- added new commands:
- cxl-inject-dram-event
- cxl-inject-general-media-event
- cxl-inject-memory-module-event
- cxl-inject-poison
- switchover-ack
- q35-8.1 machine type now supports 1024 cpus
- new cpu models:
- 'SapphireRapids-v2'
- 'GraniteRapids-v1'
- removed commands:
- x-query-profile
- cpu features which can be emulated now:
- rdseed, rdpid, 3dnowprefetch, xsaveerptr, wbnoinvd
- applicable CPU bug mitigation flags are now exposed to TCG guests to
allow using more named models
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 13 Jul 2023 14:16:37 +0000 (16:16 +0200)]
storage: Fix returning of locked objects from 'virStoragePoolObjListSearch'
CVE-2023-3750
'virStoragePoolObjListSearch' explicitly documents that it's returning
a pointer to a locked and ref'd pool that maches the lookup function.
This was not the case as in commit 0c4b391e2a9 (released in
libvirt-8.3.0) the code was accidentally converted to use 'VIR_LOCK_GUARD'
which auto-unlocked it when leaving the scope, even when the code was
originally "leaking" the lock.
Revert the corresponding conversion and add a comment that this function
is intentionally leaking a locked object.
Fixes: 0c4b391e2a9
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2221851 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 4 Jul 2023 11:36:21 +0000 (13:36 +0200)]
qemuTestDriverInit: Don't autopopulate qemu capabilities when initializing driver
In an effort to use strictly real capability testing all tests were
converted to do insertion of their own capabilities when required, thus
we don't need to popluate the capabilities. This will also promote using
proper capabilities based on what the test is trying to achieve.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 4 Jul 2023 11:39:24 +0000 (13:39 +0200)]
qemuagenttest: Use real x86_64 capabilities for parsing domain definitions
Some test cases require a real definition and thus parse a XML with the
definition to obtain it. Convert the code to use real capabilities and
switch to x86_64.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
'testQemuInsertRealCaps' looks up and inserts real capabilities into the
capability 'file cache' for testing purposes. Effectively this helper
replaces following steps:
This helper doesn't copy the capabilities that are borrowed from it's
internal cache thus they must not be modified afterwards in contrast to
the above steps.
The use of this helper is in simple tests which require some form of
capabilities to parse a definition but don't care about doctoring them
in any way.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 3 Jul 2023 12:50:42 +0000 (14:50 +0200)]
testQemuGetRealCaps: Extract caching of the caps into a new helper
Introduce testQemuGetRealCapsInternal that loads and caches the
capabilities. testQemuGetRealCaps just copies the cache entry and
returns it to the user.
The new helper will be used in a helper that doesn't modify the
capabilities and thus we don't need to copy it before use.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 3 Jul 2023 12:41:38 +0000 (14:41 +0200)]
testQemuGetRealCaps: Strip the default machine alias before insertion into cache
Expand the default machine type alias of the 'latest' capabilities for
an architecture before caching it rather than after copying it, so that
we don't duplicate the work all the time.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Mon, 3 Apr 2023 11:20:47 +0000 (13:20 +0200)]
domaincapstest: Use obviously fake firmware name in capabilities
The domain capabilities data feature a firmware section which is filled
by few entries. The entries used until now looked real and it was
suspicious that a x86_64 host was listing aarch64 firmware images which
should not happen.
Fill it by an obviously fake path as it's not actually interpreted in a
meaningful way.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 16 May 2023 08:18:55 +0000 (10:18 +0200)]
Properly mark auto-added 'terminator' virStorageSource
All backing chain members which were auto-added by image detection,
including the terminating element, should have the 'detected' property
set to true. This is needed to properly strip the detected elements in
some cases, e.g. for the status XML where we could treat some images as
manually terminated even when it was auto-detected.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 16 May 2023 08:18:18 +0000 (10:18 +0200)]
qemu: driver: Reformat helpers for saving VM state
Rewrap argument definition of qemuDomainSaveInternal and align argument
in the invocation of the aforementioned function in
qemuDomainManagedSaveHelper.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Historically we wanted to check if logind was actually running, not
merely activatable, because on systems where systemd is installed,
but the OS is booted into non-systemd init, we want to fallback to
pm-utils.
