Re: [libvirt] [PATCH 2/4] q35: set split kernel irqchip as default
On Wed, Dec 19, 2018 at 10:45:40PM +0100, Paolo Bonzini wrote: > On 19/12/18 22:24, Eduardo Habkost wrote: > > On Wed, Dec 19, 2018 at 09:12:55PM +0100, Paolo Bonzini wrote: > >> On 19/12/18 09:50, Peter Xu wrote: > >>> Starting from QEMU 4.0, let's specify "split" as the default value for > >>> kernel-irqchip. > >>> > >>> So for QEMU>=4.0 we'll have: allowed=Y,required=N,split=Y > >>>for QEMU<=3.1 we'll have: allowed=Y,required=N,split=N > >>>(omitting all the "kernel_irqchip_" prefix) > >>> > >>> Note that this "split" is optional - we'll first try to enable split > >>> kernel irqchip, and we'll fall back to complete kernel irqchip if we > >>> found that the kernel capability is missing. > >> > >> Please just fail completely and require a new kernel for the 4.0 machine > >> type. There are subtle differences between kernel and QEMU irqchip, I > >> don't think we want to open that can of worms. > > > > This would make existing VMs that are runnable with pc-q35-3.1.0 > > not runnable by only updating the machine-type. > > > > The good news is that we can make this a non-issue by clearly > > documenting that QEMU needs a more recent kernel (just like we'll > > do for RDTSCP[1]). > > Right, RDTSCP is exactly what came to mind. Ok so I think I'll just make it even simpler by dropping patch 1. Also I noticed that the documentation on linux kernel version requirement has not yet reached master but I'll assume it'll be there some day very soon so I'll ignore that part. Thanks everyone! I'll repost soon. -- Peter Xu -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v4 03/11] nvdimm: introduce 'unarmed' element into xml for NVDIMM memory
On 12/20/2018 12:07 AM, Daniel P. Berrangé wrote: On Tue, Dec 18, 2018 at 09:50:40AM +0800, Luyao Zhong wrote: On 2018/12/17 下午7:07, Daniel P. Berrangé wrote: On Mon, Dec 17, 2018 at 05:26:13PM +0800, Luyao Zhong wrote: The 'unarmed' option allows users to mark vNVDIMM read-only: Why don't we call this element then ? Just keep the same with QEMU, hah~ :) Well lets call it 'readonly' in libvirt because 'unarmed' tells users nothing useful. Got it! I'll update in next version patch. Regards, Daniel Thank you for your comments. Regards, Luyao -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: Fix vcpupin command output wrong vcpu pinning info
On 12/19/2018 05:27 PM, Michal Privoznik wrote: On 12/19/18 4:17 AM, Luyao Huang wrote: Commit 3072ded3 changed the waya to format the vcpu pinning info and forget to get cpumap for each vcpu during the loop, that cause vcpupin command will display vcpu 0 info for other vcpus. Signed-off-by: Luyao Huang --- tools/virsh-domain.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 4d9f065..24f7852 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -6954,7 +6954,8 @@ virshVcpuPinQuery(vshControl *ctl, if (got_vcpu && i != vcpu) continue; -if (!(pinInfo = virBitmapDataFormat(cpumap, cpumaplen))) +if (!(pinInfo = virBitmapDataFormat(VIR_GET_CPUMAP(cpumap, cpumaplen, i), +cpumaplen))) goto cleanup; if (virAsprintf(, "%zu", i) < 0) ACKed and pushed. Thanks a lot for your quick review ! Luyao Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 11/18] security_selinux: Remember old labels
