Re: [libvirt] [PATCH] libvirtd.service: add NotifyService=all

Quoting Daniel P. Berrange (berra...@redhat.com): > On Mon, Apr 25, 2016 at 03:52:25PM +0000, Serge Hallyn wrote: > > systemd.service(5) says that this should be set when using Type=notify, > > and indeed we seem to have a bug report resulting from this not being set: > > Not

[libvirt] [PATCH] libvirtd.service: add NotifyService=all

systemd.service(5) says that this should be set when using Type=notify, and indeed we seem to have a bug report resulting from this not being set: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1574566 Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- daemon/libvirtd.serv

Re: [libvirt] [PATCH 2/3] Introduce readonly without explicit deny-write

Quoting Guido Günther (a...@sigxcpu.org): > On Fri, Mar 11, 2016 at 08:07:02PM +0000, Serge Hallyn wrote: > > [Sorry, the Ubuntu package suggests this came from Cèdric, although > > I can't quite find this patch on the mailing list. Those patches > > which I did see fro

[libvirt] [PATCH 2/3] Introduce readonly without explicit deny-write

[Sorry, the Ubuntu package suggests this came from Cèdric, although I can't quite find this patch on the mailing list. Those patches which I did see from Cèdric did not have a Signed-off-by, so I didn't add one for him.] From: Cèdric Bosdonnat Upstream changed get_files to

[libvirt] [PATCH 3/3] ask for no deny rule for readonly disk elements

[ This depends on patch 2/3, so don't cherrypick just this one :) ] Just because a disk element only requests read access doesn't mean there may not be another readwrite request. This fixes 'virsh blockcommit' which otherwise fails due to inability to write to the basefile. Signed-off-by: Serge

[libvirt] [PATCH 1/3 trivial] fix typo in virt-aa-helper helptext

it's --dryrun not --dry-run Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/security/virt-aa-helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index a2d7226..b466626 100644 --- a/src/se

[libvirt] [PATCH] add a nodnsmasq option for networks

to avoid having libvirt start a dnsmasq. Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/conf/network_conf.c | 15 +++ src/conf/network_conf.h | 1 + src/network/bridge_driver.c | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) Index: libvirt-1.2.16/sr

Re: [libvirt] [PATCH] add a nodnsmasq option for networks

Quoting Laine Stump (la...@laine.org): > On 12/02/2015 02:50 PM, Serge Hallyn wrote: > >Some people want to define a libvirt network but have dns served > >by another daemon. Libvirt used to support that, but hasn't for > >several years. Two long-open bugs on

Re: [libvirt] [PATCH 1/1] virt-aa-helper: support OVMF

Quoting Guido Günther (a...@sigxcpu.org): > On Mon, Nov 16, 2015 at 05:59:08PM +0000, Serge Hallyn wrote: > > > > As suggested by Jamie Strandboge in > > > > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071 > > > > Signed-off-by

[libvirt] [PATCH 1/1] virt-aa-helper: support OVMF

As suggested by Jamie Strandboge in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071 Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Just a one-time announcement - beside the git tree at github.com/hallyn/libresource there is also a mailing list now at https://lists.linuxcontainers.org/listinfo/libresource-devel I don't really intend to be a driving developer on it, but will happily review and discuss and help where I can.

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 24, 2015 at 03:53:24PM +0000, Serge Hallyn wrote: > > Quoting Daniel P. Berrange (berra...@redhat.com): > > > On Thu, Sep 24, 2015 at 02:41:49PM +, Serge Hallyn wrote: > > > > Quoting Fa

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Fabio Kung (fabio.k...@gmail.com): > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn <serge.hal...@ubuntu.com> > wrote: > > > > Ok, so I could create a project on github, but that doesn't come with > > a m-l. Last I used it, sf was problematic. Any other sug

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 24, 2015 at 02:41:49PM +0000, Serge Hallyn wrote: > > Quoting Fabio Kung (fabio.k...@gmail.com): > > > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn <serge.hal...@ubuntu.com> > > > wrote: >

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Fabio Kung (fabio.k...@gmail.com): > On Mon, Sep 7, 2015 at 8:55 AM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > > Ah, my memory was failing me, so took a bit of searching, but > > > > http://fabiokung.com/2014/03/13/memory-inside-linux-containe

