[libvirt] [PATCH v5 08/11] tests: Add test cases for external swtpm TPM emulator

This patch adds extensions to existing test cases and specific test cases for the tpm-emulator. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- .../tpm-emulator.x86_64-latest.args| 33 ++

[libvirt] [PATCH v5 10/11] conf: Add support for choosing emulation of a TPM 2

This patch extends the TPM's device XML with TPM 2 support. This only works for the emulator type backend and looks as follows: The swtpm process now has --tpm2 as an additional parameter: system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8 0.0 28364 3868 ? Rs

[libvirt] [PATCH v5 09/11] security: Label the external swtpm with SELinux labels

In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as well. We restore the old security labels once the swtpm has terminated. The file and process labels now look as follows: Directory:

[libvirt] [PATCH v5 04/11] security: Add DAC and SELinux security for tpm-emulator

Extend the DAC and SELinux modules with support for the tpm-emulator. We label the Unix socket that QEMU connects to after starting swtmp with DAC and SELinux labels. We do not have to restore the labels in this case since the tpm-emulator will remove the Unix socket when it terminates.

[libvirt] [PATCH v5 11/11] qemu: Add swtpm to emulator cgroup

Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. To enable this we need to have the swtpm write its process id (pid) into a file. We then read it from the file to configure the emulator cgroup. The PID file is created in

[libvirt] [PATCH v5 05/11] qemu: Extend qemu_conf with tpm-emulator support

Extend qemu_conf with user and group for running the tpm-emulator and add directories to the configuration for the locations of the log, state, and socket of the tpm-emulator. Also add these new directories to the QEMU Makefile.inc.am and the RPM spec file libvirt.spec.in. Signed-off-by: Stefan

[libvirt] [PATCH v5 03/11] util: Implement virFileChownFiles()

Implement virFileChownFiles() which changes file ownership of all files in a given directory. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/libvirt_private.syms | 1 + src/util/virfile.c | 55

[libvirt] [PATCH v5 00/11] Add support for TPM emulator

This series of patches adds support for the TPM emulator backend that is available in QEMU and based on swtpm + libtpms. It allows to attach a TPM 1.2 or 2 to a QEMU VM. sVirt labels are used for labeling the swtpm process, its Unix socket, and log file with the same label that the QEMU process

[libvirt] [PATCH v5 06/11] qemu: Extend QEMU with external TPM support

Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which simulates the manufacturing of a TPM, which includes creation of certificates for the device. Further, the external TPM needs storage on the

[libvirt] [PATCH v5 02/11] qemu: Extend QEMU capabilities with 'tpm-emulator'

Extend the QEMU capabilities with tpm-emulator support. Signed-off-by: Stefan Berger Reviewed-by: John Ferlan --- src/qemu/qemu_capabilities.c | 5 + src/qemu/qemu_capabilities.h | 1 +

[libvirt] [PATCH v5 01/11] conf: Add support for external swtpm TPM emulator to domain XML

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: Stefan Berger

[libvirt] [PATCH v5 07/11] qemu: Add support for external swtpm TPM emulator

This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: The XML will currently only start a TPM 1.2. Upon first start, libvirt will run `swtpm_setup`, which will simulate the manufacturing of a TPM and create certificates for it and

Re: [libvirt] [PATCH v2 0/5] Add QEMU SDL OpenGL support

On 05/10/2018 06:53 AM, Maciej Wolny wrote: > This patch set adds support for accelerated graphics rendering with OpenGL > when using the SDL backend with QEMU. This takes advantage of the `-sdl gl` > option in QEMU. > > Maciej Wolny (5): > qemu_command: Move SDL command line building into

Re: [libvirt] [PATCH] tests: Update caps for QEMU 2.12.0 on s390x

On 05/15/2018 07:46 AM, Shalini Chellathurai Saroja wrote: > Let us update the existing xml and replies files for QEMU 2.12.0 on > s390x. > > Signed-off-by: Shalini Chellathurai Saroja > --- > tests/domaincapsschemadata/qemu_2.12.0.s390x.xml | 99 +- >

Re: [libvirt] [perl PATCH] Switch over to using Module::Build

On Tue, May 15, 2018 at 08:17:09PM +0200, Andrea Bolognani wrote: > On Tue, 2018-05-15 at 18:55 +0100, Daniel P. Berrangé wrote: > > On Tue, May 15, 2018 at 07:23:28PM +0200, Andrea Bolognani wrote: > > > Lastly, the RPM build fails with > > > > > > RPM build errors: > > > Empty %files

