Debian has pygrub in
/usr/lib/xen-*/bin/pygrub
Allow it to be run.
---
I'm open to making this more broad since it seems
/usr/{lib,lib64}/xen/bin/* Ux,
serves a similar purpose.
Cheers,
-- Guido
src/security/apparmor/usr.sbin.libvirtd | 1 +
1 file changed, 1 insertion(+)
diff --git
# For communication/control from libvirtd
> + unix (send, receive) type=stream addr=none
> peer=(label=/usr/sbin/libvirtd),
> + signal (receive) set=("term") peer=/usr/sbin/libvirtd,
> +
> /dev/net/tun rw,
> /etc/qemu/** r,
> owner @{PROC}/*/status r,
Reviewed-by: Guido Günther
> --
> 2.7.4
>
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Otherwise stopping domains with qemu://session fails like
[164012.338157] audit: type=1400 audit(1516202208.784:99): apparmor="DENIED"
operation="signal" profile="/usr/sbin/libvirtd" pid=18835 comm="libvirtd"
requested_mask="send" denied_mask="send" signal=term peer="unconfined"
---
examples/ap
Hi,
On Mon, Jan 15, 2018 at 07:43:56AM +0100, intrigeri wrote:
> Christian Ehrhardt:
> > I recently had spotted this issue and discussed on IRC but couldn't
> > recreate after a while when I wanted to debug.
>
> I've seen it the last few times I've started libvirtd.service on two
> different Debia
Hi,
On Thu, Dec 21, 2017 at 12:10:58PM +0100, intrigeri wrote:
[..snip..]
> But local/usr.lib.libvirt.virt-aa-helper becomes a conffile, which
> previously it was not managed by dpkg. I don't know how this is
> handled by dpkg. I suspect it might be easier to comment out:
>
> INSTALL_DATA_LOCAL
Hi,
On Sun, Nov 19, 2017 at 02:57:32PM +, intrigeri+libv...@boum.org wrote:
>
> Changes since v3:
>
> - don't add in 1/2 blanket catch-all mount rule that 2/2 was
> replacing anyway
Pushed now. Thanks!
-- Guido
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.red
Hi Marc,
On Sun, Oct 22, 2017 at 10:37:44AM +0200, Marc Haber wrote:
> Hi Guido,
>
> I didn't mean to accuse Debian of doing a bad job with netcf.
I didn't read it like that either.
>
> On Sun, Oct 22, 2017 at 09:26:31AM +0200, Guido Günther wrote:
> > On Thu, O
Hi Marc,
On Thu, Oct 19, 2017 at 02:41:31PM +0200, Marc Haber wrote:
> On Thu, Oct 19, 2017 at 01:37:45PM +0200, Michal Privoznik wrote:
> > Aha! the thing is, you're using netcf backend while I'm using the udev
> > one. This error message comes from netcf. It's a netcf's bug. CCing
> > Laine who s
Hi,
On Thu, Oct 12, 2017 at 05:25:34PM +0100, Daniel P. Berrange wrote:
> On Thu, Oct 12, 2017 at 05:53:21PM +0200, Guido Günther wrote:
> > Domains fail to start without fuse like
> >
> > error: internal error: guest failed to start: fuse: device not found, try
>
Domains fail to start without fuse like
error: internal error: guest failed to start: fuse: device not found, try
'modprobe fuse' first
Failure in libvirt_lxc startup: no error
so check for it too.
References:
https://ci.debian.net/data/autopkgtest/unstable/amd64/libv/libvirt/20171012_1059
in.libvirtd
> index fa4ebb355..819068ffc 100644
> --- a/examples/apparmor/usr.sbin.libvirtd
> +++ b/examples/apparmor/usr.sbin.libvirtd
> @@ -39,6 +39,7 @@
>
>ptrace (trace) peer=unconfined,
> ptrace (trace) peer=/usr/sbin/libvirtd,
> + ptrace (trace) peer=/usr
Hi,
On Fri, Sep 29, 2017 at 09:55:00AM +0200, Daniel Veillard wrote:
> Done, I have tagged RC1 in git, pushed signed tarball and rpms at the usual
> location:
>
>ftp://libvirt.org/libvirt/
>
>
> Seems to work fine in my limited testing, I had a keyboard issue in my XP
> guest but that's
Hi,
On Sun, Sep 24, 2017 at 02:26:01PM +0200, Guido Günther wrote:
> Hi Jim,
> On Fri, Sep 22, 2017 at 05:02:42PM -0600, Jim Fehlig wrote:
> > Kernel 4.13 introduced finer-grained ptrace checks
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.
