Re: [libvirt] [PATCH] AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

On 06/09/2018 09:29 PM, intrigeri+libv...@boum.org wrote: > From: intrigeri > > As reported on https://bugs.debian.org/892431, without this rule, when > launching > a QEMU KVM instance, an error occurs immediately upon launching the QEMU > process such as: > > Could not open backing file:

Re: [libvirt] [PATCH] AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

Hi Intrigeri and Michal, IMHO this is the right path as it is stage one of the two stage process to allow images for guests with apparmor. Stage 1: Virt-aa-helper has to be allowed to access the paths to evaluate images for some attributes and e.g. backing chains. Due to that virt-aa-helper needs

[libvirt] [RFC v2 1/4] lxc: Make lxcContainerMountFSBlock non static

--- src/lxc/lxc_container.c | 5 + src/lxc/lxc_container.h | 4 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 665b93a0ac..3f6be9f44d 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -113,9

[libvirt] [RFC v2 0/4] LXC with block device and enabled userns

Hi all, This patch series aims to resolve https://bugzilla.redhat.com/show_bug.cgi?id=1328946 For background information about the issue see v1 of this RFC. https://www.redhat.com/archives/libvir-list/2018-April/msg01270.html The current state of this series enables the start of LXC container

[libvirt] [RFC v2 2/4] lxc: Move up virLXCControllerAppendNBDPids

There is no functional change in this patch. It only moves virLXCControllerAppendNBDPids above virLXCControllerSetupNBDDeviceFS. --- src/lxc/lxc_controller.c | 96 1 file changed, 49 insertions(+), 47 deletions(-) diff --git a/src/lxc/lxc_controller.c

[libvirt] [RFC v2 3/4] lxc: Mount NBD devices before clone

When user-namespace is enabled we are not allowed to mount block/NBD devices. Instead, mount /dev/nbdX to /run/libvirt/lxc/.root and set: fs->src->path = /run/libvirt/lxc/.root fs->type = VIR_DOMAIN_FS_TYPE_MOUNT --- src/lxc/lxc_controller.c | 62

[libvirt] [RFC v2 4/4] lxc: Remove unused lxcContainerPrepareRoot

lxcContainerPrepareRoot was introduced with commit 8dbe858 Ensure root filesystem is mounted if a file/block mount. For a root filesystem with type=file or type=block, the LXC container was forgetting to actually mount it, before doing the pivot root step. However, this method

Re: [libvirt] [PATCH 4/4] qemu: Add support for setting the TSEG size

On 06/07/18 23:14, Martin Kletzander wrote: > @Laszlo: When thinking about it, even though it is a very stupid idea, > technically there isn't really a difference between > 'extended-tseg-mbytes=0' and > 'extended-tseg-mbytes=8' that's correct > (of course the second option will still provide a