Re: [libvirt] [PATCH] apparmor: support finer-grained ptrace checks

On 22.09.2017 14:52, Guido Günther wrote: > Hi Jim, > On Wed, Sep 20, 2017 at 11:17:06AM -0600, Jim Fehlig wrote: >> On 09/20/2017 08:57 AM, Jim Fehlig wrote: >>> On 09/20/2017 12:51 AM, Guido Günther wrote: Hi Jim, On Mon, Sep 18, 2017 at 02:06:13PM -0600, Jim Fehlig wrote: > Kernel

[libvirt] Various apparmor related changes (part 2)

> Over the years there have been a bunch of changes to the > apparmor profiles and/or virt-aa-helper which have been > carried in Debian/Ubuntu but never made it upstream. > > In an attempt to clean this up and generally improve the > apparmor based environments, we (Christian and I) went > over

[libvirt] [PATCH 01/10] virt-aa-helper, apparmor: allow /usr/share/OVMF/ too

From: Simon McVittie <s...@debian.org> The split firmware and variables files introduced by https://bugs.debian.org/764918 are in a different directory for some reason. Let the virtual machine read both. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-of

[libvirt] [PATCH 02/10] virt-aa-helper: Generalize test for firmware paths

From: Christian Ehrhardt <christian.ehrha...@canonical.com> This replaces individual tests for firmware locations by a generic function which will simplify having additional locations in the future. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by:

[libvirt] [PATCH 09/10] apparmor, libvirt-qemu: Allow read access to overcommit_memory

From: Jamie Strandboge <ja...@ubuntu.com> Allow qemu to read @{PROC}/sys/vm/overcommit_memory. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/libvirt-qemu | 1 + 1 file ch

[libvirt] [PATCH 10/10] apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc

order to manage the certificates used by libvirt-vnc. Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/libvirt-qemu | 6 ++

[libvirt] [PATCH 03/10] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant <wgr...@ubuntu.com> Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> Acked-by: Guido Günther <a...@sigxcpu.org> --- examples/apparmor/

[libvirt] [PATCH 04/10] apparmor, libvirt-qemu: Add ppc64el related changes

From: Serge Hallyn <serge.hal...@ubuntu.com> Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> ---

[libvirt] [PATCH 06/10] apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu

On Debian/Ubuntu the libxl-save-helper (used when saving/restoring a domain through libxl) is located under /usr/lib/xen-/bin. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <

[libvirt] [PATCH 07/10] apparmor, libvirt-qemu: Allow access to ceph config

From: Serge Hallyn <serge.hal...@ubuntu.com> Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/appar

[libvirt] [PATCH 05/10] apparmor: Allow pygrub to run on Debian/Ubuntu

In Debian/Ubuntu the pygrub command is located under /usr/lib/xen-/bin/pygrub. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1326003 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examp

[libvirt] [PATCH 08/10] apparmor, libvirt-qemu: Allow macvtap access

From: Guilhem Lettron <guilhem+ubu...@lettron.fr> Add rule to allow access to /dev/tap* used by macvtap. Bug-Ubuntu: https://bugs.launchpad.net/bugs/921870 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com

Re: [libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

On 22.05.2017 15:12, Andrea Bolognani wrote: > On Thu, 2017-05-18 at 10:53 +0200, Stefan Bader wrote: >> @@ -102,6 +103,7 @@ >> /usr/bin/qemu-system-or32 rmix, >> /usr/bin/qemu-system-ppc rmix, >> /usr/bin/qemu-system-ppc64 rmix, >> + /usr/bin/qemu-s

Re: [libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

On 19.05.2017 11:03, Christian Ehrhardt wrote: > > On Fri, May 19, 2017 at 9:55 AM, Guido Günther > wrote: > > LGTM but I don't know much about PPC64, it's SLOF and where the device > tree should be located. > > > Hi those paths for SLOF are

