On Thu, May 03, 2018 at 10:50:20PM +0300, Michael S. Tsirkin wrote:
> When pulling in headers that are in the same directory as C file (as
> opposed to one in include/), we should use its relative path, without a
> directory. Directory based path works more or less by accident.
This commit message
On Wed, May 09, 2018 at 06:55:21PM +0200, Max Reitz wrote:
> Currently, you can give no encryption format for a qcow2 file while
> still passing a key-secret. That does not conform to the schema, so
> this patch changes the schema to allow it.
>
> Signed-off-by: Max Reitz
> ---
> qapi/block-cor
On Thu, May 10, 2018 at 09:24:24AM -0500, Eric Blake wrote:
> On 05/09/2018 11:55 AM, Max Reitz wrote:
> > Currently, you can give no encryption format for a qcow file while still
> > passing a key-secret. That does not conform to the schema, so this
> > patch changes the schema to allow it.
> >
On Fri, May 18, 2018 at 06:30:38PM +0300, Michael S. Tsirkin wrote:
> Hi!
> Right now, QEMU supports multiple machine types within
> a given architecture. This was the case for many architectures
> (like ARM) for a while, somewhat more recently this is the case
> for x86 with I440FX and Q35 options
On Mon, May 21, 2018 at 03:29:28PM -0300, Eduardo Habkost wrote:
> On Sat, May 19, 2018 at 08:05:06AM +0200, Markus Armbruster wrote:
> > Eduardo Habkost writes:
> >
> > [...]
> > > About being more expressive than just a single list of key,value
> > > pairs, I don't see any evidence of that bein
On Fri, May 18, 2018 at 02:41:33PM -0300, Eduardo Habkost wrote:
> On Fri, May 18, 2018 at 06:09:56PM +0100, Daniel P. Berrangé wrote:
> > On Fri, May 18, 2018 at 06:30:38PM +0300, Michael S. Tsirkin wrote:
> > > Hi!
> > > Right now, QEMU supports multiple machine
On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> When hot-plugging a block device fails due to image locking errors,
> users won't see the helpful 'Is another process using the image?'
> message in QMP because currently the error hint is not carried over
> there.
>
> Even though extend
On Fri, Jun 01, 2018 at 09:33:59PM +0800, Fam Zheng wrote:
> On Fri, 06/01 13:43, Daniel P. Berrangé wrote:
> > On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> > > When hot-plugging a block device fails due to image locking errors,
> > > users won't see
On Wed, Jun 06, 2018 at 12:42:28PM +0100, Richard W.M. Jones wrote:
> On Wed, Jun 06, 2018 at 12:14:07PM +0100, Dr. David Alan Gilbert wrote:
> > The problem with having a separate file is that you either have to copy
> > it around with the image or have an archive. If you have an archive
> > you
On Wed, Jun 06, 2018 at 03:45:10PM +0200, Michal Suchánek wrote:
>
> I think that *if* we want an 'appliance' format that stores a whole VM
> in a single file to ease VM distribution then the logical place to look
> in qemu is qcow. The reason have been explained at length.
I rather disagree. Thi
On Wed, Jun 06, 2018 at 11:14:32AM -0300, Eduardo Habkost wrote:
> On Wed, Jun 06, 2018 at 02:50:10PM +0100, Daniel P. Berrangé wrote:
> > On Wed, Jun 06, 2018 at 03:45:10PM +0200, Michal Suchánek wrote:
> > >
> > > I think that *if* we want an 'appliance' for
On Wed, Jun 06, 2018 at 03:31:35PM +0100, Dr. David Alan Gilbert wrote:
> > Not in this case because it'd still be a flat qcow2 file in a simple tar
> > archive.
> >
> > But you're right if we had a more complex format (like chunks stored in
> > a tar file).
>
> My only problem with using the tar
On Wed, Jun 06, 2018 at 10:36:20AM -0500, Eric Blake wrote:
> On 06/06/2018 10:05 AM, Dr. David Alan Gilbert wrote:
>
> > > If that's the issue, add a UUID to qcow2 files and reference it from the
> > > config file.