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Wed, Sep 16, 2015 at 03:15:52PM +0000, Serge Hallyn wrote: > > Quoting Fabio Kung (fabio.k...@gmail.com): > > > On Mon, Sep 7, 2015 at 8:55 AM, Serge Hallyn <serge.hal...@ubuntu.com> > > > wrote: > > &

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > > We already have a fuse mount to reflect the cgroup memory restrictions > > in the container. This commit adds the same for the number of available > > CPUs. Only the CPUs

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Mon, Sep 07, 2015 at 03:39:13PM +0000, Serge Hallyn wrote: > > Quoting Daniel P. Berrange (berra...@redhat.com): > > > On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > > > > We already have a fu

[libvirt] [PATCH] virt-aa-helper: add unix channels for nserials as well

Commit 03d7462d added it for channels, but it is also needed for serials. Add it for serials, parallels, and consoles as well. This solves https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1015154 Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 12

Re: [libvirt] [PATCH] virt-aa-helper: Fix permissions for vhost-user socket files

Quoting Michal Dubiel (m...@semihalf.com): QEMU working in vhost-user mode communicates with the other end (i.e. some virtual router application) via unix domain sockets. This requires that permissions for the socket files are correctly written into /etc/apparmor.d/libvirt/libvirt-UUID.files.

Re: [libvirt] Socket files in virt-aa-helper

Quoting Jamie Strandboge (ja...@canonical.com): On 06/16/2015 08:40 AM, Michał Dubiel wrote: Hi all, May I kindly ask someone for some advice on this topic? Regards, Michal On 21 May 2015 at 20:23, Michał Dubiel m...@semihalf.com mailto:m...@semihalf.com wrote: Hi

Re: [libvirt] cpuset / numa and qemu in TCG mode

Quoting Guido Günther (a...@sigxcpu.org): On Tue, May 12, 2015 at 11:14:09AM +0200, Martin Kletzander wrote: On Tue, May 12, 2015 at 05:27:34PM +1000, Tony Breeds wrote: On Mon, May 11, 2015 at 01:14:58PM +0200, Martin Kletzander wrote: Determining this by version might not be reliable,

Re: [libvirt] [PATCH 1/1] virt-aa-helper: add unix channels (esp for qemu-guest-agent)

Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Ján Tomko (jto...@redhat.com): On Mon, Apr 06, 2015 at 04:12:03PM +, Serge Hallyn wrote: The original bug report was at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842 Signed-off-by: Serge Hallyn serge.hal

[libvirt] [PATCH] virt-aa-helper: add unix channels (esp for qemu-guest-agent) (v2)

Changelog (v2): * skip abstract unix sockets Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index e53779e..3f0b167 100644

Re: [libvirt] [PATCH 1/1] virt-aa-helper: add unix channels (esp for qemu-guest-agent)

Quoting Ján Tomko (jto...@redhat.com): On Mon, Apr 06, 2015 at 04:12:03PM +, Serge Hallyn wrote: The original bug report was at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842 Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c

[libvirt] [PATCH 1/1] virt-aa-helper: add unix channels (esp for qemu-guest-agent)

The original bug report was at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842 Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c

Re: [libvirt] [PATCH] qemu: do upfront check for vcpupids being null when querying pinning

Quoting Daniel P. Berrange (berra...@redhat.com): The qemuDomainHelperGetVcpus attempted to report an error when the vcpupids info was NULL. Unfortunately earlier code would clamp the value of 'maxinfo' to 0 when nvcpupids was 0, so the error reporting would end up being skipped. This lead

Re: [libvirt] [PATCH] qemu: do upfront check for vcpupids being null when querying pinning

Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Daniel P. Berrange (berra...@redhat.com): The qemuDomainHelperGetVcpus attempted to report an error when the vcpupids info was NULL. Unfortunately earlier code would clamp the value of 'maxinfo' to 0 when nvcpupids was 0, so the error

Re: [libvirt] [PATCH] qemu: fix setting of VM CPU affinity with TCG

Quoting Daniel P. Berrange (berra...@redhat.com): If a previous commit I fixed the incorrect handling of vcpu pids for TCG mode QEMU: commit b07f3d821dfb11a118ee75ea275fd6ab737d9500 Author: Daniel P. Berrange berra...@redhat.com Date: Thu Dec 18 16:34:39 2014 + Don't

[libvirt] virsh vcpuinfo with tcg

Hi, 'virsh vcpuinfo' in 1.2.12 returns an empty line for VMs using tcg. I assume this is due to commit b07f3d821dfb11 which explicitly sets nvcpupids to 0 now. Is 'virsh vcpuinfo' returning nothing just an unfortunate but expected side-effect, or is it a bug and it should return info anyway?

