On Mon, Apr 28, 2014 at 02:24:45PM +0100, Peter Maydell wrote:
> On 17 April 2014 19:54, Michael S. Tsirkin wrote:
> > On Thu, Apr 17, 2014 at 09:10:12AM -0700, Anthony Liguori wrote:
> >> On Thu, Apr 17, 2014 at 6:54 AM, Michael S. Tsirkin
> >> wrote:
> >> > People sometimes detect security iss
On Tue, Apr 29, 2014 at 02:33:58PM +0200, Markus Armbruster wrote:
> Peter Maydell writes:
>
> > On 29 April 2014 11:09, Michael S. Tsirkin wrote:
> >> Let's just make clear how to contact us securely, when to contact that
> >> list, and what we'll do with the info. I cobbled together the
> >>
On Fri, May 02, 2014 at 02:52:23PM +0400, Michael Tokarev wrote:
> Stefan Hajnoczi:
> > Implement g_thread_new() in terms of the deprecated g_thread_create().
> > The API was changed in glib 2.31.0.
> >
> > The compat function allows us to write modern code and avoid ifdefs.
>
> ACK. With one sma
On Tue, May 06, 2014 at 03:39:57PM +0200, Stefan Hajnoczi wrote:
> On Tue, Apr 01, 2014 at 02:34:58PM -0600, Chris Friesen wrote:
> > When running qemu with something like this
> >
> > -device virtio-serial \
> > -chardev socket,path=/tmp/foo,server,nowait,id=foo \
> > -device virtserialport,chard
On Tue, Oct 08, 2013 at 04:27:38PM +0200, Hans de Goede wrote:
> Hi All,
>
> I'm having this weird problem with qemu master + spice/qxl using
> guests. As soon as the guest starts Xorg, I get the following message
> from qemu:
>
> main-loop: WARNING: I/O thread spun for 1000 iterations
>
> And f
On Wed, Oct 16, 2013 at 07:17:08PM +0200, Paolo Bonzini wrote:
> This lock does not protect anything that the BQL does not already
> protect. Furthermore, with -nodefaults and no monitor, the mutex
> is not initialized but monitor_protocol_event_queue is called
> anyway, which causes a crash under
On Tue, Oct 29, 2013 at 10:48:07AM +0100, Peter Lieven wrote:
> Hi all,
>
> this question might seem a bit weird, but does anyone see a good way to avoid
> that Windows is able to boot inside qemu?
>
> We have defined several profiles for different operation systems and I want
> to avoid that som
getattr altogether. It's excessive: we block valid client use-cases,
>like chdir(2) to non-readable directory with execution bit set.
>
> The patch fixes these issues and cleanup code a bit.
>
> Signed-off-by: Kirill A. Shutemov
Reviewed-by: Daniel P. Berrange
On Wed, Mar 05, 2014 at 02:35:17PM +0100, Paolo Bonzini wrote:
> Il 05/03/2014 12:43, Alexey Kardashevskiy ha scritto:
> >
> >I just tried current upstresm QEMU and it handles bus=pci fine, it prints
> >an error on bus=pci.0 so I am confused - what qemu are you trying?
>
> See below:
>
> 1) virte
On Wed, Mar 05, 2014 at 03:12:40PM +0100, Paolo Bonzini wrote:
> Il 05/03/2014 14:40, Daniel P. Berrange ha scritto:
> > FWIW, I had requested this rename in the past but it was rejected :-(
> >
> >http://comments.gmane.org/gmane.comp.emulators.qemu/70783
>
> I t
On Wed, Mar 05, 2014 at 03:33:39PM +0100, Paolo Bonzini wrote:
> Il 05/03/2014 15:21, Daniel P. Berrange ha scritto:
> >>alpha/typhoon.c:b = pci_register_bus(dev, "pci",
> >>mips/gt64xxx_pci.c: phb->bus = pci_register_bus(dev, "pci",
> &
On Thu, Mar 06, 2014 at 12:47:28PM +0100, Paolo Bonzini wrote:
> Il 06/03/2014 04:11, Alexey Kardashevskiy ha scritto:
> >Previously libvirt required the first/default PCI bus to have name "pci".