Re: [libvirt] [jenkins-ci PATCH] projects: switch libvirt-perl over to using Module::Build

On Tue, 2018-05-15 at 16:37 +0100, Daniel P. Berrangé wrote: > Signed-off-by: Daniel P. Berrangé > --- > jobs/perl-makemaker.yaml | 136 - > projects/libvirt-perl.yaml | 6 +- > 2 files changed, 3 insertions(+), 139 deletions(-) >

[libvirt] [jenkins-ci PATCH 2/3] guests: Add Archive::Tar dependency for Perl projects

Module::Build requires Archive::Tar in order to create distribution archives, but on some operating systems there is no explicit dependency dragging it the latter when installing the former, so we need to handle it ourselves. Signed-off-by: Andrea Bolognani ---

[libvirt] [jenkins-ci PATCH 3/3] guests: Blacklist perl-ExtUtils-MakeMaker

We no longer need it, so blacklist it to make sure existing guests, where it was installed in the past, are cleaned up. We'll be able to drop it from the blacklist, along with the corresponding mapping, after a reasonable amount of time. Signed-off-by: Andrea Bolognani ---

[libvirt] [jenkins-ci PATCH 1/3] guests: Install Module::Build for libvirt-perl

The libvirt-perl project switched from ExtUtils::MakeMaker to Module::Build, so we need to change packages accordingly. Signed-off-by: Andrea Bolognani --- guests/vars/projects/libvirt-perl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[libvirt] [jenkins-ci PATCH 0/3] guests: Update for Module::Build

To be applied along with https://www.redhat.com/archives/libvir-list/2018-May/msg01121.html once libvirt-perl switches to Module::Build. Andrea Bolognani (3): guests: Install Module::Build for libvirt-perl guests: Add Archive::Tar dependency for Perl projects guests: Blacklist

Re: [libvirt] [perl PATCH] Switch over to using Module::Build

On Tue, 2018-05-15 at 18:55 +0100, Daniel P. Berrangé wrote: > On Tue, May 15, 2018 at 07:23:28PM +0200, Andrea Bolognani wrote: > > Lastly, the RPM build fails with > > > > RPM build errors: > > Empty %files file > >

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On 05/10/2018 05:57 PM, Stefan Berger wrote: In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as well. We restore the old security labels once the swtpm has terminated. The file and process

Re: [libvirt] [perl PATCH] Switch over to using Module::Build

On Tue, May 15, 2018 at 07:23:28PM +0200, Andrea Bolognani wrote: > On Tue, 2018-05-15 at 16:32 +0100, Daniel P. Berrangé wrote: > > The Module::Build system is nicer than ExtUtils::MakeMaker as it allows > > for better cross-platform portability by only relying on Perl, rather > > than both Perl

[libvirt] [perl PATCH v2] Switch over to using Module::Build

The Module::Build system is nicer than ExtUtils::MakeMaker as it allows for better cross-platform portability by only relying on Perl, rather than both Perl and system 'make' binary. Signed-off-by: Daniel P. Berrangé --- .gitignore | 17 +++ Build.PL

[libvirt] [PATCH v2 10/21] virsh: add nwfilter binding commands

$ virsh nwfilter-binding-list Port Dev Filter -- vnet0 clean-traffic vnet1 clean-traffic $ virsh nwfilter-binding-dumpxml vnet1 f25arm7

[libvirt] [PATCH v2 02/21] conf: change virNWFilterBindingPtr to virNWFilterBindingDefPtr

We are going to want to expose the NWFilter binding concept in the public API, so the virNWFilterBindingPtr type needs to be used there. Our internal type will shortly gain an XML representation, so rename it to virNWFilterBindingDefPtr which follows our normal conventions. Signed-off-by: Daniel

[libvirt] [PATCH v2 07/21] nwfilter: export port binding concept in the public API

When the daemons are split there will need to be a way for the virt drivers and/or network driver to create and delete bindings between network ports and network filters. This defines a set of public APIs that are suitable for managing this facility. Signed-off-by: Daniel P. Berrangé

[libvirt] [PATCH v2 06/21] schemas: add schema for nwfilter binding XML document

Signed-off-by: Daniel P. Berrangé --- docs/schemas/domaincommon.rng| 27 +- docs/schemas/nwfilter.rng| 29 +-- docs/schemas/nwfilter_params.rng | 32 + docs/schemas/nwfilterbinding.rng | 49

