Re: [PATCH v2 3/7] docs: Fix virt-aa-helper location

On 1/30/20 8:39 AM, Christian Ehrhardt wrote: On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik > wrote: The location of virt-aa-helper shown in the docs is incorrect. The helper binary is installed under libexec dir. Signed-off-by: Michal Privoznik

Re: [PATCH v2 2/7] apparmor: Allow libvirt to spawn virt-aa-helper and libvirt_lxc

On Thu, Jan 30, 2020 at 8:05 AM Michal Privoznik wrote: > Both of these binaries are spawn by libvirt. Add a rule to the > default profile to allow that. > > Signed-off-by: Michal Privoznik > --- > src/security/apparmor/usr.sbin.libvirtd | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git

Re: [PATCH v2 5/7] apparmor: Sort paths in blocks in libvirt-qemu profile

On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik wrote: > Even though we construct a domain specific profile for each > domain we start (which should cover domain specific paths), there > is also another file that is included from the profile and which > contains domain agnostic paths (e.g. to

Re: [PATCH v2 4/7] apparmor: Rename virt-aa-helper profile

On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik wrote: > The profile name should reflect the path under which the binary > it describes is installed. > > Signed-off-by: Michal Privoznik > --- > src/security/Makefile.inc.am | 10 +- > ...bvirt.virt-aa-helper

Re: [PATCH v2 1/7] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

On Thu, Jan 30, 2020 at 8:05 AM Michal Privoznik wrote: > These helper binaries are installed under libexec dir not lib > dir. > > Signed-off-by: Michal Privoznik > --- > src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- > src/security/apparmor/usr.sbin.libvirtd | 4

Re: [PATCH v2 7/7] apparmor: Drop 'Last modified' comment from profiles

On Thu, Jan 30, 2020 at 8:05 AM Michal Privoznik wrote: > At the beginning of each profile we have a comment that says when > the profile was last updated. In theory, it makes sense because > one can see immediately if they are using an outdated profile. > However, we don't do a good job in

Re: [PATCH v2 6/7] apparmor: Allow some more BIOS/UEFI paths

On Thu, Jan 30, 2020 at 8:05 AM Michal Privoznik wrote: > There are two more paths that we are missing in the default > domain profile: /usr/share/edk2-ovmf/ and /usr/share/sgabios/. > These exist on my Gentoo box and contain UEFI and BIOS images > respectively. > > Signed-off-by: Michal

Re: [PATCH v2 3/7] docs: Fix virt-aa-helper location

On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik wrote: > The location of virt-aa-helper shown in the docs is incorrect. > The helper binary is installed under libexec dir. > > Signed-off-by: Michal Privoznik > --- > docs/drvqemu.html.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-)

Re: [PATCH] apparmor: fix qemu_bridge_helper for named profile

On 1/30/20 8:21 AM, Christian Ehrhardt wrote: Since a3ab6d42 "apparmor: convert libvirtd profile to a named profile" the detection of the subelement for qemu_bridge_helper is wrong. In combination with the older 123cc3e1 "apparmor: allow /usr/lib/qemu/qemu-bridge-helper" it now detects

[PATCH] apparmor: fix qemu_bridge_helper for named profile

Since a3ab6d42 "apparmor: convert libvirtd profile to a named profile" the detection of the subelement for qemu_bridge_helper is wrong. In combination with the older 123cc3e1 "apparmor: allow /usr/lib/qemu/qemu-bridge-helper" it now detects qemu-bridge-helper no more with its path, but instead as

[PATCH v2 7/7] apparmor: Drop 'Last modified' comment from profiles

At the beginning of each profile we have a comment that says when the profile was last updated. In theory, it makes sense because one can see immediately if they are using an outdated profile. However, we don't do a good job in keeping the comments in sync with reality and also sysadmins should

[PATCH v2 5/7] apparmor: Sort paths in blocks in libvirt-qemu profile

Even though we construct a domain specific profile for each domain we start (which should cover domain specific paths), there is also another file that is included from the profile and which contains domain agnostic paths (e.g. to cover libraries that qemu links with). The paths in the file are

[PATCH v2 0/7] Couple of apparmor fixes

v2 of: https://www.redhat.com/archives/libvir-list/2020-January/msg01068.html diff to v1: - Keep old paths to virt-aa-helper in profiles as SUSE still uses it. - patch 7/7 is new Michal Prívozník (7): apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles apparmor:

[PATCH v2 4/7] apparmor: Rename virt-aa-helper profile

The profile name should reflect the path under which the binary it describes is installed. Signed-off-by: Michal Privoznik --- src/security/Makefile.inc.am | 10 +- ...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} | 4 ++-- 2 files changed, 7

