to see that the
upcoming patch that converges all four to use a common
parser/formatter is a functional NOP.
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 28
src/conf/network_conf.c | 26 --
src/conf/network_conf.h | 2
()) into
hypervisor as well, so I just removed the copy in hypervisor.)
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 13 ++---
src/conf/domain_conf.h | 4 ++--
src/hypervisor/virhostdev.c | 8
src/hypervisor/virhostdev.h | 2 --
src/libvirt_private.syms| 5
; this makes it
possible to force binding of vfio-pci if there is an issue with the
auto-selected variant driver.
Signed-off-by: Laine Stump
---
src/util/virpci.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index 70fcedc4a5..ff5349b70d 100644
Now if a new attribute is added to , we only need to update
the formatting/parsing in one place.
Signed-off-by: Laine Stump
---
src/conf/network_conf.c | 23 ---
src/conf/virnetworkportdef.c | 20 ++--
2 files changed, 10 insertions(+), 33 deletions
kend" will become "driver.type".
This will allow easily adding other items for new attributes in the
element / C struct, which will be useful once we are using
this new struct in multiple places.
Signed-off-by: Laine Stump
---
src/conf/device_conf.h |
Add a surprisingly missing simple function to the arsenal.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/virstring.c | 17 +
src/util/virstring.h | 1 +
3 files changed, 19 insertions(+)
diff --git a/src/libvirt_private.syms b/src
test (except the case of the
virnetworkportxml2xmltest, which doesn't have a separate directory for
the XML result; fortunately the converged parsing of between
domain/network/networkport means that the test cases for network and
domain XML are already testing the same code that would convert "name&q
to its old usage (all the other
parts still apply, at least functionally, to the new usage). The name
change (which includes enum values) does cause a lot of churn, but
it's all mechanical.
Signed-off-by: Laine Stump
---
src/conf/device_conf.c | 9 +
src/conf/device_conf.h
s
modified accordingly.
Signed-off-by: Laine Stump
---
src/libxl/libxl_domain.c | 65 +++
src/libxl/libxl_driver.c | 25 ---
tests/libxlxml2domconfigdata/moredevs-hvm.xml | 1 -
tests/xlconfigdata/test-fullvirt-pci.xml | 2
out of sync over time) and replaces its
uses with a virDeviceHostdevPCIDriverInfo (which is a struct that
contains a virDeviceHostdevPCIDriverType).
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 48 +++-
src/conf/network_conf.c | 21
a slightly different (but related) use.
Signed-off-by: Laine Stump
---
tests/qemuxml2argvdata/hostdev-pci-address-unassigned.xml | 4
tests/qemuxml2argvdata/hostdev-pci-multifunction.xml | 7 ---
tests/qemuxml2argvdata/hostdev-vfio-multidomain.xml | 1 -
.../hostdev-vfio-zpci-a
ng the two different
choices each a complete element (rather than each being a
collection of attributes and subelements) these extra
attributes/subelements that were irrelevant to the hostdev-type
were made to be valid only for an emulated interface's
.
Signed-off-by: Laine Stump
---
src/co
r a
device (it will be the PCI driver implemented by the discovered
module) - these drivers are compatible with (and provide the entire
API of) the standard vfio-pci driver, but have additional
device-specific APIs that can be useful for, e.g., saving/restoring
state for migration.
Signed-off-by: L
This is done so that we can re-use the same parser/formatter for
and
Signed-off-by: Laine Stump
---
src/conf/device_conf.c | 41 +
src/conf/device_conf.h | 7 +++
src/conf/domain_conf.c | 28 +---
3 files changed, 53
to the basic vfio-pci
driver instead, you just need to add the element mentioned
above).
The first 12 patches are all just getting (1) going (a lot of it is
refactoring code to use common code for the four places that use the
hostdev element), and the final 3 patches implement (2).
More
of variant driver auto-detection is based on doing a lookup
in modules.alias, and that only lists *loadable modules* (not
drivers), so unless I'm missing something, it would be impossible
to auto-detect a VFIO variant driver that was statically
linked. This is beyond libvirt's ability to fix; th
This patch changes that line to "-Dnbdkit=disabled", thus unbreaking
the rpm build.
Signed-off-by: Laine Stump
---
This patch does fix a build-breaker, but I didn't want to push it in
case my comment was incorrect (I won't pretend that I've paid
attention to nbdkit)
libvirt.spe
On 10/16/23 3:34 PM, Praveen K Paladugu wrote:
Move guest interface management methods from qemu to hypervisor. These
methods will be shared by networking support in ch driver.
