Re: [libvirt] [PATCH] apparmor: support finer-grained ptrace checks

On 22.09.2017 14:52, Guido Günther wrote: > Hi Jim, > On Wed, Sep 20, 2017 at 11:17:06AM -0600, Jim Fehlig wrote: >> On 09/20/2017 08:57 AM, Jim Fehlig wrote: >>> On 09/20/2017 12:51 AM, Guido Günther wrote: Hi Jim, On Mon, Sep 18, 2017 at 02:06:13PM -0600, Jim Fehlig wrote: > Kernel

[libvirt] Various apparmor related changes (part 2)

> Over the years there have been a bunch of changes to the > apparmor profiles and/or virt-aa-helper which have been > carried in Debian/Ubuntu but never made it upstream. > > In an attempt to clean this up and generally improve the > apparmor based environments, we (Christian and I) went > over t

[libvirt] [PATCH 01/10] virt-aa-helper, apparmor: allow /usr/share/OVMF/ too

From: Simon McVittie The split firmware and variables files introduced by https://bugs.debian.org/764918 are in a different directory for some reason. Let the virtual machine read both. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 1

[libvirt] [PATCH 02/10] virt-aa-helper: Generalize test for firmware paths

From: Christian Ehrhardt This replaces individual tests for firmware locations by a generic function which will simplify having additional locations in the future. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- tests/virt-aa-helper-test | 29

[libvirt] [PATCH 09/10] apparmor, libvirt-qemu: Allow read access to overcommit_memory

From: Jamie Strandboge Allow qemu to read @{PROC}/sys/vm/overcommit_memory. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu

[libvirt] [PATCH 10/10] apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc

certificates used by libvirt-vnc. Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 6 ++ 1 file changed, 6 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu

[libvirt] [PATCH 03/10] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/libvirt-qemu | 2 ++ src/security/virt-aa-helper.c | 4 +++- tests/virt-aa-helper-test | 2 ++ 3 files changed, 7

[libvirt] [PATCH 04/10] apparmor, libvirt-qemu: Add ppc64el related changes

From: Serge Hallyn Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 6 ++ 1 file changed, 6 insertions(+) diff --git a/examples/apparmor

[libvirt] [PATCH 06/10] apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu

On Debian/Ubuntu the libxl-save-helper (used when saving/restoring a domain through libxl) is located under /usr/lib/xen-/bin. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.sbin.libvirtd | 1 + 1

[libvirt] [PATCH 07/10] apparmor, libvirt-qemu: Allow access to ceph config

From: Serge Hallyn Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 7fa512f..fddc93a 100644 --- a/examples/apparmor

[libvirt] [PATCH 05/10] apparmor: Allow pygrub to run on Debian/Ubuntu

In Debian/Ubuntu the pygrub command is located under /usr/lib/xen-/bin/pygrub. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1326003 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.sbin.libvirtd | 1 + 1 file changed, 1 insertion(+) diff --git a/examples

[libvirt] [PATCH 08/10] apparmor, libvirt-qemu: Allow macvtap access

From: Guilhem Lettron Add rule to allow access to /dev/tap* used by macvtap. Bug-Ubuntu: https://bugs.launchpad.net/bugs/921870 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples

Re: [libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

On 22.05.2017 15:12, Andrea Bolognani wrote: > On Thu, 2017-05-18 at 10:53 +0200, Stefan Bader wrote: >> @@ -102,6 +103,7 @@ >> /usr/bin/qemu-system-or32 rmix, >> /usr/bin/qemu-system-ppc rmix, >> /usr/bin/qemu-system-ppc64 rmix, >> + /usr/bin/qemu-s

Re: [libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

On 19.05.2017 11:03, Christian Ehrhardt wrote: > > On Fri, May 19, 2017 at 9:55 AM, Guido Günther > wrote: > > LGTM but I don't know much about PPC64, it's SLOF and where the device > tree should be located. > > > Hi those paths for SLOF are the default one for

Re: [libvirt] [PATCH 2/8] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

On 19.05.2017 09:46, Guido Günther wrote: > Hi Stefan, > On Thu, May 18, 2017 at 10:53:40AM +0200, Stefan Bader wrote: >> From: Simon McVittie >> >> The split firmware and variables files introduced by >> https://bugs.debian.org/764918 are in a different directo