[PATCH v2 2/7] apparmor: Allow libvirt to spawn virt-aa-helper and libvirt_lxc

Both of these binaries are spawn by libvirt. Add a rule to the default profile to allow that. Signed-off-by: Michal Privoznik --- src/security/apparmor/usr.sbin.libvirtd | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd

[PATCH v2 3/7] docs: Fix virt-aa-helper location

The location of virt-aa-helper shown in the docs is incorrect. The helper binary is installed under libexec dir. Signed-off-by: Michal Privoznik --- docs/drvqemu.html.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/drvqemu.html.in b/docs/drvqemu.html.in index

[PATCH v2 6/7] apparmor: Allow some more BIOS/UEFI paths

There are two more paths that we are missing in the default domain profile: /usr/share/edk2-ovmf/ and /usr/share/sgabios/. These exist on my Gentoo box and contain UEFI and BIOS images respectively. Signed-off-by: Michal Privoznik --- src/security/apparmor/libvirt-qemu | 2 ++ 1 file changed, 2

[PATCH v2 1/7] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

These helper binaries are installed under libexec dir not lib dir. Signed-off-by: Michal Privoznik --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- src/security/apparmor/usr.sbin.libvirtd | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git

Re: [PATCH 1/6] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

On 1/30/20 5:02 AM, Jim Fehlig wrote: On 1/29/20 11:53 AM, Jamie Strandboge wrote: On Wed, 29 Jan 2020, Michal Privoznik wrote: On 1/27/20 5:30 PM, Jamie Strandboge wrote: On Sat, 25 Jan 2020, Michal Privoznik wrote: These helper binaries are installed under libexec dir not lib dir.

Re: [PATCH v3 1/4] lxc: refactor lxcNetworkParseData pointers to use new structures

Em qua., 29 de jan. de 2020 às 08:38, Daniel P. Berrangé escreveu: > > On Tue, Jan 28, 2020 at 10:54:08PM -0300, Julio Faracco wrote: > > Struct lxcNetworkParseData is being used as a single pointer which > > iterates through LXC config lines. It means that it will be applied as a > > network

Re: [PATCH 1/6] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

On 1/29/20 11:53 AM, Jamie Strandboge wrote: > On Wed, 29 Jan 2020, Michal Privoznik wrote: > >> On 1/27/20 5:30 PM, Jamie Strandboge wrote: >>> On Sat, 25 Jan 2020, Michal Privoznik wrote: >>> These helper binaries are installed under libexec dir not lib dir. Signed-off-by:

[libvirt-rust PATCH v3 0/4] Map more functions in stream module

This set of patches will add more functions to the Rust bindings. Newly mapped functions from C library: virStreamNew virStreamEventUpdateCallback virStreamEventRemoveCallback virStreamEventAddCallback. virStreamEventAddCallback can accept normal fn functions or closures (can capture variables

[libvirt-rust PATCH v3 2/4] libvirt-rust: stream: add more functions in stream

* added virStreamEventAddCallback function * added new types: StreamEventCallback and FreeCallback * added new field: callback for storing event callback * drop: will drop the Box if any * added wrapper event_callback for easier callback authoring for the user (so that closures with Fn or FnMut

[libvirt-rust PATCH v3 1/4] libvirt-rust: stream: add more functions in stream

* added new functions: virStreamNew virStreamEventUpdateCallback virStreamEventRemoveCallback * added new constants: VIR_STREAM_NONBLOCK * added new types/aliases: StreamFlags * changed the previous `new` associate function to `from_ptr` to avoid naming conflicts * added basic tests to test

[libvirt-rust PATCH v3 3/4] libvirt-rust: use reference instead of moving

Signed-off-by: Zixing Liu --- src/domain.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/domain.rs b/src/domain.rs index 121d0f9..5de66c6 100644 --- a/src/domain.rs +++ b/src/domain.rs @@ -1644,7 +1644,7 @@ impl Domain { } } -pub fn open_console(,

[libvirt-rust PATCH v3 4/4] libvirt-rust: stream: addressed comments

* minimized unsafe scope * removed pub from `from_ptr` function Signed-off-by: Zixing Liu --- src/stream.rs | 21 +++-- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/stream.rs b/src/stream.rs index 3a83b34..10145eb 100644 --- a/src/stream.rs +++

Re: [PATCH] libxl: support getting and setting parameters for the Credit2

On 1/29/20 4:05 AM, Dario Faggioli wrote: > With Credit2 being Xen default scheduler, it's definitely the case to > allow Credit2's scheduling parameters to be get and set via libvirt. Indeed. Thanks for the patch! > This is easy, as Credit and Credit2 have (at least as of now) the very > same