> >
> > Is a UUID a small string :-)
>
> Even better, it's something that you co
On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> On Wed, 2018-06-06 at 17:32 +0100, Daniel P. Berrangé wrote:
> > On Wed, Jun 06, 2018 at 10:36:20AM -0500, Eric Blake wrote:
> > > But for the new config to be useful, you have to modify at least one tool
>
On Thu, Jun 07, 2018 at 11:32:18AM +0100, Richard W.M. Jones wrote:
> On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> > Something that I haven't seen mentioned in the thread - and this
> > looks like as good a point as any to jump in - is that for q35
> > guests using EFI as wel
On Thu, Jun 07, 2018 at 01:17:24PM +0200, Andrea Bolognani wrote:
> On Thu, 2018-06-07 at 11:22 +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 07, 2018 at 12:02:29PM +0200, Andrea Bolognani wrote:
> > > While hints might be considered a reasonable fit for qcow2, I think
> &g
On Thu, Jun 07, 2018 at 09:50:41AM +0200, Thomas Huth wrote:
> On 07.06.2018 08:57, Markus Armbruster wrote:
> > Thomas Huth writes:
> >
> >> On 05.06.2018 00:40, Eric Blake wrote:
> >>> On 06/04/2018 05:34 AM, Thomas Huth wrote:
> On 04.06.2018 09:18, Markus Armbruster wrote:
> > Roman
On Thu, Jun 07, 2018 at 03:20:24PM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé writes:
>
> > On Fri, Jun 01, 2018 at 05:18:35PM +0800, Fam Zheng wrote:
> >> When hot-plugging a block device fails due to image locking errors,
> >> users won't see the he
On Fri, Jun 08, 2018 at 09:21:30AM +0100, Dr. David Alan Gilbert wrote:
> * Laszlo Ersek (ler...@redhat.com) wrote:
> > On 06/07/18 12:54, Andrea Bolognani wrote:
> > > On Thu, 2018-06-07 at 11:36 +0100, Daniel P. Berrangé wrote:
> > >> On Thu, Jun 07, 2018 at 11:32:
changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-http
---
> qapi/block-core.json | 44
> block/qcow2.c| 3 +++
> 2 files changed, 43 insertions(+), 4 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/p
reasonably fast.
>
> Signed-off-by: Max Reitz
> ---
> tests/qemu-iotests/087 | 65 +++---
> tests/qemu-iotests/087.out | 26 ++-
> 2 files changed, 64 insertions(+), 27 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
D
On Tue, Jun 12, 2018 at 02:58:21PM +0200, Markus Armbruster wrote:
> Legacy -drive supports "password-secret" parameter that isn't
> available with -blockdev / blockdev-add. That's because we backed out
> our first try to provide it there due to interface design doubts, in
> commit 577d8c9a811, v2
On Thu, Jun 14, 2018 at 10:40:58AM +0200, Kevin Wolf wrote:
> Am 13.06.2018 um 17:23 hat Markus Armbruster geschrieben:
> > Kevin Wolf writes:
> >
> > > Am 12.06.2018 um 14:58 hat Markus Armbruster geschrieben:
> > >> When you mix scalar and non-scalar keys, whether you get an "already
> > >> set
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl
The various ACL related commands are obsolete now that the QAuthZ
framework for authorization is fully integrated throughout QEMU network
services. Mark it as deprecated with no replacement to be provided.
Signed-off-by: Daniel P. Berrangé
---
monitor.c | 23 +++
qemu
specific clients, which avoids the need to setup
restricted child certificate authorities.
In VNC it also allows whitelisting based on SASL user names.
Based-on: <20180615154203.11347-1-berra...@redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd:
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a certificat
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certific
On Fri, Jun 15, 2018 at 06:54:23PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > From: "Daniel P. Berrange"
> >
> > The QEMU instance that runs as the server for the migration data
> > transport (ie the targe
On Tue, Jun 19, 2018 at 01:31:40PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > The various ACL related commands are obsolete now that the QAuthZ
> > framework for authorization is fully integrated throughout QEMU network
> >
On Fri, Jun 15, 2018 at 04:51:02PM +0100, Daniel P. Berrangé wrote:
> From: "Daniel P. Berrange"
>
> The VNC server has historically had support for ACLs to check both the
> SASL username and the TLS x509 distinguished name. The VNC server was
> responsible for creating
On Tue, Jun 19, 2018 at 03:10:12PM -0500, Eric Blake wrote:
> On 06/15/2018 10:50 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > As with the previous patch to qemu-nbd, the nbd-server-start QMP command
> > also needs to be able to sp
On Tue, Jun 19, 2018 at 03:06:06PM -0500, Eric Blake wrote:
> On 06/15/2018 10:50 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The serv
On Wed, Jun 20, 2018 at 12:03:45PM +0200, Juan Quintela wrote:
> Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
>
> .