Re: [libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

On 19.05.2017 13:13, Guido Günther wrote: > On Fri, May 19, 2017 at 11:18:18AM +0200, Christian Ehrhardt wrote: >> On Fri, May 19, 2017 at 10:03 AM, Guido Günther wrote: >> >>> But if we aim for a profile replace on blockcommit [1] the would't matter >>> since the whole profile would get replaced,

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

be considered. Does the rest look ok (in particular 1/8 with the additional explanation)? -Stefan > >> Cheers, >> -- Guido >> >>> >>> Quoting Stefan Bader (stefan.ba...@canonical.com): >>>> From: Serge Hallyn >>>> >>>> Add

[libvirt] [PATCH 6/8] apparmor: include local apparmor profiles

profiles for virt-aa-helper and libvirtd. Additionally extended the build environment to carry template local profiles and install them into the correct places. Without that the include directives would prevent the profile from loading. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader

[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

From: Serge Hallyn Add fowner and fsetid to libvirt-qemu profile. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 4 1 file changed, 4 insertions(+) diff --git a/examples/apparmor

[libvirt] [PATCH 1/8] virt-aa-helper: Ask for no deny rule for readonly disk elements

t would cause a denial message and probably more relevant, allows to add write access later. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554031 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- src/security/virt-aa-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions

[libvirt] [PATCH 3/8] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/libvirt-qemu | 2 ++ src/security/virt-aa-helper.c | 4 +++- tests/virt-aa-helper-test | 2 ++ 3 files changed, 7

[libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

From: Serge Hallyn Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 7 +++ 1 file changed, 7 insertions(+) diff --git a/examples/apparmor

[libvirt] [PATCH 4/8] apparmor, virt-aa-helper: Allow access to libnl-3 config files

From: Felix Geyer Allow access to libnl-3 config files Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa

[libvirt] [PATCH 2/8] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

future). Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 1 + tests/virt-aa-helper-test | 24 3 files changed, 18 insertions(+), 8 deletions(-) diff

[libvirt] [PATCH 5/8] apparmor, virt-aa-helper: Explicit denies for host devices

From: Felix Geyer Add explicit denies for disk devices to avoid cluttering dmesg with (acceptable) denials (merged with a second patch which added more disk device names). Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader Acked-by: Guido Günther --- examples/apparmor

[libvirt] Various apparmor related changes (part 1), version 2

> Over the years there have been a bunch of changes to the > apparmor profiles and/or virt-aa-helper which have been > carried in Debian/Ubuntu but never made it upstream. > > In an attempt to clean this up and generally improve the > apparmor based environments, we (Christian and I) went > over t

Re: [libvirt] [PATCH 09/10] appmor, virt-aa-helper: Add 9p support

On 15.05.2017 18:13, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:18PM +0200, Stefan Bader wrote: >> From: Serge Hallyn >> >> Add fowner and fsetid to libvirt-qemu profile and add link >> to 9p file options in virt-aa-helper. >> >> Bug-Ubuntu:

Re: [libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

On 15.05.2017 17:48, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:10PM +0200, Stefan Bader wrote: >> From: Serge Hallyn >> >> Just because a disk element only requests read access doesn't mean >> there may not be another readwrite request. >> >

Re: [libvirt] [PATCH 06/10] apparmor, virt-aa-helper: Additional explicit denies for host devices

On 15.05.2017 17:56, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:15PM +0200, Stefan Bader wrote: >> From: Christian Ehrhardt >> >> This adds further explicit denies for host devices to silence >> (acceptable) denial warnings. >> >> Signed-off-b

Re: [libvirt] [PATCH 07/10] apparmor: include local apparmor profiles

On 15.05.2017 16:30, Jamie Strandboge wrote: > On Mon, 2017-05-15 at 09:28 -0500, Jamie Strandboge wrote: >> On Mon, 2017-05-15 at 15:23 +0200, Stefan Bader wrote: >>> From: Felix Geyer >>> >>> Local overrides is a feature Debian/Ubuntu libvirt provided for

[libvirt] [PATCH 10/10] apparmor, libvirt-qemu: Add ppc related changes

From: Serge Hallyn Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 7 +++ 1 file changed, 7 insertions(+) diff --git a/examples/apparmor