On 12/12/18 7:40 AM, Michal Privoznik wrote: > Similarly to what I did in DAC driver, this also requires the > same SELinux label to be used for shared paths. If a path is > already in use by a domain (or domains) then and the domain we > are starting now wants to access the path it has to have the same > SELinux label. This might look too restrictive as the new label > can still guarantee access to already running domains but in > reality it is very unlikely and usually an admin mistake. > > Signed-off-by: Michal Privoznik > --- > src/security/security_selinux.c | 177 +++- > 1 file changed, 130 insertions(+), 47 deletions(-) > [...] > static int > @@ -1362,7 +1429,8 @@ getContext(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, > * errors that the caller(s) are already dealing with */ > static int > virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, > - const char *path) > + const char *path, > + bool recall) > { > bool privileged = virSecurityManagerGetPrivileged(mgr); > struct stat buf; > @@ -1386,26 +1454,35 @@ > virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, > goto cleanup; > } > > -if (stat(newpath, ) != 0) { > -VIR_WARN("cannot stat %s: %s", newpath, > - virStrerror(errno, ebuf, sizeof(ebuf))); > -goto cleanup; > -} > - > -if (getContext(mgr, newpath, buf.st_mode, ) < 0) { > -/* Any user created path likely does not have a default label, > - * which makes this an expected non error > - */ > -VIR_WARN("cannot lookup default selinux label for %s", newpath); > -ret = 0; > -goto cleanup; > -} > - > -if ((rc = virSecuritySELinuxTransactionAppend(path, fcon, false, true)) > < 0) > +if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) > < 0) > return -1; > else if (rc > 0) > return 0; > Since you've touched the code, Coverity looks again and determines that @newpath can be leaked above John > +if (recall) { > +if ((rc = virSecuritySELinuxRecallLabel(newpath, )) < 0) { > +goto cleanup; > +} else if (rc > 0) { > +ret = 0; > +goto cleanup; > +} > +} else { > +if (stat(newpath, ) != 0) { > +VIR_WARN("cannot stat %s: %s", newpath, > + virStrerror(errno, ebuf, sizeof(ebuf))); > +goto cleanup; > +} > + > +if (getContext(mgr, newpath, buf.st_mode, ) < 0) { > +/* Any user created path likely does not have a default label, > + * which makes this an expected non error > + */ > +VIR_WARN("cannot lookup default selinux label for %s", newpath); > +ret = 0; > +goto cleanup; > +} > +} > + [...] -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 11/18] security_selinux: Remember old labels
On 12/12/18 7:40 AM, Michal Privoznik wrote: > Similarly to what I did in DAC driver, this also requires the > same SELinux label to be used for shared paths. If a path is > already in use by a domain (or domains) then and the domain we > are starting now wants to access the path it has to have the same > SELinux label. This might look too restrictive as the new label > can still guarantee access to already running domains but in > reality it is very unlikely and usually an admin mistake. > > Signed-off-by: Michal Privoznik > --- > src/security/security_selinux.c | 177 +++- > 1 file changed, 130 insertions(+), 47 deletions(-) > [...] > + > +static int > +virSecuritySELinuxRecallLabel(const char *path, > + security_context_t *con) > +{ > +if (virSecurityGetRememberedLabel(SECURITY_SELINUX_NAME, > + path, con) < 0) > +return -1; > + > +if (!con) > +return 1; This ordering of the !con check has caused a Coverity concern that we use @con in the first call... When compared to the *_dac.c code which passes , I assume this should be passing , right? I'd usually send a patch, but wanted to make sure it was the right option... John > + > +return 0; > +} > + > + [...] -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/4] q35: set split kernel irqchip as default