[libvirt] [PATCH v2 01/21] util: fix misleading command for virObjectLock

It only accepts a virObjecLockable, not a virObjecRWLockable Signed-off-by: Daniel P. Berrangé --- src/util/virobject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virobject.c b/src/util/virobject.c index 9fb0328d58..a597ff4f54 100644 ---

[libvirt] [PATCH v2 03/21] conf: add missing virxml.h include for nwfilter_params.h

The nwfilter_params.h header references the xmlNodePtr type, so must include the virxml.h header to get the libxml2 types defined. Signed-off-by: Daniel P. Berrangé --- src/conf/nwfilter_params.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf/nwfilter_params.h

[libvirt] [PATCH v2 00/21] nwfilter: refactor the driver to make it independent of virt drivers

v1: https://www.redhat.com/archives/libvir-list/2018-April/msg02616.html Today the nwfilter driver is entangled with the virt drivers in both directions. At various times when rebuilding filters nwfilter will call out to the virt driver to iterate over running guest's NICs. This has caused very

[libvirt] [PATCH v2 13/21] nwfilter: convert DHCP address snooping code to virNWFilterBindingDefPtr

Use the virNWFilterBindingDefPtr struct in the DHCP address snooping code directly. Signed-off-by: Daniel P. Berrangé --- src/nwfilter/nwfilter_dhcpsnoop.c | 150 ++--- src/nwfilter/nwfilter_dhcpsnoop.h | 7 +-

[libvirt] [PATCH v2 19/21] nwfilter: wire up new APIs for listing and querying filter bindings

Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to work. Signed-off-by: Daniel P. Berrangé --- src/nwfilter/nwfilter_driver.c | 71 ++ 1 file changed, 71

[libvirt] [PATCH v2 08/21] access: add nwfilter binding object permissions

Signed-off-by: Daniel P. Berrangé --- src/access/viraccessdriver.h | 5 src/access/viraccessdrivernop.c| 10 src/access/viraccessdriverpolkit.c | 21 src/access/viraccessdriverstack.c | 24 ++

[libvirt] [PATCH v2 20/21] nwfilter: wire up new APIs for creating and deleting nwfilter bindings

This allows the virsh commands nwfilter-binding-create and nwfilter-binding-delete to be used. Note using these commands lets you delete filters that were previously created automatically by the virt drivers, or add filters for VM nics that were not there before. Generally it is expected these

[libvirt] [PATCH v2 18/21] nwfilter: remove virt driver callback layer for rebuilding filters

Now that the nwfilter driver keeps a list of bindings that it has created, there is no need for the complex virt driver callbacks. It is possible to simply iterate of the list of recorded filter bindings. This means that rebuilding filters no longer has to acquire any locks on the virDomainObj

[libvirt] [PATCH v2 09/21] remote: add support for nwfilter binding objects

Signed-off-by: Daniel P. Berrangé --- src/remote/remote_daemon_dispatch.c | 15 + src/remote/remote_driver.c | 20 +++ src/remote/remote_protocol.x| 90 - src/remote_protocol-structs | 43 ++

[libvirt] [PATCH v2 12/21] nwfilter: convert IP address learning code to virNWFilterBindingDefPtr

Use the virNWFilterBindingDefPTr struct in the IP address learning code directly. Signed-off-by: Daniel P. Berrangé --- src/nwfilter/nwfilter_gentech_driver.c | 7 +- src/nwfilter/nwfilter_learnipaddr.c| 98 +++---

[libvirt] [PATCH v2 17/21] nwfilter: keep track of active filter bindings

Currently the nwfilter driver does not keep any record of what filter bindings it has active. This means that when it needs to recreate filters, it has to rely on triggering callbacks provided by the virt drivers. This introduces a hash table recording the virNWFilterBinding objects so the driver

[libvirt] [PATCH v2 05/21] conf: add support for parsing/formatting virNWFilterBindingDefPtr

A typical XML representation of the virNWFilterBindingDefPtr struct looks like this: f25arm7 12ac8b8c-4f23-4248-ae42-fdcd50c400fd Signed-off-by: Daniel P. Berrangé --- src/conf/virnwfilterbindingdef.c |