Re: [PATCH 1/6] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

On Wed, 29 Jan 2020, Michal Privoznik wrote: > On 1/27/20 5:30 PM, Jamie Strandboge wrote: > > On Sat, 25 Jan 2020, Michal Privoznik wrote: > > > > > These helper binaries are installed under libexec dir not lib > > > dir. > > > > > > Signed-off-by: Michal Privoznik > > > --- > > >

Re: [libvirt PATCH v2 33/56] src: introduce helper API for creating GSource for socket

On Wed, Jan 29, 2020 at 04:34:46PM +, Daniel P. Berrangé wrote: > On Wed, Jan 29, 2020 at 05:33:20PM +0100, Pavel Hrdina wrote: > > On Tue, Jan 28, 2020 at 01:11:14PM +, Daniel P. Berrangé wrote: > > > We need to be able to create event loop watches using the > > > GSource API for sockets.

Re: [libvirt PATCH v2 33/56] src: introduce helper API for creating GSource for socket

On Wed, Jan 29, 2020 at 05:33:20PM +0100, Pavel Hrdina wrote: > On Tue, Jan 28, 2020 at 01:11:14PM +, Daniel P. Berrangé wrote: > > We need to be able to create event loop watches using the > > GSource API for sockets. GIOChannel is able todo this, but > > we don't want to use the GIOChannel

Re: [libvirt PATCH v2 33/56] src: introduce helper API for creating GSource for socket

On Tue, Jan 28, 2020 at 01:11:14PM +, Daniel P. Berrangé wrote: > We need to be able to create event loop watches using the > GSource API for sockets. GIOChannel is able todo this, but > we don't want to use the GIOChannel APIs for reading/writing, > and testing shows just using its GSource

Re: [PATCH 1/6] apparmor: Fix parthelper, iohelper and virt-aa-helper paths in profiles

On 1/27/20 5:30 PM, Jamie Strandboge wrote: On Sat, 25 Jan 2020, Michal Privoznik wrote: These helper binaries are installed under libexec dir not lib dir. Signed-off-by: Michal Privoznik --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-

RE: [E] Re: RHEL 7.7/libvirt 5.10 Question

Thank you for responding and we appear to be ok now. The XML validation errors encountered during libvirt 5.10 installation efforts were file specific which has been corrected. Bart Bailey (216) 462-2173 -Original Message- From: Ján Tomko [mailto:jto...@redhat.com] Sent: Wednesday,

Re: [libvirt PATCH v2 26/56] src: conditionalize use of O_DIRECT

On Wed, Jan 29, 2020 at 12:23:18PM +, Daniel P. Berrangé wrote: > On Tue, Jan 28, 2020 at 05:55:27PM +0100, Pavel Hrdina wrote: > > On Tue, Jan 28, 2020 at 01:11:07PM +, Daniel P. Berrangé wrote: > > > The O_DIRECT flag is not available on all platforms, so we > > > must introduce a compat

Re: RHEL 7.7/libvirt 5.10 Question

On Tue, Jan 28, 2020 at 02:40:35PM +, bart.m.bai...@verizon.com wrote: Hello, RHEL 7.7 installation attempts of libvirt-5.10.0-1.fc30.src.rpm are encountering the following - [...] + cat test-suite.log cat: test-suite.log: No such file or directory + true + exit 1 error: Bad exit

RHEL 7.7/libvirt 5.10 Question

Hello, RHEL 7.7 installation attempts of libvirt-5.10.0-1.fc30.src.rpm are encountering the following - make[4]: Entering directory `/root/rpm/BUILD/libvirt-5.10.0/x86_64-redhat-linux-gnu/gnulib/tests' CC test-accept.o CC test-alloca-opt.o CC test-arpa_inet.o CC

Re: [PATCH v1 0/2] DAC,SELinux: do not remember/recall labels for

On 1/27/20 7:23 PM, Daniel Henrique Barboza wrote: Libvirt is trying to do multiple open() calls in /dev/vfio files, which results in errors inside the security drivers and QEMU returning error 125 when attempting to hotplug a hostdev which belongs to the same IOMMU group as an existing domain

Re: [PATCH] net: Remove deprecated [hub_id name] tuple of 'hostfwd_add' / 'hostfwd_remove'

On 05/12/2019 11.41, Thomas Huth wrote: > It's been deprecated since QEMU v3.1.0. Time to finally remove it now. > > Signed-off-by: Thomas Huth > --- > hmp-commands.hx | 8 > net/hub.c| 23 --- > net/hub.h| 2 -- > net/slirp.c

Re: [libvirt PATCH] docs: add warning about virt-qemu-run being experimental

On Wed, Jan 29, 2020 at 11:18:51AM +, Daniel P. Berrangé wrote: > We currently note that the QEMU embedded driver in experimental s/in/is > in the drvqemu.html file, but we should do the same in the > virt-qemu-run man page. > > Signed-off-by: Daniel P. Berrangé Reviewed-by: Erik Skultety