| 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/examples/apparmor/usr.sbin.libvirtd
> b/examples/apparmor/usr.sbin.libvirtd
> index acb59e071..fa4ebb355 100644
> --- a/examples/apparmor/usr.sbin.libvirtd
> +++ b/examples/apparmor/usr.sbin.libvirtd
> @@ -37,6 +
Hi,
On Fri, Sep 22, 2017 at 11:30:39AM -0500, Jamie Strandboge wrote:
> On Fri, 2017-09-22 at 17:46 +0200, Guido Günther wrote:
>
> ...
>
> > What I don't understand yet is why we have in libvirt-lxc:
> >
> > > diff --git a/examples/apparmor/libvi
Hi,
On Fri, Sep 22, 2017 at 10:29:22AM -0500, Jamie Strandboge wrote:
> On Fri, 2017-09-22 at 14:52 +0200, Guido Günther wrote:
> > > + ptrace,
> >
> > ^^^
> >
> > This single line is enough to make things work for me on 4.13. AFAIK
> > dbus medi
Hi Jim,
On Wed, Sep 20, 2017 at 11:17:06AM -0600, Jim Fehlig wrote:
> On 09/20/2017 08:57 AM, Jim Fehlig wrote:
> > On 09/20/2017 12:51 AM, Guido Günther wrote:
> > > Hi Jim,
> > > On Mon, Sep 18, 2017 at 02:06:13PM -0600, Jim Fehlig wrote:
> > > > Kern
Hi,
On Tue, Sep 19, 2017 at 10:36:03PM -0600, Jim Fehlig wrote:
> On 09/18/2017 01:24 PM, Guido Günther wrote:
> > instead of only unloading it. This makes sure old profiles don't pile up
> > in /etc/apparmor.d/libvirt and we get updates to modified templates on
> > VM
Hi Jim,
On Mon, Sep 18, 2017 at 02:06:13PM -0600, Jim Fehlig wrote:
> Kernel 4.13 introduced finer-grained ptrace checks
>
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.13.2&id=290f458a4f16f9cf6cb6562b249e69fe1c3c3a07
>
> When Apparmor is enabled and libvi
instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.
---
src/security/security_apparmor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/security_apparmor.c b/sr
Hi,
On Mon, Sep 18, 2017 at 02:05:41PM +0200, Michal Privoznik wrote:
> On 09/15/2017 06:10 PM, Guido Günther wrote:
> > Things moved again, sigh.
> > ---
> > src/security/virt-aa-helper.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
>
Hi,
On Mon, Sep 18, 2017 at 02:05:30PM +0200, Michal Privoznik wrote:
> On 09/15/2017 05:17 PM, Guido Günther wrote:
> > Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd
> > like
> >
> > [ 8144.507756] audit: type=1400 audit(1505488162.386:38069
Things moved again, sigh.
---
src/security/virt-aa-helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 55a686a59c..0b43c8e391 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.
Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd
like
[ 8144.507756] audit: type=1400 audit(1505488162.386:38069121):
apparmor="DENIED" operation="file_perm" info="Failed name lookup - disconnected
path" error=-13 profile="libvirt-5dfcc8a7-b79a-4fa9-a41f-f6271651934c"
name=
Hi,
On Fri, Sep 15, 2017 at 01:05:27PM +0100, Daniel P. Berrange wrote:
> On Wed, Jun 07, 2017 at 08:02:04AM +0200, Guido Günther wrote:
> > If one pastes from the output of virt-sansbox-image
> >
> > $ virt-sandbox-image list
> > docker:/library/ubuntu?tag=17.04
&
Hi,
On Wed, Jun 21, 2017 at 10:00:32PM +0200, Guido Günther wrote:
> On Wed, Jun 07, 2017 at 08:02:03AM +0200, Guido Günther wrote:
> > This is basically a V2 of "Drop library/ from template name and image path"
> > with Dan's comment implemented.
