On 6/25/21 5:19 AM, Christian Boltz wrote:
Hello,
[please CC me in replies]
Your updated patches still look good, I just noticed something that is
probably minor nitpicking:
Am Donnerstag, 24. Juni 2021, 22:48:58 CEST schrieb Jim Fehlig:
[...]
+ signal (send) set=("kill", "term")
From: Zbigniew Jędrzejewski-Szmek
-sysv was probably a left-over, and the -units deps was outdated and not
necessary, see
https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_dependencies_on_the_systemd_package.
Only for 'systemctl mask' which is executed in %post, we want to
From: Zbigniew Jędrzejewski-Szmek
Signed-off-by: Zbigniew Jędrzejewski-Szmek
---
libvirt.spec.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 39226175ce..cb48dd0be0 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1182,7
This will be pushed to git master from
https://gitlab.com/libvirt/libvirt/-/merge_requests/94
once CI completes.
Zbigniew Jędrzejewski-Szmek (3):
spec: drop/update dependencies on systemd-{units,sysv}
spec: avoid repeated calls to systemd macros and binaries
spec: avoid rpm warning
From: Zbigniew Jędrzejewski-Szmek
The macro can take multiple arguments, and the calls are more efficient
if done in one go.
Signed-off-by: Zbigniew Jędrzejewski-Szmek
---
libvirt.spec.in | 50 +++--
1 file changed, 28 insertions(+), 22 deletions(-)
We already reject TPM 1.2 in a number of scenarios; let's add
ARM virt guests to the list.
https://bugzilla.redhat.com/show_bug.cgi?id=1970310
Signed-off-by: Andrea Bolognani
---
src/qemu/qemu_validate.c | 6 ++
.../qemuxml2argvdata/aarch64-tpm-wrong-model.err |
The TPM 2.0 specification predates ARM virtualization, and so
implementing TPM 1.2 support on ARM was not considered a useful
endeavor.
This is technically a breaking change, but TPM support on ARM was
only introduced fairly recently (libvirt 7.1.0) and the previous
default resulted in non
Instead of providing the configuration explicitly, let libvirt
fill in the blanks. After the recent changes, this results in a
working configuration without the need for user input.
Signed-off-by: Andrea Bolognani
---
tests/qemuxml2argvdata/aarch64-tpm.xml | 4 ++--
1 file changed, 2
We're going to change the input file later, and having this
additional coverage will demonstrate that such a change does not
alter the behavior.
Signed-off-by: Andrea Bolognani
---
.../aarch64-tpm.aarch64-latest.xml| 29 +++
tests/qemuxml2xmltest.c
The current default is unfortunately broken, and the user has to
manually step in and provide the version number explicitly for the
TPM device to work at all.
https://bugzilla.redhat.com/show_bug.cgi?id=1970310
Andrea Bolognani (5):
docs: Fix information for default TPM version
tests: Add
The current information is not accurate, because the default
is 2.0 instead of 1.2 for the tpm-crb and tpm-spapr models.
Any detailed list will surely become obsolete and out of sync
with reality over time, so let's just document that the default
model depends on a number of factors and avoid
When constructing guest name for machined we have to be very
cautious as machined expects a name that's basically a valid URI.
Therefore, if there's a dot it has to be followed by a letter or
a number. And if there's a sequence of two or more dashes they
should be joined into a single dash. These
Hello,
[please CC me in replies]
Your updated patches still look good, I just noticed something that is
probably minor nitpicking:
Am Donnerstag, 24. Juni 2021, 22:48:58 CEST schrieb Jim Fehlig:
[...]
> + signal (send) set=("kill", "term") peer=unconfined,
[...]
> + signal (send)
On 5/28/21 8:30 PM, Jim Fehlig wrote:
> Hi All!