Re: [libvirt] [PATCH] Re-add use of locking with iptables/ip6tables/ebtables

Quoting Daniel P. Berrange (berra...@redhat.com): A previous commit introduced use of locking with invocation of iptables in the viriptables.c module commit ba95426d6f39aec1da6e069dd7222f7a8c6a5862 Author: Serge Hallyn serge.hal...@ubuntu.com Date: Fri Nov 1 12:36:59 2013 -0500

[libvirt] virStorageFileGetMetadata bug?

Hi, I'm looking into why virt-aa-helper isn't adding allow rules for backing stores nested deeper than 1. So if I do qemu-img create -f qcow2 l1.img 10G qemu-img create -f qcow2 -b l1.img l2.img and use l2.img in a domain, then virt-aa-helper will add allow rules for the domain to access both

Re: [libvirt] virStorageFileGetMetadata bug?

Quoting Eric Blake (ebl...@redhat.com): On 10/30/2014 02:32 PM, Serge Hallyn wrote: Hi, I'm looking into why virt-aa-helper isn't adding allow rules for backing stores nested deeper than 1. So if I do qemu-img create -f qcow2 l1.img 10G qemu-img create -f qcow2 -b l1.img l2.img

Re: [libvirt] [PATCH] Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu

Quoting Cédric Bosdonnat (cbosdon...@suse.com): Without this patch, kvm and kqemu domains confined with apparmor can't start due to virt-aa-helper not finding TEMPLATE.kvm or TEMPLATE.kqemu. This patch points all kvm-related drivers to TEMPLATE.qemu. D'oh, I dropped the ball here. I had a

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

Quoting Stefan Bader (stefan.ba...@canonical.com): On 01.10.2014 11:04, Daniel P. Berrange wrote: On Wed, Oct 01, 2014 at 10:30:58AM +0200, Stefan Bader wrote: This had been on the Debian package list before but its time to take this onwards. So the goal would be to have one set to rule

Re: [libvirt] [Qemu-devel] [PATCH v3 2/2] Add configure option --enable-pc-1-0-qemu-kvm

will have a different mt than someone who starts a vm under Ubuntu's (qemu-)kvm 1.0. Sadly. So in the packages at https://launchpad.net/~serge-hallyn/+archive/ubuntu/qemu-p-migration the default can be configured at build-time, but it can be specified on the command-line (which is then controlled

Re: [libvirt] [Qemu-devel] [PATCH v3 2/2] Add configure option --enable-pc-1-0-qemu-kvm

Quoting Alex Bligh (a...@alex.org.uk): On 22 Sep 2014, at 20:10, Paolo Bonzini pbonz...@redhat.com wrote: I'm arguing against special-casing pc-1.0. Just apply the patch to Ubuntu downstream and call it a day. It's perfectly normal for machine types to be part of the downstream

[libvirt] [PATCH 1/1] lxc: allow fallback to no apparmor.

, then container creation fails. This patch always tries to fall back to 'none' if the requested driver is not available. A better patch would allow an option list like qemu.conf allows, but this patch doesn't do that. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/lxc/lxc_driver.c | 5 + 1

[libvirt] [PATCH 1/1] apparmor: use TEMPLATE.qemu for kvm

virDomainVirtTypeToString() returns 'qemu' and 'kvm' separately. Don't require a separate apparmor profile for both, rather always look for TEMPLATE.qemu. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion

Re: [libvirt] [PATCH] virNetSocketNewConnectUNIX: create socket dir if needed

Quoting Jiri Denemark (jdene...@redhat.com): On Tue, Sep 09, 2014 at 03:40:48 +, Serge Hallyn wrote: Since 1b807f92dbb617db5b9d551777d3026d8ff0903f, if ~/.cache does not exist, 'virsh -c qemu:///session' fails, because it attempts to bind to ~/.cache/libvirt/libvirt-sock. Create