[libvirt] [PATCH 02/10] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

future). Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 1 + tests/virt-aa-helper-test | 24 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/examples/apparmor

[libvirt] [PATCH 08/10] apparmor: provide local override templates

the makefile template to include those when installing the apparmor profiles. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/Makefile.am | 14 ++ examples/apparmor/local-usr.lib.libvirt.virt-aa-helper | 2 ++ examples

[libvirt] [PATCH 03/10] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 2 ++ src/security/virt-aa-helper.c | 4 +++- tests/virt-aa-helper-test | 2 ++ 3 files changed, 7 insertions(+), 1 deletion

[libvirt] [PATCH 09/10] appmor, virt-aa-helper: Add 9p support

From: Serge Hallyn Add fowner and fsetid to libvirt-qemu profile and add link to 9p file options in virt-aa-helper. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/libvirt-qemu | 4 src/security

[libvirt] [PATCH 04/10] apparmor, virt-aa-helper: Allow access to libnl-3 config files

From: Felix Geyer Allow access to libnl-3 config files Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples

[libvirt] [PATCH 06/10] apparmor, virt-aa-helper: Additional explicit denies for host devices

From: Christian Ehrhardt This adds further explicit denies for host devices to silence (acceptable) denial warnings. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 1 file changed, 4 insertions(+) diff --git a

[libvirt] [PATCH 07/10] apparmor: include local apparmor profiles

profiles for virt-aa-helper and libvirtd. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 3 +++ examples/apparmor/usr.sbin.libvirtd | 3 +++ 2 files changed, 6 insertions(+) diff --git a/examples/apparmor

[libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

From: Serge Hallyn Just because a disk element only requests read access doesn't mean there may not be another readwrite request. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/bugs/1554031 Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- src/security/virt-aa-helper.

[libvirt] [PATCH 05/10] apparmor, virt-aa-helper: Explicit denies for host devices

From: Felix Geyer Add explicit denies for disk devices to avoid cluttering dmesg with (acceptable) denials. Signed-off-by: Christian Ehrhardt Signed-off-by: Stefan Bader --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 5 + 1 file changed, 5 insertions(+) diff --git a/examples

[libvirt] Various apparmor related changes (part 1)

Over the years there have been a bunch of changes to the apparmor profiles and/or virt-aa-helper which have been carried in Debian/Ubuntu but never made it upstream. In an attempt to clean this up and generally improve the apparmor based environments, we (Christian and I) went over the changes, cl

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 20:43, Eric Blake wrote: > On 10/10/2016 11:48 AM, Stefan Bader wrote: > >>> I did not hear about that before. But revisiting things again I think what >>> happened is that the Xen patch which I had done before (but at that time >>> forgot >>

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 18:32, Stefan Bader wrote: > On 10.10.2016 17:06, Cole Robinson wrote: >> On 10/07/2016 03:56 AM, Stefan Bader wrote: >>> Two small changes, before I forget about submitting them... >>> >>> First one affects all environments the same. The list of

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 17:06, Cole Robinson wrote: > On 10/07/2016 03:56 AM, Stefan Bader wrote: >> Two small changes, before I forget about submitting them... >> >> First one affects all environments the same. The list of UIDs which >> is generated has each element on a sepa

[libvirt] [PATCH 2/2] tools: Exclude Xen dom0 from libvirt-guests.sh list

With newer versions of libvirt Domain-0 is again visible in the list of running guests but it should not be considered as a guest for shutdown or suspend. Signed-off-by Stefan Bader --- tools/libvirt-guests.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools

[libvirt] [PATCH 1/2] tools: Ignore newlines in libvirt-guests.sh guest list

a fix by Omar Siam Bug-Ubuntu: http://bugs.launchpad.net/bugs/1591695 Signed-off-by: Stefan Bader --- tools/libvirt-guests.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in index 7f74b85..7380b4b 100644 --- a/tools/li

[libvirt] libvirt-guest.sh bug fixes

Two small changes, before I forget about submitting them... First one affects all environments the same. The list of UIDs which is generated has each element on a separate line. And using quotes in the echo preserves those newlines. However the processing assumes one line per URI and all UIDs sepa

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 09.05.2016 21:00, intrigeri wrote: > Hi, > >> Stefan Bader wrote (20 May 2015 10:11:45 GMT) : >> intrigeri wrote (15 Jun 2015 15:09:11 GMT) : >> My (possibly incomplete) records say that I've tested the latest >> proposed patch set back in February (<85i

[libvirt] Should external snapshots be possible with type volume image files?