>
>
> It is not just the fault of this patch, but as you are the one doing the
> tls bits on migration...
>
&
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a certificat
parameters on services
- Fix 2.13 -> 3.0 version tags
- Remove redundant conditionals around g_strdup
- Fix arg syntax for qemu-nbd s/-/--/
- Remove QAPI (optional) annotation
- Fix some outdated usage example
Based-on: <20180620103555.1342-1-berra...@redhat.com>
Daniel P. Berrangé (6
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
authz' or 'sasl-authz' parameters to the VNC server, and
equivalent for other network services.
Signed-off-by: Daniel P. Berrangé
---
monitor.c | 23 +++
qemu-doc.texi | 8
2 files changed, 31 insertions(+)
diff --git a/monitor.c b/monitor.c
index
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certific
On Wed, Jun 20, 2018 at 08:58:40AM -0500, Eric Blake wrote:
> On 06/20/2018 07:14 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The serv
On Wed, Jun 20, 2018 at 09:05:32AM -0500, Eric Blake wrote:
> On 06/20/2018 07:14 AM, Daniel P. Berrangé wrote:
> > From: "Daniel P. Berrange"
>
> I thought you preferred the UTF-8 accent in your Author lines these days?
> Or is this because this patch has been sitti
On Wed, Jun 20, 2018 at 03:22:53PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrangé (berra...@redhat.com) wrote:
> > From: "Daniel P. Berrange"
> >
> > Currently any client which can complete the TLS handshake is able to use
> > the NBD server. The
On Fri, Jun 22, 2018 at 03:36:50PM +0200, Christian Borntraeger wrote:
>
>
> On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>
> >> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> >>> The -drive option serial was deprecated in QEMU 2.10.
On Fri, Jun 22, 2018 at 04:19:29PM +0200, Markus Armbruster wrote:
> Kevin Wolf writes:
>
> > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>
> >> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> >> > The -drive option serial was deprecated in QEMU 2.10. It's time to
> >> > remove
On Fri, Jun 22, 2018 at 03:25:19PM +0100, Daniel P. Berrangé wrote:
> On Fri, Jun 22, 2018 at 04:19:29PM +0200, Markus Armbruster wrote:
> > Kevin Wolf writes:
> >
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > &
On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> >
> >
> > On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > >> On 06/15/2018 04:21 PM, Kevin Wolf wr
On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> >
> >
> > On 06/22/2018 02:55 PM, Kevin Wolf wrote:
> > > Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> > >>
> > >> On 06/15/2018 04:21 PM, Kevin Wolf wr
On Mon, Jun 25, 2018 at 10:23:03AM +0200, Thomas Huth wrote:
> On 25.06.2018 09:16, Peter Krempa wrote:
> > On Fri, Jun 22, 2018 at 14:55:02 +0200, Kevin Wolf wrote:
> >> Am 22.06.2018 um 13:38 hat Christian Borntraeger geschrieben:
> >>>
> >>> On 06/15/2018 04:21 PM, Kevin Wolf wrote:
> The -
On Fri, Jun 22, 2018 at 03:31:46PM +0100, Daniel P. Berrangé wrote:
> On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> > Am 22.06.2018 um 15:36 hat Christian Borntraeger geschrieben:
> > >
> > >
> > > On 06/22/2018 02:55 PM, Kevin Wolf wrote
On Fri, Jun 22, 2018 at 07:54:00PM +0200, Kevin Wolf wrote:
> Am 22.06.2018 um 17:40 hat Daniel P. Berrangé geschrieben:
> > On Fri, Jun 22, 2018 at 04:25:13PM +0200, Kevin Wolf wrote:
> > > This was in fact one release longer than our deprecation policy says.
