The 'systemd-analyze security' command looks at the unit file
configuration and reports on any settings which increase the
attack surface for the daemon. Since most systemd units are
fairly minimalist, this is generally informing us about settings
that we never put any thought into using before.
I
On 9/19/23 3:47 PM, Jonathon Jongsma wrote:
Jonathon Jongsma (2):
news: document support for vdpa block devices
news: document nbdkit support for network disks
NEWS.rst | 18 ++
1 file changed, 18 insertions(+)
ping
On a Monday in 2023, Jonathon Jongsma wrote:
virProcessKillPainfullyDelay() currently almost always returns 1 or -1,
even though the documentation indicates that it should return 0 if the
process was terminated gracefully. But the computation of the return
code is faulty and the only case that it
On a Tuesday in 2023, Martin Kletzander wrote:
The function is supposed to return the number of items filled into the
array and not zero. Also change the initialization of the "randomness"
to be based on the startCell so that the values are different for each
cell even for separate calls.
Signe
On 9/26/23 14:20, Martin Kletzander wrote:
> The function is supposed to return the number of items filled into the
> array and not zero. Also change the initialization of the "randomness"
> to be based on the startCell so that the values are different for each
> cell even for separate calls.
>
>
The function returns how many array items were filled in, but virsh
never checked for anything other than errors. Just to make sure this
does not report invalid data, even though the only possibility would be
reporting 0 free pages, check the returned data so that possible errors
are detected.
Si
On Tue, Sep 26, 2023 at 02:20:43PM +0200, Martin Kletzander wrote:
The function is supposed to return the number of items filled into the
array and not zero. Also change the initialization of the "randomness"
to be based on the startCell so that the values are different for each
cell even for se
On Tue, Sep 26, 2023 at 01:14:33PM +0100, Daniel P. Berrangé wrote:
> On Tue, Sep 26, 2023 at 07:02:19AM -0500, Andrea Bolognani wrote:
> > I don't think it helps much with not storing additional data inside
> > the build system, unless we want to store the contents of the various
> > common snippe
On Mon, Sep 18, 2023 at 15:29:17 +0200, Pavel Hrdina wrote:
> This fixes reverting external snapshots to not error out in cases where
> it should work and makes it correctly load the memory state when
> reverting to snapshot of running VM.
>
> This discards v2 completely and makes changes to v1:
>
On Mon, Sep 18, 2023 at 15:29:23 +0200, Pavel Hrdina wrote:
> When used with internal snapshots there is no memory state file so we
> have no data to load and decompression is not needed.
>
> Signed-off-by: Pavel Hrdina
> ---
> src/qemu/qemu_process.c | 23 +--
> 1 file chang
On Tue, Sep 26, 2023 at 01:36:39PM +0100, Daniel P. Berrangé wrote:
> On Tue, Sep 26, 2023 at 04:09:17AM -0500, Andrea Bolognani wrote:
> > On Tue, Sep 26, 2023 at 09:44:52AM +0100, Daniel P. Berrangé wrote:
> > > On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote:
> > > > This is the
On Tue, Sep 26, 2023 at 08:12:43AM -0500, Andrea Bolognani wrote:
> On Tue, Sep 26, 2023 at 01:14:33PM +0100, Daniel P. Berrangé wrote:
> > On Tue, Sep 26, 2023 at 07:02:19AM -0500, Andrea Bolognani wrote:
> > > I don't think it helps much with not storing additional data inside
> > > the build sys
On Tue, Sep 26, 2023 at 04:09:17AM -0500, Andrea Bolognani wrote:
> On Tue, Sep 26, 2023 at 09:44:52AM +0100, Daniel P. Berrangé wrote:
> > On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote:
> > > This is the strongest relationship that can be declared between
> > > two units, and ca
On Mon, Sep 18, 2023 at 15:29:22 +0200, Pavel Hrdina wrote:
> When called from snapshot code we will need to pass snapshot object in
> order to make internal snapshots work correctly.
>
> Signed-off-by: Pavel Hrdina
> ---
> src/qemu/qemu_process.c | 9 -
> src/qemu/qemu_process.h | 1
On Tue, Sep 26, 2023 at 11:23:51AM +0100, Daniel P. Berrangé wrote:
> On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote:
> > On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote:
> > > +'service_unit_extra': [
> > > + 'Wants=systemd-machined.service',
> > > + 'A
On Tue, Sep 26, 2023 at 07:02:19AM -0500, Andrea Bolognani wrote:
> On Tue, Sep 26, 2023 at 11:23:51AM +0100, Daniel P. Berrangé wrote:
> > On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote:
> > > On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote:
> > > > +'service_uni
The function is supposed to return the number of items filled into the
array and not zero. Also change the initialization of the "randomness"
to be based on the startCell so that the values are different for each
cell even for separate calls.