Re: [libvirt] [PATCH 2/8] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

On 19.05.2017 09:46, Guido Günther wrote: > Hi Stefan, > On Thu, May 18, 2017 at 10:53:40AM +0200, Stefan Bader wrote: >> From: Simon McVittie <s...@debian.org> >> >> The split firmware and variables files introduced by >> https://bugs.debian.org/764918 are in a

Re: [libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

On 19.05.2017 13:13, Guido Günther wrote: > On Fri, May 19, 2017 at 11:18:18AM +0200, Christian Ehrhardt wrote: >> On Fri, May 19, 2017 at 10:03 AM, Guido Günther wrote: >> >>> But if we aim for a profile replace on blockcommit [1] the would't matter >>> since the whole profile

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

not be considered. Does the rest look ok (in particular 1/8 with the additional explanation)? -Stefan > >> Cheers, >> -- Guido >> >>> >>> Quoting Stefan Bader (stefan.ba...@canonical.com): >>>> From: Serge Hallyn <serge.hal...@ubuntu.com> &

[libvirt] [PATCH 6/8] apparmor: include local apparmor profiles

rhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> Acked-by: Jamie Strandboge <ja...@canonical.com> --- examples/Makefile.am | 14 ++ examples/apparmor/local-usr.lib.libvirt.virt-aa-helper | 2 ++

[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

From: Serge Hallyn <serge.hal...@ubuntu.com> Add fowner and fsetid to libvirt-qemu profile. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> ---

[libvirt] [PATCH 1/8] virt-aa-helper: Ask for no deny rule for readonly disk elements

write is allowed but it would cause a denial message and probably more relevant, allows to add write access later. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554031 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>

[libvirt] [PATCH 3/8] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant <wgr...@ubuntu.com> Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> Acked-by: Guido Günther <a...@sigxcpu.org> --- examples/apparmor/

[libvirt] [PATCH 8/8] apparmor, libvirt-qemu: Add ppc64el related changes

From: Serge Hallyn <serge.hal...@ubuntu.com> Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> ---

[libvirt] [PATCH 4/8] apparmor, virt-aa-helper: Allow access to libnl-3 config files

From: Felix Geyer <fge...@debian.org> Allow access to libnl-3 config files Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> Acked-by: Guido Günther <a...@sigxcpu.org> --- examples/apparmor

[libvirt] [PATCH 2/8] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

esting on firmware files in future). Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> Acked-by: Guido Günther <a...@sigxcpu.org> --- examples/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 1 + t

[libvirt] [PATCH 5/8] apparmor, virt-aa-helper: Explicit denies for host devices

From: Felix Geyer <fge...@debian.org> Add explicit denies for disk devices to avoid cluttering dmesg with (acceptable) denials (merged with a second patch which added more disk device names). Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by:

[libvirt] Various apparmor related changes (part 1), version 2

> Over the years there have been a bunch of changes to the > apparmor profiles and/or virt-aa-helper which have been > carried in Debian/Ubuntu but never made it upstream. > > In an attempt to clean this up and generally improve the > apparmor based environments, we (Christian and I) went > over

Re: [libvirt] [PATCH 09/10] appmor, virt-aa-helper: Add 9p support

On 15.05.2017 18:13, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:18PM +0200, Stefan Bader wrote: >> From: Serge Hallyn <serge.hal...@ubuntu.com> >> >> Add fowner and fsetid to libvirt-qemu profile and add link >> to 9p file options in virt-a

Re: [libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

On 15.05.2017 17:48, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:10PM +0200, Stefan Bader wrote: >> From: Serge Hallyn <serge.hal...@ubuntu.com> >> >> Just because a disk element only requests read access doesn't mean >> there may not be another readwrite

Re: [libvirt] [PATCH 06/10] apparmor, virt-aa-helper: Additional explicit denies for host devices