> >Since QEMU can support multiple buses now, libvirt wants "pci.0" now.
> >
> >This removes custom bus
On Tue, Mar 18, 2014 at 02:08:19PM +0100, Stefan Hajnoczi wrote:
> On Mon, Mar 17, 2014 at 08:48:08PM -0400, Hamilton, Peter A. wrote:
> > Hi qemu-devel,
> >
> > I am a member of a development team based out of the Johns Hopkins
> > University Applied Physics Laboratory. Over the past year and a
On Thu, Mar 20, 2014 at 09:23:14AM +0100, Stefan Hajnoczi wrote:
> On Tue, Mar 18, 2014 at 01:30:44PM +0000, Daniel P. Berrange wrote:
> > On Tue, Mar 18, 2014 at 02:08:19PM +0100, Stefan Hajnoczi wrote:
> > > On Mon, Mar 17, 2014 at 08:48:08PM -0400, Hamilton, Peter A. wrote:
ecute": "guest-set-user-password",
"arguments": { "crypted": true,
"username": "root",
"password": "JDYkb...snip...YT2Ey" } }'
NB windows support is desirable, but not impl
On Thu, Feb 12, 2015 at 04:21:09PM +0300, Roman Kagan wrote:
> On Wed, Feb 11, 2015 at 11:26:12AM +0000, Daniel P. Berrange wrote:
> > Add a new 'guest-set-user-password' command for changing the password
> > of guest OS user accounts. This command is needed to enable Ope
On Tue, Feb 17, 2015 at 05:40:45PM +0100, Michal Privoznik wrote:
> So, imagine you've started a guest with ticketing enabled. You've set
> some password to access your SPICE/VNC session. However, later you
> want to give the access to somebody else's and therefore disable the
> ticketing. Come on,
On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
> On 02/24/2015 02:50 AM, Wen Congyang wrote:
> >> Script files are in general very hard to secure. Libvirt marks any
> >> domain that uses a script file for controlling networking as tainted,
> >> because it cannot guarantee that the scr
On Tue, Feb 24, 2015 at 02:43:07PM -0500, Gabriel L. Somlo wrote:
> The new "-g" (or "--getenv") command line option causes qemu-ga to extract
> and parse the "etc/guestenv" blob from fw_cfg, and return the value of
> the requested key (if available) on stdout.
>
> Warnings and error messages are
On Wed, Feb 25, 2015 at 04:21:15PM +0800, zhanghailiang wrote:
> On 2015/2/25 1:24, Daniel P. Berrange wrote:
> >On Tue, Feb 24, 2015 at 09:30:56AM -0700, Eric Blake wrote:
> >>On 02/24/2015 02:50 AM, Wen Congyang wrote:
> >>>>Script files are in general very h
On Thu, Jan 29, 2015 at 03:06:37PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> For an incoming migration it's potentially useful to be able to set
> capabilities and parameters prior to opening the connection, while
> a separate option for that would have been
On Thu, Jan 29, 2015 at 03:22:55PM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Thu, Jan 29, 2015 at 03:06:37PM +, Dr. David Alan Gilbert (git)
> > wrote:
> > > From: "Dr. David Alan Gilbert"
> >
On Thu, Jan 29, 2015 at 03:46:35PM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Thu, Jan 29, 2015 at 03:22:55PM +, Dr. David Alan Gilbert wrote:
> > > * Daniel P. Berrange (berra...@redhat.com) wrote:
> > > > On T
On Fri, Jan 30, 2015 at 09:38:50AM +, Dr. David Alan Gilbert wrote:
> * Eric Blake (ebl...@redhat.com) wrote:
> > On 01/29/2015 01:21 PM, Dr. David Alan Gilbert wrote:
> > > * Eric Blake (ebl...@redhat.com) wrote:
> > >> On 01/29/2015 09:28 AM, Dr. David Alan Gilbert wrote:
> > >>>
> > >>> So w
On Thu, Jan 29, 2015 at 08:05:50PM +, Peter Maydell wrote:
> On 29 January 2015 at 19:47, Laszlo Ersek wrote:
> > On 01/29/15 20:12, Laszlo Ersek wrote:
> >> If the guest kernel changed its "assignment strategy" at some point, but
> >> earlier it used to match the comment (and the code), then
On Fri, Jan 30, 2015 at 10:29:46AM +, Peter Maydell wrote:
> On 30 January 2015 at 09:54, Daniel P. Berrange wrote:
> > While it is clear there is no solution that works correctly with all
> > kernels, I hate to think that we're going to stick with an ordering
> >
Ping
On Mon, Jan 12, 2015 at 03:58:14PM +, Daniel P. Berrange wrote:
> Add a new 'guest-set-admin-password' command for changing the
> root/administrator password. This command is needed to allow
> OpenStack to support its API for changing the admin password
> on a runni
gthread-2.0.so.0
(0x7f7f73fca000)
libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x7f7f73c9)
libc.so.6 => /usr/lib64/libc.so.6 (0x7f7f738d3000)
libz.so.1 => /usr/lib64/libz.so.1 (0x7f7f736bd000)
librt.so.1 => /usr/lib64/librt.so.1 (0x00
On Tue, Feb 03, 2015 at 03:16:08PM -0700, Eric Blake wrote:
> On 01/12/2015 08:58 AM, Daniel P. Berrange wrote:
> > Add a new 'guest-set-admin-password' command for changing the
> > root/administrator password. This command is needed to allow
> > OpenStack to support
On Tue, Feb 03, 2015 at 02:09:22PM -0500, Gabriel L. Somlo wrote:
> Hi,
>
> I'm interested in adding a way for a host to pass environment variables
> into a qemu guest VM -- analogous to setting environment variables for
> a process to access via getenv() and friends.
>
> The QEMU Guest Agent (QG
On Tue, Feb 03, 2015 at 04:38:59PM -0500, Gabriel L. Somlo wrote:
> On Tue, Feb 03, 2015 at 02:11:12PM -0600, Michael Roth wrote:
> >
> > This does seem like useful functionality, but I think I'd like to know
> > more about the actual use-cases being looked at.
>
> The proposed functionality is m
On Wed, Feb 04, 2015 at 01:48:40PM +0300, Roman Kagan wrote:
> On Mon, Jan 12, 2015 at 03:58:14PM +0000, Daniel P. Berrange wrote:
> > Add a new 'guest-set-admin-password' command for changing the
> > root/administrator password. This command is needed to allow
> > O
In QEMU there are a number of features which involve communication with an
external system over an I/O channel of some form. The features include
migration, NBD, VNC and character devices. The I/O channel in question might
might be a FIFO pipe, a PTY, a TCP socket, a UNIX domain socket, RMDA channe
On Wed, Feb 04, 2015 at 01:43:12PM +0100, Paolo Bonzini wrote:
>
>
> On 04/02/2015 12:32, Daniel P. Berrange wrote:
> > So my idea would be that we define a QEMUChannel object and set of APIs to
> > standardize all interaction with sockets, pipes, RDMA, whatever $channel,
On Wed, Feb 04, 2015 at 01:08:21PM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > In QEMU there are a number of features which involve communication with an
> > external system over an I/O channel of some form. The features include
>
On Wed, Feb 04, 2015 at 02:42:20PM +0100, Paolo Bonzini wrote:
>
>
> On 04/02/2015 14:00, Daniel P. Berrange wrote:
> > On Wed, Feb 04, 2015 at 01:43:12PM +0100, Paolo Bonzini wrote:
> >>
> >>
> >> On 04/02/2015 12:32, Daniel P. Berrange wrote:
On Wed, Feb 04, 2015 at 04:25:47PM +0300, Olga Krishtal wrote:
> On 12/01/15 18:58, Daniel P. Berrange wrote:
> >Add a new 'guest-set-admin-password' command for changing the
> >root/administrator password. This command is needed to allow
> >OpenStack to support
On Wed, Feb 04, 2015 at 03:23:22PM +0100, Paolo Bonzini wrote:
>
>
> On 04/02/2015 15:08, Daniel P. Berrange wrote:
> >> > As long as QEMUFile remains there and GIOChannel is used only when
> >> > encryption is required, that would be an acceptable limitation. A
On Wed, Feb 04, 2015 at 04:48:44PM +0200, Marcel Apfelbaum wrote:
> On 02/04/2015 04:28 PM, Paolo Bonzini wrote:
> >
> >
> >On 04/02/2015 15:02, Daniel P. Berrange wrote:
> >>>I'm not sure if it makes sense for RDMA; it already has a couple of hooks
>
On Wed, Feb 04, 2015 at 10:20:14AM -0500, Gabriel L. Somlo wrote:
> Hi Daniel,
>
> On Wed, Feb 04, 2015 at 09:31:32AM +0000, Daniel P. Berrange wrote:
> > On Tue, Feb 03, 2015 at 04:38:59PM -0500, Gabriel L. Somlo wrote:
> > > On Tue, Feb 03, 2015 at 02:11:12PM -
On Wed, Feb 04, 2015 at 04:22:26PM +0100, Paolo Bonzini wrote:
>
>
> On 04/02/2015 16:11, Daniel P. Berrange wrote:
> > > For GIO/GIOChannel, you'd have to choose between zerocopy and many
> > > syscalls, or one copy and few syscalls. Since every page has two io
On Wed, Feb 04, 2015 at 04:04:33PM +0100, Paolo Bonzini wrote:
>
>
> On 04/02/2015 15:34, Daniel P. Berrange wrote:
> > > GIO doesn't provide writev either, so it's not a good match for
> > > non-encrypted migration, which really tries hard to do no copies i
On Wed, Feb 04, 2015 at 10:59:18AM -0500, Gabriel L. Somlo wrote:
> On Wed, Feb 04, 2015 at 03:24:32PM +0000, Daniel P. Berrange wrote:
> > Yes, there is some overhead in setting up QEMU on the host to provide
> > the data cloud-init needs, but it isn't all that difficult.
On Wed, Feb 04, 2015 at 05:33:36PM +0100, Markus Armbruster wrote:
> Peter Maydell writes:
>
> > On 4 February 2015 at 13:49, Markus Armbruster wrote:
> >> Remind me: what GLib version are we targeting, and why?
> >
> > Our current minimum is 2.12 (or 2.20 in Windows specific code),
> > and the
On Thu, Feb 05, 2015 at 04:15:50PM +0100, Juan Quintela wrote:
> Hi
>
> In fedora 21 when crosscompiling for windows I get that this functions
> are already defined. As they are declared there, I guess than in
> older complilers they weren't there. Is there a portable way to get
> happy both old
On Tue, Feb 10, 2015 at 04:16:38PM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> Once a qemu has been started with -incoming pause the
> migration can be started by issuing:
>
> migrate -u uri
>
> Signed-off-by: Dr. David Alan Gilbert
> ---
> hmp-commands.h
On Tue, Mar 17, 2015 at 01:50:37PM +, Peter Maydell wrote:
> On 17 March 2015 at 10:02, fupan wrote:
> > Did the qemu user mode support the systemd, cause I
> > met the following error while start an arm lxc on x86-64:
> >
> > qemu: Unsupported syscall: 355
> > Failed to allocate manager obje
The current QEMU startup code will create -chardev backends first, then
create -object backends, then -fsdev backends and so on, in some pretty
arbitrary order of types.