[libvirt] [PATCH v2 15/21] conf: introduce a virNWFilterBindingObjPtr struct

Introduce a new struct to act as the stateful owner of the virNWFilterBindingDefPtr objects. Signed-off-by: Daniel P. Berrangé --- src/conf/Makefile.inc.am | 2 + src/conf/virnwfilterbindingobj.c | 260 +++

[libvirt] [PATCH v2 16/21] conf: introduce a virNWFilterBindingObjListPtr struct

Introduce a new struct to act as the manager of a collection of virNWFilterBindingObjPtr objects. --- src/conf/Makefile.inc.am | 2 + src/conf/virnwfilterbindingobjlist.c | 475 +++ src/conf/virnwfilterbindingobjlist.h | 66 src/libvirt_private.syms

[libvirt] [PATCH v2 21/21] nwfilter: convert virt drivers to use public API for nwfilter bindings

Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Signed-off-by: Daniel P. Berrangé --- src/conf/domain_nwfilter.c

[libvirt] [PATCH v2 14/21] conf: report an error if nic needs filtering by no driver is present

If a includes a filter name but the nwfilter driver is not present we silently do nothing. This is very bad, because an application that thinks it is protected by malicious guest traffic will in fact be vulnerable. Reporting an error gives the administrator the ability to know there is a problem

[libvirt] [PATCH v2 04/21] conf: move virNWFilterBindingDefPtr into its own files

There's no code sharing between virNWFilterDef and virNWFilterBindingDefPtr types, so it is clearer if they live in separate source files and headers. Signed-off-by: Daniel P. Berrangé --- src/conf/Makefile.inc.am | 2 + src/conf/nwfilter_conf.c | 54

[libvirt] [PATCH v2 11/21] nwfilter: convert the gentech driver code to use virNWFilterBindingDefPtr

Use the virNWFilterBindingDefPtr struct in the gentech driver code directly. Signed-off-by: Daniel P. Berrangé --- src/nwfilter/nwfilter_dhcpsnoop.c | 35 +++-- src/nwfilter/nwfilter_driver.c | 22 ++- src/nwfilter/nwfilter_gentech_driver.c | 209

Re: [libvirt] [PATCH v4 11/11] qemu: Add swtpm to emulator cgroup

On Tue, May 15, 2018 at 11:43:10AM -0400, Stefan Berger wrote: > On 05/15/2018 11:34 AM, Daniel P. Berrangé wrote: > > On Tue, May 15, 2018 at 11:25:58AM -0400, Stefan Berger wrote: > > > On 05/10/2018 05:57 PM, Stefan Berger wrote: > > > > Add the external swtpm to the emulator cgroup so that

Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On 05/15/2018 09:53 AM, John Ferlan wrote: On 05/10/2018 05:57 PM, Stefan Berger wrote: Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which simulates the manufacturing of a TPM, which

Re: [libvirt] [perl PATCH] Switch over to using Module::Build

On Tue, 2018-05-15 at 16:32 +0100, Daniel P. Berrangé wrote: > The Module::Build system is nicer than ExtUtils::MakeMaker as it allows > for better cross-platform portability by only relying on Perl, rather > than both Perl and system 'make' binary. > > Signed-off-by: Daniel P. Berrangé

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On 05/15/2018 12:13 PM, Marc Hartmayer wrote: On Tue, May 15, 2018 at 05:50 PM +0200, Stefan Berger wrote: On 05/15/2018 11:45 AM, Stefan Berger wrote: On 05/15/2018 11:38 AM, Marc Hartmayer wrote: On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger

Re: [libvirt] [PATCHv3 00/13] Switch from yajl to Jansson

On Tue, May 15, 2018 at 06:12:05PM +0200, Andrea Bolognani wrote: > On Fri, 2018-05-11 at 14:59 +0200, Ján Tomko wrote: > > Per the discussion here: > > https://www.redhat.com/archives/libvir-list/2017-November/msg00225.html > > Switch from using yajl to Jansson. > > I tried building > >

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On Tue, May 15, 2018 at 05:50 PM +0200, Stefan Berger wrote: > On 05/15/2018 11:45 AM, Stefan Berger wrote: >> On 05/15/2018 11:38 AM, Marc Hartmayer wrote: >>> On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger >>> wrote: In this

Re: [libvirt] [PATCHv3 00/13] Switch from yajl to Jansson

On Fri, 2018-05-11 at 14:59 +0200, Ján Tomko wrote: > Per the discussion here: > https://www.redhat.com/archives/libvir-list/2017-November/msg00225.html > Switch from using yajl to Jansson. I tried building https://repo.or.cz/libvirt/jtomko.git/ jansson on all platform libvirt supports.