>
> Ping?
Hi,
here are some doc updates I found on a long unused branch but they still apply.
Cheers,
-- Guido
Guido Günther (3):
Add some missing docs
streams: fix references
gvir_stream_send: make it obvious that we send bytes
libvirt-gobject/libvirt-gobject-connection.c | 15
---
libvirt-gobject/libvirt-gobject-connection.c | 15 ++-
libvirt-gobject/libvirt-gobject-domain.c | 2 +-
libvirt-gobject/libvirt-gobject-stream.c | 10 ++
3 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/libvirt-gobject/libvirt-gobject-connection.c
b
Fix doc and use a proper variable name
---
libvirt-gobject/libvirt-gobject-stream.c | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/libvirt-gobject/libvirt-gobject-stream.c
b/libvirt-gobject/libvirt-gobject-stream.c
index 296c00e..93788b5 100644
---
---
libvirt-gobject/libvirt-gobject-stream.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libvirt-gobject/libvirt-gobject-stream.c
b/libvirt-gobject/libvirt-gobject-stream.c
index b6bf774..296c00e 100644
--- a/libvirt-gobject/libvirt-gobject-stream.c
+++ b/libvirt-gobje
Hi,
On Mon, Sep 11, 2017 at 11:42:58AM +0200, Erik Skultety wrote:
> On Fri, Sep 08, 2017 at 04:31:03PM +0200, Guido Günther wrote:
> > Probably could have gone by the trivial rule.
> Yep.
Pushed. Thanks!
-- Guido
>
> Reviewed-by: Erik Skultety (series)
>
--
libvir-lis
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 6255d89310..c742e505c4 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16816,7 +16816,7 @@ qemuDomainBlockCopyValidateMirror(vir
Probably could have gone by the trivial rule.
Guido Günther (3):
storagefile: fix defintion vs definition typo
qemu_driver: fix existance vs existence typo
virnetserver: fix mesage vs message typo
src/qemu/qemu_driver.c| 2 +-
src/rpc/virnetserver.c| 2 +-
src/util
---
src/util/virstoragefile.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index fbc8245f35..e94ad32f09 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -3253,7 +3253,7 @@
virStorageSourcePar
---
src/rpc/virnetserver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index c02db74c46..2b76daab55 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -133,7 +133,7 @@ static int virNetServerProcessMsg(virNetS
Hi,
On Sun, Aug 13, 2017 at 07:36:40PM -0400, Laine Stump wrote:
> On 08/11/2017 04:05 PM, Guido Günther wrote:
> > ---
> > src/vbox/vbox_tmpl.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/vbox/vbox_tmpl.c b/src/vbox
---
src/vbox/vbox_tmpl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vbox/vbox_tmpl.c b/src/vbox/vbox_tmpl.c
index 07f25ba24f..dffeabde02 100644
--- a/src/vbox/vbox_tmpl.c
+++ b/src/vbox/vbox_tmpl.c
@@ -1836,7 +1836,7 @@ _mediumCreateDiffStorage(IMedium *medium ATTRIBUT
Hi,
On Tue, Aug 08, 2017 at 09:57:26PM +, intrigeri wrote:
> ---
> examples/apparmor/libvirt-qemu | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> index f462d7428c..dcfb1a5985 100644
> --- a/examples/apparmor/libv
On Tue, Jul 04, 2017 at 12:27:19PM +0200, Andrea Bolognani wrote:
> On Mon, 2017-07-03 at 18:47 +0200, Guido Günther wrote:
> > > > Anyway, I'll try to find a way to debug what's going on with
> > > > virnetsockettest.
> > >
> > > IIRC Debian
On Mon, Jul 03, 2017 at 10:49:46AM +0200, Ján Tomko wrote:
> [cc: Guido]
>
> On Sat, Jul 01, 2017 at 02:18:58PM +0400, Roman Bogorodskiy wrote:
> > Andrea Bolognani wrote:
> > > virnetsockettest also fails pretty often for me, certainly
> > > more than your figure; even if that wasn't the case, 1
On Wed, Jun 07, 2017 at 08:02:03AM +0200, Guido Günther wrote:
> This is basically a V2 of "Drop library/ from template name and image path"
> with Dan's comment implemented.