[libvirt] [PATCH] virNetSocketNewConnectUNIX: create socket dir if needed

Since 1b807f92dbb617db5b9d551777d3026d8ff0903f, if ~/.cache does not exist, 'virsh -c qemu:///session' fails, because it attempts to bind to ~/.cache/libvirt/libvirt-sock. Create the socket's directory if needed. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/rpc/virnetsocket.c | 4

Re: [libvirt] [PATCH v2 0/2] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

This worked for me when migrating by hand. I'm trying to make it work through libvirt, using the following patch. (So whether to have pc-1.0 be treated as qemu's or qemu-kvm's pc-1.0 is specifed using a boolean in /etc/libvirt/qemu.conf) Qemu starts with decent looking args, but for some reason

Re: [libvirt] [PATCH v2 0/2] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Alex Bligh (a...@alex.org.uk): This patch series adds inbound migrate capability from qemu-kvm version 1.0. The main ideas are those set out in Cole Robinson's patch here: http://pkgs.fedoraproject.org/cgit/qemu.git/tree/0001-Fix-migration-from-qemu-kvm.patch?h=f20 however, rather than

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Michael S. Tsirkin (m...@redhat.com): On Tue, Jul 29, 2014 at 08:31:28AM +0100, Alex Bligh wrote: Serge, I don't think that is in any way a problem. Is migrating to older versions ever actually expected to work? In either case I don't think for this particular case it's a

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Michael S. Tsirkin (m...@redhat.com): On Mon, Aug 04, 2014 at 03:08:31PM +, Serge Hallyn wrote: Quoting Michael S. Tsirkin (m...@redhat.com): On Tue, Jul 29, 2014 at 08:31:28AM +0100, Alex Bligh wrote: Serge, I don't think that is in any way a problem. Is migrating

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Paolo Bonzini (pbonz...@redhat.com): Il 29/07/2014 15:03, Serge E. Hallyn ha scritto: And from there I think the thing to do will be to introduce a transient alternate package that has the pc-1.0 alias pointing ot pc-1.0-qemu-kvm This should be done in the main package, too.

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Paolo Bonzini (pbonz...@redhat.com): Il 29/07/2014 15:27, Serge Hallyn ha scritto: Quoting Paolo Bonzini (pbonz...@redhat.com): Il 29/07/2014 15:03, Serge E. Hallyn ha scritto: And from there I think the thing to do will be to introduce a transient alternate package that has

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Alex Bligh (a...@alex.org.uk): On 29 Jul 2014, at 14:21, Paolo Bonzini pbonz...@redhat.com wrote: If you can make the pxe-virtio.rom file 64k or less, then that would be a good idea for 14.04 in general. Newer machine types use efi-virtio.rom, so you won't break -M pc

Re: [libvirt] [Qemu-devel] [PATCH] [RFC] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

Quoting Alex Bligh (a...@alex.org.uk): On 22 Jul 2014, at 19:43, Alex Bligh a...@alex.org.uk wrote: Testing has been light to date (i.e. can I migrate it inbound with -S without anything complaining). thanks, Alex! I've given this quite a bit more testing today. It works fine

Re: [libvirt] [PATCH 2/2] Rework lxc apparmor profile

Quoting Cedric Bosdonnat (cbosdon...@suse.com): Hi Serge, On Mon, 2014-07-14 at 13:55 +, Serge Hallyn wrote: Quoting Cédric Bosdonnat (cbosdon...@suse.com): diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc index d404328..4bfb503 100644 --- a/examples

Re: [libvirt] [PATCH 2/2] Rework lxc apparmor profile

Quoting Cédric Bosdonnat (cbosdon...@suse.com): diff --git a/examples/apparmor/libvirt-lxc b/examples/apparmor/libvirt-lxc index d404328..4bfb503 100644 --- a/examples/apparmor/libvirt-lxc +++ b/examples/apparmor/libvirt-lxc @@ -2,16 +2,115 @@ Hi, this being a verbatim copy from lxc's

Re: [libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

Quoting Cédric Bosdonnat (cbosdon...@suse.com): --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Hi, I'm acking this anyway bc I think you're right, but I'm trying to think of a case where this would still be useful. What if we want to allow only a