Re: [libvirt] [PATCH 05/12] storage_util: Generate the qcow secret earlier

On Tue, May 15, 2018 at 11:42:26 -0400, John Ferlan wrote: > > > On 05/15/2018 10:12 AM, Peter Krempa wrote: > > On Tue, May 08, 2018 at 08:47:58 -0400, John Ferlan wrote: > >> Rather than having storageBackendCreateQemuImgCheckEncryption > >> perform the virStorageGenerateQcowEncryption, let's

Re: [libvirt] [PATCH 12/12] storage_util: Introduce storageBackendDoCreateQemuImg

On Tue, May 15, 2018 at 11:45:34AM -0400, John Ferlan wrote: > > > On 05/15/2018 10:35 AM, Peter Krempa wrote: > > On Tue, May 08, 2018 at 08:48:05 -0400, John Ferlan wrote: > >> Extract out command line setup and run from storageBackendCreateQemuImg > >> as we'll need to run it twice soon. > >

[libvirt] [PATCH] travis: Install Jansson instead of yajl

libvirt has switched to Jansson as its JSON implementation, so we need it available for builds to succeed. yajl, on the other hand, is no longer needed. Signed-off-by: Andrea Bolognani --- Should be pushed at the same time as Ján's series. .travis.yml | 4 ++-- 1 file

Re: [libvirt] [PATCH 12/12] storage_util: Introduce storageBackendDoCreateQemuImg

On Tue, May 15, 2018 at 11:45:34 -0400, John Ferlan wrote: > > > On 05/15/2018 10:35 AM, Peter Krempa wrote: > > On Tue, May 08, 2018 at 08:48:05 -0400, John Ferlan wrote: > >> Extract out command line setup and run from storageBackendCreateQemuImg > >> as we'll need to run it twice soon. > > >

Re: [libvirt] [PATCH 12/13] util: storage: Store PR manager alias in the definition

On Mon, May 14, 2018 at 18:03:00 -0400, John Ferlan wrote: > > > On 05/14/2018 11:19 AM, Michal Privoznik wrote: > > On 05/14/2018 12:45 PM, Peter Krempa wrote: > >> Rather than always re-generating the alias store it in the definition > >> and in the status XML. > >> > >> Signed-off-by: Peter

Re: [libvirt] [PATCH 10/13] qemu: command: Move check whether PR manager object props need to be built

On Mon, May 14, 2018 at 16:46:15 -0400, John Ferlan wrote: > > > On 05/14/2018 06:45 AM, Peter Krempa wrote: > > Move it out of the formatter function and let the caller decide this. > > s/formatter/format/ > > I cannot recall our current consistency... Some times we seem to have > the lowest

Re: [libvirt] [PATCH 09/13] qemu: process: Change semantics of functions starting PR daemon

On Mon, May 14, 2018 at 16:33:58 -0400, John Ferlan wrote: > > > On 05/14/2018 06:45 AM, Peter Krempa wrote: > > Libvirt only manages one PR daemon. This means that we don't need to > > pass the 'disk' object and also rename the functions dealing with this > > so that it's obvious we only deal

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On 05/15/2018 11:45 AM, Stefan Berger wrote: On 05/15/2018 11:38 AM, Marc Hartmayer wrote: On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has.

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On 05/15/2018 11:38 AM, Marc Hartmayer wrote: On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as

Re: [libvirt] [PATCH 12/12] storage_util: Introduce storageBackendDoCreateQemuImg

On 05/15/2018 10:35 AM, Peter Krempa wrote: > On Tue, May 08, 2018 at 08:48:05 -0400, John Ferlan wrote: >> Extract out command line setup and run from storageBackendCreateQemuImg >> as we'll need to run it twice soon. > > Twice for one image creation? Or just two in general? > Twice for one

Re: [libvirt] [PATCH 08/13] qemu: Assign managed PR path when preparing storage source

On Mon, May 14, 2018 at 16:27:17 -0400, John Ferlan wrote: > > > On 05/14/2018 06:41 AM, Peter Krempa wrote: > > Rather than always checking which path to use pre-assign it when > > preparing storage source. > > > > This reduces the need to pass 'vm' around too much. For later use the > > path

