.04 Dockerfile
Add Debian 10 Dockerfiles
buildenv-centos-7.Dockerfile | 151 ++---
buildenv-debian-10-cross-aarch64.Dockerfile
The corresponding libvirt-jenkins-ci commit is aba4604e6721.
Signed-off-by: Andrea Bolognani
---
buildenv-centos-7.Dockerfile | 151 +--
buildenv-fedora-29.Dockerfile | 173 +++---
buildenv-fedora-30.Dockerfile | 173 +++---
builden
The corresponding libvirt-jenkins-ci commit is 0e593724d190.
Signed-off-by: Andrea Bolognani
---
buildenv-debian-10-cross-aarch64.Dockerfile | 100 +++
buildenv-debian-10-cross-armv6l.Dockerfile | 98 ++
buildenv-debian-10-cross-armv7l.Dockerfile | 99 +
On 7/10/19 5:47 PM, Daniel P. Berrangé wrote:
As part of the proposal to introduce an embedded driver feature, we
decided we ought to have each driver acquire a lock against the virtual
root it is configured to use. This will prevent two apps from running an
embedded driver with the same root.
On 7/10/19 5:47 PM, Daniel P. Berrangé wrote:
When we allow multiple instances of the driver for the same user
account, using a separate root directory, we need to ensure mutual
exclusion. Use a pidfile to guarantee this.
In privileged libvirtd this ends up locking
/var/run/libvirt/nodedev/
On 7/8/19 10:37 PM, Eric Blake wrote:
> Even though we don't accept any flags, it is unfriendly to callers
> that use the modern API to have to fall back to the flag-free API.
>
> Note that virDomainBlockStats does not trivially forward to
> virDomainBlockStatsFlags, so that one is omitted.
>
> S
On Wed, Jul 10, 2019 at 07:02:08PM +0200, Michal Privoznik wrote:
> On 7/10/19 5:47 PM, Daniel P. Berrangé wrote:
> > When we allow multiple instances of the driver for the same user
> > account, using a separate root directory, we need to ensure mutual
> > exclusion. Use a pidfile to guarantee thi
The virtlogd config is set to rollover logs every 2 MB.
Normally a logrotate config file is also installed to handle cases where
virtlogd is disabled. This is set to rollover weekly with no size
constraint.
As a result logrotate can interfere with virtlogd's, rolling over files
that virtlogd has
Refactor virTPMEmulatorInit to use a loop with parameters. This allows
for easier extension later on.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/tpm/virtpm.c | 80 ++--
1 file changed, 37 insertions(+), 43 deletions(-)
diff -
Extend the TPM device XML parser and XML generator with emulator
state encryption support.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/conf/domain_conf.c | 40 +++-
src/conf/domain_conf.h | 1 +
2 files changed, 40 insertions(+), 1 de
Add an already existing test case tpm-emulator-tpm2 to qemuxml2xmltest.c
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
tests/qemuxml2xmltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a64b17ac28..a29958ae29 100
Allow vTPM state encryption when swtpm_setup and swtpm support
passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does
not encrypt the state during migration, so the destination secret
does not need to have the same password at this point.
S
Signed-off-by: Stefan Berger
---
src/util/vircommand.c | 70 ++-
1 file changed, 69 insertions(+), 1 deletion(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 0e367eeeab..357a9888a1 100644
--- a/src/util/vircommand.c
+++ b/src/util/virco
This patch now passes the passphrase as a migration key to swtpm.
This now encrypts the state of the TPM while a VM is migrated between
hosts or when suspended into a file. Since the migration key secret
is the same as the state encryption secret, this now requires that
the migration destination ho
Run 'swtpm socket --print-capabilities' and
'swtpm_setup --print-capabilities' to get the JSON object of the
features the programs are supporting and parse them into a bitmap.