Ping?
-- Guido
>
> Guido Günther (2):
> Drop library/ from image path
> Sanitize
On Tue, May 23, 2017 at 06:22:41PM +0200, Stefan Bader wrote:
> From: William Grant
>
> Allow access to aarch64 UEFI images.
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> Acked-by: Guido Günther
Pushed. Thanks.
-- Guido
> ---
> example
On Wed, Jun 07, 2017 at 07:00:56PM +0200, Guido Günther wrote:
> On Wed, Jun 07, 2017 at 10:44:59AM -0600, Christian Ehrhardt wrote:
> > On Fri, Jun 2, 2017 at 12:57 PM, Guido Günther wrote:
> >
> > > Shouldn't this only be added when ceph is in use?
On Fri, Jun 02, 2017 at 08:58:57PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:44PM +0200, Stefan Bader wrote:
> > On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
> > a domain through libxl) is located under /usr/lib/xen-/bin.
> >
On Fri, Jun 02, 2017 at 08:46:42PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:40PM +0200, Stefan Bader wrote:
> > From: Christian Ehrhardt
> >
> > This replaces individual tests for firmware locations by
> > a generic function which will simplify havi
On Fri, Jun 02, 2017 at 09:01:49PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:48PM +0200, Stefan Bader wrote:
> > From: Serge Hallyn
> >
> > When setting up VncTLS according to the official Libvirt documentation,
> > only one certificate for libvi
On Fri, Jun 02, 2017 at 08:46:26PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:39PM +0200, Stefan Bader wrote:
> > From: Simon McVittie
> >
> > The split firmware and variables files introduced by
> > https://bugs.debian.org/764918 are in a different di
On Sun, Jun 04, 2017 at 04:41:58PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:42PM +0200, Stefan Bader wrote:
> > From: Serge Hallyn
> >
> > Updates profile to allow running on ppc64el.
> >
> > Bug-Ubuntu: https://bugs.launchpad.net/bu
On Wed, Jun 07, 2017 at 10:44:59AM -0600, Christian Ehrhardt wrote:
> On Fri, Jun 2, 2017 at 12:57 PM, Guido Günther wrote:
>
> > Shouldn't this only be added when ceph is in use?
> > Cheers,
> > -- Guido
> >
>
> Yeah it is part of a category of rules
This is basically a V2 of "Drop library/ from template name and image path"
with Dan's comment implemented.
Guido Günther (2):
Drop library/ from image path
Sanitize domain name
libvirt-sandbox/image/cli.py| 8 ++--
libvirt-sandbox/image/sources/docker.py
If one pastes from the output of virt-sansbox-image
$ virt-sandbox-image list
docker:/library/ubuntu?tag=17.04
docker:/library/debian?tag=latest
verbatim
$ virt-sandbox-image run -c qemu:///session docker:/library/debian?tag=latest
This fails like
/home//.local/share/libvirt/images/l
If one pastes from the output of virt-sansbox-image
$ virt-sandbox-image list
docker:/library/ubuntu?tag=17.04
docker:/library/debian?tag=latest
verbatim
$ virt-sandbox-image run -c qemu:///session docker:/library/debian?tag=latest
This fails like
Unable to start sandbox: Failed to c
On Tue, May 23, 2017 at 06:22:42PM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> Updates profile to allow running on ppc64el.
>
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/libvirt-qe
On Tue, May 23, 2017 at 06:22:48PM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> When setting up VncTLS according to the official Libvirt documentation,
> only one certificate for libvirt/libvirt-vnc is used. The document
> indicates to use the following directories :
>
> /etc/pki/CA
> /
On Tue, May 23, 2017 at 06:22:44PM +0200, Stefan Bader wrote:
> On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
> a domain through libxl) is located under /usr/lib/xen-/bin.