On 15.05.2017 17:56, Guido Günther wrote: > On Mon, May 15, 2017 at 03:23:15PM +0200, Stefan Bader wrote: >> From: Christian Ehrhardt <christian.ehrha...@canonical.com> >> >> This adds further explicit denies for host devices to silence >> (acceptable)

Re: [libvirt] [PATCH 07/10] apparmor: include local apparmor profiles

On 15.05.2017 16:30, Jamie Strandboge wrote: > On Mon, 2017-05-15 at 09:28 -0500, Jamie Strandboge wrote: >> On Mon, 2017-05-15 at 15:23 +0200, Stefan Bader wrote: >>> From: Felix Geyer <fge...@debian.org> >>> >>> Local overrides is a feature

[libvirt] [PATCH 10/10] apparmor, libvirt-qemu: Add ppc related changes

From: Serge Hallyn <serge.hal...@ubuntu.com> Updates profile to allow running on ppc64el. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> ---

[libvirt] [PATCH 02/10] apparmor, virt-aa-helper: allow /usr/share/OVMF/ too

esting on firmware files in future). Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/libvirt-qemu | 1 + src/security/virt-aa-helper.c | 1 + tests/virt-aa-helper-test | 24 +

[libvirt] [PATCH 08/10] apparmor: provide local override templates

the makefile template to include those when installing the apparmor profiles. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/Makefile.am | 14

[libvirt] [PATCH 03/10] apparmor, virt-aa-helper: Allow aarch64 UEFI.

From: William Grant <wgr...@ubuntu.com> Allow access to aarch64 UEFI images. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/libvirt-qemu | 2 ++ src/security/virt-aa-helper.

[libvirt] [PATCH 09/10] appmor, virt-aa-helper: Add 9p support

From: Serge Hallyn <serge.hal...@ubuntu.com> Add fowner and fsetid to libvirt-qemu profile and add link to 9p file options in virt-aa-helper. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by:

[libvirt] [PATCH 04/10] apparmor, virt-aa-helper: Allow access to libnl-3 config files

From: Felix Geyer <fge...@debian.org> Allow access to libnl-3 config files Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ 1 file cha

[libvirt] [PATCH 06/10] apparmor, virt-aa-helper: Additional explicit denies for host devices

From: Christian Ehrhardt <christian.ehrha...@canonical.com> This adds further explicit denies for host devices to silence (acceptable) denial warnings. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com

[libvirt] [PATCH 07/10] apparmor: include local apparmor profiles

ctives to the apparmor profiles for virt-aa-helper and libvirtd. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 3 +++ examples/apparmor/usr.sbin.libvirt

[libvirt] [PATCH 01/10] virt-aa-helper: Ask for no deny rule for readonly disk elements

; Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- src/security/virt-aa-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 5f5d1cd..d976a00 100644 --- a/src/security/virt-aa-helper.c

[libvirt] [PATCH 05/10] apparmor, virt-aa-helper: Explicit denies for host devices

From: Felix Geyer <fge...@debian.org> Add explicit denies for disk devices to avoid cluttering dmesg with (acceptable) denials. Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> ---

[libvirt] Various apparmor related changes (part 1)

Over the years there have been a bunch of changes to the apparmor profiles and/or virt-aa-helper which have been carried in Debian/Ubuntu but never made it upstream. In an attempt to clean this up and generally improve the apparmor based environments, we (Christian and I) went over the changes,

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 20:43, Eric Blake wrote: > On 10/10/2016 11:48 AM, Stefan Bader wrote: > >>> I did not hear about that before. But revisiting things again I think what >>> happened is that the Xen patch which I had done before (but at that time >>> forgot >>

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 18:32, Stefan Bader wrote: > On 10.10.2016 17:06, Cole Robinson wrote: >> On 10/07/2016 03:56 AM, Stefan Bader wrote: >>> Two small changes, before I forget about submitting them... >>> >>> First one affects all environments the same. The list of