Re: [libvirt] [PATCH v4 11/11] qemu: Add swtpm to emulator cgroup

On 05/15/2018 11:34 AM, Daniel P. Berrangé wrote: On Tue, May 15, 2018 at 11:25:58AM -0400, Stefan Berger wrote: On 05/10/2018 05:57 PM, Stefan Berger wrote: Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. I haven't made any

Re: [libvirt] [PATCH 05/12] storage_util: Generate the qcow secret earlier

On 05/15/2018 10:12 AM, Peter Krempa wrote: > On Tue, May 08, 2018 at 08:47:58 -0400, John Ferlan wrote: >> Rather than having storageBackendCreateQemuImgCheckEncryption >> perform the virStorageGenerateQcowEncryption, let's just do that >> earlier during storageBackendCreateQemuImg so that the

Re: [libvirt] [PATCH v4 09/11] security: Label the external swtpm with SELinux labels

On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: > In this patch we label the swtpm process with SELinux labels. We give it the > same label as the QEMU process has. We label its state directory and files > as well. We restore the old security labels once

Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On 05/15/2018 11:25 AM, Marc Hartmayer wrote: On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which

[libvirt] [jenkins-ci PATCH] projects: switch libvirt-perl over to using Module::Build

Signed-off-by: Daniel P. Berrangé --- jobs/perl-makemaker.yaml | 136 - projects/libvirt-perl.yaml | 6 +- 2 files changed, 3 insertions(+), 139 deletions(-) delete mode 100644 jobs/perl-makemaker.yaml diff --git

Re: [libvirt] [PATCH v4 11/11] qemu: Add swtpm to emulator cgroup

On Tue, May 15, 2018 at 11:25:58AM -0400, Stefan Berger wrote: > On 05/10/2018 05:57 PM, Stefan Berger wrote: > > Add the external swtpm to the emulator cgroup so that upper limits of CPU > > usage can be enforced on the emulated TPM. > > I haven't made any changes to this yet. A possibility

[libvirt] [perl PATCH] Switch over to using Module::Build

The Module::Build system is nicer than ExtUtils::MakeMaker as it allows for better cross-platform portability by only relying on Perl, rather than both Perl and system 'make' binary. Signed-off-by: Daniel P. Berrangé --- .gitignore | 17 +++ Build.PL

Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: > Implement functions for managing the storage of the external swtpm as well > as starting and stopping it. Also implement functions to use swtpm_setup, > which simulates the manufacturing of a TPM, which

Re: [libvirt] [PATCH v4 11/11] qemu: Add swtpm to emulator cgroup

On 05/10/2018 05:57 PM, Stefan Berger wrote: Add the external swtpm to the emulator cgroup so that upper limits of CPU usage can be enforced on the emulated TPM. I haven't made any changes to this yet. A possibility would be to put swtpm into its own tpm-emulator cgroup and extend the XML for

[libvirt] [jenkins-ci PATCH 2/2] guests: Add Ubuntu 18.04 support

Signed-off-by: Andrea Bolognani --- .../host_vars/libvirt-ubuntu-18/install.yml | 3 +++ guests/host_vars/libvirt-ubuntu-18/main.yml | 19 +++ 2 files changed, 22 insertions(+) create mode 100644 guests/host_vars/libvirt-ubuntu-18/install.yml create

[libvirt] [jenkins-ci PATCH 0/2] guests: Add Ubuntu 18.04 support

Applies cleanly on top of master, but requires [1] in order to successfully install Ubuntu 18.04 guests. [1] https://www.redhat.com/archives/libvir-list/2018-May/msg01105.html Andrea Bolognani (2): guests: Ubuntu 18.04 has python3-libxml2 guests: Add Ubuntu 18.04 support

[libvirt] [jenkins-ci PATCH 1/2] guests: Ubuntu 18.04 has python3-libxml2

Older Ubuntu releases didn't ship the bindings, but starting with the latest LTS that's no longer the case. Update the mappings to reflect this fact. Signed-off-by: Andrea Bolognani --- guests/vars/mappings.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff

[libvirt] [jenkins-ci PATCH 8/8] guests: Move native packages out of MinGW packages

Even though the packages are technically only needed when performing a MinGW build, it doesn't hurt to have them installed when performing native build, and keeping the native packages all in one place is cleaner. Signed-off-by: Andrea Bolognani ---