>
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195
>
> Signed-off-by: Christian Ehrhardt
> Signed-
On Tue, May 23, 2017 at 06:22:45PM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/libvirt-qemu | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/examples/apparmor/libvirt-qemu b/examples/a
On Tue, May 23, 2017 at 06:22:46PM +0200, Stefan Bader wrote:
> From: Guilhem Lettron
>
> Add rule to allow access to /dev/tap* used by macvtap.
>
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/921870
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmo
On Tue, May 23, 2017 at 06:22:39PM +0200, Stefan Bader wrote:
> From: Simon McVittie
>
> The split firmware and variables files introduced by
> https://bugs.debian.org/764918 are in a different directory for
> some reason. Let the virtual machine read both.
>
> Signed-off-by: Christian Ehrhardt
On Tue, May 23, 2017 at 06:22:40PM +0200, Stefan Bader wrote:
> From: Christian Ehrhardt
>
> This replaces individual tests for firmware locations by
> a generic function which will simplify having additional
> locations in the future.
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stef
On Mon, May 29, 2017 at 11:42:09AM +0200, Cedric Bosdonnat wrote:
> On Sat, 2017-05-27 at 13:04 +0200, Guido Günther wrote:
> > ---
> > libvirt-sandbox/libvirt-sandbox-builder-machine.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libvir
On Mon, May 29, 2017 at 11:43:53AM +0200, Cedric Bosdonnat wrote:
> On Sat, 2017-05-27 at 18:30 +0200, Guido Günther wrote:
> > ---
> > libvirt-sandbox/image/sources/docker.py | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libvir
---
libvirt-sandbox/image/sources/docker.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt-sandbox/image/sources/docker.py
b/libvirt-sandbox/image/sources/docker.py
index 43e9c32..aa5675e 100755
--- a/libvirt-sandbox/image/sources/docker.py
+++ b/libvirt-sandbox/image
If one pastes from the output of virt-sansbox-image
$ virt-sandbox-image list
docker:/library/ubuntu?tag=17.04
docker:/library/debian?tag=latest
verbatim
$ virt-sandbox-image run -c qemu:///session docker:/library/debian?tag=latest
This fails like
/home//.local/share/libvirt/images/l
---
libvirt-sandbox/libvirt-sandbox-builder-machine.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c
b/libvirt-sandbox/libvirt-sandbox-builder-machine.c
index bdec490..7204f71 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c
+++
On Fri, May 19, 2017 at 11:18:18AM +0200, Christian Ehrhardt wrote:
> On Fri, May 19, 2017 at 10:03 AM, Guido Günther wrote:
>
> > But if we aim for a profile replace on blockcommit [1] the would't matter
> > since the whole profile would get replaced, wouldn't it?
Hi Christian,
On Fri, May 19, 2017 at 11:18:18AM +0200, Christian Ehrhardt wrote:
> On Fri, May 19, 2017 at 10:03 AM, Guido Günther wrote:
>
> > But if we aim for a profile replace on blockcommit [1] the would't matter
> > since the whole profile would get replaced, woul
On Mon, May 15, 2017 at 06:07:12PM +0200, Stefan Bader wrote:
> On 15.05.2017 17:48, Guido Günther wrote:
> > On Mon, May 15, 2017 at 03:23:10PM +0200, Stefan Bader wrote:
> >> From: Serge Hallyn
> >>
> >> Just because a disk element only requests read acces
On Thu, May 18, 2017 at 10:53:46AM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> Updates profile to allow running on ppc64el.
>
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/libvirt-qe
hrhardt
> Signed-off-by: Stefan Bader
> Acked-by: Guido Günther
> ---
> examples/apparmor/usr.lib.libvirt.virt-aa-helper | 9 +
> 1 file changed, 9 insertions(+)
>
> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> b/examples/apparmor/usr.lib.li
On Thu, May 18, 2017 at 10:53:42AM +0200, Stefan Bader wrote:
> From: Felix Geyer
>
> Allow access to libnl-3 config files
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> Acked-by: Guido Günther
> ---
> examples/apparmor/usr.lib.libvirt.virt
other one (attributed to Simon).