Re: [libvirt] libvirt-guest.sh bug fixes

On 10.10.2016 17:06, Cole Robinson wrote: > On 10/07/2016 03:56 AM, Stefan Bader wrote: >> Two small changes, before I forget about submitting them... >> >> First one affects all environments the same. The list of UIDs which >> is generated has each element on a sepa

[libvirt] [PATCH 2/2] tools: Exclude Xen dom0 from libvirt-guests.sh list

With newer versions of libvirt Domain-0 is again visible in the list of running guests but it should not be considered as a guest for shutdown or suspend. Signed-off-by Stefan Bader <stefan.ba...@canonical.com> --- tools/libvirt-guests.sh.in | 4 ++-- 1 file changed, 2 insertions(+), 2 del

[libvirt] [PATCH 1/2] tools: Ignore newlines in libvirt-guests.sh guest list

by Omar Siam <si...@gmx.net> Bug-Ubuntu: http://bugs.launchpad.net/bugs/1591695 Signed-off-by: Stefan Bader <stefan.ba...@canonical.com> --- tools/libvirt-guests.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests

[libvirt] libvirt-guest.sh bug fixes

Two small changes, before I forget about submitting them... First one affects all environments the same. The list of UIDs which is generated has each element on a separate line. And using quotes in the echo preserves those newlines. However the processing assumes one line per URI and all UIDs

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 09.05.2016 21:00, intrigeri wrote: > Hi, > >> Stefan Bader wrote (20 May 2015 10:11:45 GMT) : >> intrigeri wrote (15 Jun 2015 15:09:11 GMT) : >> My (possibly incomplete) records say that I've tested the latest >> proposed patch set back in February (<85iof8v6

[libvirt] Should external snapshots be possible with type volume image files?

At least up to libvirt version 1.2.16 an external snapshot fails when the image file (supported type like QCOW2) is not specified as type='file' by as type='volume' to a pool that consists of image files (type directory). The reason there is that the source element of the disk definition does not

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

release is before release, the treadmill never stops... ;-P Since I lost most context by now, I will try to find my most recent proposal again and try to get it moved into present state of packages. -Stefan intrigeri wrote (11 Feb 2015 14:58:54 GMT) : Hi Stefan and others, Stefan Bader

Re: [libvirt] libxl and non-absolute paths

On 18.02.2015 04:15, Jim Fehlig wrote: Stefan Bader wrote: Just recently we moved to libvirt 1.2.12 for the next release. Which brought up a few problems when working with configs which we and Debian used to have. A mild complaint towards the xml validation: it would be really nice

Re: [libvirt] libxl and non-absolute paths

On 16.02.2015 10:18, Martin Kletzander wrote: On Fri, Feb 13, 2015 at 03:20:07PM +0100, Stefan Bader wrote: Just recently we moved to libvirt 1.2.12 for the next release. Which brought up a few problems when working with configs which we and Debian used to have. A mild complaint towards

[libvirt] libxl and non-absolute paths

Just recently we moved to libvirt 1.2.12 for the next release. Which brought up a few problems when working with configs which we and Debian used to have. A mild complaint towards the xml validation: it would be really nice of that would be a bit more specific about what exactly it complains. It

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 20.10.2014 12:48, Stefan Bader wrote: On 19.10.2014 17:07, intrigeri wrote: Hi Stefan, Stefan Bader wrote (19 Oct 2014 11:07:40 GMT) : Yeah, I actually did but it felt a bit hackish but then I am told anything looks a bit hackish when it involves autoconf. These are again against

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 19.10.2014 17:07, intrigeri wrote: Hi Stefan, Stefan Bader wrote (19 Oct 2014 11:07:40 GMT) : Yeah, I actually did but it felt a bit hackish but then I am told anything looks a bit hackish when it involves autoconf. These are again against upstream libvirt mostly because the last touch