On 19/12/18 22:24, Eduardo Habkost wrote: > On Wed, Dec 19, 2018 at 09:12:55PM +0100, Paolo Bonzini wrote: >> On 19/12/18 09:50, Peter Xu wrote: >>> Starting from QEMU 4.0, let's specify "split" as the default value for >>> kernel-irqchip. >>> >>> So for QEMU>=4.0 we'll have: allowed=Y,required=N,split=Y >>>for QEMU<=3.1 we'll have: allowed=Y,required=N,split=N >>>(omitting all the "kernel_irqchip_" prefix) >>> >>> Note that this "split" is optional - we'll first try to enable split >>> kernel irqchip, and we'll fall back to complete kernel irqchip if we >>> found that the kernel capability is missing. >> >> Please just fail completely and require a new kernel for the 4.0 machine >> type. There are subtle differences between kernel and QEMU irqchip, I >> don't think we want to open that can of worms. > > This would make existing VMs that are runnable with pc-q35-3.1.0 > not runnable by only updating the machine-type. > > The good news is that we can make this a non-issue by clearly > documenting that QEMU needs a more recent kernel (just like we'll > do for RDTSCP[1]). Right, RDTSCP is exactly what came to mind. Paolo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/4] q35: set split kernel irqchip as default
On Wed, Dec 19, 2018 at 09:12:55PM +0100, Paolo Bonzini wrote: > On 19/12/18 09:50, Peter Xu wrote: > > Starting from QEMU 4.0, let's specify "split" as the default value for > > kernel-irqchip. > > > > So for QEMU>=4.0 we'll have: allowed=Y,required=N,split=Y > >for QEMU<=3.1 we'll have: allowed=Y,required=N,split=N > >(omitting all the "kernel_irqchip_" prefix) > > > > Note that this "split" is optional - we'll first try to enable split > > kernel irqchip, and we'll fall back to complete kernel irqchip if we > > found that the kernel capability is missing. > > Please just fail completely and require a new kernel for the 4.0 machine > type. There are subtle differences between kernel and QEMU irqchip, I > don't think we want to open that can of worms. This would make existing VMs that are runnable with pc-q35-3.1.0 not runnable by only updating the machine-type. The good news is that we can make this a non-issue by clearly documenting that QEMU needs a more recent kernel (just like we'll do for RDTSCP[1]). [1] https://lore.kernel.org/lkml/20181210181328.ga...@zn.tnic/ -- Eduardo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [jenkins-ci PATCH] guests: Fix package list sorting
Signed-off-by: Andrea Bolognani --- Pushed as trivial. guests/vars/projects/osinfo-db-tools+mingw32.yml | 2 +- guests/vars/projects/osinfo-db-tools+mingw64.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/guests/vars/projects/osinfo-db-tools+mingw32.yml b/guests/vars/projects/osinfo-db-tools+mingw32.yml index b11..697e793 100644 --- a/guests/vars/projects/osinfo-db-tools+mingw32.yml +++ b/guests/vars/projects/osinfo-db-tools+mingw32.yml @@ -1,6 +1,6 @@ --- packages: - mingw32-glib2 + - mingw32-libarchive - mingw32-libxml2 - mingw32-libxslt - - mingw32-libarchive diff --git a/guests/vars/projects/osinfo-db-tools+mingw64.yml b/guests/vars/projects/osinfo-db-tools+mingw64.yml index 049418c..82cce80 100644 --- a/guests/vars/projects/osinfo-db-tools+mingw64.yml +++ b/guests/vars/projects/osinfo-db-tools+mingw64.yml @@ -1,6 +1,6 @@ --- packages: - mingw64-glib2 + - mingw64-libarchive - mingw64-libxml2 - mingw64-libxslt - - mingw64-libarchive -- 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v4 03/11] nvdimm: introduce 'unarmed' element into xml for NVDIMM memory
On Tue, Dec 18, 2018 at 09:50:40AM +0800, Luyao Zhong wrote: > > > On 2018/12/17 下午7:07, Daniel P. Berrangé wrote: > > On Mon, Dec 17, 2018 at 05:26:13PM +0800, Luyao Zhong wrote: > > > The 'unarmed' option allows users to mark vNVDIMM read-only: > > > > Why don't we call this element then ? > > > Just keep the same with QEMU, hah~ :) Well lets call it 'readonly' in libvirt because 'unarmed' tells users nothing useful. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH] guests: Add json-glib dependency for osinfo-db-tools
