From: ZhiPeng Lu
Signed-off-by: ZhiPeng Lu
---
v1->v2:
1. Fix "make syntax-check" failure
docs/formatnetwork.html.in | 17 +
docs/schemas/networkcommon.rng | 1 +
src/conf/netdev_vlan_conf.c | 2 +-
src/util/virnetdevopenvswitch.c | 5 +
On 2018/11/29 下午4:52, Peter Krempa wrote:
On Thu, Nov 29, 2018 at 12:08:58 +0800, Luyao Zhong wrote:
On 2018/11/28 下午10:32, Peter Krempa wrote:
On Wed, Nov 28, 2018 at 22:09:01 +0800, Luyao Zhong wrote:
According to the result parsing from xml, add corresponding properties
into QEMU command
Tagged in git and with signed tarball and rpms pushed to the usual
place:
ftp://libvirt.org/libvirt/
assuming nothing wromg is raised I'm likely to push the final 4.10.0
on Monday.
Please check and give it some testing,
thanks !
Daniel
--
Daniel Veillard | Red Hat
This event is emitted on the monitor when a GID table in pvrdma device
is modified and the change needs to be propagate to the backend RDMA
device's GID table.
The control over the RDMA device's GID table is done by updating the
device's Ethernet function addresses.
Usually the first GID entry is
[...]
> I tried the above but using the latest Raspbian Stretch Lite image instead of
> Arch:
> the guest comes up with no issues and offers serial console access, so that
> part
> works nicely.
Yes, this might better fit as the kernel is based on Debian (=Raspbian) and
arch uses a complete
[...]
> I can fix it before pushing without you having to send another respin,
> assuming
> you're okay with that.
Yes, sure. Thx.
[...]
> The two hunks above are unnecessary, since you're going to add proper
> VIR_ARCH_ARMV6L handling in the following commit. I'll drop them before
> pushing and
On Thu, Nov 29, 2018 at 03:20:11PM +0100, Erik Skultety wrote:
This is the first step towards libvirt picking the first available
render node instead of QEMU. It also makes sense for us to be able to do
that, since we allow specifying the node directly for SPICE, so if
there's no render node
On 11/5/18 3:49 PM, Michal Privoznik wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1624223
>
> There are two ways to request memory preallocation on cmd line:
> -mem-prealloc and .prealloc attribute to memory-backend-file.
> However, as it turns out it's not safe to use both at the same
>
Just like for SPICE, we need to put the render node DRI device into the
device cgroup list so that users don't need to add it manually via
qemu.conf file.
Signed-off-by: Erik Skultety
---
src/qemu/qemu_cgroup.c | 10 +++---
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git
Since we need to specify the rendernode option onto QEMU cmdline, we
need this union member to retain consistency in how we build the
cmdline.
Signed-off-by: Erik Skultety
---
src/conf/domain_conf.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/conf/domain_conf.h
Just like for SPICE, we need to change the permissions on the DRI device
used as the @rendernode for egl-headless graphics type.
Signed-off-by: Erik Skultety
---
src/security/security_dac.c | 15 +++
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git
Depending on whether QEMU actually supports the option, we can put the
'rendernode' on the '-display egl-headless' cmdline.
Signed-off-by: Erik Skultety
---
src/qemu/qemu_command.c | 32 ---
...egl-headless-rendernode.x86_64-latest.args | 31
Up until now, we formatted 'rendernode=' onto QEMU cmdline only if the
user specified it in the XML, otherwise we let QEMU do it for us. This
causes permission issues because by default the /dev/dri/renderDX
permissions are as follows:
crw-rw. 1 root video
There's literally no reason why it
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628892.
The problem is that we didn't put the DRI device into the namespace for QEMU to
access, but that was only a part of the issue. The other part of the issue is
that QEMU doesn't support specifying 'rendernode' for egl-headless yet (patches
This is the first step towards libvirt picking the first available
render node instead of QEMU. It also makes sense for us to be able to do
that, since we allow specifying the node directly for SPICE, so if
there's no render node specified by the user, we should pick the first
available one. The
Now that we have QAPI introspection of display types in QEMU upstream,
we can check whether the 'rendernode' option is supported with
egl-headless display type.
Signed-off-by: Erik Skultety
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h
Unlike with SPICE and SDL which use the subelement to enable OpenGL
acceleration, specifying egl-headless graphics in the XML has
essentially the same meaning, thus in case of egl-headless we don't have
a need for the 'enable' element attribute and we'll only be interested
in the 'rendernode' one
We're going to need a bit more logic for egl-headless down the road so
prepare a helper just like for the other display types.
Signed-off-by: Erik Skultety
---
src/qemu/qemu_command.c | 18 --
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_command.c
A few simple helpers that allow us to determine whether a graphics can
and will need to make use of a DRM render node.
Signed-off-by: Erik Skultety
---
src/conf/domain_conf.c | 41
src/conf/domain_conf.h | 9 +
src/libvirt_private.syms | 3
Just like for SPICE, we need to put the DRI device into the namespace,
otherwise it will be left out from the DAC relabeling process.
Signed-off-by: Erik Skultety
---
src/qemu/qemu_domain.c | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_domain.c
On Wed, 2018-11-28 at 21:45 +, in...@nafets.de wrote:
[...]
> +
> +
> + qemu: Add support for ARMv6l guests
> +
> +
Reviewed-by: Andrea Bolognani
--
Andrea Bolognani / Red Hat / Virtualization
--
libvir-list mailing list
libvir-list@redhat.com
On Wed, 2018-11-28 at 21:45 +, in...@nafets.de wrote:
[...]
