Re: [PATCH] qemu: Support removable for scsi disk

ping~ On Mon, Jun 5, 2023 at 1:07 PM Han Han wrote: > Allow //disk/target@removable for scsi disk devices, since QEMU has > support > the removable attribute for scsi-hd device from v0.14.0[1]. > > [1]: 419e691f8e: scsi-disk: Allow overriding SCSI INQUIRY removable bit > > Signed-off-by: Han Han

Re: [PATCH] scripts: Fix the flake8 syntax-check failures

ping~ On Mon, Jun 5, 2023 at 3:40 PM Han Han wrote: > Fix the syntax-check failures with the help of isort[1]: > 289/316 libvirt:syntax-check / flake8 FAIL 5.24s exit status 2 > > [1]: https://pycqa.github.io/isort/ > > Signed-off-by: Han Han > --- > ci/util.py

Re: [PATCH] apparmor: Add support for local profile customizations

On 6/28/23 15:25, Jim Fehlig wrote: On 6/23/23 07:11, Andrea Bolognani wrote: The catch is that apparently the "include if exists" statement doesn't work well before 3.0, and our support matrix will include distros that are still on AppArmor 2.x for a couple more years :( I'm working on a V2 o

[PATCH V2 2/3] apparmor: Remove support for passt from apparmor 2.x

Commit 7a39b04d683f introduced support for passt in the qemu apparmor abstraction, but it contains an 'include if exists' directive that is only stable on apparmor 3.x. Remove support for passt from the 2.x variant of the abstraction. Signed-off-by: Jim Fehlig --- src/security/apparmor-2/libvirt

[PATCH V2 3/3] apparmor: Add support for local profile customizations

Apparmor profiles in /etc/apparmor.d/ are config files that can be replaced on package upgrade, which introduces the potential to overwrite any local changes. Apparmor supports local profile customizations via /etc/apparmor.d/local/ [1]. In addition, apparmor 3.x supports local customizations of pr

[PATCH V2 1/3] apparmor: Create version specific apparmor profiles

The tools in apparmor 2.x releases have problems with profile constructs commonly used with modern apparmor >= 3.0.0. Make a copy of the profiles for use with apparmor 2.x. Subsequent commits will modify the copies to be apparmor 2.x compliant. Signed-off-by: Jim Fehlig --- meson.build

[PATCH V2 0/3] apparmor: Add support for local profile customizations

This is a stab at a V2 of https://listman.redhat.com/archives/libvir-list/2023-June/240219.html That patch was ACKed and committed, but reverted before the 9.5.0 release since it could be problematic with older apparmor 2.x versions still supported by libvirt. Andrea suggested copies of the prof

Re: [PATCH] apparmor: Add support for local profile customizations

On 6/23/23 07:11, Andrea Bolognani wrote: The catch is that apparently the "include if exists" statement doesn't work well before 3.0, and our support matrix will include distros that are still on AppArmor 2.x for a couple more years :( I'm working on a V2 of this patch and need help understand

Re: [libvirt PATCH v2 4/4] qemu: enable asynchronous teardown on s390x hosts

On 6/27/23 10:51 AM, Boris Fiuczynski wrote: Enablement of asynchronous teardown on S390 and add tests for asynchronous teardown autogeneration support. I don't know all of the implications of enabling vs not enabling this feature. It sounds like it speeds up shutdown significantly in some si

Re: [PATCH] nodedev: transient mdev update on nodeDeviceCreateXML

On 6/28/23 3:40 AM, Boris Fiuczynski wrote: On 6/28/23 12:03 AM, Jonathon Jongsma wrote: On 6/23/23 5:43 AM, Boris Fiuczynski wrote: Update the optional mdev attributes on the new created nodedev object as they otherwise would not get set until the next mdevctl update cycle. Resolves: https://

Re: [PATCH 2/3] vircommand: Utilize close_range()