Signed-off-by: Stefan Berger
---
src/conf/Makefile.inc.am | 6 ++
src/conf/virtpm_conf.c | 36
src/con
Add a test case for the TPM XML encryption parser and formatter.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
.../tpm-emulator-tpm2-enc.xml | 34 +
.../tpm-emulator-tpm2-enc.xml | 38 +++
tests/qemuxml2xmltest.c
This series of patches addresses the RFE in BZ 172830:
https://bugzilla.redhat.com/show_bug.cgi?id=1728030
This series of patches adds support for vTPM state encryption by passing
the read-end of a pipe's file descriptor to 'swtpm_setup' and 'swtpm'
where they can read a passphrase from and deriv
Move qemuTPMEmulatorInit to virTPMEmulatorInit in virtpm.c and introduce
a few functions to query the executables needed for virCommands.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/libvirt_private.syms | 4 ++
src/qemu/qemu_tpm.c | 83 -
Convert the struct pollfd *fds to be allocated rather than residing
on the stack.
Signed-off-by: Stefan Berger
---
src/util/vircommand.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index e32377497b..898ee0df45 100644
--- a
Add VIR_STORAGE_ENCRYPTION_FORMAT_VTPM with string 'vtpm' for
support of encrypting vTPM storage.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/qemu/qemu_block.c | 1 +
src/util/virstorageencryption.c | 2 +-
src/util/virstorageencryption.h | 1 +
3 files changed
Since swtpm does not support getting started once it was created
with encrypted enabled, we don't allow encryption to be removed.
Similarly, we do not allow encrypted to be added once swtpm has
run.
Signed-off-by: Stefan Berger
---
src/conf/domain_conf.c| 56 +
To avoid blocking on a write on a pipe that the receiving process
does not read from, write only MAX_PIPE_FEED_BYTES into the pipe
so that we can serve other pipes as well.
Signed-off-by: Stefan Berger
---
src/util/vircommand.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
Extend the Secret XML documentation with vtpm usage type.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/formatsecret.html.in | 61 +--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/docs/formatsecret.html.in b/docs/forma
Check whether previously found executables were updated and if
so look for them again. This helps to use updated features of
swtpm and its tools upon updating them.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
src/qemu/qemu_tpm.c | 1 +
src/tpm/virtpm.c| 34 +
The QEMU command line does not change when TPM state is encrypted
compared to when it is plain.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
.../tpm-emulator-tpm2-enc.x86_64-latest.args | 35 +++
tests/qemuxml2argvtest.c | 1 +
2 files c
Add support for usage type vTPM to secret.
Extend the schema for the Secret to support the vTPM usage type
and add a test case for parsing the Secret with usage type vTPM.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/schemas/secret.rng | 10 ++
inclu
Extend the TPM XML schema with support for an encryption node.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/schemas/domaincommon.rng | 30 ++
1 file changed, 30 insertions(+)
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincom
Implement virCommandSetSendBuffer() that allows the caller to pass a
file descriptor and buffer to virCommand. virCommand will write the
buffer into the file descriptor. That file descriptor could be the
write end of a pipe or one of the file descriptors of a socketpair.
The other file descriptor s
Move virtpm.c from utils dir to its own tpm dir. This change
is mostly driven by the later introduction of virtpm_conf.c where
the define function like XYZTypeFromString() that we cannot
include from utils dir.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
po/POTFILES
Describe the encryption element in the TPM's domain XML.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/formatdomain.html.in | 16
1 file changed, 16 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index a7a6ec32a5..9fa391
On Wed, Jul 10, 2019 at 10:12 PM Stefan Berger
wrote:
>
> Convert the struct pollfd *fds to be allocated rather than residing
> on the stack.
>
why? give some context to the commit message. thanks
> Signed-off-by: Stefan Berger
> ---
> src/util/vircommand.c | 5 -
> 1 file changed, 4 inser
On 7/10/19 2:47 PM, Marc-André Lureau wrote:
On Wed, Jul 10, 2019 at 10:12 PM Stefan Berger
wrote:
Convert the struct pollfd *fds to be allocated rather than residing
on the stack.
why? give some context to the commit message. thanks
Preparation for the next patch where the size of the arr
On Wed, Jul 10, 2019 at 10:12 PM Stefan Berger
wrote:
>
> Signed-off-by: Stefan Berger
Could you include a test?
