Hi, all!
I'm adding three test for CCA compatibility:
domaincapstest, qemucapabilitiestest, and qemuxmlconftest.
This is because SEV-SNP added these three tests.
I have three questions regarding these tests:
1. How to add tests to qemuxmlconftest
2. How to create launch-security-cca.xml
3.
qemuProcessPrepareDomain()'s comments say that it should be the only
place to change the "live XML" of a domain (i.e. the public parts of
the virDomainDef object that is shown in the domain's status
XML), and that seems like a reasonable idea (although there aren't
many users of it to date).
qemuP
needs to run the
passt command just as is done for interface type='user', but then add
vhostuser bits to the qemu commandline/monitor command.
There are some changes to the parsing/validation along with changes to
the vhostuser codepath do do the extra stuff for passt. I tried
keeping them separa
When passt is used with vhostuser, the vhostuser code that builds the
qemu commandline will need to have the same socket path that is given
to the passt command, so this patch makes it visible outside of
qemu_passt.c.
Signed-off-by: Laine Stump
---
src/qemu/qemu_passt.c | 2 +-
src/qemu/qemu_pas
For some reason, when vhostuser interface support was added in 2014,
the parser required that the XML for the have a
element with type, mode, and path, all 3 also required. This in spite
of the fact that 'unix' is the only possible valid setting for type,
and 95% of the time the mode is set to 'c
Since vhostuser is only used/supported by the QEMU driver, and all the
rest of the vhostuser-specific validation is done in QEMU's
validation, lets move the final check (to see if they've tried to
enable auto-reconnect when this interface is on the server side of the
vhostuser socket) to the QEMU v
Both vdpa and vhostuser require that the guest device be virtio, and
for interface type='vdpa', we already set if it
is unspecified in the input XML, so let's be just as courteous for
interface type='vhostuser'.
Signed-off-by: Laine Stump
---
src/qemu/qemu_postparse.c | 3 ++-
1 file changed, 2
Both vhostuser and vdpa interface types must use the virtio model in
the guest (because part of the functionality is implemented in the
guest virtio driver). Due to ["because that's the way it happened"]
this has been validated for vhostuser in the hypervisor-agnostic
validate function, but for vdp
Because all the checks for VIR_DOMAIN_NET_TYPE_VDPA were inside an
else-if clause that was immediately followed by another else-if clause
that forbid setting guestIP.ips or guestIP.routes, we've been allowing
users to set guestIP.* for vdpa interfaces (but then not doing
validation of the attribute
We haven't checked for memalloc failure in many years, and that was
the only reason this function would have ever failed.
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 15 +--
src/conf/domain_conf.h | 2 +-
src/libxl/libxl_domain.c | 5 +
src/libxl/libxl_driver.c
passt (https://passt.top) provides a method of connecting QEMU virtual
machines to the external network without requiring special privileges
or capabilities of any participating processes - even libvirt itself
can run unprivileged and create an instance of passt (which *always*
runs unprivileged) t
On Thu, Feb 13, 2025 at 03:36:00PM +0100, Stefano Brivio wrote:
> On Thu, 13 Feb 2025 09:16:33 +0100 Christian Ehrhardt
> wrote:
> > On Wed, Feb 5, 2025 at 6:22 PM Andrea Bolognani wrote:
> > > After looking into the situation, I am convinced that AppArmor
> > > confinement never really worked f
On Thu, 13 Feb 2025 09:16:33 +0100
Christian Ehrhardt wrote:
> On Wed, Feb 5, 2025 at 6:22 PM Andrea Bolognani wrote:
> >
> > An issue was recently reported[1] with running unprivileged VMs
> > configured to use passt on Debian with AppArmor confinement enabled.