Re: [libvirt] [PATCH 2/2] Rework lxc apparmor profile

Quoting Cédric Bosdonnat (cbosdon...@suse.com): Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default. This profile allows quite a lot, but strives to restrict access to dangerous resources. Removing the explicit authorizations to bash, systemd and cron files,

Re: [libvirt] [PATCH 2/2] Rework lxc apparmor profile

Quoting Cedric Bosdonnat (cbosdon...@suse.com): On Fri, 2014-07-11 at 16:08 +, Serge Hallyn wrote: Quoting Cédric Bosdonnat (cbosdon...@suse.com): Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default. This profile allows quite a lot, but strives

[libvirt] [PATCH] [POC] Support cgmanager

the cgroup support to support all three (systemd, native-fs, and cgmanager) plus any others (and of course abiding the coding style), would be worthwhile. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- configure.ac | 15 ++ daemon/Makefile.am | 7 +- daemon/libvirtd.c

[libvirt] [PATCH 1/1] virt-aa-helper: allow access to /dev/vhost-net if needed

Only allow the access if it is a KVM domain which has a NIC which wants non-userspace networking. This addresses https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1322568 Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 17 - 1 file

Re: [libvirt] [PATCH v2] Fix apparmor profile to make vfio pci passthrough work

Quoting Cédric Bosdonnat (cbosdon...@suse.com): See lp#1276719 for the bug description. As virt-aa-helper doesn't know the VFIO groups to use for the guest, allow access to all /dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need for vfio --- Thanks, Cédric! Looks good to

Re: [libvirt] [PATCH v2] Fix apparmor profile to make vfio pci passthrough work

Quoting Cedric Bosdonnat (cbosdon...@suse.com): On Tue, 2014-03-25 at 10:40 -0500, Serge Hallyn wrote: Quoting Cédric Bosdonnat (cbosdon...@suse.com): See lp#1276719 for the bug description. As virt-aa-helper doesn't know the VFIO groups to use for the guest, allow access to all /dev

Re: [libvirt] [PATCH 2/2] Fix apparmor profile to make vfio pci passthrough work

Quoting Cédric Bosdonnat (cbosdon...@suse.com): See lp#1276719 for the bug description. As virt-aa-helper doesn't know Great, thanks for addressing this. the VFIO groups to use for the guest, Is there really no way for it to know that (based on xml)? If not then I guess this is the way to go

[libvirt] specifying cirrus ram size

Hi, In order to migrate a VM from an older system with qemu-kvm to a newer one with qemu, the newer qemu needs to be told to use the same vga ram size as qemu-kvm used, 8M. virsh domxml-from-native suggests that the way to specify a 8mb cirrus vga ram size would be to add qemu:commandline

Re: [libvirt] specifying cirrus ram size

Quoting Eric Blake (ebl...@redhat.com): On 03/18/2014 03:59 PM, Serge Hallyn wrote: Hi, In order to migrate a VM from an older system with qemu-kvm to a newer one with qemu, the newer qemu needs to be told to use the same vga ram size as qemu-kvm used, 8M. virsh domxml-from-native

Re: [libvirt] [PATCH 1/2] apparmor: Allow access to filesystem mounts

Quoting Guido Günther (g...@godiug.net): Hi Felix, On Thu, Jan 30, 2014 at 06:22:51PM +0100, Felix Geyer wrote: On 29.01.2014 07:48, Guido Günther wrote: Hi, On Sun, Jan 26, 2014 at 10:47:34PM +0100, Felix Geyer wrote: [..snip..] ` +if (recursive) { +// allow reading

Re: [libvirt] [PATCH 1/2] apparmor: Allow access to filesystem mounts

: handle 9pfs Make virt-aa-helper create rules to allow VMs access to filesystem mounts from the host. Cc: Felix Geyer de...@fobos.de Signed-off-by: Hiroshi Miura miur...@linux.com Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c | 32

Re: [libvirt] LXC: capset fails with userns

Quoting Stephan Sachse (ste.sac...@gmail.com): for me there is no valid reason why a container is not allowed to set file capabilities. (For the sake of the libvir-list, I replied to this on the lxc-devel@ list with a proposal that should work; but this particular patch is not safe, as nothing