Signed-off-by: Martin Kletzander
---
src/test/test_d
On Tue, Sep 26, 2023 at 02:11:37PM +0200, Marc Hartmayer wrote:
> On Mon, Sep 25, 2023 at 04:15 PM +0100, Daniel P. Berrangé
> wrote:
> > On Mon, Sep 25, 2023 at 03:39:09PM +0200, Marc Hartmayer wrote:
> >> When starting a guest via libvirt (`virsh start --console`), early
> >> console output was
On Mon, Sep 25, 2023 at 04:15 PM +0100, Daniel P. Berrangé
wrote:
> On Mon, Sep 25, 2023 at 03:39:09PM +0200, Marc Hartmayer wrote:
>> When starting a guest via libvirt (`virsh start --console`), early
>> console output was missed because the guest was started first and then
>> the console was at
On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote:
> On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote:
> > Signed-off-by: Andrea Bolognani
> > ---
> > src/ch/meson.build| 27
> > src/ch/virtchd.service.in | 44 ---
I have just tagged v9.8.0-rc1 in the repository and pushed signed
tarballs and source RPMs to https://download.libvirt.org/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make
On Tue, Sep 26, 2023 at 11:09:44AM +0200, Pavel Hrdina wrote:
> On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote:
> > +'service_unit_extra': [
> > + 'Wants=systemd-machined.service',
> > + 'After=systemd-machined.service',
> > + 'After=remote-fs.target',
> > +
On Tue, Sep 26, 2023 at 09:44:52AM +0100, Daniel P. Berrangé wrote:
> On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote:
> > This is the strongest relationship that can be declared between
> > two units, and causes the service to be terminated immediately
> > if any of its sockets di
On Mon, Sep 25, 2023 at 08:58:24PM +0200, Andrea Bolognani wrote:
> Signed-off-by: Andrea Bolognani
> ---
> src/ch/meson.build| 27
> src/ch/virtchd.service.in | 44 ---
> 2 files changed, 23 insertions(+), 48 deletions(-)
> de
On Mon, Sep 25, 2023 at 08:58:10PM +0200, Andrea Bolognani wrote:
> It is currently considered required, but we're soon going to
> provide a default that will be suitable for most services.
>
> Since all services currently provide a value explicitly, we
> can implement a default without breaking a
On Mon, Sep 25, 2023 at 08:58:33PM +0200, Andrea Bolognani wrote:
> This is the strongest relationship that can be declared between
> two units, and causes the service to be terminated immediately
> if any of its sockets disappear. This is the behavior we want.
IIUC, this prevents running the serv
On Mon, Sep 25, 2023 at 08:58:07PM +0200, Andrea Bolognani wrote:
> For most services, the value provided explicitly matches the
> documented default.
>
> Signed-off-by: Andrea Bolognani
> ---
> src/ch/meson.build | 1 -
> src/interface/meson.build | 1 -
> src/libxl/meson.build
On Mon, Sep 25, 2023 at 08:58:08PM +0200, Andrea Bolognani wrote:
> For most services, the socket paths can be derived trivially from
> the name of the daemon: for virtqemud, for example, they will be
>
> /run/libvirt/virtqemud-sock
> /run/libvirt/virtqemud-sock-ro
> /run/libvirt/virtqemud-a
On Mon, Sep 25, 2023 at 08:58:09PM +0200, Andrea Bolognani wrote:
> Now that providing the value is optional, we can remove almost
> all uses.
>
> Signed-off-by: Andrea Bolognani
> ---
> src/ch/meson.build | 1 -
> src/interface/meson.build | 1 -
> src/libxl/meson.build | 1 -
>
On Mon, Sep 25, 2023 at 08:58:00PM +0200, Andrea Bolognani wrote:
> This annotation being missing resulted in virtlogd and virtlockd
> being marked as "indirect" services, i.e. services that cannot
> be started directly but have to be socket activated instead.
>
> While this is our preferred confi
On Mon, Sep 25, 2023 at 08:58:02PM +0200, Andrea Bolognani wrote:
> This tells systemd that the services in question support the
> native socket activation protocol.
>
> virtlogd and virtlockd, just like all the other daemons, implement
> the necessary handshake.
>
> Signed-off-by: Andrea Bologna
On Mon, Sep 25, 2023 at 08:58:05PM +0200, Andrea Bolognani wrote:
> Signed-off-by: Andrea Bolognani
> ---
> src/meson.build | 6 +++---
> src/remote/libvirtd.socket.in | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
Reviewed-by: Daniel P. Berrangé
With regards,
Daniel
On Mon, Sep 25, 2023 at 08:58:06PM +0200, Andrea Bolognani wrote:
> The decision is based only on whether Polkit support is enabled,
> so there's no need to go through it again for every single
> service.
>
> Signed-off-by: Andrea Bolognani
> ---
> src/meson.build | 12 ++--
> 1 file cha
On Mon, Sep 25, 2023 at 08:58:04PM +0200, Andrea Bolognani wrote:
> The meaning of the _def suffix might not be immediately obvious,
> especially since it's also used to refer to the output of the
> meson-gen-def.py script elsewhere in the same file.
>
> Signed-off-by: Andrea Bolognani
> ---
> s
On Mon, Sep 25, 2023 at 08:58:03PM +0200, Andrea Bolognani wrote:
> The information is not used anywhere right now, but the
> documentation for virt_daemon_units claims it's mandatory.
>
> More importantly, we're going to start actually using it later
> on.
>
> Signed-off-by: Andrea Bolognani
>
On Mon, Sep 25, 2023 at 08:57:59PM +0200, Andrea Bolognani wrote:
> When libvirtd, virtlog and virtlockd are enabled, we want their
> admin sockets to be enabled as well.
s/enabled/enabled for socket activation/
because these admin sockets were enabled automatically when the
service eventually st
On Mon, Sep 25, 2023 at 08:58:01PM +0200, Andrea Bolognani wrote:
> While systemd will automatically match foo.socket with foo.service
> based on their names, it's nicer to connect the two explicitly.
>
> This is what we do for all services, with virtlogd and virtlockd
> being the only exceptions.
37 matches
Mail list logo