There is already a dependancy from the rng-egd object type, which has a
link to a chardev, which requires -chardev options be pr
On Wed, Mar 18, 2015 at 10:43:25AM +0100, Markus Armbruster wrote:
> "Daniel P. Berrange" writes:
> > A third option is to not process -object args in one go, instead process
> > each type of object at a time. eg we'd first create all the
> > -object tls-c
On Thu, Mar 19, 2015 at 03:02:27PM -0300, Eduardo Habkost wrote:
> On Mon, Mar 16, 2015 at 10:24:51AM +0000, Daniel P. Berrange wrote:
> > On Fri, Mar 13, 2015 at 04:09:57PM -0300, Eduardo Habkost wrote:
> > > With the Intel microcode update that removed HLE and RTM, there will
can be triggered in the
websockets layer before the VNC protocol actually starts, so no
client authentication will have taken place at this point.
Daniel P. Berrange (2):
CVE-2015-1779: incrementally decode websocket frames
CVE-2015-1779: limit size of HTTP headers from websockets clients
ui
ient typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-ws.c | 10 --
1 file changed, 8 insertions(+), 2 delet
.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-ws.c | 105
ui/vnc-ws.h | 9 --
ui/vnc.h| 2 ++
3 files changed, 80 insertions(+), 36 deletions(-)
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 85dbb7e..e8146d0 100644
--- a/ui
On Mon, Jan 05, 2015 at 12:14:25PM +, Dr. David Alan Gilbert wrote:
> Hi,
> I keep thinking of things where it might make sense to add
> options onto the migration URIs and wondered if it makes
> sense to restructure the migration URIs; my proposal would be:
>
> a) Restructure tcp::ppp
On Mon, Jan 05, 2015 at 12:37:23PM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Mon, Jan 05, 2015 at 12:14:25PM +, Dr. David Alan Gilbert wrote:
> > > Hi,
> > > I keep thinking of things where it might make sens
icmp(echo-request)
Daniel
On Mon, Dec 15, 2014 at 12:47:46PM +, Daniel P. Berrange wrote:
> Add a new 'guest-set-admin-password' command for changing the
> root/administrator password. This command is needed to allow
> OpenStack to support its API for changing the ad
On Mon, Dec 29, 2014 at 09:26:45PM +, Peter Maydell wrote:
> On 29 December 2014 at 19:09, Attila-Mihaly Balazs wrote:
> > My suggestion for improvement would be:
> > - change the behaviour of "-vnc :port" such that it listens on "127.0.0.1"
> > when the IP isn't specified
> > - if host is "0.
On Thu, Jan 08, 2015 at 11:11:29AM +, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert"
>
> If the remote host, or networking dies during a migration, the socket can be
> waiting for a long timeout, and migration_cancel can't complete the cancel
> for a long time (and you c
On Thu, Jan 08, 2015 at 11:29:59AM +, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Thu, Jan 08, 2015 at 11:11:29AM +, Dr. David Alan Gilbert (git)
> > wrote:
> > > From: "Dr. David Alan Gilbert"
> > &g
On Thu, Jan 08, 2015 at 06:21:19PM -0600, Michael Roth wrote:
> Quoting Daniel P. Berrange (2014-12-15 06:47:46)
> > Add a new 'guest-set-admin-password' command for changing the
> > root/administrator password. This command is needed to allow
> > OpenStack to s
em qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-admin-password", "arguments":
{ "crypted": true, "password":
"$6$T9O/j/aGPrE...sniprQoRN4F0.GG0MPjNUNyml." } }'
NB windows support is desirable, but not implemen
On Wed, Jan 21, 2015 at 01:47:22PM +0100, Markus Armbruster wrote:
> We're using the Coverity Scan service[*]. We've put in some effort, and
> we've gotten some mileage out of it, but I feel we could get more.
