Re: [libvirt] [PATCH] [Changelog]:If there is a process with a client which registers event callbacks, and it calls libvirt's API which uses the same virConnectPtr in that callback function. When this

Not sure you followed the exact meaning from the hacking page - that's an awfully long commit message string. It should be a single line of up to about 70 chars with "details" in the commit message itself somewhat like the original patch, e.g.: "remote: Fix use after free reference for

Re: [libvirt] [PATCH 4/4] network: check accept_ra before enabling ipv6 forwarding

On 03/03/2017 10:00 AM, Cédric Bosdonnat wrote: > When enabling IPv6 on all interfaces, we may get the host Router > Advertisement routes discarded. To avoid this, the user needs to set > accept_ra to 2 for the interfaces with such routes. > > See

Re: [libvirt] [PATCH] docs: document virt-host-validate bhyve support

Martin Kletzander wrote: > On Sat, Mar 11, 2017 at 10:13:00PM +0400, Roman Bogorodskiy wrote: > >Add an entry about virt-host-validate bhyve support and > >update the driver's page. > >--- > > docs/drvbhyve.html.in | 13 - > > docs/news.xml | 10 +- > > 2 files

Re: [libvirt] [PATCH 3/4] bridge_driver.c: more uses of SYSCTL_PATH

On 03/03/2017 10:00 AM, Cédric Bosdonnat wrote: > Replace a few occurences of /proc/sys by the corresponding macro > defined a few lines after: SYSCTL_PATH > --- > src/network/bridge_driver.c | 9 + > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git

Re: [libvirt] [PATCH 2/4] util: add virNetlinkDumpCommand()

On 03/03/2017 10:00 AM, Cédric Bosdonnat wrote: > virNetlinkCommand() processes only one response message, while some > netlink commands like routes dumping need to process several ones. > Add virNetlinkDumpCommand() as a virNetlinkCommand() sister. > --- > src/libvirt_private.syms | 1 + >

Re: [libvirt] [PATCH 1/4] util: extract the request sending code from virNetlinkCommand()

On 03/03/2017 10:00 AM, Cédric Bosdonnat wrote: > Allow to reuse as much as possible from virNetlinkCommand(). This > comment prepares for the introduction of virNetlindDumpCommand() > only differing by how it handles the responses. > --- > src/util/virnetlink.c | 90 >

Re: [libvirt] [BUG] mlock support breakage

On Mon, 13 Mar 2017 18:16:49 + "Daniel P. Berrange" wrote: > On Mon, Mar 13, 2017 at 02:08:30PM -0400, Luiz Capitulino wrote: > > On Mon, 13 Mar 2017 13:53:33 -0400 > > Luiz Capitulino wrote: > > > > > OK, you're right. I personally don't like

Re: [libvirt] [BUG] mlock support breakage

On Mon, Mar 13, 2017 at 02:08:30PM -0400, Luiz Capitulino wrote: > On Mon, 13 Mar 2017 13:53:33 -0400 > Luiz Capitulino wrote: > > > OK, you're right. I personally don't like we're putting a random cap > > on QEMU memory allocations, but if it's large enough it shouldn't

Re: [libvirt] [BUG] mlock support breakage

On Mon, 13 Mar 2017 13:53:33 -0400 Luiz Capitulino wrote: > OK, you're right. I personally don't like we're putting a random cap > on QEMU memory allocations, but if it's large enough it shouldn't be > a problem (I hope). The I hope part meaning, if we do find legitimate

[libvirt] [PATCH] bhyve: add config file support

Introduce config file support for the bhyve driver. The only available setting at present is 'firmware_dir' for specifying a directory with UEFI firmware files. --- src/Makefile.am | 25 +++- src/bhyve/bhyve.conf | 7 +++ src/bhyve/bhyve_capabilities.c

Re: [libvirt] [BUG] mlock support breakage

On Mon, 13 Mar 2017 16:43:46 + "Daniel P. Berrange" wrote: > On Mon, Mar 13, 2017 at 12:35:42PM -0400, Luiz Capitulino wrote: > > On Mon, 13 Mar 2017 16:08:58 + > > "Daniel P. Berrange" wrote: > > > > > > 2. Drop change c2e60ad0e51 and

Re: [libvirt] [PATCH 0/4] Prevent loosing IPv6 routes due to forwarding

Hi guys, Has that patch series fallen into the mailing list abysses? -- Cedric On Fri, 2017-03-03 at 16:00 +0100, Cédric Bosdonnat wrote: > Hi all, > > When enabling IPv6 forwarding on hosts getting Router Advertised routes, > the host looses the RA routes. To prevent this, check if the host

Re: [libvirt] [BUG] mlock support breakage

On Mon, Mar 13, 2017 at 12:35:42PM -0400, Luiz Capitulino wrote: > On Mon, 13 Mar 2017 16:08:58 + > "Daniel P. Berrange" wrote: > > > > 2. Drop change c2e60ad0e51 and automtically increase memory > > > locking limit to infinity when seeing > > > > > >pros:

Re: [libvirt] [BUG] mlock support breakage

On Mon, 13 Mar 2017 16:08:58 + "Daniel P. Berrange" wrote: > On Mon, Mar 13, 2017 at 11:58:24AM -0400, Luiz Capitulino wrote: > > > > Libvirt commit c2e60ad0e51 added a new check to the XML validation > > logic where XMLs containing must also > > contain . This causes

Re: [libvirt] [BUG] mlock support breakage

On Mon, Mar 13, 2017 at 11:58:24AM -0400, Luiz Capitulino wrote: > > Libvirt commit c2e60ad0e51 added a new check to the XML validation > logic where XMLs containing must also > contain . This causes two breakages where > working guests won't start anymore: > > 1. Systems where mlock limit was

[libvirt] [BUG] mlock support breakage

Libvirt commit c2e60ad0e51 added a new check to the XML validation logic where XMLs containing must also contain . This causes two breakages where working guests won't start anymore: 1. Systems where mlock limit was set in /etc/security/limits.conf 2. Guests using hugeTLB pages. In this case,

Re: [libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

On Mon, Mar 13, 2017 at 12:51:40PM +, Daniel P. Berrange wrote: RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure

Re: [libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

On 03/13/2017 01:51 PM, Daniel P. Berrange wrote: > RFC 6331 documents a number of serious security weaknesses in > the SASL DIGEST-MD5 mechanism. As such, libvirtd should not > by using it as a default mechanism. GSSAPI is the only other > viable SASL mechanism that can provide secure session

Re: [libvirt] [PATCH 0/7] qemu: Report better host-model CPUs in domain caps

On Wed, Mar 08, 2017 at 02:46:21PM +0100, Jiri Denemark wrote: One of the main reasons for introducing host-model CPU definition in a domain capabilities XML was the inability to express disabled features in a host capabilities XML. That is, when a host CPU is, e.g., Haswell without x2apic

[libvirt] [PATCH] Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5

RFC 6331 documents a number of serious security weaknesses in the SASL DIGEST-MD5 mechanism. As such, libvirtd should not by using it as a default mechanism. GSSAPI is the only other viable SASL mechanism that can provide secure session encryption so enable that by defalt as the replacement.

Re: [libvirt] [PATCH] qemuDomainBuildNamespace: Handle file mount points

On Mon, Mar 13, 2017 at 01:37:48PM +0100, Michal Privoznik wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1431112 > > Yeah, that's right. A mount point doesn't have to be a directory. > It can be a file too. However, the code that tries to preserve > mount points under /dev for new

[libvirt] [PATCH] qemuDomainBuildNamespace: Handle file mount points

https://bugzilla.redhat.com/show_bug.cgi?id=1431112 Yeah, that's right. A mount point doesn't have to be a directory. It can be a file too. However, the code that tries to preserve mount points under /dev for new namespace for qemu does not count with that option. Signed-off-by: Michal Privoznik

[libvirt] [PATCH 1/2] virTimeBackOffWait: Avoid long periods of sleep

While connecting to qemu monitor, the first thing we do is for it to show up. However, we are doing it with some timeout to avoid indefinite waits (e.g. when qemu doesn't create the monitor socket at all). After beaa447a29 we are using exponential back off timeout meaning, after the first

[libvirt] [PATCH 0/2] Adaptive timeout for connecting to qemu monitor

I am not able to test this properly (my host has "just" 32GiB of RAM), but I've patched qemu to insert some delay into its init process and it worked just fine. Michal Privoznik (2): virTimeBackOffWait: Avoid long periods of sleep qemu: Adaptive timeout for connecting to monitor

[libvirt] [PATCH 2/2] qemu: Adaptive timeout for connecting to monitor

There were couple of reports on the list (e.g. [1]) that guests with huge amounts of RAM are unable to start because libvirt kills qemu in the initialization phase. The problem is that if guest is configured to use hugepages kernel has to zero them all out before handing over to qemu process. For

Re: [libvirt] [PATCH] docs: document virt-host-validate bhyve support

On Sat, Mar 11, 2017 at 10:13:00PM +0400, Roman Bogorodskiy wrote: Add an entry about virt-host-validate bhyve support and update the driver's page. --- docs/drvbhyve.html.in | 13 - docs/news.xml | 10 +- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git

Re: [libvirt] [PATCH] Enable forgotten VIR_CONNECT_LIST_STORAGE_POOLS_* flags

On Mon, Mar 13, 2017 at 09:31:41 +0100, Jiri Denemark wrote: > VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE and > VIR_CONNECT_LIST_STORAGE_POOLS_ZFS were added to libvirt but the listing > API was not properly updated to use them. > > https://bugzilla.redhat.com/show_bug.cgi?id=1431543 > >

[libvirt] [PATCH] Enable forgotten VIR_CONNECT_LIST_STORAGE_POOLS_* flags

VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE and VIR_CONNECT_LIST_STORAGE_POOLS_ZFS were added to libvirt but the listing API was not properly updated to use them. https://bugzilla.redhat.com/show_bug.cgi?id=1431543 Signed-off-by: Jiri Denemark --- src/conf/storage_conf.c | 6