> @@ -3261,6 +3261,12 @@ qemuDomainDefAddDefaultDevices(virDomainDefPtr def,
> break;
>
> case VIR_ARCH_ARMV6L:
> +addDefaultUSB = false;
> +addDefaultMemballoon = false;
> +if
On Wed, 2018-11-28 at 21:45 +, in...@nafets.de wrote:
> From: Stefan Schallenberg
The above line is kinda weird: I would expect the email address
to match the one in your R-b below.
It looks like you might have misconfigured git on your system.
I can fix it before pushing without you having
On 11/29/18 2:42 PM, Andrea Bolognani wrote:
> Commits d7434ae8009f and 9c4afbda3456 added replies files for
> QEMU 3.0.0 on s390x and QEMU 3.1.0 on x86_64 respectively, but
> only enabled the corresponding test in qemucapabilities and not
> in qemucaps2xml.
>
> Signed-off-by: Andrea Bolognani
>
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn
Our code is not bug free. The refcounting I introduced will
almost certainly not work in some use cases. Provide a script
that will remove all the XATTRs set by libvirt so that it can
start cleanly.
Signed-off-by: Michal Privoznik
---
tools/Makefile.am | 1 +
When iterating over list of paths/disk sources to relabel it may
happen that the process fails at some point. In that case, for
the sake of keeping seclabel refcount (stored in XATTRs) in sync
with reality we have to perform rollback. However, if that fails
too the only thing we can do is warn
We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 16
1 file changed, 16 insertions(+)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 48 ++---
1 file changed, 40 insertions(+), 8 deletions(-)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index cdbe07543c..9d31faa9d4 100644
---
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 161 ++--
1 file changed, 114 insertions(+), 47 deletions(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 715d9a428b..4990d94b5f 100644
---
Now that we have seclabel remembering we can safely restore
labels for shared and RO disks. In fact we need to do that to
keep seclabel refcount stored in XATTRs in sync with reality.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 8
1 file changed, 8 deletions(-)
Signed-off-by: Michal Privoznik
---
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 6 ++
src/qemu/qemu_conf.c | 4
src/qemu/test_libvirtd_qemu.aug.in | 1 +
4 files changed, 12 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug
It is going to be important to know if the current transaction we
are running is a restore operation or set label operation.
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 36 +++--
1 file changed, 25 insertions(+), 11 deletions(-)
diff --git
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 40 +++--
1 file changed, 28 insertions(+),
v2 of:
https://www.redhat.com/archives/libvir-list/2018-November/msg00862.html
diff to v1:
- in 03/18 I've implemented FreeBSD support as discussed in v1
Michal Prívozník (18):
security: Unify header conditionals
util: Introduce xattr getter/setter/remover
security: Include security_util
It helps whe trying to match calls with virSecuritySELinuxSetAllLabel
if the order in which devices are set/restored is the same in
both functions.
Signed-off-by: Michal Privoznik
---
src/security/security_selinux.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff
Because the implementation that will be used for label
remembering/recall is not atomic we have to give callers a chance
to enable or disable it. That is, enable it if and only if
metadata locking is enabled. Otherwise the feature MUST be turned
off.
Signed-off-by: Michal Privoznik
---
To avoid including a header file twice the following pattern is
used:
#ifndef __SOMETHING__
# define __SOMETHING__
where __SOMETHING__ should correspond to the header file name.
However, some of our header files break that pattern.
Signed-off-by: Michal Privoznik
---
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 3 +
src/util/virfile.c | 121 +++
src/util/virfile.h | 11
3 files changed, 135 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index
It's important to keep XATTRs untouched (well, in the same state
they were in when entering the function). Otherwise our
refcounting would be messed up.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 20 +++-
1 file changed, 19 insertions(+), 1 deletion(-)
It helps whe trying to match calls with virSecurityDACSetAllLabel
if the order in which devices are set/restored is the same in
both functions.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 36 ++--
1 file changed, 18 insertions(+), 18
This file implements wrappers over XATTR getter/setter. It
ensures the proper XATTR namespace is used.
Signed-off-by: Michal Privoznik
---
src/security/Makefile.inc.am | 2 +
src/security/security_util.c | 226 +++
src/security/security_util.h | 32 +
3
We are setting label on kernel, initrd, dtb and slic_table files.
But we never restored it.
Signed-off-by: Michal Privoznik
---
src/security/security_dac.c | 16
1 file changed, 16 insertions(+)
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index
Commits d7434ae8009f and 9c4afbda3456 added replies files for
QEMU 3.0.0 on s390x and QEMU 3.1.0 on x86_64 respectively, but
only enabled the corresponding test in qemucapabilities and not
in qemucaps2xml.
Signed-off-by: Andrea Bolognani
---
The proper fix would be to make both qemucapabilities
On Wed, 2018-11-28 at 13:25 +0100, Andrea Bolognani wrote:
> On Tue, 2018-11-27 at 20:37 +0100, in...@nafets.de wrote:
> > I use:
> > - Arch Linux ARM
> > http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
> > - Kernel
> >
On Wed, Nov 28, 2018 at 02:38:10PM +0100, Erik Skultety wrote:
> Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1628892.
> The problem is that we didn't put the DRI device into the namespace for QEMU
> to
> access, but that was only a part of the issue. The other part of the issue is
> that
On Thu, Nov 29, 2018 at 12:08:58 +0800, Luyao Zhong wrote:
> On 2018/11/28 下午10:32, Peter Krempa wrote:
> > On Wed, Nov 28, 2018 at 22:09:01 +0800, Luyao Zhong wrote:
> > > According to the result parsing from xml, add corresponding properties
> > > into QEMU command line, including 'align',
47 matches
Mail list logo