>
> Judging from the report e-mail I have lying about, we're scanning about
> once a mo
On Thu, Jan 22, 2015 at 11:17:35AM +, Stefan Hajnoczi wrote:
> On Tue, Jan 20, 2015 at 12:31:29PM -0500, Jeff Cody wrote:
> > @@ -792,12 +792,11 @@ static int vmdk_parse_extents(const char *desc,
> > BlockDriverState *bs,
> > const char *p = desc;
> > int64_t sectors = 0;
> > in
On Mon, Nov 03, 2014 at 02:11:35PM +0100, Kevin Wolf wrote:
> Am 03.11.2014 um 14:06 hat Cornelia Huck geschrieben:
> > After the latest gtk updates, master fails to build for me on a
> > SLES11SP3 machine:
> >
> > /home/cohuck/git/qemu/ui/gtk.c: In function ‘gd_key_event’:
> > /home/cohuck/git/qe
On Wed, Nov 19, 2014 at 09:35:16AM +, Dr. David Alan Gilbert wrote:
> * Paolo Bonzini (pbonz...@redhat.com) wrote:
> >
> >
> > On 18/11/2014 21:28, Dr. David Alan Gilbert wrote:
> > > This seems odd, since as far as I know the tunneling code is quite
> > > separate
> > > to the migration cod
On Wed, Dec 03, 2014 at 02:55:40PM +0800, arei.gong...@huawei.com wrote:
> From: Gonglei
>
> A bonus of this feature is that supporting different
> people (in different countries) using defferent keyboard
> to connect the same guest but not need to configure
> command line or libivrt xml file the
On Wed, Dec 03, 2014 at 05:50:57PM +0800, Gonglei wrote:
> On 2014/12/3 17:38, Daniel P. Berrange wrote:
>
> > On Wed, Dec 03, 2014 at 02:55:40PM +0800, arei.gong...@huawei.com wrote:
> >> From: Gonglei
> >>
> >> A bonus of this feature is that support
On Thu, Dec 04, 2014 at 05:46:22PM +0800, Gonglei wrote:
> On 2014/12/4 16:47, Gerd Hoffmann wrote:
>
> > Hi,
> >
> >> Hum.. Now, I encountered this situation that the common clienteles just use
> >> tightvnc client, but want to change keymap dynamically. As you say,
> >> the only way address t
On Thu, Dec 04, 2014 at 08:07:14PM +0800, Gonglei wrote:
> On 2014/12/4 17:53, Daniel P. Berrange wrote:
>
> > We do now provide Windows builds of viewer-viewer + remote-viewer
> > in a single MSI installer for Win 32 & 64 bit
> >
> > http://virt-manager
On Sat, Dec 06, 2014 at 08:35:19AM +1100, Tony Breeds wrote:
> Hi All,
> Openstcak (Nova) has had an issue for a longish time where a running
> instance (qemu via libvirt) which has a file based console can fill the disk
> of
> the hypervisor causing all guests to stall.
>
> I'm looking at wa
On Wed, Dec 10, 2014 at 09:52:05AM -0700, Eric Blake wrote:
> On 12/10/2014 02:37 AM, Gerd Hoffmann wrote:
> > Add new query vnc qmp command, for the lack of better ideas just name it
> > "query-vnc2". Changes over query-vnc:
> >
> > * It returns a list of vnc servers, so multiple vnc server ins
On Thu, Dec 11, 2014 at 10:07:24AM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > > +# @auth: The current authentication type used by the server
> > > +#'none' if no authentication is being used
> > > +#'vnc' if VNC authentication is being used
> > > +#'vencrypt+plain' if VEncry
On Thu, Dec 11, 2014 at 12:33:35PM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > That's not a correct interpretation of the auth values - tls and x509 are
> > not separate auth codes. VNC has one set of primary auth codes really
> >
> > none, vnc, vencrypt
>
> Well, the source code also has (see v
On Thu, Dec 11, 2014 at 12:05:53PM +0100, Gerd Hoffmann wrote:
> Hi,
>
> This series add support for screen rendering using opengl. This only
> blits classic DisplaySurfaces to the screen using opengl, it does not
> (yet) enable gfx emulation use opengl for rendering.