Requiring logind to be running, however, forces us to serialize libvirtd
startup on startup of logind which is undesirable. We can relax this
dependancy if we check whether systemd itself is running, which implies
that logind will activated when we need it.
https://gitlab.com/libvirt/libvirt/-/issues/489 Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
src: set max open file limit to match systemd >= 240 defaults
Since systemd 240, all services get an open file hard limit of
500k, and a soft limit of 1024. This limit means apps are safe
to use select() by default which is limited to 1024 FDs. Apps
which don't use select() are expected to simply set their soft
limit to match the hard limit during startup.
With our current unit file settings we've been effectively
reducing the max open files we have on most modern systems.
https://gitlab.com/libvirt/libvirt/-/issues/489 Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Historically the max files limit for processes has always been 1024,
because going beyond this is incompatible with the select() function.
None the less most apps these days will use poll() so should not be
limited in this way.
Since systemd >= 240, the hard limit will be 500k, while the soft
limit remains at 1k. Applications which don't use select() should
raise their soft limit to match the hard limit during their startup.
This function provides a convenient helper to do this limit raising.
Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
src: remove deps on ip[6]tables/firewalld.service from systemd units
The unit files both have After=network.target, and this in turn implies
After=network-pre.target. Both iptables.service & ip6tables.service have
Before=network-pre.target since Fedora >= 35 and RHEL >= 8.4.
When we first added the deps on ip[6]tables.service in
systemd: start libvirtd after firewalld/iptables services
the Before=network-pre.target didn't exist, but we can rely on it now
given our supported platforms matrix.
The firewalld.service has similarly has a Before=network-pre.target,
even when we took that commit above, so this dep was in face never
actually needed. This answers the question posed in that above commit
message about firewalld ordering.
https://gitlab.com/libvirt/libvirt/-/issues/489 Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Sun, 26 Feb 2023 11:04:21 +0000 (12:04 +0100)]
tests: Refresh valgrind suppressions
Since nobody is expected to run valgrind over scripts now, we can
drop plenty of suppressions. Also, there are some old ones that
no longer exist and new ones, that are not covered.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Sat, 15 Jul 2023 05:52:43 +0000 (07:52 +0200)]
meson: Annotate each test() with 'suite'
A test case can be part of a test suite (just like we already
have 'syntax-check'). This then allows developers to run only a
subset of tests. For instance - when using valgrind test setup
(`meson test -C _build/ --setup valgrind`) it makes zero sense to
run syntax-check tests or other script based tests (e.g.
check-augeas-*, check-remote_protocol, etc.). What does makes
sense is to run compiled binaries.
Strictly speaking, reaching that goal is as trivial as annotating
only those compiled tests (declared in tests/meson.build) and
running them selectively:
meson test -C _build/ --setup valgrind --suite $TAG
But it may be also desirable to run test scripts separately.
Therefore, introduce two new tags: 'bin' for compiled tests, and
'script' for script based tests and annotate each test()
accordingly.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Matt Low [Mon, 3 Jul 2023 22:53:28 +0000 (16:53 -0600)]
storage: zfs: Use 'zfs list' to check pool status
The current virtStorageBackendZFSCheckPool checks for the existence of a
path under /dev/zvol/ to determine if the pool is active. ZFS does not
create a path under /dev/zvol/ if no ZFS volumes have been created under
a particular dataset, thus, empty ZFS storage pools are deactivated
whenever checkPool is called on them (as noted in referenced issue).
This commit changes virStorageBackendZFSCheckPool so that the 'zfs list'
command is used to explicitly check for the existence a dataset
specified by the pool's def->source.name.
Since commit 44a0f2f0, we now query mdevctl for transient (active) mdevs
in order to gather attributes for the mdev. Unfortunately, this commit
introduced a regression because nodeDeviceUpdateMediatedDevice() assumed
that all mdevs returned from mdevctl were actually persistent mdevs but
we were using it to update transient mdevs. Refactor the function so
that we can use it to update both persistent and transient mdevs.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
qemu: require memfd memory for virtio 'blob' support
The virtio-gpu 'blob' support was insufficiently validated. Qemu
requires a memfd memory backing in order to use udmabuf and enable blob
support. Example error:
$ virsh start rhel9
error: Failed to start domain 'rhel9'
error: internal error: qemu unexpectedly closed the monitor: 2023-07-18T02:33:57.083178Z qemu-kvm: -device {"driver":"virtio-vga","id":"video0","max_outputs":1,"blob":true,"bus":"pcie.0","addr":"0x1"}: cannot enable blob resources without udmabuf
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Fri, 16 Jun 2023 11:05:48 +0000 (13:05 +0200)]
qemu: Adapt to new way of specifying PC speaker
Historically, the way to set PC speaker for a guest was to pass:
-soundhw pcspk
but as of QEMU commit v5.1.0-rc0~28^2~3 this is deprecated and we
should use:
-machine pcspk-audiodev=$id
instead. The old way was then removed in commit v7.1.0-rc0~99^2~3.
