On 6/23/21 11:43 PM, Christian Ehrhardt wrote:
On Wed, Jun 23, 2021 at 1:28 AM Jim Fehlig wrote:
I noticed the following denial messages from apparmor in audit.log when
starting confined VMs via the QEMU driver
type=AVC msg=audit(1623864006.370:837): apparmor="DENIED" operation="open" \
On 6/23/21 1:17 PM, Christian Boltz wrote:
Hello,
[I'm not subscribed to libvir-list - please CC me in replies]
Am Mittwoch, 23. Juni 2021, 01:27:43 CEST schrieb Jim Fehlig:
and other improvements. V2 of
https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.htm
Changes since V1:
V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html
V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html
Changes since V2:
Patches 3 and 4 ACKed and pushed since they are bug fixes independent of
modular vs monolithic daemons.
The qemu_bridge_helper
A new apparmor profile initially derived from the libvirtd profile.
All rules were prefixed with the 'audit' qualifier to verify they
are actually used by virtxend. It turns out that several, beyond
the obvious ones, can be dropped in the resulting virtxend profile.
Signed-off-by: Jim Fehlig
---
A new apparmor profile derived from the libvirtd profile, with non-QEMU
related rules removed. Adopt the libvirt-qemu abstraction to work with
the new profile.
Signed-off-by: Jim Fehlig
Reviewed-by: Christian Ehrhardt
---
I pursued a suggestion to use qemu's `make check-acceptance` as an
On 6/23/21 11:43 PM, Christian Ehrhardt wrote:
On Wed, Jun 23, 2021 at 1:27 AM Jim Fehlig wrote:
A new apparmor profile derived from the libvirtd profile, with non-QEMU
related rules removed. Adopt the libvirt-qemu abstraction to work with
the new profile.
Signed-off-by: Jim Fehlig
Thanks
From: Hyman Huang(黄勇)
QEMU has introduced a dirty ring feature, this patch add
corresponding feature named 'dirty-ring', which enable
dirty ring feature when starting vm.
to enable the feature, libvirt add "-accel dirty-ring-size=xxx"
to QEMU command line, the following XML needs to be added to
From: Hyman Huang(黄勇)
since the "-machine" option for accelerators is legacy, "-accel" option
may be a better mechanism. following are details:
https://lore.kernel.org/qemu-devel/3aa73987-40e8-3619-0723-9f17f7385...@redhat.com/
this patch introduce QEMU_CAPS_ACCEL capability to tell if we're
From: Hyman Huang(黄勇)
QEMU greater than 2.9.0 support '-accel' option, change the way
of assembling commandline from "accel=kvm" to "-accel kvm" when
specifying accelerator.
Signed-off-by: Hyman Huang(黄勇)
---
src/qemu/qemu_command.c| 31 +-
From: Hyman Huang(黄勇)
introduce dirty_ring_size to hold the ring size configured
by user, and pass dirty_ring_size when building qemu commandline
if dirty ring feature enabled.
Signed-off-by: Hyman Huang(黄勇)
---
src/conf/domain_conf.c | 74 -
From: Hyman Huang(黄勇)
v3
- rebase master and fix the confilict when apply
"conf: introduce dirty_ring_size in struct "_virDomainDef" to current
master.
v2
- split patchset into 4 patches
- leave out the tcg case when building commandline.
- handle the VIR_DOMAIN_KVM_DIRTY_RING case
On Thu, Jun 24, 2021 at 06:59:59PM +0800, Luke Yue wrote:
Signed-off-by: Luke Yue
---
src/test/test_driver.c | 53 ++
1 file changed, 53 insertions(+)
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 65710b78ef..dff96bceb6 100644
---
On Thu, Jun 24, 2021 at 07:00:01PM +0800, Luke Yue wrote:
As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
command in virshtest will now print tainting messages, so add them for
test.
We are trying to keep the code pass the test after each commit (easier for
bisection
On Tue, Jun 22, 2021 at 13:06:11 +0200, Peter Krempa wrote:
> Update the caps data for the upcoming qemu version.