Re: [libvirt] [lxc-devel] capset fails with userns

Quoting Stephan Sachse (ste.sac...@gmail.com): Look at security/commoncap.c:cap_inode_setxattr() Whereas file ownership is properly namespaced, and task capabilities are properly namespaced, file capabilities are more problematic. To support this, I think we'd need a new capability

Re: [libvirt] Destroying a suspended LXC domain

Quoting Daniel P. Berrange (berra...@redhat.com): On Fri, Feb 14, 2014 at 11:14:39AM +0100, Richard Weinberger wrote: Hi! If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the process freezer. Upon destroy libvirt tries to kill all tasks using SIGTERM and later

Re: [libvirt] device removal

Quoting Michal Privoznik (mpriv...@redhat.com): On 03.01.2014 05:38, Serge Hallyn wrote: Hi, one of our tests was complaining that after an attach-device followed by detach-device, the device was still in the vm's apparmor whitelist. It turns out the device actually also still

[libvirt] device removal

Hi, one of our tests was complaining that after an attach-device followed by detach-device, the device was still in the vm's apparmor whitelist. It turns out the device actually also still in the device's xml. qemuDomainDetachVirtioDiskDevice() is calling if

[libvirt] [PATCH not-for-inclusion] accomodate new qemu migration status 'setup'

suspect the proper fix should actually add a new migration state in libvirt itself. But it appears to be working. This patch treats the new setup state as as active, but doesn't try to query for status info yet. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/qemu/qemu_migration.c

Re: [libvirt] [PATCH] use -w flag if supported by iptables

Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Laine Stump (la...@laine.org): This needs to be cmd = virCommandNew(.); From 1a43e48dfdc83fbde17d40351465af9031883595 Mon Sep 17 00:00:00 2001 From: Serge Hallyn serge.hal

Re: [libvirt] [PATCH] use -w flag if supported by iptables

Quoting Daniel P. Berrange (berra...@redhat.com): On Fri, Nov 01, 2013 at 09:17:58AM -0500, Serge Hallyn wrote: Quoting Daniel P. Berrange (berra...@redhat.com): On Thu, Oct 31, 2013 at 04:36:24PM -0500, Serge Hallyn wrote: This will properly lock libvirt's usage of iptables

Re: [libvirt] [PATCH] use -w flag if supported by iptables

Quoting Laine Stump (la...@laine.org): On 10/31/2013 11:36 PM, Serge Hallyn wrote: This will properly lock libvirt's usage of iptables with others (like ufw). (See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com

Re: [libvirt] [PATCH] use -w flag if supported by iptables

Quoting Serge Hallyn (serge.hal...@ubuntu.com): Quoting Laine Stump (la...@laine.org): This needs to be cmd = virCommandNew(.); From 1a43e48dfdc83fbde17d40351465af9031883595 Mon Sep 17 00:00:00 2001 From: Serge Hallyn serge.hal...@ubuntu.com Date: Thu, 31 Oct 2013 15:22:16 -0500 Subject

Re: [libvirt] [systemd-devel] [PATCH] netns: unix: only allow to find out unix socket in same net namespace

Quoting Gao feng (gaof...@cn.fujitsu.com): On 08/26/2013 11:19 AM, James Bottomley wrote: On Mon, 2013-08-26 at 09:06 +0800, Gao feng wrote: On 08/26/2013 02:16 AM, James Bottomley wrote: On Sun, 2013-08-25 at 19:37 +0200, Kay Sievers wrote: On Sun, Aug 25, 2013 at 7:16 PM, James

Re: [libvirt] memory leak in snapshot and since at least 1.0.2?

Quoting Eric Blake (ebl...@redhat.com): On 07/26/2013 10:09 AM, Serge Hallyn wrote: Quoting Serge Hallyn (serge.hal...@ubuntu.com): Hi, https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1201938 documents a memory leak we're seeing in libvirt. I've reproduced it in 1.0.2, 1.0.6

[libvirt] memory leak in snapshot and since at least 1.0.2?

Hi, https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1201938 documents a memory leak we're seeing in libvirt. I've reproduced it in 1.0.2, 1.0.6, and an hourly snapshot from yesterday morning (which is built at https://launchpad.net/~serge-hallyn/+archive/libvirt-mav) To reproduce it, I

Re: [libvirt] memory leak in snapshot and since at least 1.0.2?