>
> I received a bug report about virtlockd emitting an error whenever
> libvirtd is (re)started
>
> May 25 15:44:31 virt81 virtlockd[7723]: Requested operation is not
> valid: Lockspace for path /data/libvirtd/lockspace already exists
>
> The
On Tue, Jun 22, 2021 at 03:10:43PM +0200, Boris Fiuczynski wrote:
> This patch series introduces the launch security type s390-pv.
> Specifying s390-pv as launch security type in an s390 domain prepares for
> running the guest in protected virtualization secure mode, also known as
> IBM Secure
On Tue, Jun 22, 2021 at 03:10:49PM +0200, Boris Fiuczynski wrote:
> Add documentation for launch security type s390-pv.
>
> Signed-off-by: Boris Fiuczynski
> Reviewed-by: Daniel Henrique Barboza
> ---
> docs/formatdomain.rst | 7
> docs/kbase/s390_protected_virt.rst | 55
On Tue, Jun 22, 2021 at 03:10:48PM +0200, Boris Fiuczynski wrote:
> Add launch security type 's390-pv' as well as some tests.
>
> Signed-off-by: Boris Fiuczynski
> Reviewed-by: Daniel Henrique Barboza
> ---
> docs/schemas/domaincommon.rng | 1 +
> src/conf/domain_conf.c
On Tue, Jun 22, 2021 at 03:10:47PM +0200, Boris Fiuczynski wrote:
> Add s390-pv-guest capability.
>
> Signed-off-by: Boris Fiuczynski
> Reviewed-by: Daniel Henrique Barboza
> ---
> src/qemu/qemu_capabilities.c| 2 ++
> src/qemu/qemu_capabilities.h| 1 +
>
On 6/23/21 5:52 PM, Jim Fehlig wrote:
> On 6/23/21 4:12 AM, Michal Privoznik wrote:
>> This commit adds new memorydevices.rst page which should serve
>> all models of memory devices. Yet, I'm documenting virtio-mem
>> quirks only.
>>
>> Signed-off-by: Michal Privoznik
>> ---
>>
I have just tagged v7.5.0-rc1 in the repository and pushed signed
tarballs and source RPMs to https://libvirt.org/sources/
Please give the release candidate some testing and in case you find a
serious issue which should have a fix in the upcoming release, feel
free to reply to this thread to make
On Tue, Jun 22, 2021 at 03:10:46PM +0200, Boris Fiuczynski wrote:
> Adding virDomainSecDef for general launch security data
> and moving virDomainSEVDef as an element for SEV data.
>
> Signed-off-by: Boris Fiuczynski
> ---
> src/conf/domain_conf.c | 127 +++-
On Tue, Jun 22, 2021 at 03:10:45PM +0200, Boris Fiuczynski wrote:
> Make use of virDomainLaunchSecurity enum and automatic memory freeing.
>
> Signed-off-by: Boris Fiuczynski
> ---
> src/conf/domain_conf.c | 123 +
> src/conf/domain_conf.h | 2 +
> 2
On Tue, Jun 22, 2021 at 03:10:44PM +0200, Boris Fiuczynski wrote:
> Change launch security policy of type SEV from required to
> optional and add a test to ensure the required launch security
> policy remains required when launch security type is SEV.
>
> Signed-off-by: Boris Fiuczynski
> ---
>
Bounding set capabilities were introduced in kernel commit of
v2.6.25-rc1~912. I guess it is safe to assume that all Linux
hosts we ran on have at least that version or newer.
Signed-off-by: Michal Privoznik
---
src/util/virutil.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff
The first one fixes a problem I've started seeing with RHEL-9 and the
other is just removal of check for tautology.
Michal Prívozník (2):
virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
virSetUIDGIDWithCaps: Assume PR_CAPBSET_DROP is always defined
src/util/virutil.c | 11
There are few cases where we execute a virCommand with all caps
cleared (virCommandClearCaps()). For instance
dnsmasqCapsRefreshInternal() does just that. This means, that
after fork() and before exec() the virSetUIDGIDWithCaps() is
called. But since the caller did not want to change anything,
26 matches
Mail list logo