Cheers,
-- Guido
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> Acked-by: Guido Günther
> ---
> examples/apparmor/libvirt-qemu | 1 +
> src/security/virt-aa-helper.c | 1 +
> tests/virt-aa-helper-test | 24
On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
> Mind you I'm not crazy about this. If this could be toggled with a
> default-off config option that would seem better than always giving
> these caps to libvirt-qemu.
virt-aa-helper could add these if it detects a 9pfs file system
On Mon, May 15, 2017 at 03:23:18PM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> Add fowner and fsetid to libvirt-qemu profile and add link
> to 9p file options in virt-aa-helper.
>
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-b
On Mon, May 15, 2017 at 03:23:12PM +0200, Stefan Bader wrote:
> From: William Grant
>
> Allow access to aarch64 UEFI images.
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/libvirt-qemu | 2 ++
> src/security/virt-aa-helper.c | 4 +++-
> tests/vi
On Mon, May 15, 2017 at 03:23:17PM +0200, Stefan Bader wrote:
> Local overrides is a feature Debian/Ubuntu libvirt provided for a while.
> This allows the user to have a non-conffile that he can use to extend the
> package delivered rules with extra content matching his special case.
>
> This chan
On Mon, May 15, 2017 at 03:23:11PM +0200, Stefan Bader wrote:
> From: Simon McVittie
>
> The split firmware and variables files introduced by
> https://bugs.debian.org/764918 are in a different directory for some reason.
> Let the virtual machine read both.
>
> Extended by Christian Ehrhardt to
On Mon, May 15, 2017 at 03:23:15PM +0200, Stefan Bader wrote:
> From: Christian Ehrhardt
>
> This adds further explicit denies for host devices to silence
> (acceptable) denial warnings.
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/usr.lib.libv
On Mon, May 15, 2017 at 03:23:13PM +0200, Stefan Bader wrote:
> From: Felix Geyer
>
> Allow access to libnl-3 config files
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++
> 1 file changed, 2 insertions(+)
>
On Mon, May 15, 2017 at 03:23:10PM +0200, Stefan Bader wrote:
> From: Serge Hallyn
>
> Just because a disk element only requests read access doesn't mean
> there may not be another readwrite request.
>
> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/bugs/1554031
The URL is wrong (drop the "ubun
On Mon, May 15, 2017 at 03:23:14PM +0200, Stefan Bader wrote:
> From: Felix Geyer
>
> Add explicit denies for disk devices to avoid cluttering dmesg with
> (acceptable) denials.
>
> Signed-off-by: Christian Ehrhardt
> Signed-off-by: Stefan Bader
> ---
> examples/apparmor/usr.lib.libvirt.virt-
ks,
> Frank
>
>
> Sent from my iPhone
>
> > On 24 Mar 2017, at 09:17, Guido Günther wrote:
> >
> >> On Thu, Mar 23, 2017 at 01:28:57PM +0100, Cedric Bosdonnat wrote:
> >> Hello Frank,
> >>
> >> I'm currently investigating some app
On Sat, Mar 25, 2017 at 09:17:23AM -0400, John Ferlan wrote:
>
>
> On 03/18/2017 09:49 AM, Guido Günther wrote:
> > ---
> > examples/event-test.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
>
> ACK - matches what libvirt source fo
On Thu, Mar 23, 2017 at 01:28:57PM +0100, Cedric Bosdonnat wrote:
> Hello Frank,
>
> I'm currently investigating some apparmor-related bug with namespaces. This
> one
> is surely related. I'll look into it when I'm done with the one I'm working
> on.
Assuming you're running the Jessie Kernel it
---
examples/event-test.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/event-test.c b/examples/event-test.c
index 7c9f4ec..a204485 100644
--- a/examples/event-test.c
+++ b/examples/event-test.c
@@ -78,7 +78,7 @@ static const char *eventDetailToString(int event,
On Fri, Mar 17, 2017 at 10:05:45AM +0100, Jiri Denemark wrote:
> On Thu, Mar 16, 2017 at 12:22:05 +0100, Guido Günther wrote:
> > This unbreaks emulators that don't support this command such as
> > qemu-system-mips*.
> >
> > Reference: http://bugs.debian.org/854125
On Thu, Mar 16, 2017 at 04:52:04PM +, Daniel P. Berrange wrote:
> On Thu, Mar 16, 2017 at 05:48:47PM +0100, Guido Günther wrote:
> > This is where e.g. Debian puts it.