On Wed, Jun 21, 2023 at 04:40:10PM +0100, Daniel P. Berrangé wrote: > On Wed, Jun 21, 2023 at 04:09:10PM +0200, Michal Privoznik wrote: > > As of commit v5.9-rc1~160^2~3 the Linux kernel has close_range() > > syscall, which closes not just one FD but whole range. In glibc > > this is exposed by aut

Re: [libvirt PATCH v2 3/4] qemu: allow use of async teardown in domain

On 6/28/23 3:34 PM, Thomas Huth wrote: On 27/06/2023 17.51, Boris Fiuczynski wrote: Asynchronous teardown can be specified if the QEMU binary supports it by adding in the domain XML    ... ...    By default this new feature is disabled. Signed-off-by: Boris Fiuczynski ---

Re: [libvirt PATCH v2 3/4] qemu: allow use of async teardown in domain

On 27/06/2023 17.51, Boris Fiuczynski wrote: Asynchronous teardown can be specified if the QEMU binary supports it by adding in the domain XML ... ... By default this new feature is disabled. Signed-off-by: Boris Fiuczynski --- ... diff --git a/docs/formatdomain.rst

Re: [libvirt PATCH v2 2/4] qemu: add run-with async-teardown capability

On 27/06/2023 17.51, Boris Fiuczynski wrote: QEMU capability is looking in query-command-line-options response for ... { "parameters": [ { "name": "async-teardown", "type": "boolean" } ], "option": "run-with" } ... allow to us

Re: [PATCH] domain_event: Drop virDomainEventMemoryDeviceSizeChangePtr

On Wed, Jun 28, 2023 at 12:27:56 +0200, Michal Privoznik wrote: > We dropped our private virXXXPtr typedefs in v7.3.0-rc1~229 but > somehow v7.9.0-rc1~292 introduced one back: > virDomainEventMemoryDeviceSizeChangePtr. There's no need for it > and it's internal only. Drop it. > > Signed-off-by: Mi

[PATCH 2/3] Introduce NIC_MAC_CHANGE event

The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs. Signed-off-by: Michal Privoznik --- examples/c/misc/event-test.c| 14 + i

[PATCH 3/3] qemu: Emit NIC_MAC_CHANGE event

So far, we only process NIC_RX_FILTER_CHANGED event when the corresponding device has 'trustGuestRxFilters' enabled. And the event is emitted only for virtio model. IOW, this is fairly limited situation and other scenarios don't emit any event (e.g. change of MAC address on a PCI passthrough device

[PATCH 1/3] qemu: Reflect MAC address change in live domain XML

If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not: For the 'no' case no action is performed and the ev

[PATCH RFC 0/3] Reflect MAC change in live domain XML

These are RFC patches. I'd like to start a discussion on the following problem: A mgmt application has info tied to an (stored elsewhere, not important right now). And they use basically the only piece of information that's visible in both host and guest: MAC address. No, user aliases are not vis

[PATCH] domain_event: Drop virDomainEventMemoryDeviceSizeChangePtr

We dropped our private virXXXPtr typedefs in v7.3.0-rc1~229 but somehow v7.9.0-rc1~292 introduced one back: virDomainEventMemoryDeviceSizeChangePtr. There's no need for it and it's internal only. Drop it. Signed-off-by: Michal Privoznik --- src/conf/domain_event.c | 9 - 1 file changed,

Re: [PATCH] nodedev: transient mdev update on nodeDeviceCreateXML

On 6/28/23 12:03 AM, Jonathon Jongsma wrote: On 6/23/23 5:43 AM, Boris Fiuczynski wrote: Update the optional mdev attributes on the new created nodedev object as they otherwise would not get set until the next mdevctl update cycle. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2143158 S

Re: [PATCH] Revert "apparmor: Add support for local profile customizations"

On Tue, Jun 27, 2023 at 05:53:23PM -0600, Jim Fehlig wrote: > As it turns out, apparmor 2.x and 3.x behave differently or have differing > levels of support for local customizations of profiles and profile > abstractions. Additionally the apparmor 2.x tools do not cope well with > 'include if exist