Quoting Serge Hallyn (serge.hal...@ubuntu.com): Hi, https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1201938 documents a memory leak we're seeing in libvirt. I've reproduced it in 1.0.2, 1.0.6, and an hourly snapshot from yesterday morning (which is built at https://launchpad.net

[libvirt] [PATCH v2] Link libxml2 and libdbus in tests which need it.

@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so.26 so try adding it to the linker command line /usr/lib/x86_64-linux-gnu/libgnutls.so.26: could not read symbols: Invalid operation collect2: error: ld returned 1 exit status Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com

Re: [libvirt] [PATCH v2] Link libxml2 and libdbus in tests which need it.

Quoting Daniel P. Berrange (berra...@redhat.com): On Mon, Apr 08, 2013 at 07:54:55AM -0500, Serge Hallyn wrote: Some tests fail to build without libxml2 or libdbus specified, add them where needed. Without this, I get errors like /usr/bin/ld: virnettlscontexttest.o: undefined

Re: [libvirt] 1.4.0 memballoon bug?

Quoting Michal Privoznik (mpriv...@redhat.com): On 05.04.2013 21:22, Serge Hallyn wrote: Hi, When I run virsh -c qemu:///system domxml-to-native qemu-argv /tmp/qatest.xml from 1.4.0 with the qatest.xml below (which has no memballoon device specified), I get an 'unspecified

[libvirt] 1.4.0 memballoon bug?

Hi, When I run virsh -c qemu:///system domxml-to-native qemu-argv /tmp/qatest.xml from 1.4.0 with the qatest.xml below (which has no memballoon device specified), I get an 'unspecified error'. Some printf debugging shows that virDomainDefParseXML is automatically adding a virtio memballoon

[libvirt] [PATCH] fix compilation failure under tests/

the compilation to complete, so it hasn't been crucial on our builders, just annoying when building by hand). Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- tests/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 3abd698

[libvirt] [trivial PATCH 1/1] Fix a message typo

As pointed out in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1034661 The sentence The function of PCI device addresses must less than 8 does not quite make sense. Update that to read The function of PCI device addresses must be less than 8 Signed-off-by: Serge Hallyn serge.hal

Re: [libvirt] [PATCH] complete virterror-virerror name change

Quoting Eric Blake (ebl...@redhat.com): On 02/01/2013 12:55 PM, Serge Hallyn wrote: Quoting Eric Blake (ebl...@redhat.com): On 01/30/2013 08:05 PM, Serge Hallyn wrote: Without these two string changes in generator.py, the virGetLastError wrapper does not get created in /usr/share

Re: [libvirt] persistent virtual networks

Quoting Gene Czarcinski (g...@czarc.net): I seem to remember that, if you use net-define, the network will be persistent and, if you use net-create, the network will not be persistent. I am now running libvirt-1.0.2 on Fedora 18. When I use net-define a network from a template and then do

Re: [libvirt] [PATCH] complete virterror-virerror name change

Quoting Eric Blake (ebl...@redhat.com): On 01/30/2013 08:05 PM, Serge Hallyn wrote: Without these two string changes in generator.py, the virGetLastError wrapper does not get created in /usr/share/pyshared/libvirt.py. Noticed when running tests with virt-install. Signed-off

[libvirt] [PATCH] complete virterror-virerror name change

Without these two string changes in generator.py, the virGetLastError wrapper does not get created in /usr/share/pyshared/libvirt.py. Noticed when running tests with virt-install. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- python/generator.py | 4 ++-- 1 file changed, 2 insertions

Re: [libvirt] [PATCH 2/2] add vnc unix sockets to apparmor policy (v2)

Quoting Eric Blake (ebl...@redhat.com): On 12/11/2012 01:25 PM, Daniel P. Berrange wrote: On Tue, Dec 11, 2012 at 08:20:30PM +, se...@hallyn.com wrote: Instead of putting '(v2)' as a suffix (which I then have to manually strip via 'git commit --amend'), it is nicer to put it in the

[libvirt] add security hook for permitting hugetlbfs access (v2)

When a qemu domain is backed by huge pages, apparmor needs to grant the domain rw access to files under the hugetlbfs mount point. Add a hook, called in qemu_process.c, which ends up adding the read-write access through virt-aa-helper. Qemu will be creating a randomly named file under the

[libvirt] [PATCH 1/1] add vnc unix sockets to apparmor policy

When using vnc gaphics over a unix socket, virt-aa-helper needs to provide access for the qemu domain to access the sockfile. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/security/virt-aa-helper.c |7 +++ 1 file changed, 7 insertions(+) diff --git a/src/security/virt-aa

[libvirt] [PATCH] security hook for hugepages (was Re: virSecurity hook for hugepages?)