> > ---
> > This adds lib64 as Dan suggested and also adds these two dirs to the
> > second
This is where e.g. Debian puts it.
---
This adds lib64 as Dan suggested and also adds these two dirs to the
second invocations to make things actually work.
examples/apparmor/usr.sbin.libvirtd | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/examples/apparmor/usr.sbin.libvi
This is where e.g. Debian puts it.
---
examples/apparmor/usr.sbin.libvirtd | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/apparmor/usr.sbin.libvirtd
b/examples/apparmor/usr.sbin.libvirtd
index 8893e75fe..03a80b7e6 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++
This unbreaks emulators that don't support this command such as
qemu-system-mips*.
Reference: http://bugs.debian.org/854125
---
src/qemu/qemu_capabilities.c| 5 +
src/qemu/qemu_capabilities.h| 1 +
tests/qemucapabilitiesdata/caps_1.2.2.x
On Thu, Mar 16, 2017 at 09:42:02AM +0100, Martin Kletzander wrote:
> On Thu, Mar 16, 2017 at 08:40:04AM +0100, Guido Günther wrote:
> > ---
> > src/libxl/libxl_migration.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
>
> ACK, trivial
Pushed. Tha
This unbreaks emulators that don't support this command such as
qemu-system-mips*.
Reference: http://bugs.debian.org/854125
---
src/qemu/qemu_capabilities.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 70f9ed
---
src/libxl/libxl_migration.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
index fb833d1a3..6b5b981f1 100644
--- a/src/libxl/libxl_migration.c
+++ b/src/libxl/libxl_migration.c
@@ -325,7 +325,7 @@ libxlMigrateReceiv
Hi,
On Wed, Mar 15, 2017 at 04:55:04PM +, Daniel P. Berrange wrote:
> Linux still defaults to a 1024 open file handle limit. This causes
> scalability problems for libvirtd / virtlockd / virtlogd on large
> hosts which might want > 1024 guest to be running. In fact if each
> guest needs > 1 FD,
Hi,
while looking into a regression failing to start any mips qemu systems
(http://bugs.debian.org/854125) I noticed that querying cpu definition
does not work for lots of non intel architectures like mips due to lack
of support for the query-cpu-definition monitor command:
2017-03-15 04:23:55.336
;t help us in this case, but
> am open to being proven wrong.
The fd is passed over the existing socket, no new socket is created to
the qemu process, so yes virt-aa-helper won't help here. Sorry for the
noise.
-- Guido
>
> Thanks!
> Bryan
>
> On Wed, Mar 1, 2017 at 1:0
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote:
> Also see Ubuntu bug
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681
> First reported
> https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220
>
> ---
> examples/apparmor
Hi, Jim,
On Thu, Feb 09, 2017 at 09:30:16AM -0700, Jim Fehlig wrote:
> Guido Günther wrote:
> > On Fri, Feb 03, 2017 at 10:32:12AM -0700, Jim Fehlig wrote:
> >> If the apparmor security driver is loaded/enabled and domain config
> >> contains a element whose type
On Fri, Feb 03, 2017 at 10:32:12AM -0700, Jim Fehlig wrote:
> If the apparmor security driver is loaded/enabled and domain config
> contains a element whose type attribute is not 'apparmor',
> starting the domain fails when attempting to label resources such
> as tap FDs.
>
> Many of the apparmor
On Wed, Jan 18, 2017 at 10:49:59AM +, Daniel P. Berrange wrote:
> When namespaces are enabled there is currently breakage when
> using disk hotplug and when using AppArmor
>
> Signed-off-by: Daniel P. Berrange
> ---
>
> I'm suggesting this for 3.0.x branch - we'll leave them enabled
> in mas
On Thu, Jan 05, 2017 at 03:30:56PM +, Daniel P. Berrange wrote:
> Currently when spawning containers with systemd, the container PID 1
> will get moved into the systemd machine slice. Libvirt then manually
> moves the libvirt_lxc and qemu-nbd processes into the cgroups associated
> with the sli
1 - 100 of 1147 matches
Mail list logo