>
> Notable changes are:
>
> - 'query-sev-attestation-report' command added
> - 'sample-pages' members for dirty rate calculation added
> - 'qtest' device added
> - 'share' member
On Thu, Jun 24, 2021 at 08:24:05AM -0600, Jim Fehlig wrote:
> On 6/23/21 11:43 PM, Christian Ehrhardt wrote:
> > On Wed, Jun 23, 2021 at 1:27 AM Jim Fehlig wrote:
> > >
> > > A new apparmor profile derived from the libvirtd profile, with non-QEMU
> > > related rules removed. Adopt the
On Wed, 2021-06-23 at 00:07 +0200, Martin Kletzander wrote:
> [Just found out I got couple of mails lost, so resending even though
> it was sent
> a week ago]
>
> On Wed, Jun 16, 2021 at 05:21:17PM +0800, Luke Yue wrote:
> > On Tue, 2021-06-15 at 10:08 +0200, Martin Kletzander wrote:
> > > On
On Wed, 2021-06-23 at 00:09 +0200, Martin Kletzander wrote:
> [Another one of those lost e-mails]
>
> On Wed, Jun 16, 2021 at 05:23:36PM +0800, Luke Yue wrote:
> > On Tue, 2021-06-15 at 10:09 +0200, Martin Kletzander wrote:
> > > On Mon, Jun 14, 2021 at 09:13:17PM +0800, Luke Yue wrote:
> > > >
In order to test the virDomainGetMessages for test driver, we need to
check some taints or deprecations, so introduce testDomainObjCheckTaint
for checking taints.
Signed-off-by: Luke Yue
---
src/test/test_driver.c | 57 ++
1 file changed, 57 insertions(+)
As we introduced testDomainObjCheckTaint for test driver, the `dominfo`
command in virshtest will now print tainting messages, so add them for
test.
Signed-off-by: Luke Yue
---
tests/virshtest.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/virshtest.c b/tests/virshtest.c
index
Implement virDomainGetMessages API for test driver.
v2: Introduce testDomainObjCheckTaint to test the API.
Luke Yue (3):
test_driver: Implement virDomainGetMessages
test_driver: Introduce testDomainObjCheckTaint
tests: Add messages for virshtest
src/test/test_driver.c | 110
Signed-off-by: Luke Yue
---
src/test/test_driver.c | 53 ++
1 file changed, 53 insertions(+)
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 65710b78ef..dff96bceb6 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@
On 6/24/21 10:25 AM, Jiri Denemark wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1975677
>
> Signed-off-by: Jiri Denemark
> ---
> libvirt.spec.in | 4
> 1 file changed, 4 insertions(+)
>
Reviewed-by: Ján Tomko
Jano
https://bugzilla.redhat.com/show_bug.cgi?id=1975677
Signed-off-by: Jiri Denemark
---
libvirt.spec.in | 4
1 file changed, 4 insertions(+)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index b8a698e81e..c1ccd2f74e 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -85,6 +85,10 @@
On Wed, Jun 23, 2021 at 1:27 AM Jim Fehlig wrote:
>
> A new apparmor profile derived from the libvirtd profile, with non-QEMU
> related rules removed. Adopt the libvirt-qemu abstraction to work with
> the new profile.
>
> Signed-off-by: Jim Fehlig
Thanks for your work on this, but since in the
On Wed, Jun 23, 2021 at 1:28 AM Jim Fehlig wrote:
>
> I noticed the following denial when running confined VMs with the QEMU
> driver
>
> type=AVC msg=audit(1623865089.263:865): apparmor="DENIED" operation="open" \
> profile="virt-aa-helper" name="/etc/ssl/openssl.cnf" pid=12503 \
>
On Wed, Jun 23, 2021 at 1:28 AM Jim Fehlig wrote:
>
> I noticed the following denial messages from apparmor in audit.log when
> starting confined VMs via the QEMU driver
>
> type=AVC msg=audit(1623864006.370:837): apparmor="DENIED" operation="open" \
> profile="virt-aa-helper"
26 matches
Mail list logo