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

steps, one introducing the machinery and the second to add the changes. That way the vast looking delta of the first patch boils down to mostly renames. -Stefan From 5d0c61d3e9df6a4f58ac933d1fadc9b36eff2dce Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Mon, 13 Oct

[libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

sections (like #if (APPARMOR_VERSION = xxx)). So that is where we stand. Ideas are very welcome. -Stefan --- From aec5cf8cc30c80492a37856626264c3d4c27a31f Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Thu, 18 Sep 2014 14:15:17 +0200 Subject: [PATCH] Add missing delta from

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

On 01.10.2014 11:04, Daniel P. Berrange wrote: On Wed, Oct 01, 2014 at 10:30:58AM +0200, Stefan Bader wrote: This had been on the Debian package list before but its time to take this onwards. So the goal would be to have one set to rule them all (when using apparmor) and drop the seperate set

Re: [libvirt] [PATCH] libxl: Implement basic video device selection

On 19.09.2014 05:01, Jim Fehlig wrote: Stefan Bader wrote: Re-pushing this as the old thread got rather stale. Thanks. Some of the VFB setup went in a bug fix. Not sure I missed a detail in rebasing bug the keyboard setting may be the only thing missing... Yes, agreed. -Stefan

[libvirt] [PATCH] libxl: Implement basic video device selection

error for unsupported video type] [v4: Re-arrange code and move VFB setup into libxlMakeVfbList] [v5: Rebased against head which already had some VFB setup code] From b3ff8f4c658d29f15e673af88b9ae2fdfa3c1317 Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Thu, 27 Mar 2014

Re: [libvirt] [PATCH] libxl: Implement basic video device selection

On 16.07.2014 23:05, Jim Fehlig wrote: Stefan Bader wrote: being as bad with timely responses. Ok, so how about the following? One note: it could be the STRDUP's are not strictly needed. But to me it felt wrong to have two places refer to the same strings (as MakeVFB copies the struct

[libvirt] [PATCH] libxl: Implement basic video device selection

in MakeVFB probably can be dropped (except setting the keyboard layout, maybe; which I might miss ;)). -Stefan From a95db265fa4c1a231e7c2d70baa360c6a0500e3b Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Thu, 27 Mar 2014 16:01:18 +0100 Subject: [PATCH] libxl

[libvirt] [PATCH 2/2] libxl: Fix up VRAM to minimum requirements

not be that different from current Cirrus behaviour. Only that in that case qemu seems to ignore the provided size. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c | 27 ++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git

[libvirt] [PATCH 1/2] libxl: Implement basic video device selection

decide between a Cirrus or standard VGA emulation and to modify the VRAM within certain limits using libvirt. [v2: Check return code of VIR_STRDUP and fix indentation] [v3: Split out VRAM fixup and return error for unsupported video type] Signed-off-by: Stefan Bader stefan.ba...@canonical.com

[libvirt] libxl: Enable video device selection for Xen

Sorry, this fell complete off my todos for a while. So I split off the fixup of VRAM into a separate patch which may or may not be used and only accept vga, xen and cirrus as supported types in the main patch. I believe I saw some discussions about how to fix some of the VRAM values as they are

Re: [libvirt] libvirt-libxl driver defaulting to tap disk and not working (ubuntu 12.10 + xen 4.5 + libvirt 1.2.3 + openstack)

On 21.04.2014 23:53, Jim Fehlig wrote: Tian, Shuangtai wrote: Hi, Jim The blktap seems not a module in xen 4.5, when I tried the load it , can not find the module, is there something wrong I did? It would be provided by your dom0 kernel, not Xen. The Ubuntu Xen kernel doesn't provide

[libvirt] [PATCH v2] libxl: Implement basic video device selection

:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Thu, 27 Mar 2014 16:01:18 +0100 Subject: [PATCH] libxl: Implement basic video device selection This started as an investigation into an issue where libvirt (using the libxl driver) and the Xen host, like an old couple, could not agree