At least up to libvirt version 1.2.16 an external snapshot fails when the image file (supported type like QCOW2) is not specified as type='file' by as type='volume' to a pool that consists of image files (type directory). The reason there is that the source element of the disk definition does not

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

efan and others, > >> Stefan Bader wrote (21 Oct 2014 11:50:24 GMT) : >>> On 20.10.2014 12:48, Stefan Bader wrote: >>>> On 19.10.2014 17:07, intrigeri wrote: >>>>> Cool, I've tested this. I've imported these two patches in Debian's >&

Re: [libvirt] libxl and non-absolute paths

On 18.02.2015 04:15, Jim Fehlig wrote: > Stefan Bader wrote: >> Just recently we moved to libvirt 1.2.12 for the next release. Which brought >> up >> a few problems when working with configs which we and Debian used to have. >> >> A mild complaint towards the x

Re: [libvirt] libxl and non-absolute paths

On 16.02.2015 10:18, Martin Kletzander wrote: > On Fri, Feb 13, 2015 at 03:20:07PM +0100, Stefan Bader wrote: >> Just recently we moved to libvirt 1.2.12 for the next release. Which brought >> up >> a few problems when working with configs which we and Debian used to have. &

[libvirt] libxl and non-absolute paths

Just recently we moved to libvirt 1.2.12 for the next release. Which brought up a few problems when working with configs which we and Debian used to have. A mild complaint towards the xml validation: it would be really nice of that would be a bit more specific about what exactly it complains. It t

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 20.10.2014 12:48, Stefan Bader wrote: > On 19.10.2014 17:07, intrigeri wrote: >> Hi Stefan, >> >> Stefan Bader wrote (19 Oct 2014 11:07:40 GMT) : >>> Yeah, I actually did but it felt a bit hackish but then I am told anything >>> looks >>> a

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 19.10.2014 17:07, intrigeri wrote: > Hi Stefan, > > Stefan Bader wrote (19 Oct 2014 11:07:40 GMT) : >> Yeah, I actually did but it felt a bit hackish but then I am told anything >> looks >> a bit hackish when it involves autoconf. These are again against upstream &g

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

are again against upstream libvirt mostly because the last touch timestamps always clash otherwise. I tried to do two steps, one introducing the machinery and the second to add the changes. That way the vast looking delta of the first patch boils down to mostly renames. -Stefan From 5d0c61d3e9df6a4

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 01.10.2014 11:04, Daniel P. Berrange wrote: > On Wed, Oct 01, 2014 at 10:30:58AM +0200, Stefan Bader wrote: >> This had been on the Debian package list before but its time to take >> this onwards. So the goal would be to have one set to rule them all >> (when using a

[libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

sections (like #if (APPARMOR_VERSION >= xxx)). So that is where we stand. Ideas are very welcome. -Stefan --- >From aec5cf8cc30c80492a37856626264c3d4c27a31f Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Thu, 18 Sep 2014 14:15:17 +0200 Subject: [PATCH] Add missing delta from Ubuntu to ap

Re: [libvirt] [PATCH] libxl: Implement basic video device selection

On 19.09.2014 05:01, Jim Fehlig wrote: > Stefan Bader wrote: >> Re-pushing this as the old thread got rather stale. > > Thanks. > >> Some of the >> VFB setup went in a bug fix. Not sure I missed a detail in rebasing >> bug the keyboard setting may be the

[libvirt] [PATCH] libxl: Implement basic video device selection

error for unsupported video type] [v4: Re-arrange code and move VFB setup into libxlMakeVfbList] [v5: Rebased against head which already had some VFB setup code] >From b3ff8f4c658d29f15e673af88b9ae2fdfa3c1317 Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Thu, 27 Mar 2014 16:01:18 +0100 Subj