Signed-off-by: Praveen K Paladugu
---
po/POTFILES | 1 +
src/hypervisor/domain_interface.c
On 10/12/23 3:37 PM, Praveen K Paladugu wrote:
Move guest interface management methods from qemu to hypervisor. These
methods will be shared by networking support in ch driver.
Signed-off-by: Praveen K Paladugu
---
po/POTFILES | 1 +
src/hypervisor/domain_interface.c
On 9/18/23 3:20 PM, Praveen Paladugu wrote:
Folks,
I am working on upstreaming network support for ch driver. Like qemu driver,ch
driver invokes steps in qemuInterfaceEthernetConnect,
qemuInterfaceBridgeConnect methods to connect tap devices to appropriate
host backends.
Current implementation
update the manpage for the virsh nodedev-detach --driver option, and add a
blurb to the NEWS file for the upcoming release
Laine Stump (2):
docs: update description of virsh nodedev-detach --driver option
NEWS: document support for VFIO variant drivers
NEWS.rst| 11
Signed-off-by: Laine Stump
---
NEWS.rst | 11 +++
1 file changed, 11 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 3571c01b29..e40c8ac259 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -17,6 +17,17 @@ v9.7.0 (unreleased)
* **New features**
+ * qemu: basic support for use of "
in use)
Signed-off-by: Laine Stump
---
docs/manpages/virsh.rst | 25 +
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index f4e5a0bd62..ec7c823602 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/v
On 8/23/23 3:52 AM, Michal Prívozník wrote:
On 8/21/23 21:32, Laine Stump wrote:
There can be many different drivers that are of the type "VFIO", so
add the driver name to the object and allow getting/setting it.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 ++
On 8/23/23 3:52 AM, Michal Prívozník wrote:
On 8/21/23 21:32, Laine Stump wrote:
In the past, the only allowable values for the "driver" field of
virNodeDeviceDetachFlags() were "kvm" or "vfio" for the QEMU driver,
and "xen" for the libxl driver. T
On 8/23/23 3:52 AM, Michal Prívozník wrote:
On 8/21/23 21:32, Laine Stump wrote:
Normally I wouldn't bother with a change like this, but I was touching
the function anyway, and wanted to leave it looking nice and tidy.
Signed-off-by: Laine Stump
---
src/qemu/qemu_driver.c | 6 ++
1
rom within
virPCIDeviceBindToStub() (rather than from that function's caller),
using the driverName it has just figured out with the
now-not-duplicated code.
(NB: Since it could be used to probe *any* driver module, the name is
changed to virPCIProbeDriver()).
Signed-off-by: Laine Stump
---
src/util/vir
will currently result in the vfio-pci driver being bound to the
device.
2) in the case of the libxl driver, "xen" means to use the standard
driver used in the case of Xen ("pciback").
3) "kvm" as a driver name always results in an error, as le
Signed-off-by: Laine Stump
---
src/util/virpci.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index ac91480e0b..c721b8e533 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -1290,17 +1290,20
in the future.
Signed-off-by: Laine Stump
---
src/hypervisor/virhostdev.c | 7 ---
src/libvirt_private.syms| 2 +-
src/util/virpci.c | 10 ++
src/util/virpci.h | 6 +++---
tests/virpcitest.c | 2 +-
5 files changed, 15 insertions(+), 12 deletions(-)
diff
Normally I wouldn't bother with a change like this, but I was touching
the function anyway, and wanted to leave it looking nice and tidy.
Signed-off-by: Laine Stump
---
src/qemu/qemu_driver.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src
;vfio-dev" subdirectory of device directory in
sysfs to determine whether the currently-bound driver is a vfio
variant.
* support binding to a user-specified driver during nodedev-detach,
rather than only supporting vfio-pci.
Laine Stump (8):
util: use "stubDriverType" inste
uot;vfio-pci"
driver (since that would cause systems with pre-6.1 kernels to behave
incorrectly), but adds an additional check for the vfio-dev directory,
so that any VFIO variant driver is acceptable for libvirt to continue
setting up for VFIO device assignment.
Signed-off-by:
There can be many different drivers that are of the type "VFIO", so
add the driver name to the object and allow getting/setting it.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 ++
src/util/virpci.c| 16
src/util/virpci.h| 3 +++
3 fil
of whether we're talking about the name or the
type.