Re: [libvirt] [Xen-devel] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 12:31, Stefan Bader wrote: On 04.04.2014 11:48, Ian Campbell wrote: On Fri, 2014-04-04 at 11:36 +0200, Stefan Bader wrote: +/* + * Take the first defined video device (graphics card) to display + * on the first graphics device (display). + * Right now only type

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 12:34, Ian Campbell wrote: On Fri, 2014-04-04 at 12:31 +0200, Stefan Bader wrote: On 04.04.2014 11:48, Ian Campbell wrote: On Fri, 2014-04-04 at 11:36 +0200, Stefan Bader wrote: +/* + * Take the first defined video device (graphics card) to display + * on the first

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 14:56, Ian Campbell wrote: On Fri, 2014-04-04 at 14:51 +0200, Daniel P. Berrange wrote: On Fri, Apr 04, 2014 at 11:34:17AM +0100, Ian Campbell wrote: On Fri, 2014-04-04 at 12:31 +0200, Stefan Bader wrote: On 04.04.2014 11:48, Ian Campbell wrote: On Fri, 2014-04-04 at 11:36 +0200

Re: [libvirt] [PATCH v2] libxl: Implement basic video device selection

On 04.04.2014 15:17, Daniel P. Berrange wrote: On Fri, Apr 04, 2014 at 11:36:39AM +0200, Stefan Bader wrote: +static int +libxlSetBuildGraphics(virDomainDefPtr def, libxl_domain_config *d_config) +{ +libxl_domain_build_info *b_info = d_config-b_info; + +/* + * Take the first

Re: [libvirt] libxl fixes/improvements for libvirt

On 03.04.2014 17:45, Michal Privoznik wrote: On 27.03.2014 17:55, Stefan Bader wrote: Here several changes which improve the handling of Xen for me: * 0001-libxl-Use-id-from-virDomainObj-inside-the-driver.patch This is a re-send as I initially submitted that as a reply to some

[libvirt] [PATCH 3/3] libxl: Implement basic video device selection

decide between a Cirrus or standard VGA emulation and to modify the VRAM within certain limits using libvirt. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c | 85 1 file changed, 85 insertions(+) diff --git a/src

[libvirt] libxl fixes/improvements for libvirt

Here several changes which improve the handling of Xen for me: * 0001-libxl-Use-id-from-virDomainObj-inside-the-driver.patch This is a re-send as I initially submitted that as a reply to some discussion. Starting from the visibly broken libxlDomainGetInfo when creating or rebooting a guest

[libvirt] [PATCH 2/3] libxl: Set disk format for empty cdrom device

that gets passed on. libxl: error: libxl_device.c:265:libxl__device_disk_set_backend: Disk vdev=hdc failed to stat: (null): Bad address Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c |3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libxl/libxl_conf.c b

[libvirt] [PATCH 1/3] libxl: Use id from virDomainObj inside the driver

-manager (not being able to get domain info after define or reboot). This was caused both though libxlDomainGetInfo() only but there were a lot of places that might potentially cause issues, too. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_driver.c | 75

[libvirt] libxl: Issues with virt-manager when used to manager Xen domains

This started off with some regression testing after going forward to Xen-4.4. We currently would pair that with a libvirt version 1.2.2 and right now operations through virsh seem to be working (mostly) well. But when using virt-manager (not the most up-to-date versions but some combinations that

[libvirt] [PATCH] libxl: Create log directory earlier

not had the directory created before. Move the code to create the libxl directory into libxlDriverConfigNew(). Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c |8 src/libxl/libxl_driver.c |7 --- 2 files changed, 8 insertions(+), 7 deletions

Re: [libvirt] libxl: Issues with virt-manager when used to manager Xen domains

On 25.03.2014 16:36, Daniel P. Berrange wrote: On Tue, Mar 25, 2014 at 04:22:54PM +0100, Stefan Bader wrote: This started off with some regression testing after going forward to Xen-4.4. We currently would pair that with a libvirt version 1.2.2 and right now operations through virsh seem