Quoting Serge Hallyn (serge.hal...@canonical.com): Hi, Currently the hugepages support can automatically detect the hugepages mount, but it doesn't update the security information. At least for apparmor we need to be able to add permission for the domain to access the hugetlbfs mount path

[libvirt] virSecurity hook for hugepages?

Hi, Currently the hugepages support can automatically detect the hugepages mount, but it doesn't update the security information. At least for apparmor we need to be able to add permission for the domain to access the hugetlbfs mount path. There are a few ways this could be done, 1. add a

Re: [libvirt] Proposal: no dnsmasq (no dhcp and no dns) and no radvd option

Quoting Gene Czarcinski (g...@czarc.net): Laine mentioned something yesterday that got me to thinking: being able to specify that dnsmasq is not to be started for an interface. Let me expand that by saying that libvirt would not start dnsmasq for either dns or dhcp and also would not start

Re: [libvirt] Fwd: Failed to get host power management capabilities

Quoting David Torres (d.tor...@ct.co.cr): Hi all, My name is David Torres, I am from Costa Rica. See this is the problem I have with the KVM instalation: 2012-10-03 20:28:17.395+: 25793: warning : qemuCapsInit:856 : Failed to get host power management capabilities 2012-10-03

[libvirt] [PATCH 1/1] support libnl-3 (v2)

code flow unencumbered by ifdefs and easier to read and vet. Signed-off-by: Serge Hallyn serge.hal...@canonical.com --- configure.ac | 24 +--- daemon/Makefile.am|5 - src/Makefile.am | 25 + src/util/virnetlink.c | 22

Re: [libvirt] [PATCH 1/1] support libnl-3 (v2)

Quoting Eric Blake (ebl...@redhat.com): On 05/03/2012 11:55 AM, Stefan Berger wrote: +#ifdef HAVE_LIBNL1 +#define nl_alloc nl_handle_alloc +#define nl_free nl_handle_destroy +typedef struct nl_handle nlhandle_t; +#else +#define nl_alloc nl_socket_alloc +#define nl_free

Re: [libvirt] [PATCHv3] build: support libnl-3

Quoting Eric Blake (ebl...@redhat.com): On 05/03/2012 03:15 PM, Stefan Berger wrote: On 05/03/2012 04:26 PM, Eric Blake wrote: From: Serge Hallynserge.hal...@canonical.com configure.ac: check for libnl-3 in addition to libnl-1 src/Makefile.am: link against libnl when needed

Re: [libvirt] [PATCH 1/1] Support libnl-3 as well as libnl-1

Quoting Stefan Berger (stef...@linux.vnet.ibm.com): On 04/30/2012 06:59 PM, Serge Hallyn wrote: configure.ac: Check for libnl-3. If found, find libnl-route-3. If not found, do the original check to look for libnl-1. [...] --- a/src/util/virnetlink.c +++ b/src/util/virnetlink.c

[libvirt] [PATCH 1/1] Support libnl-3 as well as libnl-1

actually need to also have LIBNL*LIBS added, but while I may be looking at it wrong, it seemed right to do so. I haven't gotten as far as to compile this into a package on ubuntu, but the source does build with libnl-3 as well as with libnl-1. Signed-off-by: Serge Hallyn serge.hal...@canonical.com

Re: [libvirt] problems starting several qemu VMS simultaneously

Quoting Serge Hallyn (serge.hal...@canonical.com): Quoting Serge Hallyn (serge.hal...@canonical.com): Quoting Wen Congyang (we...@cn.fujitsu.com): At 03/22/2012 06:54 AM, Serge Hallyn Wrote: Hi, I grabbed today's git head of libvirt. Created a VM (clean install of ubuntu

  1   2   >