> > &g
On Tue, Jun 26, 2018 at 10:48:10AM +0200, Paolo Bonzini wrote:
> On 26/06/2018 10:35, Markus Armbruster wrote:
> > We also want to deprecate usb-storage, but
> > I guess we're still not ready for that (it's a complicated story).
> >
> > To deprecate -drive without also deprecating usb-storage, we
On Thu, Jun 28, 2018 at 04:54:04PM +0100, Richard W.M. Jones wrote:
> On Thu, Jun 28, 2018 at 09:42:18AM -0500, Eric Blake wrote:
> > On 06/28/2018 08:22 AM, Richard W.M. Jones wrote:
> > >+while (fgets(line, sizeof line, fp) != NULL) {
> > >+if (strncmp(line, username, ulen) == 0 && li
On Thu, Jun 28, 2018 at 09:42:18AM -0500, Eric Blake wrote:
> On 06/28/2018 08:22 AM, Richard W.M. Jones wrote:
>
> In the subject line: most commit summaries don't have a trailing '.'.
>
> > Pre-Shared Keys (PSK) is a simpler mechanism for enabling TLS
> > connections than using certificates. I
On Thu, Jun 28, 2018 at 05:51:18PM +0100, Richard W.M. Jones wrote:
> On Thu, Jun 28, 2018 at 05:06:20PM +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 28, 2018 at 09:42:18AM -0500, Eric Blake wrote:
> > > Does it make sense to forbid this operation on servers (since it
On Fri, Jun 29, 2018 at 10:22:22AM -0500, Eric Blake wrote:
> On 06/29/2018 03:44 AM, Kevin Wolf wrote:
> > Am 28.06.2018 um 21:07 hat Eric Blake geschrieben:
> > > Match our code to the spec change in the previous patch - there's
> > > no reason for the refcount table to allow larger offsets than
On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> diff --git a/crypto/tlssession.c b/crypto/tlssession.c
> index 96a02deb69..50df64e0a9 100644
> --- a/crypto/tlssession.c
> +++ b/crypto/tlssession.c
> @@ -21,6 +21,7 @@
> #include "qemu/osdep.h"
> #include "crypto/tlssession.h"
On Fri, Jun 29, 2018 at 06:40:29PM +0100, Richard W.M. Jones wrote:
> On Fri, Jun 29, 2018 at 06:03:43PM +0100, Daniel P. Berrangé wrote:
> > On Thu, Jun 28, 2018 at 07:46:24PM +0100, Richard W.M. Jones wrote:
> > > diff --git a/crypto/tlssession.c b/crypto/tlssession.c
>
On Mon, Jul 02, 2018 at 06:54:41AM -0500, Eric Blake wrote:
> On 07/02/2018 02:52 AM, Daniel P. Berrangé wrote:
>
> > > > > +#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
> > > > > +#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PS
ypto-tls-psk-helpers.c | 50 ++
> tests/crypto-tls-psk-helpers.h | 29
> tests/test-crypto-tlssession.c | 185 +---
> 11 files changed, 777 insertions(+), 26 deletions(-)
Signed-off-by: Daniel P. Berrangé
I'll send a pull request with it shortly
Regards,
Da
On Tue, Jul 03, 2018 at 12:53:44PM +0200, Christian Borntraeger wrote:
>
>
> On 07/02/2018 10:04 AM, Kevin Wolf wrote:
> > Am 25.06.2018 um 13:45 hat Peter Krempa geschrieben:
> >> On Mon, Jun 25, 2018 at 13:41:06 +0200, Kevin Wolf wrote:
> >>> Am 25.06.