Now, ideally we would have a capability selecting whether we talk
to a QEMU that understands the new way or not. But it's not that
simple - the machine attribute is just an alias to the .audiodev=
attribute of 'isa-pcspk' object and both are created in
pc_machine_initfn() function, i.e. not then the PC_MACHINE() class
is initialized, but when it's instantiated. IOW, it's not possible
for us to query whether we're dealing with older or newer QEMU.
But given that the newer version is supported since v5.1.0 and the
minimal version we require is v4.2.0 (i.e. there are two releases
which don't understand the newer cmd line) and how frequently this
feature is (un-)used (the issue was reported after ~1 year since it
stopped working), I believe we can live without any capability and
just use the newer cmd line unconditionally.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/490 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Introduced in QEMU commit of v0.14.0-rc0~83^2~1 and not being
able to compile the .removable attribute of the "usb-storage"
object out, renders our corresponding capability
QEMU_CAPS_USB_STORAGE_REMOVABLE always set. Stop using it in
command generation / domain validation.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 17 Jul 2023 14:17:19 +0000 (16:17 +0200)]
test_driver: Pass virt_type to virNodeDeviceDefParse() in testNodeDeviceCreateXML()
This brings the code closer to real implementation:
nodeDeviceCreateXML(). For the unique OUI, let's take the value
from tests/virrandommock.c: 100000.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 17 Jul 2023 13:24:43 +0000 (15:24 +0200)]
virrandom: Fix printf format string in virRandomGenerateWWN()
Firstly, drop needless concatenation of two static strings.
Secondly, use proper (portable) formatter for uint64_t so that
typecast to ULL can be dropped.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Mon, 17 Jul 2023 13:05:19 +0000 (15:05 +0200)]
virsh: Make cmdVersion() work with split daemon
When virsh connects to a non-hypervisor daemon directly (e.g.
"nodedev:///system") and user executes 'version' they are met
with an error message. This is because cmdVersion() calls
virConnectGetVersion() which fails, hence the error.
The reason for virConnectGetVersion() fail is simple - it's
documented as:
Get the version level of the Hypervisor running.
Well, there's no hypervisor in non-hypervisor daemons and thus it
doesn't make sense to provide an implementation in each driver's
virConnectDriver.hypervisorDriver table (just like we do for
other APIs, e.g. nodeConnectIsSecure()).
Given all of this, just make cmdVersion() deal with the error in
a non-fatal fashion.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Boris Fiuczynski [Fri, 14 Jul 2023 14:38:14 +0000 (16:38 +0200)]
qemu: S390 does not provide physical address size
Commit be1b7d5b18 introduced parsing /proc/cpuinfo for "address size"
which is not including on S390 and therefore reports an internal error.
Lets remove the parsing on S390.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: Collin Walling <walling@linux.ibm.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Add async-teardown to the features list in domain capabilities allowing
high level management to introspect the availability of the asynchronous
teardown feature.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Thu, 13 Jul 2023 08:10:38 +0000 (10:10 +0200)]
qemu: Add NUMA node automatically for memory hotplug
Up until v2.11.0-rc2~19^2~3 QEMU used to require at least one
NUMA node to be configured when memory hotplug was enabled. After
that commit, QEMU automatically adds a NUMA node if none was
specified on the cmd line. Reflect this in domain XML, i.e.
explicitly add a NUMA node into our domain definition if needed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2216236 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Tim Small [Thu, 13 Jul 2023 11:00:03 +0000 (12:00 +0100)]
docs: Fix deprecated use of implicit meson "setup" command
Use the explicit meson "setup" command instead of the deprecated
implicit invocation. The implied setup usage generates a warning with
meson version 1.0.1:
WARNING: Running the setup command as `meson [options]` instead of
`meson setup [options]` is ambiguous and deprecated.
Additionally the implicit command is likely to be confusing to those
unfamiliar with Meson - the `build` argument in `meson build` resembles
an action rather than an arbitrary path.