On Wed, 2018-12-19 at 14:30 +0100, Fabiano Fidêncio wrote: [...] > diff --git a/guests/vars/projects/osinfo-db-tools+mingw32.yml > b/guests/vars/projects/osinfo-db-tools+mingw32.yml > index b11..647bea2 100644 > --- a/guests/vars/projects/osinfo-db-tools+mingw32.yml > +++ b/guests/vars/projects/osinfo-db-tools+mingw32.yml > @@ -4,3 +4,4 @@ packages: >- mingw32-libxml2 >- mingw32-libxslt >- mingw32-libarchive > + - mingw32-json-glib > diff --git a/guests/vars/projects/osinfo-db-tools+mingw64.yml > b/guests/vars/projects/osinfo-db-tools+mingw64.yml > index 049418c..415644a 100644 > --- a/guests/vars/projects/osinfo-db-tools+mingw64.yml > +++ b/guests/vars/projects/osinfo-db-tools+mingw64.yml > @@ -4,3 +4,4 @@ packages: >- mingw64-libxml2 >- mingw64-libxslt >- mingw64-libarchive > + - mingw64-json-glib > diff --git a/guests/vars/projects/osinfo-db-tools.yml > b/guests/vars/projects/osinfo-db-tools.yml > index 54d8006..2c533a3 100644 > --- a/guests/vars/projects/osinfo-db-tools.yml > +++ b/guests/vars/projects/osinfo-db-tools.yml > @@ -6,3 +6,4 @@ packages: >- libarchive >- libxml2 >- libxslt > + - json-glib The lists above are supposed to be alphabetically sorted, which after your patch they no longer are. I'll fix that before pushing. Other than that, the patch looks good and my testing confirms it works fine, so Reviewed-by: Andrea Bolognani I'll push and apply the changes shortly. -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] news: Document original owner remembering
Signed-off-by: Michal Privoznik --- docs/news.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index e9b6bb7c65..09a34d1705 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -79,6 +79,19 @@ qemu: Add support for ARMv6l guests + + + Remember original owners and SELinux labels of files + + + When a domain is starting up libvirt changes DAC and + SELinux labels so that domain can access it. However, + it never remembered the original labels and therefore + the file was returned back to root:root. With this + release, the original labels are remembered and + restored properly. + + -- 2.19.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On 12/19/18 2:54 PM, Ján Tomko wrote: > > Reviewed-by: Ján Tomko Thanks to you and Dan. I've pushed these. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 00/18] Implement original label remembering
On Wed, Dec 12, 2018 at 01:40:44PM +0100, Michal Privoznik wrote: v3 of: https://www.redhat.com/archives/libvir-list/2018-November/msg01070.html diff to v2: - dropped 01/18 from v2 - Introduced a test - Couple of minor adjustments as suggested in review of v2 Michal Prívozník (18): util: Introduce xattr getter/setter/remover security: Include security_util security_dac: Restore label on failed chown() attempt virSecurityDACTransactionRun: Implement rollback virSecurityDACRestoreAllLabel: Reorder device relabeling virSecurityDACRestoreAllLabel: Restore more labels security_dac: Allow callers to enable/disable label remembering/recall security_dac: Remember old labels virSecurityDACRestoreImageLabelInt: Restore even shared/RO disks security_selinux: Track if transaction is restore security_selinux: Remember old labels security_selinux: Restore label on failed setfilecon() attempt virSecuritySELinuxTransactionRun: Implement rollback virSecuritySELinuxRestoreAllLabel: Reorder device relabeling virSecuritySELinuxRestoreAllLabel: Restore more labels tests: Introduce qemusecuritytest tools: Provide a script to recover fubar'ed XATTRs setup qemu.conf: Allow users to enable/disable label remembering cfg.mk | 4 +- src/libvirt_private.syms | 3 + src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 4 + src/qemu/qemu_conf.c | 4 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/Makefile.inc.am | 2 + src/security/security_dac.c| 227 ++ src/security/security_selinux.c| 272 src/security/security_util.c | 256 +++ src/security/security_util.h | 32 ++ src/util/virfile.c | 121 src/util/virfile.h | 20 +- tests/Makefile.am | 10 + tests/qemusecuritymock.c | 480 + tests/qemusecuritytest.c | 173 +++ tests/qemusecuritytest.h | 28 ++ tools/Makefile.am | 1 + tools/libvirt_recover_xattrs.sh| 96 ++ 19 files changed, 1600 insertions(+), 135 deletions(-) create mode 100644 src/security/security_util.c create mode 100644 src/security/security_util.h create mode 100644 tests/qemusecuritymock.c create mode 100644 tests/qemusecuritytest.c create mode 100644 tests/qemusecuritytest.h create mode 100755 tools/libvirt_recover_xattrs.sh Reviewed-by: Ján Tomko Jano signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 16/18] tests: Introduce qemusecuritytest
On Wed, Dec 12, 2018 at 01:41:00PM +0100, Michal Privoznik wrote: This test checks if security label remembering works correctly. It uses qemuSecurity* APIs to do that. And some mocking (even though it's not real mocking as we are used to from other tests like virpcitest). So far, only DAC driver is tested. Signed-off-by: Michal Privoznik --- cfg.mk | 4 +- src/util/virfile.h | 15 +- tests/Makefile.am| 10 + tests/qemusecuritymock.c | 480 +++ tests/qemusecuritytest.c | 173 ++ tests/qemusecuritytest.h | 28 +++ 6 files changed, 703 insertions(+), 7 deletions(-) create mode 100644 tests/qemusecuritymock.c create mode 100644 tests/qemusecuritytest.c create mode 100644 tests/qemusecuritytest.h sed -i 's/__QEMU_SECURITY_TEST_H__/LIBVIRT_QEMUSECURITYTEST_H/g' tests/qemusecuritytest.h perl -0777 -ni -pe 's/ \*\n \* Author: [^\n]*\n//s' tests/qemusecurity* Jano signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3 02/18] security: Include security_util
On Wed, Dec 12, 2018 at 01:40:46PM +0100, Michal Privoznik wrote: This file implements wrappers over XATTR getter/setter. It ensures the proper XATTR namespace is used. Signed-off-by: Michal Privoznik --- src/security/Makefile.inc.am | 2 + src/security/security_util.c | 256 +++ src/security/security_util.h | 32 + 3 files changed, 290 insertions(+) create mode 100644 src/security/security_util.c create mode 100644 src/security/security_util.h +/** + * virSecurityGetRememberedLabel: + * @name: security driver name + * @path: file name + * @label: label + * + * For given @path and security driver (@name) fetch remembered + * @label. The caller must not restore label if an error is + * indicated or if @label is NULL upon return. + * + * The idea is that the first time + * virSecuritySetRememberedLabel() is called over @path the + * @label is recorded and refcounter is set to 1. Each subsequent + * call to virSecuritySetRememberedLabel() increases the counter. + * Counterpart to this is virSecurityGetRememberedLabel() which + * decreases the counter and reads the @label only if the counter + * reached value of zero. For any other call (i.e. when the + * counter is not zero), virSecurityGetRememberedLabel() set s/set/sets/ + * @label to NULL (to notify the caller that the refcount is not + * zero) and returns zero. + * + * Returns: 0 on success, + * -1 otherwise (with error reported) + */ and of course: sed -i s/__SECURITY_UTIL_H__/LIBVIRT_SECURITY_UTIL_H/g src/security/security_util.h Jano signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [jenkins-ci PATCH] guests: Add json-glib dependency for osinfo-db-tools