On Tue, Jul 03, 2018 at 01:32:29PM +0200, Kevin Wolf wrote:
> Am 03.07.2018 um 13:22 hat Daniel P. Berrangé geschrieben:
> > On Tue, Jul 03, 2018 at 12:53:44PM +0200, Christian Borntraeger wrote:
> > >
> > >
> > > On 07/02/2018 10:04 AM, Kevin Wolf wrote:
>
0) {
> -return ret;
> +goto fail;
> }
>
> bs = bdrv_open(filename, NULL, NULL,
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https
On Wed, Jul 04, 2018 at 03:34:40PM +0200, Kevin Wolf wrote:
> Am 04.07.2018 um 15:02 hat Cornelia Huck geschrieben:
> > On Tue, 3 Jul 2018 13:32:29 +0200
> > Kevin Wolf wrote:
> >
> > > > > > Has serial/gemoetry been fixed meanwhile and will it make it into
> > > > > > the
> > > > > > next relea
On Fri, Jul 06, 2018 at 04:56:46PM +0200, Kevin Wolf wrote:
> Am 06.07.2018 um 13:11 hat Cornelia Huck geschrieben:
> > On Wed, 4 Jul 2018 17:14:02 +0100
> > Peter Maydell wrote:
> >
> > > On 4 July 2018 at 14:34, Kevin Wolf wrote:
> > > > Essentially, what is important to me isn't getting these
On Mon, Jul 09, 2018 at 01:08:38PM +0200, Cornelia Huck wrote:
> On Mon, 09 Jul 2018 08:33:05 +0200
> Markus Armbruster wrote:
>
> > Peter Maydell writes:
> >
> > > On 6 July 2018 at 15:56, Kevin Wolf wrote:
> > >> Am 06.07.2018 um 13:11 hat Cornelia Huck geschrieben:
> > >>> That way, we
On Tue, Jul 10, 2018 at 04:09:38PM +0100, Peter Maydell wrote:
> On 10 July 2018 at 15:22, Cornelia Huck wrote:
> > On Tue, 10 Jul 2018 07:59:15 +0200
> > Markus Armbruster wrote:
> >
> >> In addition to actively pulling libvirt developers into review of
> >> deprecation patches, we should pursue
On Tue, Jul 10, 2018 at 05:01:22PM +0200, Cornelia Huck wrote:
> Who is, in general, testing which libvirt version? I can think of:
> - libvirt developers, which will probably run libvirt current git, but
> more likely a released QEMU?
In general libvirt devs tend to run a mixture of whatever th
On Wed, Jul 11, 2018 at 02:17:18PM +0300, Adam Litke wrote:
> Adding some kubevirt developers to the thread. Thanks guys for the
> information! I think this could work perfectly for on the fly conversion
> of qcow2 images to raw format on our PVCs.
FYI if you are intending to accept qcow2 images
On Thu, Jul 12, 2018 at 05:47:00PM +0200, Thomas Huth wrote:
> On 12.07.2018 08:32, Markus Armbruster wrote:
> > Daniel P. Berrangé writes:
> [...]
> >> For libvirt, I think whenever something is proposed for deprecation
> >> we could just CC libvir-list, or as
On Tue, Jul 17, 2018 at 08:37:58PM -0300, Philippe Mathieu-Daudé wrote:
> I noticed this while running "make docker-test-block@fedora":
>
> $ make docker-test-block@fedora NETWORK=1
> BUILD fedora
> RUN test-block in qemu:fedora
> Configure options:
> --enable-werror --prefix=/tmp/qemu-tes
StringIO
> +
> if debug:
> output = sys.stdout
> verbosity = 2
> sys.argv.remove('-d')
> else:
> -output = StringIO.StringIO()
> +output = StringIO()
>
> logging.basicConfig(level=(logging.DEBUG if debug e
On Thu, Jul 19, 2018 at 09:50:00PM +0300, Nir Soffer wrote:
> On Mon, Jul 16, 2018 at 11:56 AM Daniel P. Berrangé
> wrote:
> ...
>
> > Recommendation is to run 'qemu-img info' to extract the metadata and sanity
> > check results eg no backing file list
On Thu, Jul 19, 2018 at 09:39:35PM +0100, Richard W.M. Jones wrote:
> I did the original work using AFL to fuzz qemu-img and find
> problematic images. From that work Dan & I suggested some fairly low
> limits (10 seconds IIRC). See:
>
> https://bugs.launchpad.net/qemu/+bug/1462944
> https://bug
On Mon, Jul 23, 2018 at 03:53:45PM +0200, Kevin Wolf wrote:
> Am 13.07.2018 um 20:12 hat John Snow geschrieben:
> >
> >
> > On 07/13/2018 03:10 AM, Kevin Wolf wrote:
> > > The test case uses block devices with driver=file, which causes the test
> > > to fail after commit 230ff73904 added a deprec
On Wed, Jul 25, 2018 at 06:23:45PM +0300, Leonid Bloch wrote:
> On 07/25/2018 04:32 PM, Kevin Wolf wrote:
> > > Another interesting question is whether 'full' shouldn't keep
> > > meaning
> > > full throughout the lifetime of the BlockDriverState, i.e.