[libvirt] [jenkins-ci PATCH 7/8] guests: Remove duplicate native packages

The MinGW variant of a build can assume native dependencies are installed, so no need to spell them out again. Signed-off-by: Andrea Bolognani --- guests/vars/projects/libvirt+mingw.yml | 2 -- guests/vars/projects/libvirt-glib+mingw.yml | 4

[libvirt] [jenkins-ci PATCH 6/8] guests: virt-manager needs gtk-update-icon-cache

It's used during installation. Signed-off-by: Andrea Bolognani --- guests/vars/mappings.yml | 6 ++ guests/vars/projects/virt-manager.yml | 1 + 2 files changed, 7 insertions(+) diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml index

[libvirt] [jenkins-ci PATCH 4/8] guests: libosinfo needs libcurl and wget

libcurl is used directly, and wget is used to retrieve PCI and USB IDs at build time on platforms that don't ship them as part of the operating system, such as MinGW. Signed-off-by: Andrea Bolognani --- guests/vars/projects/libosinfo+mingw.yml | 3 +++

[libvirt] [jenkins-ci PATCH 3/8] guests: Prepare Debian and Ubuntu to build more projects

osinfo-db and virt-manager can both be successfully built on these platforms, so install the relative packages. Signed-off-by: Andrea Bolognani --- guests/host_vars/libvirt-debian-8/main.yml | 1 + guests/host_vars/libvirt-ubuntu-14/main.yml | 1 +

[libvirt] [jenkins-ci PATCH 5/8] guests: libvirt-dbus needs python3-gi

libvirt-glib is accessed through GObject Introspection in the test suite. Signed-off-by: Andrea Bolognani --- guests/vars/projects/libvirt-dbus.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/guests/vars/projects/libvirt-dbus.yml

[libvirt] [jenkins-ci PATCH 1/8] guests: Fix PERL5LIB on Debian sid

Debian sid is shipping Perl 5.26.2 now. Signed-off-by: Andrea Bolognani --- guests/host_vars/libvirt-debian-sid/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guests/host_vars/libvirt-debian-sid/main.yml

[libvirt] [jenkins-ci PATCH 2/8] guests: Simplify mapping for libtool

Ubuntu 14 is the only exception among Debian-based distributions. Signed-off-by: Andrea Bolognani --- guests/vars/mappings.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/guests/vars/mappings.yml b/guests/vars/mappings.yml index cfba51c..fdab104

[libvirt] [jenkins-ci PATCH 0/8] guests: Various fixes and improvements

Andrea Bolognani (8): guests: Fix PERL5LIB on Debian sid guests: Simplify mapping for libtool guests: Prepare Debian and Ubuntu to build more projects guests: libosinfo needs libcurl and wget guests: libvirt-dbus needs python3-gi guests: virt-manager needs gtk-update-icon-cache

Re: [libvirt] [PATCH 12/12] storage_util: Introduce storageBackendDoCreateQemuImg

On Tue, May 08, 2018 at 08:48:05 -0400, John Ferlan wrote: > Extract out command line setup and run from storageBackendCreateQemuImg > as we'll need to run it twice soon. Twice for one image creation? Or just two in general? > > Signed-off-by: John Ferlan > --- >

Re: [libvirt] [PATCH 11/12] storage_util: Introduce storageBackendCreateQemuImgSetInput

On Tue, May 08, 2018 at 08:48:04 -0400, John Ferlan wrote: > Split up virStorageBackendCreateQemuImgCmdFromVol into two parts. > It's too long anyway and virStorageBackendCreateQemuImgCmdFromVol > should just handle the command line processing. > > NB: Requires changing info.* into info->*

Re: [libvirt] [PATCH 10/12] storage_util: Move @type into _virStorageBackendQemuImgInfo

On Tue, May 08, 2018 at 08:48:03 -0400, John Ferlan wrote: > We're about to split up the code a bit more, so we'll need this > to be in the local struct. > > Signed-off-by: John Ferlan > --- > src/storage/storage_util.c | 13 +++-- > 1 file changed, 7 insertions(+),

Re: [libvirt] [PATCH v2 3/5] qemu: Add gl property to graphics of type sdl in domain config

On Mon, May 14, 2018 at 09:21:58AM -0400, John Ferlan wrote: On 05/14/2018 09:18 AM, Maciej Wolny wrote: On 14/05/18 13:40, Martin Kletzander wrote: On Mon, May 14, 2018 at 08:27:35AM -0400, John Ferlan wrote: On 05/14/2018 07:24 AM, Martin Kletzander wrote: On Fri, May 11, 2018 at