Signed-off-by: Laine Stump
---
src/hypervisor/domain_driver.c | 4 ++--
src/hypervisor/virhostdev.c| 8
src/libvirt_private.syms | 4 ++--
src/util/virnvme.c | 2 +-
src/util/virpci.c | 16 ---
remote MAC addresses can and should remain untouched, and the local
MAC address will end up being known to passt and beyond just by the
guest sending out packets with that MAC address.
Reported-by: Laszlo Ersek
Signed-off-by: Laine Stump
---
src/qemu/qemu_passt.c | 2 --
1 file changed, 2
On 6/15/23 11:53 AM, Hervé Werner wrote:
Hello
I'd like to revive the thread started by Eric Garver at the end of last
year that aims to bring native Firewalld support to libvirtd [1].
Currently the Firewalld configuration set up by libvirtd is based on a
quirk [2] that makes it a bit
On 5/31/23 10:31 AM, Jason Gunthorpe wrote:
On Wed, May 31, 2023 at 03:18:17PM +0100, Joao Martins wrote:
Hey Laine,
On 23/08/2022 15:11, Laine Stump wrote:
ping.
I have a different version of this patch where I do read the modules.alias file
rather than just checking the name of the driver
On 5/4/23 6:47 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:15PM -0400, Laine Stump wrote:
This patch series enables libvirt to use nftables rules rather than
iptables *when setting up virtual networks* (it does *not* add
nftables support to the nwfilter driver). It accomplishes
On 5/4/23 6:44 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:33PM -0400, Laine Stump wrote:
In the past virFirewall required all rollback rules for a group (those
commands necessary to "undo" any rules that had been added in that
group in case of a later failure) to b
On 5/3/23 11:40 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:15PM -0400, Laine Stump wrote:
When I first started on this (long, protracted, repeatedly interrupted
for extended periods - many of these patches are > a year old) task, I
considered doing an all-at-once compl
On 5/2/23 11:15 AM, Michal Prívozník wrote:
On 5/1/23 05:19, Laine Stump wrote:
+rule->ignoreErrors = ignoreErrors
+|| (group->actionFlags & VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
Nit pick - we usually put logical operands at the end of previous line.
A *
On 5/3/23 12:05 PM, Daniel P. Berrangé wrote:
On Wed, May 03, 2023 at 04:21:28PM +0100, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:23PM -0400, Laine Stump wrote:
This is the only iptables-specific function in all of
virfirewall.c. By moving it to viriptables.c (with appropriate
On 5/3/23 11:59 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:21PM -0400, Laine Stump wrote:
and take advantage of this to replace all the ternary operators when
calling virFirewallAddRule() with virIptablesActionTypeToString().
(NB: the VIR_ENUM declaration uses
On 5/3/23 11:56 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:20PM -0400, Laine Stump wrote:
These function are all moved into virnetfilter.[ch]. The only
functions from viriptables.[ch] that are still called from the
consumer (network bridge driver) are iptablesSetupPrivateChains
On 5/3/23 11:54 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:19PM -0400, Laine Stump wrote:
These toplevel functions have no iptables-specific code, except that
they each call a lower-level internal function that *is* iptables
specific. As a preparation to supporting use
On 5/4/23 4:33 AM, Andrea Bolognani wrote:
On Wed, May 03, 2023 at 04:26:21PM +0100, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:30PM -0400, Laine Stump wrote:
and include it in BuildRequires and Requires of the rpm specfile to
make sure it's available when doing official distro
This isn't yet used anywhere, since
VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK isn't being set.
Signed-off-by: Laine Stump
---
src/util/viriptables.c | 49 +++---
1 file changed, 46 insertions(+), 3 deletions(-)
diff --git a/src/util/viriptables.c b/src/util
Signed-off-by: Laine Stump
---
po/POTFILES | 1 +
src/network/bridge_driver_conf.c | 4 +
src/network/network.conf | 17 +-
src/util/meson.build | 1 +
src/util/virfirewall.c | 3 +-
src/util/virfirewall.h | 1 +
src/util
It's not always iptables rules that are being reloaded, could be
nftables. Also the message previously didn't clarify that this is only
reloading the rules for active virtual networks (and not for nwfilter,
for example).
