On Tue, 28 Feb 2023 13:29:18 -0800
Andrea Bolognani wrote:
> On Tue, Feb 28, 2023 at 07:53:09PM +0100, Stefano Brivio wrote:
> > On Tue, 28 Feb 2023 10:06:18 -0800 Andrea Bolognani
> > wrote:
> > > On Tue, Feb 28, 2023 at 09:49:26AM -0500, Laine Stump wrote:
>
On Tue, 28 Feb 2023 10:06:18 -0800
Andrea Bolognani wrote:
> On Tue, Feb 28, 2023 at 09:49:26AM -0500, Laine Stump wrote:
> > + * QEMU: properly report passt startup errors
> > +
> > +Due to how the child passt process was started, the initial
> > +support for passt (added in 9.0.0) woul
On Thu, 23 Feb 2023 10:25:28 +0100
Jiri Denemark wrote:
> On Wed, Feb 22, 2023 at 17:02:48 +0100, Stefano Brivio wrote:
> > On Wed, 22 Feb 2023 15:23:04 +0100
> > Jiri Denemark wrote:
> >
> > > I have just tagged v9.1.0-rc1 in the repository and pushed signed
On Wed, 22 Feb 2023 17:38:49 +0100
Michal Prívozník wrote:
> On 2/22/23 16:51, Stefano Brivio wrote:
> > On Wed, 22 Feb 2023 14:30:21 +
> > Daniel P. Berrangé wrote:
> >
> >> On Wed, Feb 22, 2023 at 02:21:29PM +0100, Stefano Brivio wrote:
> >&
On Wed, 22 Feb 2023 15:23:04 +0100
Jiri Denemark wrote:
> I have just tagged v9.1.0-rc1 in the repository and pushed signed
> tarballs and source RPMs to https://libvirt.org/sources/
>
> Please give the release candidate some testing and in case you find a
> serious issue which should have a fix
On Wed, 22 Feb 2023 14:30:21 +
Daniel P. Berrangé wrote:
> On Wed, Feb 22, 2023 at 02:21:29PM +0100, Stefano Brivio wrote:
> > qemuSecurityCommandRun() causes an explicit domain transition of the
> > new process, but passt ships with its own SELinux policy, with
> > ex
This series implements fixes in the handling of passt's lifecycle.
v2: In 1/3, preserve the VM-specific MCS range by explicitly setting a
label, as suggested by Daniel, with a temporary workaround sketched
by Michal.
Stefano Brivio (3):
qemu_passt: Don't make passt tra
qemuSecurityCommandRun() would have dealt with this (if UID and GID
had been passed). With virCommandRun() we need separate, explicit
calls.
Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 6 ++
1 file
omains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 61e7047354..d5df3bb3f7 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_pass
;ll need a more
generic and elegant mechanism for helper binaries.
Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 33 +++--
1 file changed, 27 insertions(+), 6 deletions(
On Wed, 22 Feb 2023 11:35:16 +
Daniel P. Berrangé wrote:
> On Wed, Feb 22, 2023 at 12:21:09PM +0100, Michal Prívozník wrote:
> > On 2/22/23 11:05, Stefano Brivio wrote:
> > > On Wed, 22 Feb 2023 09:46:42 +
> > > Daniel P. Berrangé wrote:
> > >
On Wed, 22 Feb 2023 12:21:09 +0100
Michal Prívozník wrote:
> On 2/22/23 11:05, Stefano Brivio wrote:
> > On Wed, 22 Feb 2023 09:46:42 +
> > Daniel P. Berrangé wrote:
> >
> >> On Tue, Feb 21, 2023 at 10:49:46PM +0100, Stefano Brivio wrote:
> >&
On Wed, 22 Feb 2023 09:46:42 +
Daniel P. Berrangé wrote:
> On Tue, Feb 21, 2023 at 10:49:46PM +0100, Stefano Brivio wrote:
> > On Tue, 21 Feb 2023 19:43:33 +
> > Daniel P. Berrangé wrote:
> >
> > > On Tue, Feb 21, 2023 at 08:19:05
On Tue, 21 Feb 2023 19:43:33 +
Daniel P. Berrangé wrote:
> On Tue, Feb 21, 2023 at 08:19:05PM +0100, Stefano Brivio wrote:
> > qemuSecurityCommandRun() causes an explicit domain transition of the
> > new process, but passt ships with its own SELinux policy, with
> > ex
This series implements fixes in the handling of passt's lifecycle.
Stefano Brivio (3):
qemu_passt: Don't make passt transition to svirt_t/virt_domain on
start
qemu_passt: Set UID and GID to configured values for qemu driver, if
any
qemu_passt: Remove passt socket file on
qemuSecurityCommandRun() would have dealt with this (if UID and GID
had been passed). With virCommandRun() we need separate, explicit
calls.