Signed-off-by: Tim Small <tim@seoss.co.uk> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Small [Thu, 13 Jul 2023 10:59:59 +0000 (11:59 +0100)]
docs: Add config instructions for clangd with libvirt
In build environments which use gcc as the default compiler, use of the
clangd LSP server (for enhanced code editing and navigation etc.) with
libvirt requires some additional configuration. Detail this and link
from `hacking.rst`.
Signed-off-by: Tim Small <tim@seoss.co.uk> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Small [Thu, 13 Jul 2023 10:59:57 +0000 (11:59 +0100)]
docs: Link main "contributing" from programming-specific guide
There are two guides to contributing: `hacking.rst` is focused on code
contributions, and `contributing.rst` is more general. Clarify scope of
`hacking.rst` and link to the general guide in its references.
Signed-off-by: Tim Small <tim@seoss.co.uk> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Tim Small [Thu, 13 Jul 2023 10:59:55 +0000 (11:59 +0100)]
docs: Link to main docs directory from Quick Links
Whilst the "docs" documentation map is linked in the navigation bar,
users may scroll down and lose sight of this, so also place at the
bottom of the "Quick Links" section.
Signed-off-by: Tim Small <tim@seoss.co.uk> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Rather than directly executing mdevctl from the udev event thread when
we determine that we need to re-query, schedule the mdevctl thread to
run. This also helps to coalesce multiple back-to-back updates into a
single one when there are multiple updates in a row or at startup when a
host has a very large number of mdevs.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Factor out a new scheduleMdevctlUpdate() function so that we can re-use
it from other places. Now that other events can make it necessary to
re-query mdevctl for mdev updates, this function will be useful for
coalescing multiple updates in quick succession into a single mdevctl
query.
Also rename a couple functions. The names weren't very descriptive of
their behavior. For example, the old scheduleMdevctlHandler() function
didn't actually schedule anything, it just started a thread. So rename
it to free up the 'schedule' name for the above refactored function.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Michal Privoznik [Thu, 13 Jul 2023 08:29:11 +0000 (10:29 +0200)]
qemu_domain: Deduplicate targetNode check in qemuDomainDefValidateMemoryHotplugDevice()
If a domain has NUMA configured, then all <memory/> devices
(except for 'virtio-pmem') need to have targetNode set. There are
two checks inside of qemuDomainDefValidateMemoryHotplugDevice()
for this: one inside of big switch() statement, which only checks
'dimm' and 'nvdimm' cases, and the other at the end of the
function that checks all models (except for 'virtio-pmem'). Let's
keep the latter and remove the former as the latter covers the
former too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Jim Fehlig [Wed, 12 Jul 2023 21:15:08 +0000 (15:15 -0600)]
libxl: Advertise support for VIR_MIGRATE_CHANGE_PROTECTION
The libxl driver has basic support for VIR_MIGRATE_CHANGE_PROTECTION
by starting and stopping modify jobs in the begin/confirm and prepare/finish
phases of migration, but it doesn't advertise that support. This can result
in unterminated jobs because the migration logic skips phases of migration
when the VIR_MIGRATE_CHANGE_PROTECTION feature is absent. Ensure jobs are
terminated properly by advertising support for VIR_MIGRATE_CHANGE_PROTECTION.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Jim Fehlig [Tue, 11 Jul 2023 16:35:32 +0000 (10:35 -0600)]
libxl: Don't attempt to resume domain on canceled migration
For unknown reasons, the libxl driver attempts to resume a domain in the
confirm phase when a migration operation has been canceled. This has shown
to be problematic when simulating scenarios that result in a canceled
migration. In all scenarios, the domain was in a running state when entering
libxlDomainMigrationSrcConfirm, causing the call to libxl_domain_resume to
fail. Making matters worse, the domain state is changed to paused when in
fact it's running. And finally, libxlDomainMigrationSrcConfirm incorrectly
returns an error.
Remove this incorrect logic from libxlDomainMigrationSrcConfirm. On a
canceled migration it's sufficient to resume the lock process that was
paused in the perform phase.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Michal Privoznik [Tue, 11 Jul 2023 14:13:15 +0000 (16:13 +0200)]
node_device: Enclose Linux specific code in ifdef __linux__
Our CI started to enable udev backend on FreeBSD. And while there
is udev on FreeBSD some parts of our code are highly Linux
specific, e.g. translating SCSI device type to string (from an
integer obtained from the sysfs). Obviously, this doesn't work
anywhere else. This is the reason why we need to include
scsi/scsi.h header file (which actually comes from the Linux
kernel source tree but for some reason glibc started to
distribute it, followed by musl).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
tests: remove acpi support from s390x ccw hotplug tests
In newer QEMU libvirt combinations acpi support is no longer tolerated
and ignored. Therfore before upgrading the test capabilities to QEMU
8.1.0 replies removing the acpi feature from the domain XMLs.