Signed-off-by: Laine Stump
---
src/network/bridge_driver.c | 2 +-
1 file
the
iptables backend. A separate VIR_ENUM for "virNftablesAction",
producing slightly different strings, will be added later for the
nftables backend.)
Signed-off-by: Laine Stump
---
src/util/virfirewall.h | 8 +
src/util/viriptables.c | 69 -
irNetfilterXXX() entirely. I have
locally merged Eric's patches over the top of these patches, and
there are surprisingly few conflicts, but since his patches didn't
account for a user-settable config (but instead just always used the
firewalld backend if firewalld was active), some of the pat
might as well demonstrate
working patches and ask for opinions rather than throwing away
multiple patches and dealing with associated local merge/rebase
conflicts due to changing patches early in the series for possibly no
reason.)
Signed-off-by: Laine Stump
---
po/POTFILES | 1 +
src
.
Signed-off-by: Laine Stump
---
.../{base.args => base.iptables} | 0
tests/networkxml2firewalldata/base.nftables | 256 ++
...-linux.args => nat-default-linux.iptables} | 0
.../nat-default-linux.nftables| 248 +
...pv6-linux.args =>
K isn't being set.
Signed-off-by: Laine Stump
---
src/util/virnftables.c | 106 -
1 file changed, 105 insertions(+), 1 deletion(-)
diff --git a/src/util/virnftables.c b/src/util/virnftables.c
index b43b14bb82..0cc09caaed 100644
--- a/src/util/virnftables.
one outside the lock guard, returning immediately if
it's already set, and then moving the setting of chainInitDone up to
the top of the guarded section.)
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/network/bridge_driver_linux.c | 30 +++---
sr
ace to add it to the XML when formatted, parse
it from the XML when reading network status, and freeing the
virFirewall object with the virNetworkObj is freed.
Signed-off-by: Laine Stump
---
src/conf/virnetworkobj.c | 39 +++
src/conf/virnetworkobj.h | 11 ++
ways "5309").
Signed-off-by: Laine Stump
---
src/network/bridge_driver_linux.c | 15 +
.../nat-default-linux.nftables| 36 +-
.../nat-ipv6-linux.nftables | 58
.../nat-ipv6-masquerade-linux.nftables| 66
This is done so that we can be sure we're using the same chain name
for iptables and nftables. Not strictly necessary, but it will make
documentation and troubleshooting simpler.
Signed-off-by: Laine Stump
---
src/util/viriptables.c | 44 -
src/util
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/virfirewall.c | 59
src/util/virfirewall.h | 1 +
3 files changed, 61 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index df84c5520c..7eeed1e
be calling either
virIptablesApplyFirewallRule() or (to-be-created)
virNftablesApplyFirewallRule() depending on the backend chosen when
creating the virFirewall object).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 ++
src/util/virfirewall.c | 72
Signed-off-by: Laine Stump
---
src/conf/virnetworkobj.c| 1 +
src/network/bridge_driver.c | 8 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c
index ae26f6fab1..ce39ab5250 100644
--- a/src/conf/virnetworkobj.c
+++ b
These toplevel functions have no iptables-specific code, except that
they each call a lower-level internal function that *is* iptables
specific. As a preparation to supporting use of either iptables or
nftables, rename these functions from iptablesXXX to virNetfilterXXX.
Signed-off-by: Laine
, but the user can also switch from one firewall
backend to another by simply changing the setting in network.conf and
restarting libvirtd/virtnetworkd.
Signed-off-by: Laine Stump
---
src/network/bridge_driver.c | 34 +++--
src/network/bridge_driver_linux.c| 56
calls to virFirewallNew(). The other enum value (along with a method
of setting it for each driver) will be added later, when it can be
used (when the nftables backend is in the code).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 3 +++
src/network
for it (the nftables version of ApplyRule already
has this check).
Signed-off-by: Laine Stump
---
src/util/viriptables.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 96b69daf68..4e3188e4d1 100644
--- a/src/util/viriptables.c
and include it in BuildRequires and Requires of the rpm specfile to
make sure it's available when doing official distro builds.