Re: [libvirt] [PATCH] libxl: Implement basic video device selection

On 16.07.2014 23:05, Jim Fehlig wrote: > Stefan Bader wrote: >> being as bad with timely responses. Ok, so how about the following? >> >> One note: it could be the STRDUP's are not strictly needed. But >> to me it felt wrong to have two places refer to the same s

[libvirt] [PATCH] libxl: Implement basic video device selection

s now in MakeVFB probably can be dropped (except setting the keyboard layout, maybe; which I might miss ;)). -Stefan >From a95db265fa4c1a231e7c2d70baa360c6a0500e3b Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Thu, 27 Mar 2014 16:01:18 +0100 Subject: [PATCH] libxl: Implement basic vide

[libvirt] libxl: Enable video device selection for Xen

Sorry, this fell complete off my todos for a while. So I split off the fixup of VRAM into a separate patch which may or may not be used and only accept vga, xen and cirrus as supported types in the main patch. I believe I saw some discussions about how to fix some of the VRAM values as they are pa

[libvirt] [PATCH 1/2] libxl: Implement basic video device selection

decide between a Cirrus or standard VGA emulation and to modify the VRAM within certain limits using libvirt. [v2: Check return code of VIR_STRDUP and fix indentation] [v3: Split out VRAM fixup and return error for unsupported video type] Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c

[libvirt] [PATCH 2/2] libxl: Fix up VRAM to minimum requirements

not be that different from current Cirrus behaviour. Only that in that case qemu seems to ignore the provided size. Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c | 27 ++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/src/libxl/libxl_conf.c b

Re: [libvirt] libvirt-libxl driver defaulting to tap disk and not working (ubuntu 12.10 + xen 4.5 + libvirt 1.2.3 + openstack)

On 21.04.2014 23:53, Jim Fehlig wrote: > Tian, Shuangtai wrote: >> Hi, Jim >> The blktap seems not a module in xen 4.5, when I tried the load it , can not >> find the module, is there something wrong I did? >> > > It would be provided by your dom0 kernel, not Xen. The Ubuntu Xen > kernel does

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 15:17, Daniel P. Berrange wrote: > On Fri, Apr 04, 2014 at 11:36:39AM +0200, Stefan Bader wrote: >> +static int >> +libxlSetBuildGraphics(virDomainDefPtr def, libxl_domain_config *d_config) >> +{ >> +libxl_domain_build_info

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 14:56, Ian Campbell wrote: > On Fri, 2014-04-04 at 14:51 +0200, Daniel P. Berrange wrote: >> On Fri, Apr 04, 2014 at 11:34:17AM +0100, Ian Campbell wrote: >>> On Fri, 2014-04-04 at 12:31 +0200, Stefan Bader wrote: >>>> On 04.04.2014 11:48, Ian Campbell w

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 12:34, Ian Campbell wrote: > On Fri, 2014-04-04 at 12:31 +0200, Stefan Bader wrote: >> On 04.04.2014 11:48, Ian Campbell wrote: >>> On Fri, 2014-04-04 at 11:36 +0200, Stefan Bader wrote: >>>> +/* >>>> + * Take the first defin

Re: [libvirt] [Xen-devel] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 12:31, Stefan Bader wrote: > On 04.04.2014 11:48, Ian Campbell wrote: >> On Fri, 2014-04-04 at 11:36 +0200, Stefan Bader wrote: >>> +/* >>> + * Take the first defined video device (graphics card) to display >>> + * on the first graphics

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 11:48, Ian Campbell wrote: > On Fri, 2014-04-04 at 11:36 +0200, Stefan Bader wrote: >> +/* >> + * Take the first defined video device (graphics card) to display >> + * on the first graphics device (display). >> + * Right now only typ

[libvirt] [PATCH v2] libxl: Implement basic video device selection

17 00:00:00 2001 From: Stefan Bader Date: Thu, 27 Mar 2014 16:01:18 +0100 Subject: [PATCH] libxl: Implement basic video device selection This started as an investigation into an issue where libvirt (using the libxl driver) and the Xen host, like an old couple, could not agree on who is responsible

Re: [libvirt] libxl fixes/improvements for libvirt

On 03.04.2014 17:45, Michal Privoznik wrote: > On 27.03.2014 17:55, Stefan Bader wrote: >> Here several changes which improve the handling of Xen for me: >> >> * 0001-libxl-Use-id-from-virDomainObj-inside-the-driver.patch >>This is a re-send as I initially submit