Re: [libvirt] [PATCH 07/12] storage_util: Remove luks distinction from secret path and alias

On Tue, May 08, 2018 at 08:48:00 -0400, John Ferlan wrote: > Remove the "luks" distinction as the code is about to become more > generic and be able to support qcow encryption as well. > > Signed-off-by: John Ferlan > --- > src/storage/storage_util.c | 10 +- > 1

Re: [libvirt] [PATCH 06/12] storage_util: Move secretPath generation

On Tue, May 08, 2018 at 08:47:59 -0400, John Ferlan wrote: > Move generation of secretPath to storageBackendGenerateSecretData > and simplify a bit since we know vol->target.encryption is set plus > we have a local @enc. > > Signed-off-by: John Ferlan > --- >

Re: [libvirt] [PATCH 05/12] storage_util: Generate the qcow secret earlier

On Tue, May 08, 2018 at 08:47:58 -0400, John Ferlan wrote: > Rather than having storageBackendCreateQemuImgCheckEncryption > perform the virStorageGenerateQcowEncryption, let's just do that > earlier during storageBackendCreateQemuImg so that the check > helper is just a check helper rather doing

Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On 05/15/2018 08:13 AM, Marc Hartmayer wrote: On Thu, May 10, 2018 at 11:57 PM +0200, Stefan Berger wrote: Implement functions for managing the storage of the external swtpm as well as starting and stopping it. Also implement functions to use swtpm_setup, which

Re: [libvirt] [PATCHv3 08/13] FIXUP: s/WITH_YAJL/WITH_JANSSON/

On Fri, May 11, 2018 at 14:59:09 +0200, Ján Tomko wrote: > --- > src/qemu/qemu_driver.c | 2 +- > tests/Makefile.am | 10 +- > tests/cputest.c| 16 > tests/libxlxml2domconfigtest.c | 4 ++-- > tests/qemuagenttest.c | 2 +- >

Re: [libvirt] [PATCHv3 07/13] FIXUP: compile and link with Jansson instead of yajl

On Fri, May 11, 2018 at 14:59:08 +0200, Ján Tomko wrote: > --- > src/Makefile.am | 8 > src/util/Makefile.inc.am | 4 ++-- > tests/Makefile.am| 2 +- > 3 files changed, 7 insertions(+), 7 deletions(-) ACK signature.asc Description: PGP signature -- libvir-list mailing

Re: [libvirt] [PATCHv3 05/13] FIXUP: Deprecate building --with-yajl

On Fri, May 11, 2018 at 14:59:06 +0200, Ján Tomko wrote: > --- > m4/virt-yajl.m4 | 27 +++ > 1 file changed, 3 insertions(+), 24 deletions(-) > ACK signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com

Re: [libvirt] [PATCHv3 12/13] build: switch --with-qemu default from yes to check

On Tue, May 15, 2018 at 03:14:33PM +0200, Peter Krempa wrote: On Fri, May 11, 2018 at 14:59:13 +0200, Ján Tomko wrote: Unless explicitly requested, enable the QEMU driver only if the Jansson library is present. Signed-off-by: Ján Tomko --- m4/virt-driver-qemu.m4 | 6 +-

Re: [libvirt] [PATCH v4 08/11] tests: Add test cases for external swtpm TPM emulator

On 05/10/2018 05:57 PM, Stefan Berger wrote: > This patch adds extensions to existing test cases and specific test cases > for the tpm-emulator. > > Signed-off-by: Stefan Berger > --- > .../tpm-emulator.x86_64-latest.args| 33 >

Re: [libvirt] [PATCH v4 06/11] qemu: Extend QEMU with external TPM support

On 05/10/2018 05:57 PM, Stefan Berger wrote: > Implement functions for managing the storage of the external swtpm as well > as starting and stopping it. Also implement functions to use swtpm_setup, > which simulates the manufacturing of a TPM, which includes creation of > certificates for the

Re: [libvirt] [PATCH 09/12] storage_util: Split preallocate set in storageBackendCreateQemuImgOpts

On Tue, May 08, 2018 at 08:48:02 -0400, John Ferlan wrote: > The only way preallocate could be set is if the info->format was > not RAW (see storageBackendCreateQemuImgSetBacking), so let's just > extract it from the if/else surrounding the application of the > encryption options. > >

  1   2   3   >