Signed-off-by: Laine Stump
---
libvirt.spec.in | 2 ++
meson.build | 1 +
2 files changed, 3 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index
Signed-off-by: Laine Stump
---
libvirt.spec.in | 3 ++
src/network/libvirtd_network.aug | 36
src/network/meson.build | 11
src/network/network.conf | 3 ++
src/network
at the same time). We can just as well add
in the -w/--concurrent during virFirewallApplyRule, so move the arg-add to
ApplyRule to keep AddRule simple.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 27 +--
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git
These functions convert a virFirewall object to/from XML so that it
can be serialized to disk (in a virNetworkObj's status file) and
restored later (e.g. after libvirtd/virtnetworkd is restarted).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 +
src/util/virfirewall.c | 220
to), and iptablesAddOutputFixUdpChecksum() and
iptablesRemoveOutputFixUdpChecksum() (which add/remove rules to fix
improper checksum of DHCP packets, which is something not supported by
nftables)
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 51 +--
src/network/bridge_driver_linux.c | 1 +
src/util
just grab that with the API down in vir*ApplyRule() rather than
cluttering up the argument list on the entire call chain.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 32 ++--
1 file changed, 14 insertions(+), 18 deletions(-)
diff --git a/src/util/virfirewall.c b
es binary is present on the system and set
firewallBackend to iptables; if not, it will be left as "unset", which
(once multiple backends are available) will trigger an appropriate
error message the first time we attempt to add a rule.
Signed-off-by: Laine Stump
---
src/network/bri
N_AUTO_ROLLBACK that
can be retrieved with the new virFirewallTransactionGetFlags() API),
and 2) add a new rule to the current group's rollback rule list (with
the new virFirewallAddRollbackRule()).
We will actually use these in the backends in an upcoming patch.
Signed-off-by: Laine Stump
---
src/libvirt_p
e top of the call chain in the network
driver.
P.S. This specific behavior is really the only concrete reason for
keeping around an iptables backend, rather than just replacing it with
nftables.
Signed-off-by: Laine Stump
---
src/network/bridge_driver_linux.c | 13 +
1 file changed,
We will need access to these attributes of the object from outside
virfirewall.c.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 3 +++
src/util/virfirewall.c | 30 ++
src/util/virfirewall.h | 10 ++
3 files changed, 43 insertions(+)
diff
On 4/17/23 8:09 AM, Michal Privoznik wrote:
This is a relict of v3.7.0-rc1~132 when getter/setter APIs for
s/relict/relic/ :-)
(also, I like using the upstream commit ID (preceded by the word
"commit" to identify a particular commit, because gitk automagically
turns that into a link that
On 4/18/23 1:18 PM, Nick Guenther wrote:
April 18, 2023 3:37 AM, "Peter Krempa" wrote:
cases of code style not being aligned from what libvirt does normally ...
I'm very happy to conform my style as needed. I just want my users to be able
to use libvirt (if they can't I'll teach them to
On 4/18/23 9:43 AM, Ján Tomko wrote:
On a Tuesday in 2023, Andrea Bolognani wrote:
On Tue, Apr 18, 2023 at 03:19:45PM +0200, Ján Tomko wrote:
On a Tuesday in 2023, Andrea Bolognani wrote:
> That's already the case in practice, but it's a better
> experience for the user if we reject this
);
loader->nvramTemplate = g_strdup(cfg->firmwares[i]->nvram);
qemuFirmwareEnsureNVRAM(def, cfg, VIR_STORAGE_FILE_RAW);
Reviewed-by: Laine Stump
unreachable error in virVBoxSnapshotConfSaveVboxFile
util: xml: remove function names from error messages
Unify error message when namespaces are unsupported
vbox: unify "unable to get hard disk id" message
Reviewed-by: Laine Stump
(see typo in commit log message of 4/8)
On 3/18/23 9:38 AM, Ján Tomko wrote:
Both callers in the VirtualBox driver error out if the path
can't be fetched via VirtualBox APIs and abort on coversion error
s/coversion/conversion/
from UTF-16 to UTF-8.
Signed-off-by: Ján Tomko
---
src/vbox/vbox_snapshot_conf.c | 6 --
1 file
On 3/14/23 9:36 AM, Andrea Bolognani wrote:
Andrea Bolognani (2):
rpm: Recommend passt-selinux
news: Update for passt on SELinux/AppArmor support
NEWS.rst| 6 ++
libvirt.spec.in | 1 +
2 files changed, 7 insertions(+)
Reviewed-by: Laine Stump
On 3/8/23 11:49 PM, Laine Stump wrote:
All the necessary explanation is in Path 3/4
We may want to turn on this same behavior for some other external
processes, but right now the one we need it for is passt.
Resolves: https://bugzilla.redhat.com/2172267
I forgot to mention that proper
of the label, which is common to all child
processes related to a particular qemu domain instance, is also set).