Fixes: a56f0168d576 ("qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 6 ++
1 file
omains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index c7012e349a..0e028ca752 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_pass
ig to qemu domains")
Signed-off-by: Stefano Brivio
---
src/qemu/qemu_passt.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
index 1217a6a087..1a67cf44de 100644
--- a/src/qemu/qemu_passt.c
+++ b/src/qemu/qemu_passt.c
On Mon, 20 Feb 2023 09:38:05 +0100
Stefano Brivio wrote:
> Michal,
>
> On Fri, 17 Feb 2023 13:51:42 +0100
> Michal Prívozník wrote:
>
> > On 2/16/23 17:35, Laine Stump wrote:
> > > On 2/16/23 8:32 AM, Michal Privoznik wrote:
> > >
Michal,
On Fri, 17 Feb 2023 13:51:42 +0100
Michal Prívozník wrote:
> On 2/16/23 17:35, Laine Stump wrote:
> > On 2/16/23 8:32 AM, Michal Privoznik wrote:
> >> This is a v2 of:
> >>
> >> https://listman.redhat.com/archives/libvir-list/2023-February/237731.html
> >>
> >> diff to v1:
> >> - Merge
On Thu, 16 Feb 2023 17:38:47 +0100
Michal Prívozník wrote:
> On 2/16/23 17:07, Stefano Brivio wrote:
> > On Thu, 16 Feb 2023 14:32:51 +0100
> > Michal Privoznik wrote:
> >
> >> There are two places where we kill passt:
> >>
> >> 1) qemuPasstS
On Thu, 16 Feb 2023 17:27:11 +0100
Michal Prívozník wrote:
> On 2/16/23 17:07, Stefano Brivio wrote:
> > On Thu, 16 Feb 2023 14:32:50 +0100
> > Michal Privoznik wrote:
> >
> >> Passt has '--stderr' argument which makes it report error onto
> &g
On Thu, 16 Feb 2023 14:32:50 +0100
Michal Privoznik wrote:
> Passt has '--stderr' argument which makes it report error onto
> stderr rather to system log. Unfortunately, it's currently
> impossible to use both '--log-file' and '--stderr', so pass the
> latter only if the former isn't passed. Then
ommit),
> we can let virCommand module do all the heavy lifting and switch
> to virCommandSetErrorBuffer() instead of reading error from an
> FD.
>
> Signed-off-by: Michal Privoznik
Reviewed-by: Stefano Brivio
--
Stefano
(cmd);
> virCommandSetPidFile(cmd, pidfile);
> virCommandSetErrorFD(cmd, &errfd);
> -virCommandDaemonize(cmd);
>
> virCommandAddArgList(cmd,
> "--one-off",
For what it's worth,
Reviewed-by: Stefano Brivio
--
Stefano
On Thu, 16 Feb 2023 14:32:51 +0100
Michal Privoznik wrote:
> There are two places where we kill passt:
>
> 1) qemuPasstStop() - called transitively from qemuProcessStop(),
> 2) qemuPasstStart() - after failed start.
>
> Now, the code from 2) lack error preservation (so if there's
> another erro
On Thu, 16 Feb 2023 09:52:27 +0100
Michal Prívozník wrote:
> On 2/15/23 19:30, Stefano Brivio wrote:
> > On Wed, 15 Feb 2023 18:04:56 +0100
> > Michal Prívozník wrote:
> >
> >> On 2/15/23 08:50, Laine Stump wrote:
> >>> On 2/14/23 8:02 AM, Stefa
On Wed, 15 Feb 2023 18:04:56 +0100
Michal Prívozník wrote:
> On 2/15/23 08:50, Laine Stump wrote:
> > On 2/14/23 8:02 AM, Stefano Brivio wrote:
> >> On Tue, 14 Feb 2023 12:51:22 +0100
> >> Michal Privoznik wrote:
> >>
> >>> When passt
On Tue, 14 Feb 2023 16:30:17 +0100
Michal Prívozník wrote:
> On 2/14/23 14:02, Stefano Brivio wrote:
> > On Tue, 14 Feb 2023 12:51:22 +0100
> > Michal Privoznik wrote:
> >
> >> When passt starts it tries to do some security measures to
> >> restrict i
On Tue, 14 Feb 2023 12:51:22 +0100
Michal Privoznik wrote:
> When passt starts it tries to do some security measures to
> restrict itself. For instance, it creates its own namespaces,
> umounts basically everything, drops capabilities, forks off to
> further restrict itself (the child is where al
On Tue, 14 Feb 2023 12:13:28 +0100
Michal Prívozník wrote:
> On 2/14/23 11:08, Stefano Brivio wrote:
> > On Tue, 14 Feb 2023 09:01:39 +0100
> > Michal Prívozník wrote:
> >
> >> On 2/9/23 00:13, Laine Stump wrote:
> >>> I initially had the p
On Tue, 14 Feb 2023 09:01:39 +0100
Michal Prívozník wrote:
> On 2/9/23 00:13, Laine Stump wrote:
> > I initially had the passt process being started in an identical
> > fashion to the slirp-helper - libvirt was daemonizing the new process
> > and recording its pid in a pidfile. The problem with t
On Thu, 9 Feb 2023 11:10:21 +0100
Michal Prívozník wrote:
> On 2/9/23 10:56, Daniel P. Berrangé wrote:
> > On Thu, Feb 09, 2023 at 09:52:00AM +0100, Michal Prívozník wrote:
> >> On 2/9/23 00:13, Laine Stump wrote:
> >>> I initially had the passt process being started in an identical
> >>> fas
On Thu, 9 Feb 2023 09:52:00 +0100
Michal Prívozník wrote:
> On 2/9/23 00:13, Laine Stump wrote:
> > I initially had the passt process being started in an identical
> > fashion to the slirp-helper - libvirt was daemonizing the new process
> > and recording its pid in a pidfile. The problem with th
On Thu, 9 Feb 2023 10:09:38 +0100
Peter Krempa wrote:
> On Thu, Feb 09, 2023 at 09:59:54 +0100, Michal Prívozník wrote:
> > On 2/9/23 09:36, Peter Krempa wrote:
> > > On Wed, Feb 08, 2023 at 18:13:10 -0500, Laine Stump wrote:
> > >> I initially had the passt process being started in an identi
On Thu, 12 Jan 2023 09:45:39 -0500
Laine Stump wrote:
> On 1/11/23 1:33 PM, Daniel P. Berrangé wrote:
> > On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote:
> >> Initial support for network devices using passt (https://passt.top)
> >> for the backend connection will require:
> >>
> >>
36 matches
Mail list logo