Re: [libvirt PATCH v2 26/56] src: conditionalize use of O_DIRECT

On Tue, Jan 28, 2020 at 05:55:27PM +0100, Pavel Hrdina wrote: > On Tue, Jan 28, 2020 at 01:11:07PM +, Daniel P. Berrangé wrote: > > The O_DIRECT flag is not available on all platforms, so we > > must introduce a compat define the same way gnulib does. > > > > Signed-off-by: Daniel P. Berrangé

Re: [libvirt PATCH 0/2] docs: make rst docs generation more robust

On Wed, Jan 29, 2020 at 10:18:53AM +, Daniel P. Berrangé wrote: This will avoid the various issues with generated docs containing build warnings. Daniel P. Berrangé (2): docs: fix various duplicate link targets in virsh.rst docs: use --strict arg when processing rst docs docs/Makefile.am

Re: [libvirt-rust] change in coding style to follow rustfmt

On Wed, Jan 29, 2020 at 11:05:35AM +0100, Sahid Orentino Ferdjaoui wrote: I'm proposing to merge a change [0] so the CI would check whether the source code is well-formatted using rustfmt [1]. The aim is to add an easy convention to follow regarding the coding style. For contributors the

Re: [PATCH v3 2/4] lxc: add LXC version 3 network parser

On Tue, Jan 28, 2020 at 10:54:09PM -0300, Julio Faracco wrote: > LXC version 3 or higher introduced indexes for network interfaces. > Libvirt should be able to parse entries like `lxc.net.2.KEY`. This > commit adds functions to parse this type of field. That's why array > structures are so

Re: [PATCH v3 1/4] lxc: refactor lxcNetworkParseData pointers to use new structures

On Tue, Jan 28, 2020 at 10:54:08PM -0300, Julio Faracco wrote: > Struct lxcNetworkParseData is being used as a single pointer which > iterates through LXC config lines. It means that it will be applied as a > network each time that a new type appears. After, the same struct is > used to populate a

Re: [libvirt-rust] change in coding style to follow rustfmt

On Wed, 2020-01-29 at 11:05 +0100, Sahid Orentino Ferdjaoui wrote: > I'm proposing to merge a change [0] so the CI would check whether the > source code is well-formatted using rustfmt [1]. > > The aim is to add an easy convention to follow regarding the coding > style. This is an obviously good

[libvirt PATCH] docs: add warning about virt-qemu-run being experimental

We currently note that the QEMU embedded driver in experimental in the drvqemu.html file, but we should do the same in the virt-qemu-run man page. Signed-off-by: Daniel P. Berrangé --- docs/manpages/virt-qemu-run.rst | 5 + 1 file changed, 5 insertions(+) diff --git

[PATCH] libxl: support getting and setting parameters for the Credit2

With Credit2 being Xen default scheduler, it's definitely the case to allow Credit2's scheduling parameters to be get and set via libvirt. This is easy, as Credit and Credit2 have (at least as of now) the very same parameters ('weight' and 'cap'). So we can just let credit2 pass the

Re: [PATCH v2 2/7] conf: expand iotune params if only group name is given

On 1/29/20 9:37 AM, Nikolay Shirokovskiy wrote: Pushed now. Michal

[libvirt PATCH 0/2] docs: make rst docs generation more robust

This will avoid the various issues with generated docs containing build warnings. Daniel P. Berrangé (2): docs: fix various duplicate link targets in virsh.rst docs: use --strict arg when processing rst docs docs/Makefile.am| 10 +- docs/manpages/virsh.rst | 36

[libvirt PATCH 1/2] docs: fix various duplicate link targets in virsh.rst

You can't have two links with the same text when using named link references (a single "_"). If you need multiple links with the same text you must use anonymous link references (a double "_"). There are also some duplicate section headers causing the same problem with duplicate link targets.

[libvirt PATCH 2/2] docs: use --strict arg when processing rst docs

The --strict arg forces the rst tools to abort with an error instead of printing warnings to stderr, or the output document. Signed-off-by: Daniel P. Berrangé --- docs/Makefile.am | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/Makefile.am b/docs/Makefile.am

[libvirt-rust] change in coding style to follow rustfmt

I'm proposing to merge a change [0] so the CI would check whether the source code is well-formatted using rustfmt [1]. The aim is to add an easy convention to follow regarding the coding style. For contributors the natural thing to do before to submit any patches is to verify the format using:

Re: [PATCH v2 2/7] conf: expand iotune params if only group name is given

On 29.01.2020 10:54, Michal Privoznik wrote: > From: Nikolay Shirokovskiy > > Currently, if only iotune group name is given for some disk and > no any params then later start of domain will fail. I guess it > will be convenient to allow such configuration if there is > another disk in the