>
> Hi Andrea (and Stefano),
>
Signed-off-by: Boris Fiuczynski
---
NEWS.rst | 11 +++
1 file changed, 11 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 7dc6a3fa37..4fc8a3bba0 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -31,6 +31,17 @@ v11.1.0 (unreleased)
* **New features**
+ * nodedev: Support ccwgroup based
Daniel P. Berrangé writes:
>> src/bhyve/bhyve_command.c | 27 +++
>> 1 file changed, 27 insertions(+)
>
> This should come with additions to bhyvexml2argvtest.c data
> files.
Done
>> +static int
>> +bhyveBuildHostdevArgStr(const virDomainDef *def, virCommand *cmd)
>> +{
Daniel P. Berrangé writes:
>> src/bhyve/bhyve_parse_command.c | 59 +
>> 1 file changed, 59 insertions(+)
>
> Should come with additions to bhyveargv2xmltest.c data files
Done
>> +if (!(hostdev = virDomainHostdevDefNew()))
>> +return 0;
>
> This met
Daniel P. Berrangé writes:
Done.
> Please provide a commit message that describes the problem
> you're solving with this refactoring. Likewise for other
> commits in this series which all have empty commit messages.
>
>> Sponsored by: Future Crew, LLC
>
> While it is nice that they're sponsoring
Signed-off-by: Alexander Shursha
---
src/bhyve/bhyve_command.c | 24
.../bhyvexml2argv-passthru.args | 9 ++
.../bhyvexml2argv-passthru.ldargs | 4 +++
.../bhyvexml2argv-passthru.xml| 28 +++
test
Signed-off-by: Alexander Shursha
---
src/bhyve/bhyve_parse_command.c | 60 +++
.../bhyveargv2xml-passthru.args | 7 +++
.../bhyveargv2xml-passthru.xml| 22 +++
tests/bhyveargv2xmltest.c | 1 +
4 files changed, 9
sysfs is used to get a list of PCI devices. It doesn't work under
FreeBSD. The libpciaccess library provides cross-platform functions
for accessing the PCI bus.
Signed-off-by: Alexander Shursha
---
src/meson.build | 1 +
src/util/virpci.c | 465 ++-
Signed-off-by: Alexander Shursha
---
src/bhyve/bhyve_capabilities.c | 2 +-
src/conf/node_device_conf.c | 2 +-
src/node_device/node_device_driver.c| 2 +-
src/node_device/node_device_udev.c | 2 ++
src/util/virmdev.c | 2 +-
On Thu, Feb 13, 2025 at 09:56:35AM +0100, Michal Privoznik wrote:
> Michal Prívozník (2):
> virgdbus: Introduce virGDBusHasSessionBus()
> remote_daemon: Silence DBus errors
>
> src/libvirt_private.syms | 1 +
> src/remote/remote_daemon.c | 36 +++
> src/util/virgdbus
When a daemon (like libvirtd, virtqemud, etc.) is started as an
unprivileged user (which is exactly how KubeVirt does it), then
it tries to register on both session and system DBus-es so that
it can shut itself down (e.g. when system is powering off or user
logs out). It's worth noting that this is
This is just like virGDBusHasSystemBus() except it checks for the
session bus instead of the system one.
Signed-off-by: Michal Privoznik
---
src/libvirt_private.syms | 1 +
src/util/virgdbus.c | 50
src/util/virgdbus.h | 3 +++
3 files changed
*** BLURB HERE ***
Michal Prívozník (2):
virgdbus: Introduce virGDBusHasSessionBus()
remote_daemon: Silence DBus errors
src/libvirt_private.syms | 1 +
src/remote/remote_daemon.c | 36 +++
src/util/virgdbus.c| 50 +++---
src/
On Wed, Feb 5, 2025 at 6:22 PM Andrea Bolognani wrote:
>
> An issue was recently reported[1] with running unprivileged VMs
> configured to use passt on Debian with AppArmor confinement enabled.
Hi Andrea (and Stefano),
thank you for the depth and work on the topic!
> After looking into the situa
26 matches
Mail list logo