>
> It depends on the "sd
On Thu, Dec 11, 2014 at 04:29:00PM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > > Second for the long term there will be 3d support in a number of UIs:
> > > I expect sdl2, gtk, egl (using render nodes, for headless) and spice.
> > > Having a global switch for them all looks easier.
> >
> > In libvi
On Mon, Dec 15, 2014 at 10:16:39AM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > >
> > > So better add a 'vencrypt-subauth' enum with this list?
> >
> > Yeah probably a good idea
>
> How does this look like (incremental fixup attached, docs to be
> updated) ?
Looks fine to me.
Regards,
Daniel
--
em qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-admin-password", "arguments":
{ "crypted": true, "password":
"$6$T9O/j/aGPrE...sniprQoRN4F0.GG0MPjNUNyml." } }'
NB windows support is desirable, but not implemen
On Mon, Dec 15, 2014 at 04:16:02PM +0100, Alexander Graf wrote:
>
>
> On 10.12.14 14:19, Marcel Apfelbaum wrote:
> > The help is based on the actual machine properties
> > exposing only the relevant options.
> >
> > Signed-off-by: Marcel Apfelbaum
>
> Can libvirt make use of this or would it n
On Fri, Dec 19, 2014 at 01:13:50PM +, Stefan Hajnoczi wrote:
> On Mon, Dec 15, 2014 at 02:05:23PM +0200, Roy Vardi wrote:
> > From: Roy Vardi
> >
> > Add 'persistent' boolean flag to -net tap option.
> > When set to off - tap interface will be released on shutdown
> > When set to
On Wed, Apr 01, 2015 at 02:41:57PM +0100, Peter Maydell wrote:
> On 1 April 2015 at 14:36, Gerd Hoffmann wrote:
> > Confirmed. Fixes the issues I've seen in testing and looks sensible to
> > me. Comment from Daniel would be nice, especially as I know next to
> > nothing about websockets, but he
NULL);
Note all property values are passed in string form and will
be parsed into their required data types.
Signed-off-by: Daniel P. Berrange
---
include/qom/object.h | 58 +++
qom/object.c | 64 +++
The qemu_acl_init() function has long since stopped being able
to return NULL, since g_malloc will abort on OOM. As such the
checks for NULL were unreachable code.
Signed-off-by: Daniel P. Berrange
---
ui/vnc.c | 8
1 file changed, 8 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index
The diffstat may look alarming but a good portion is in the test
suite and there's some quite verbose comments inline too which
bulk it up:
Daniel P. Berrange (34):
ui: remove check for failure of qemu_acl_init()
qom: document user creatable object types in help text
qom: create objects
To prepare for a generic internal cipher API, move the
built-in AES implementation into the crypto/ directory
Signed-off-by: Daniel P. Berrange
---
block/qcow.c | 2 +-
block/qcow2.c | 1 -
block/qcow2.h | 2 +-
crypto/Makefile.objs
hash.
Signed-off-by: Daniel P. Berrange
---
Makefile.objs| 1 +
configure| 46 +++
crypto/Makefile.objs | 2 +
crypto/hash.c| 202 +
crypto/init.c| 62 ++
include/crypto
-off-by: Daniel P. Berrange
---
qemu-options.hx | 70 -
1 file changed, 54 insertions(+), 16 deletions(-)
diff --git a/qemu-options.hx b/qemu-options.hx
index 319d971..5ef0ae4 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3421,22
e range of 'value' in
the setter, because the string->enum conversion code will
have already done that and reported an error as required.