Resolves: https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump
---
src/qemu/qemu_passt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_passt.c
ll callers currently set useBinarySpecificPath =
false, so all behavior should be completely unchanged. (The next
patch will set it to true only for the case of running passt.)
https://bugzilla.redhat.com/2172267
Signed-off-by: Laine Stump
---
src/qemu/qemu_dbus.c | 2 +-
src/qemu/qe
it in
virCommand::binaryPath so we only have to do the resolution once.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/vircommand.c| 51 +++-
src/util/vircommand.h| 1 +
3 files changed, 42 insertions(+), 11 deletions(-)
diff
Neither of these are modified anywhere in the function, and the
function will soon be called with an arg that actually is a const.
Signed-off-by: Laine Stump
---
src/security/security_selinux.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/security
All the necessary explanation is in Path 3/4
We may want to turn on this same behavior for some other external
processes, but right now the one we need it for is passt.
Resolves: https://bugzilla.redhat.com/2172267
Laine Stump (4):
util: add an API to retrieve the resolved path
On 3/3/23 10:44 AM, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 10:03:02AM -0500, Laine Stump wrote:
On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
This really isn't difficult to do in the security manager IMHO. It is
just a variation on the existing
On 3/3/23 1:36 PM, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 10:18:39AM -0800, Andrea Bolognani wrote:
On Fri, Mar 03, 2023 at 06:06:05PM +, Daniel P. Berrangé wrote:
On Fri, Mar 03, 2023 at 09:56:55AM -0800, Andrea Bolognani wrote:
Right, but wouldn't the idea of poking at the
On 2/23/23 5:47 AM, Daniel P. Berrangé wrote:
On Thu, Feb 23, 2023 at 11:40:00AM +0100, Jiri Denemark wrote:
On Wed, Feb 22, 2023 at 14:21:29 +0100, Stefano Brivio wrote:
qemuSecurityCommandRun() causes an explicit domain transition of the
new process, but passt ships with its own SELinux
to common logic
tests: Print fakerootdir when it's preserved
Reviewed-by: Laine Stump
tests/qemuhotplugtest.c | 15 ---
tests/qemumemlocktest.c | 15 ---
tests/qemustatusxml2xmltest.c | 15 ---
tests/qemuxml2argvtest.c | 15
'
qemu: domain: Fix logic when tainting domain
qemu: domain: Unexport qemuDomainObjTaintMsg
Reviewed-by: Laine Stump
for all 4.
src/conf/domain_conf.c | 13 +++--
src/qemu/qemu_agent.c | 8 ++--
src/qemu/qemu_domain.c | 32 +---
src/qemu
On 2/28/23 4:34 PM, Andrea Bolognani wrote:
Let users know that we're working on lifting the limitations
and that they should not use the feature in production until
then.
Signed-off-by: Andrea Bolognani
Reviewed-by: Laine Stump
I think I like your version better, as it is less wordy
r".
Signed-off-by: Laine Stump
---
If this change seems okay, anyone who ACKs please push it so that it's
in place before Jiri cuts the release (I may not yet be awake at that
time of day).
NEWS.rst | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/NEWS.rst b/NEWS.
On 2/28/23 11:11 AM, Peter Krempa wrote:
On Tue, Feb 28, 2023 at 09:49:26 -0500, Laine Stump wrote:
At Stefano's suggestion, this also adds a sentence pointing out that
SELinux must be disabled in order for passt support to work. I didn't
think to put this info in the NEWS file last month
At Stefano's suggestion, this also adds a sentence pointing out that
SELinux must be disabled in order for passt support to work. I didn't
think to put this info in the NEWS file last month.
Signed-off-by: Laine Stump
---
I've noticed that in some places, QEMU related points are marked
On 2/22/23 9:30 AM, Daniel P. Berrangé wrote:
On Wed, Feb 22, 2023 at 02:21:29PM +0100, Stefano Brivio wrote:
qemuSecurityCommandRun() causes an explicit domain transition of the
new process, but passt ships with its own SELinux policy, with
external interfaces for libvirtd, so we simply need
;qemu: hook up passt config to qemu domains")
Signed-off-by: Stefano Brivio
Reviewed-by: Laine Stump
(it's independent of the rest of the series, so I pushed it)
---
src/qemu/qemu_passt.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_passt.c
1 - 100 of 6191 matches
Mail list logo