> ---
> src/util/vircommand.c | 70 ++-
> 1 file changed, 69 insertions(+), 1 deletion(-)
>
> diff --git a/src/util/vircommand.c b/src/util/v
Add API for querying logged-in users from a domain implemented via
guest agent.
Signed-off-by: Jonathon Jongsma
---
include/libvirt/libvirt-domain.h | 18 ++
src/driver-hypervisor.h | 6
src/libvirt-domain.c | 62
src/libvirt_pu
Signed-off-by: Jonathon Jongsma
---
tools/virsh-domain.c | 76
tools/virsh.pod | 4 +++
2 files changed, 80 insertions(+)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 828ae30789..b964608987 100644
--- a/tools/virsh-domain.c
+++
This function fetches the list of logged-in users from the qemu agent
and converts them into a form that can be used internally in libvirt.
Also add some basic tests for the function.
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_agent.c | 92 +++
src/qemu/qemu_
On Wed, Jul 10, 2019 at 10:12 PM Stefan Berger
wrote:
>
> To avoid blocking on a write on a pipe that the receiving process
> does not read from, write only MAX_PIPE_FEED_BYTES into the pipe
> so that we can serve other pipes as well.
why not simply use non-blocking write?
>
> Signed-off-by: Ste
Add daemon and client code to serialize/deserialize virDomainUserInfo
Signed-off-by: Jonathon Jongsma
---
src/remote/remote_daemon_dispatch.c | 89 +
src/remote/remote_driver.c | 82 +-
src/remote/remote_protocol.x| 26
This set of patches adds new API and an implementation for getting the active
users for a domain via the guest agent. There is only an implementation for the
qemu driver. I've implemented the remote protocol and added support in virsh
(new command 'guestusers').
A lot of the implementation was mod
Signed-off-by: Jonathon Jongsma
---
src/qemu/qemu_driver.c | 38 ++
1 file changed, 38 insertions(+)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5a75f23981..27fcdd393d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -
On Wed, Jul 10, 2019 at 10:12 PM Stefan Berger
wrote:
>
> Implement virCommandSetSendBuffer() that allows the caller to pass a
> file descriptor and buffer to virCommand. virCommand will write the
> buffer into the file descriptor. That file descriptor could be the
> write end of a pipe or one of
Extend the Secret XML documentation with vtpm usage type.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/formatsecret.html.in | 61 +--
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/docs/formatsecret.html.in b/docs/forma
To avoid blocking on a write on a pipe that the receiving process
does not read from, write only MAX_PIPE_FEED_BYTES into the pipe
so that we can serve other pipes as well.
Signed-off-by: Stefan Berger
---
src/util/vircommand.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git
Since swtpm does not support getting started once it was created
with encrypted enabled, we don't allow encryption to be removed.
Similarly, we do not allow encrypted to be added once swtpm has
run.
Signed-off-by: Stefan Berger
---
src/conf/domain_conf.c| 56 +
Describe the encryption element in the TPM's domain XML.
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
docs/formatdomain.html.in | 16
1 file changed, 16 insertions(+)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index a7a6ec32a5..9fa391
Extend virCommandProcessIO to include the send buffers in the poll
loop.
Signed-off-by: Stefan Berger
---
src/util/vircommand.c | 70 ++-
1 file changed, 69 insertions(+), 1 deletion(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 0e36
Allow vTPM state encryption when swtpm_setup and swtpm support
passing a passphrase using a file descriptor.
This patch enables the encryption of the vTPM state only. It does
not encrypt the state during migration, so the destination secret
does not need to have the same password at this point.
S
Add an already existing test case tpm-emulator-tpm2 to qemuxml2xmltest.c
Signed-off-by: Stefan Berger
Reviewed-by: Marc-André Lureau
---
tests/qemuxml2xmltest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index a64b17ac28..a29958ae29 100
1 - 100 of 119 matches
Mail list logo