Since bc594939c[0] osinto-db-tools depends on json-glib. [0]: https://gitlab.com/libosinfo/osinfo-db-tools/commit/bc594939c827d3364bb919c81f60a687c1ee9a49 Signed-off-by: Fabiano Fidêncio --- guests/vars/mappings.yml | 11 +++ guests/vars/projects/osinfo-db-tools+mingw32.yml | 1 + guests/vars/projects/osinfo-db-tools+mingw64.yml | 1 + guests/vars/projects/osinfo-db-tools.yml | 1 + 4 files changed, 14 insertions(+) diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml index 19f7a96..b160c50 100644 --- a/guests/vars/mappings.yml +++ b/guests/vars/mappings.yml @@ -198,6 +198,11 @@ mappings: rpm: java-1.8.0-openjdk-headless Ubuntu: + json-glib: +deb: libjson-glib-dev +pkg: json-glib +rpm: json-glib-devel + libacl: deb: libacl1-dev rpm: libacl-devel @@ -375,6 +380,9 @@ mappings: mingw32-gtk-vnc2: FedoraRawhide: mingw32-gtk-vnc2 + mingw32-json-glib: +FedoraRawhide: mingw32-json-glib + mingw32-libarchive: FedoraRawhide: mingw32-libarchive @@ -450,6 +458,9 @@ mappings: mingw64-gtk-vnc2: FedoraRawhide: mingw64-gtk-vnc2 + mingw64-json-glib: +FedoraRawhide: mingw64-json-glib + mingw64-libarchive: FedoraRawhide: mingw64-libarchive diff --git a/guests/vars/projects/osinfo-db-tools+mingw32.yml b/guests/vars/projects/osinfo-db-tools+mingw32.yml index b11..647bea2 100644 --- a/guests/vars/projects/osinfo-db-tools+mingw32.yml +++ b/guests/vars/projects/osinfo-db-tools+mingw32.yml @@ -4,3 +4,4 @@ packages: - mingw32-libxml2 - mingw32-libxslt - mingw32-libarchive + - mingw32-json-glib diff --git a/guests/vars/projects/osinfo-db-tools+mingw64.yml b/guests/vars/projects/osinfo-db-tools+mingw64.yml index 049418c..415644a 100644 --- a/guests/vars/projects/osinfo-db-tools+mingw64.yml +++ b/guests/vars/projects/osinfo-db-tools+mingw64.yml @@ -4,3 +4,4 @@ packages: - mingw64-libxml2 - mingw64-libxslt - mingw64-libarchive + - mingw64-json-glib diff --git a/guests/vars/projects/osinfo-db-tools.yml b/guests/vars/projects/osinfo-db-tools.yml index 54d8006..2c533a3 100644 --- a/guests/vars/projects/osinfo-db-tools.yml +++ b/guests/vars/projects/osinfo-db-tools.yml @@ -6,3 +6,4 @@ packages: - libarchive - libxml2 - libxslt + - json-glib -- 2.19.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/2] AMD SEV: Relabel session data under /var/lib/libvirt
On 12/11/18 3:43 PM, Erik Skultety wrote: > If a user tries to pass the optional "dhCert" or "session" data to the SEV > firmware, these are in form of a base64-encoded strings which libvirt then > takes and creates files with those strings as content under > /var/lib/libvirt/qemu/. Libvirt then puts paths to these files on to > QEMU cmdline. QEMU then uses these files within its communication with SEV > firmware, provided it has access to those files. > > https://bugzilla.redhat.com/show_bug.cgi?id=1658112 > > Erik Skultety (2): > qemu: process: SEV: Assume libDir to be the directory to create files > in > qemu: process: SEV: Relabel guest owner's SEV files created before > start > > src/qemu/qemu_process.c | 13 + > 1 file changed, 9 insertions(+), 4 deletions(-) > ACK Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] virsh: Fix vcpupin command output wrong vcpu pinning info
On 12/19/18 4:17 AM, Luyao Huang wrote: > Commit 3072ded3 changed the waya to format the vcpu pinning info > and forget to get cpumap for each vcpu during the loop, that cause > vcpupin command will display vcpu 0 info for other vcpus. > > Signed-off-by: Luyao Huang > --- > tools/virsh-domain.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c > index 4d9f065..24f7852 100644 > --- a/tools/virsh-domain.c > +++ b/tools/virsh-domain.c > @@ -6954,7 +6954,8 @@ virshVcpuPinQuery(vshControl *ctl, > if (got_vcpu && i != vcpu) > continue; > > -if (!(pinInfo = virBitmapDataFormat(cpumap, cpumaplen))) > +if (!(pinInfo = virBitmapDataFormat(VIR_GET_CPUMAP(cpumap, > cpumaplen, i), > +cpumaplen))) > goto cleanup; > > if (virAsprintf(, "%zu", i) < 0) > ACKed and pushed. Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list