[libvirt] [PATCH 1/3] libxl: Use id from virDomainObj inside the driver

m virt-manager (not being able to get domain info after define or reboot). This was caused both though libxlDomainGetInfo() only but there were a lot of places that might potentially cause issues, too. Signed-off-by: Stefan Bader --- src/libxl/libxl_driver.c

[libvirt] [PATCH 2/3] libxl: Set disk format for empty cdrom device

gets passed on. > libxl: error: libxl_device.c:265:libxl__device_disk_set_backend: > Disk vdev=hdc failed to stat: (null): Bad address Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_

[libvirt] libxl fixes/improvements for libvirt

Here several changes which improve the handling of Xen for me: * 0001-libxl-Use-id-from-virDomainObj-inside-the-driver.patch This is a re-send as I initially submitted that as a reply to some discussion. Starting from the visibly broken libxlDomainGetInfo when creating or rebooting a guest w

[libvirt] [PATCH 3/3] libxl: Implement basic video device selection

decide between a Cirrus or standard VGA emulation and to modify the VRAM within certain limits using libvirt. Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c | 85 1 file changed, 85 insertions(+) diff --git a/src/libxl/libxl_conf.c b/src

[libvirt] [PATCH] libxl: Use id from virDomainObj inside the driver

m virt-manager (not being able to get domain info after define or reboot). This was caused both though libxlDomainGetInfo() only but there were a lot of places that might potentially cause issues, too. Signed-off-by: Stefan Bader --- src/libxl/libxl_driver.c

Re: [libvirt] libxl: Issues with virt-manager when used to manager Xen domains

On 25.03.2014 16:46, Daniel P. Berrange wrote: > On Tue, Mar 25, 2014 at 04:42:25PM +0100, Stefan Bader wrote: >> On 25.03.2014 16:36, Daniel P. Berrange wrote: >>> On Tue, Mar 25, 2014 at 04:22:54PM +0100, Stefan Bader wrote: >>>> This started off with some regressi

Re: [libvirt] libxl: Issues with virt-manager when used to manager Xen domains

On 25.03.2014 16:36, Daniel P. Berrange wrote: > On Tue, Mar 25, 2014 at 04:22:54PM +0100, Stefan Bader wrote: >> This started off with some regression testing after going forward to >> Xen-4.4. We >> currently would pair that with a libvirt version 1.2.2 and right now >

[libvirt] [PATCH] libxl: Create log directory earlier

had the directory created before. Move the code to create the libxl directory into libxlDriverConfigNew(). Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c |8 src/libxl/libxl_driver.c |7 --- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/libxl

[libvirt] libxl: Issues with virt-manager when used to manager Xen domains

This started off with some regression testing after going forward to Xen-4.4. We currently would pair that with a libvirt version 1.2.2 and right now operations through virsh seem to be working (mostly) well. But when using virt-manager (not the most up-to-date versions but some combinations that q

Re: [libvirt] [PATCH] Avoid warning message from libxl driver on non-Xen kernels

On 17.03.2014 13:15, Daniel P. Berrange wrote: > +if (!virFileExists("/proc/xen/capabilities")) { > +VIR_INFO("Disabling driver as /proc/xen/capabilities does not > exist"); > +return false; > +} Oh right, I should have checked the log more carefully in all cases. It would

Re: [libvirt] libvirt: [PATCH] libxl: Check for control_d string to decide about dom0

On 12.03.2014 13:08, Ian Campbell wrote: > On Wed, 2014-03-12 at 13:03 +0100, Stefan Bader wrote: >> I have been looking into a bug report (see BugLink) which reported >> libvirt to fail starting inside a Xen guest. Upon further investigation >> I found that some tools tha

[libvirt] libvirt: [PATCH] libxl: Check for control_d string to decide about dom0

tly in the normal guests (with xenfs mounted) without initializing libxl. And also in dom0 where it still enables the libxl driver (if the xl toolstack is selected). -Stefan >From f11949caca6dfe1a802472a2a6d4fe760115ccc6 Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Wed, 12 Mar 2014 1