Re: [libvirt] libxl: Issues with virt-manager when used to manager Xen domains

On 25.03.2014 16:46, Daniel P. Berrange wrote: On Tue, Mar 25, 2014 at 04:42:25PM +0100, Stefan Bader wrote: On 25.03.2014 16:36, Daniel P. Berrange wrote: On Tue, Mar 25, 2014 at 04:22:54PM +0100, Stefan Bader wrote: This started off with some regression testing after going forward to Xen

[libvirt] [PATCH] libxl: Use id from virDomainObj inside the driver

-manager (not being able to get domain info after define or reboot). This was caused both though libxlDomainGetInfo() only but there were a lot of places that might potentially cause issues, too. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_driver.c | 75

Re: [libvirt] [PATCH] Avoid warning message from libxl driver on non-Xen kernels

On 17.03.2014 13:15, Daniel P. Berrange wrote: +if (!virFileExists(/proc/xen/capabilities)) { +VIR_INFO(Disabling driver as /proc/xen/capabilities does not exist); +return false; +} Oh right, I should have checked the log more carefully in all cases. It would work in

[libvirt] libvirt: [PATCH] libxl: Check for control_d string to decide about dom0

in the normal guests (with xenfs mounted) without initializing libxl. And also in dom0 where it still enables the libxl driver (if the xl toolstack is selected). -Stefan From f11949caca6dfe1a802472a2a6d4fe760115ccc6 Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Wed, 12 Mar

Re: [libvirt] libvirt: [PATCH] libxl: Check for control_d string to decide about dom0

On 12.03.2014 13:08, Ian Campbell wrote: On Wed, 2014-03-12 at 13:03 +0100, Stefan Bader wrote: I have been looking into a bug report (see BugLink) which reported libvirt to fail starting inside a Xen guest. Upon further investigation I found that some tools that help monitoring Xen guests

[libvirt] [PATCH] libxl: Fix devid init in libxlMakeNicList

the devid choice itself. And assuming libxlMakeNicList is only used on domain creation, a sequential numbering should be ok. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c |7 +++ 1 file changed, 7 insertions(+) diff --git a/src/libxl/libxl_conf.c b/src

Re: [libvirt] [PATCH] libxl: Fix devid init in libxlMakeNicList

On 08.01.2014 11:42, Ian Campbell wrote: On Wed, 2014-01-08 at 11:39 +0100, Stefan Bader wrote: This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96 libxl: Allow libxl to set NIC devid. However assigning devid's before calling libxlMakeNic does not work as that is calling

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 19.12.2013 18:57, Ian Campbell wrote: On Thu, 2013-12-19 at 18:06 +0100, Stefan Bader wrote: How about we: * move the init to setdefault to catch the single NIC added via hotplug case Init of devid? Yes, sorry for not being clear. Hm, would that work as I am not sure

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 19.12.2013 11:19, Ian Campbell wrote: On Wed, 2013-12-18 at 17:44 -0700, Jim Fehlig wrote: Stefan Bader wrote: On 18.12.2013 14:28, Ian Campbell wrote: On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: On 18.12.2013 13:27, Ian Campbell wrote: On Tue, 2013-12-17

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 13:27, Ian Campbell wrote: On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: Might this libxl fix be relevant: commit 5420f26507fc5c9853eb1076401a8658d72669da Author: Jim Fehlig jfeh...@suse.com Date: Fri Jan 11 12:22:26 2013 +

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 14:28, Ian Campbell wrote: On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: On 18.12.2013 13:27, Ian Campbell wrote: On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: Might this libxl fix be relevant: commit 5420f26507fc5c9853eb1076401a8658d72669da