Signed-off-by: Daniel P. Berrange
---
include/qom/object.h | 17
qom/object.c | 57
Add a QIOChannel subclass that can run the TLS protocol over the
top of another QIOChannel instance.
Signed-off-by: Daniel P. Berrange
---
include/io/channel-tls.h | 142 +
io/Makefile.objs | 1 +
io/channel-tls.c | 393
dependency on
the chardevs. Hopefully the set which need delaying will remain
small.
Signed-off-by: Daniel P. Berrange
---
vl.c | 29 -
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/vl.c b/vl.c
index 74c2681..8aac4ee 100644
--- a/vl.c
+++ b/vl.c
@@ -2591,6
redentials cannot be initialized an error will be reported
as a QMP reply, or on stderr respectively.
A later patch will update the VNC server to use this eg
qemu-system-x86_64 -object qcrypto-tls-creds,id=tls0,... \
-vnc 127.0.0.1:1,tls-creds=tls0
Signed-off-by: Daniel P. Berrange
---
administrator immediate feedback
for the majority of common configuration mistakes.
The code is derived from equivalent code that has been part of
libvirt's TLS support for a while.
Signed-off-by: Daniel P. Berrange
---
configure| 22 +
crypto/tlscreds.c|
either the string elements, nor the array itself should
ever be modified.
Signed-off-by: Daniel P. Berrange
---
include/hw/qdev-core.h | 2 +-
include/qapi/util.h | 2 +-
include/qapi/visitor-impl.h | 6 +++---
include/qapi/visitor.h | 2 +-
include/qom/object.h| 2 +-
qapi/qa
silently ignored.
Signed-off-by: Daniel P. Berrange
---
configure | 31 --
qemu-options.hx| 28 -
ui/Makefile.objs | 2 +-
ui/vnc-auth-sasl.c | 46 +++-
ui/vnc-auth-vencrypt.c | 107 ++
ui/vnc-tls.h | 69
ui/vnc
ff-by: Daniel P. Berrange
---
block/Makefile.objs | 2 +-
block/quorum.c | 38 +++---
configure | 39 ---
3 files changed, 20 insertions(+), 59 deletions(-)
diff --git a/block/Makefile.objs b/block/Makefile.objs
index db
Start the new generic I/O channel framework by defining a
QIOChannel abstract base class. This is designed to feel
similar to GLib's GIOChannel, but with the addition of
support for using iovecs, qemu error reporting, file
descriptor passing and msg peeking.
Signed-off-by: Daniel P. Ber
to use the new enum property registration
code, which simplifies it somewhat.
Signed-off-by: Daniel P. Berrange
---
backends/hostmem.c | 22 --
include/qom/object.h | 3 +--
numa.c | 1 -
qom/object.c | 32
4 files
Remove custom websock handling code from the VNC server and use
the QIOChannelWebsock class instead.
Signed-off-by: Daniel P. Berrange
---
ui/vnc-ws.c | 329 +---
ui/vnc-ws.h | 63
ui/vnc.c| 25 +
ui/vnc.h| 4
Implement a QIOChannel subclass that supports sockets I/O
TBD check errno handling of windows port & fix watch impl
Signed-off-by: Daniel P. Berrange
---
include/io/channel-socket.h | 168 +
io/Makefile.objs| 1 +
io/channel-socket.c |
Switch the VNC server over to use the generic cipher API, this
allows it to use the pluggable DES implementations, instead of
being hardcoded to use QEMU's built-in impl.
Signed-off-by: Daniel P. Berrange
---
ui/vnc.c | 52 +---
1 file change
Introduce a generic cipher API and an implementation of it that
supports only the built-in AES and DES-RFB algorithms.
The test suite checks the supported algorithms + modes to
validate that every backend implementation is actually correctly
complying with the specs.
Signed-off-by: Daniel P
501 - 600 of 6827 matches
Mail list logo