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Andrea Bolognani [Thu, 29 Jun 2023 10:04:02 +0000 (12:04 +0200)]
apparmor: Make all profiles extensible
Do for all other profiles what we already do for the
virt-aa-helper one. In this case we limit the feature to AppArmor
3.x, as it was never implemented for 2.x.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Andrea Bolognani [Thu, 29 Jun 2023 09:40:16 +0000 (11:40 +0200)]
apparmor: Improve virt-aa-helper include
For AppArmor 3.x we can use 'include if exists', which frees us
from having to create a dummy override. For AppArmor 2.x we keep
things as they are to avoid introducing regressions.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Andrea Bolognani [Thu, 29 Jun 2023 09:47:13 +0000 (11:47 +0200)]
apparmor: Only support passt on 3.x
The subprofile can only work by including the abstraction shipped
in the passt package, which we can't assume is present, and
'include if exists' doesn't work well on 2.x.
No distro that's stuck on AppArmor 2.x is likely to be shipping
passt anyway.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Andrea Bolognani [Thu, 29 Jun 2023 09:35:52 +0000 (11:35 +0200)]
apparmor: Allow version-specific bits in profiles
Perform an additional preprocessing step before the existing
variable substitution. This is the same approach that we already
use to customize systemd unit files based on whether the service
supports TCP connections.
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
Michal Privoznik [Thu, 29 Jun 2023 06:46:04 +0000 (08:46 +0200)]
Revert "lxc_fuse: Tell FUSE that /proc/meminfo is nonseekable"
After v8.1.0-61-g030faee28d it is no longer necessary to make the
/proc/meminfo file nonseekable as our code that fills the file
with spoofed values can handle seeking just fine.
Previously, `free(1)` was okay with failed lseek(), but this was
ages ago and meanwhile the procps project moved to creating a
library and moved the file parsing code under an exported
function. In attempt to make the function callable multiple
times, it can lseek() multiple times and failure to do so is
fatal.
Resolves: https://gitlab.com/libvirt/libvirt/-/issues/492 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Jim Fehlig [Tue, 27 Jun 2023 23:09:15 +0000 (17:09 -0600)]
Revert "apparmor: Add support for local profile customizations"
As it turns out, apparmor 2.x and 3.x behave differently or have differing
levels of support for local customizations of profiles and profile
abstractions. Additionally the apparmor 2.x tools do not cope well with
'include if exists'. Revert this commit until a more complete solution is
developed that works with old and new apparmor.
Michal Privoznik [Tue, 27 Jun 2023 06:51:36 +0000 (08:51 +0200)]
qemu_passt: Actually use @logfd
In one of my previous commits I've introduced @logfd variable
that was supposed to hold FD of passt logfile. But I've forgot to
assign the qemuDomainOpenFile() retval to it.
Fixes: 8511b96a319836700b4829816cdae27c3630060d Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Mon, 12 Jun 2023 07:10:31 +0000 (09:10 +0200)]
docs: Move passt log file in our example XML
In our passt example XML we use /var/log/passt.log as path to the
log file. This is not optimal, because in case of unprivileged
daemon, neither libvirt nor passt has enough permissions to
create the file. Let's move the file under /tmp.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
There are a few situations where passt itself is unable to create
a file because it runs under QEMU user (e.g. just like our
example from formatdomain.rst suggests: /var/log/passt.log). If
libvirtd runs with sufficient permissions (e.g. as root) it can
create the file and set seclabels on it so that passt can then
open it.
Ideally, we would just pass pre-opened FD, but this wasn't viewed
as secure enough [1]. So lets just create the file and set
seclabels.
For the case when both libvirtd and passt have the same
permissions, well then we fail before even needing to fork() and
exec().
1: https://archives.passt.top/passt-dev/20230606225836.63aecebe@elisabeth/
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2209191 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Notable changes:
- 'fdset' feature is supported for the vdpa block backend provided by
libblkio
- 'xsaves' feature is optional for EPYC-Rome
- 'cryptodev-backend-lkcf' and 'PIIX3-xen' devices removed
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
projects / libvirt.git / log