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 18.12.2013 14:28, Ian Campbell wrote: On Wed, 2013-12-18 at 14:12 +0100, Stefan Bader wrote: On 18.12.2013 13:27, Ian Campbell wrote: On Tue, 2013-12-17 at 18:32 +0100, Stefan Bader wrote: Might this libxl fix be relevant: commit 5420f26507fc5c9853eb1076401a8658d72669da

[libvirt] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

Using virt-manager hypervisor default type: interface type='bridge' mac address='00:16:3e:5e:09:9d'/ source bridge='br0'/ script path='vif-bridge'/ /interface This causes the qemu call to have -net none which removes PXE boot abilities. A linux kernel has network

Re: [libvirt] [Xen-devel] Setting devid for emulated NICs (Xen 4.3.1 / libvirt 1.2.0) using libxl driver

On 17.12.2013 17:58, Ian Campbell wrote: On Tue, 2013-12-17 at 17:34 +0100, Stefan Bader wrote: Using virt-manager hypervisor default type: interface type='bridge' mac address='00:16:3e:5e:09:9d'/ source bridge='br0'/ script path='vif-bridge'/ /interface

Re: [libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus

to HEAD since I did the fix and testing in an older version. :/ Good you spotted that. Ok, I updated the patch as suggested (attached). -Stefan From 47ce666f6a4d91832883341c56f0a55181698e76 Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Mon, 15 Jul 2013 16:03:58 +0200

[libvirt] [PATCH] xen: Avoid double free of virDomainDef in xenDaemonCreateXML

] https://www.redhat.com/archives/libvir-list/2013-July/msg01183.html From 0e90fac9004996a6517ce1bd4d7b9c6ebef6c45c Mon Sep 17 00:00:00 2001 From: Stefan Bader stefan.ba...@canonical.com Date: Tue, 30 Jul 2013 20:48:33 +0200 Subject: [PATCH] xen: Avoid double free of virDomainDef in xenDaemonCreateXML

Re: [libvirt] [Xen-devel] [PATCH] libxl: Correctly initialize vcpu bitmap

On 23.07.2013 23:20, Jim Fehlig wrote: One comment below in addition to Konrad's... Konrad Rzeszutek Wilk wrote: On Mon, Jul 22, 2013 at 12:51:05PM +0200, Stefan Bader wrote: This fixes the basic setup but there is likely more to do if things like manual CPU hirarchy (nodes, cores

Re: [libvirt] [Xen-devel] [PATCH] libxl: Correctly initialize vcpu bitmap

On 22.07.2013 21:39, Konrad Rzeszutek Wilk wrote: On Mon, Jul 22, 2013 at 12:51:05PM +0200, Stefan Bader wrote: This fixes the basic setup but there is likely more to do if things like manual CPU hirarchy (nodes, cores, threads) to be working. Cross-posting to xen-devel to make sure I am

[libvirt] [PATCH] libxl: Correctly initialize vcpu bitmap

(libxl_bitmap_set takes a bit position as an argument, not the number of bits to set). Without this, I would always only get one VCPU for guests created through libvirt/libxl. Signed-off-by: Stefan Bader stefan.ba...@canonical.com --- src/libxl/libxl_conf.c | 14 +++--- 1 file changed, 11

Re: [libvirt] xen: Add interface versions for Xen 4.3

On 17.07.2013 18:42, Jim Fehlig wrote: Stefan Bader wrote: I tried to follow previous changes. This worked for me using Xen-4.3 and the xm stack (I know rather deprecated but as long as one can get it working, still). Agreed, we should keep the legacy driver working with the latest Xen

[libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus

From: Stefan Bader stefan.ba...@canonical.com Date: Mon, 15 Jul 2013 16:03:58 +0200 Subject: [PATCH] xen: Use internal interfaces in xenDomainUsedCpus Since commit 95e18efd most public interfaces (xenUnified...) obtain a virDomainDefPtr via xenGetDomainDefFor...() which take the unified lock

  1   2   >