Re: [libvirt] [PATCH] libxl: Fix devid init in libxlMakeNicList

On 08.01.2014 11:42, Ian Campbell wrote: > On Wed, 2014-01-08 at 11:39 +0100, Stefan Bader wrote: >> This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96 >> "libxl: Allow libxl to set NIC devid". However assigning devid's >> before calling l

[libvirt] [PATCH] libxl: Fix devid init in libxlMakeNicList

allowed to make the devid choice itself. And assuming libxlMakeNicList is only used on domain creation, a sequential numbering should be ok. Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c |7 +++ 1 file changed, 7 insertions(+) diff --git a/src/libxl/libxl_conf.c b/src/libxl/lib

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 19.12.2013 18:57, Ian Campbell wrote: > On Thu, 2013-12-19 at 18:06 +0100, Stefan Bader wrote: >>> How about we: >>> * move the init to setdefault to catch the single NIC added via >>> hotplug case >> >> Init of devid? > > Yes,

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 19.12.2013 11:19, Ian Campbell wrote: > On Wed, 2013-12-18 at 17:44 -0700, Jim Fehlig wrote: >> Stefan Bader wrote: >>> On 18.12.2013 14:28, Ian Campbell wrote: >>> >>>> On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: >>>>

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 14:28, Ian Campbell wrote: > On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: >> On 18.12.2013 13:27, Ian Campbell wrote: >>> On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: >>>>> >>>>> Might

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 14:28, Ian Campbell wrote: > On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: >> On 18.12.2013 13:27, Ian Campbell wrote: >>> On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: >>>>> >>>>> Might

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 13:27, Ian Campbell wrote: > On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: >>> >>> Might this libxl fix be relevant: >>> commit 5420f26507fc5c9853eb1076401a8658d72669da >>> Author: Jim Fehlig >>>

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 17.12.2013 17:58, Ian Campbell wrote: > On Tue, 2013-12-17 at 17:34 +0100, Stefan Bader wrote: >> Using virt-manager "hypervisor default" type: >> >> >> >> >> >> >> >> This causes the qemu ca

[libvirt] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

Using virt-manager "hypervisor default" type: This causes the qemu call to have "-net none" which removes PXE boot abilities. A linux kernel has network through the xen pv-driver. Changing in virt-manager to "e1000" type: Th

Re: [libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus

def is NULL, resulting in a > segfault further down the call chain. > Absolutely right. I missed to do that in the version I forward ported to HEAD since I did the fix and testing in an older version. :/ Good you spotted that. Ok, I updated the patch as suggested (attached). -Stefan From

[libvirt] [PATCH] xen: Avoid double free of virDomainDef in xenDaemonCreateXML

] https://www.redhat.com/archives/libvir-list/2013-July/msg01183.html >From 0e90fac9004996a6517ce1bd4d7b9c6ebef6c45c Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Tue, 30 Jul 2013 20:48:33 +0200 Subject: [PATCH] xen: Avoid double free of virDomainDef in xenDaemonCreateXML The virDomainDef

Re: [libvirt] [Xen-devel] [PATCH] libxl: Correctly initialize vcpu bitmap

On 23.07.2013 23:20, Jim Fehlig wrote: > One comment below in addition to Konrad's... > > Konrad Rzeszutek Wilk wrote: >> On Mon, Jul 22, 2013 at 12:51:05PM +0200, Stefan Bader wrote: >> >>> This fixes the basic setup but there is likely more to do if things

Re: [libvirt] [Xen-devel] [PATCH] libxl: Correctly initialize vcpu bitmap

On 22.07.2013 21:39, Konrad Rzeszutek Wilk wrote: > On Mon, Jul 22, 2013 at 12:51:05PM +0200, Stefan Bader wrote: >> This fixes the basic setup but there is likely more to do if things >> like manual CPU hirarchy (nodes, cores, threads) to be working. >> >> Cross-postin

[libvirt] [PATCH] libxl: Correctly initialize vcpu bitmap

s a bit position as an argument, not the number of bits to set). Without this, I would always only get one VCPU for guests created through libvirt/libxl. Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/

Re: [libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus

On 16.07.2013 18:11, Stefan Bader wrote: > Based on Daniel's feedback I did a split for public/private functions > for those that cause the lockup when getting XML. Maybe not complete > but at least seems to allow basic usage again (through virt-manager). > As Jim hinted on &quo

  1   2   >