> > > should it
> > >
On Wed, Jul 25, 2018 at 10:56:48AM -0500, Eric Blake wrote:
> On 07/25/2018 10:10 AM, Markus Armbruster wrote:
> > qemu_rbd_parse_filename() builds a keypairs QList, converts it to JSON, and
> > stores the resulting QString in a QDict.
> >
> > qemu_rbd_co_create_opts() and qemu_rbd_open() get the
eating image, so it is safe to relax the permission. This makes
> share-rw=on property work on virtual devices.
>
> Suggested-by: Daniel P. Berrangé
> Signed-off-by: Fam Zheng
> ---
> block/crypto.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> dif
d392
Author: Kevin Wolf
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Signed-off-by: Daniel P. Berrangé
On Tue, Aug 14, 2018 at 01:38:24PM +0200, Kevin Wolf wrote:
> Am 14.08.2018 um 11:35 hat Daniel P. Berrangé geschrieben:
> > When the convert command is creating an output file that needs
> > secrets, we need to ensure those secrets are passed to both the
> > blk_new_open and
d392
Author: Kevin Wolf
Date: Thu Jan 11 16:18:08 2018 +0100
qcow2: Use visitor for options in qcow2_create()
Exposing the latent bug in qemu-img. This fix simply moves the copying
of secrets to before the bdrv_create() call.
Signed-off-by: Daniel P. Berrangé
On Thu, Aug 16, 2018 at 02:56:10PM -0500, Eric Blake wrote:
> On 08/16/2018 02:02 PM, Vladimir Sementsov-Ogievskiy wrote:
> > Hi Eric!
> >
> > There is a small problem with our qemu-nbd cmdline interface: people
> > forget to use option -x or don't know about it and face into problems
> > with old
| 25
> qga/main.c| 54 +++---
> scsi/qemu-pr-helper.c | 40 -
> util/oslib-posix.c| 68 +++++++++++
> util/oslib-win32.c| 27 +
> vl.c
insertions(+), 3 deletions(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https://berrange.com -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
the NBD server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509 certificate.
This means the client will have to acquire a certificat
From: "Daniel P. Berrange"
The VNC server has historically had support for ACLs to check both the
SASL username and the TLS x509 distinguished name. The VNC server was
responsible for creating the initial ACL, and the client app was then
responsible for populating it with rules using the HMP 'acl
From: "Daniel P. Berrange"
The QEMU instance that runs as the server for the migration data
transport (ie the target QEMU) needs to be able to configure access
control so it can prevent unauthorized clients initiating an incoming
migration. This adds a new 'tls-authz' migration parameter that is
From: "Daniel P. Berrange"
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certific
und g_strdup
- Fix arg syntax for qemu-nbd s/-/--/
- Remove QAPI (optional) annotation
- Fix some outdated usage example
Based-on: <20181009130442.26296-1-berra...@redhat.com>
Daniel P. Berrangé (6):
qemu-nbd: add support for authorization of TLS clients
nbd: allow authorization with n
authz' or 'sasl-authz' parameters to the VNC server, and
equivalent for other network services.
Signed-off-by: Daniel P. Berrangé
---
monitor.c| 23 +++
qemu-deprecated.texi | 6 ++
2 files changed, 29 insertions(+)
diff --git a/monitor.
From: "Daniel P. Berrange"
As with the previous patch to qemu-nbd, the nbd-server-start QMP command
also needs to be able to specify authorization when enabling TLS encryption.
First the client must create a QAuthZ object instance using the
'object-add' command:
{
'execute': 'object-add
ion methods could have different requirements.
Yep, this matches what we do in block/crypto.c
>
> Signed-off-by: Alberto Garcia
> ---
> block/qcow2.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé
Regards,
Daniel
--
|: https:
On Sat, Oct 13, 2018 at 02:02:27AM -0300, Eduardo Habkost wrote:
> Signed-off-by: Eduardo Habkost
> ---
> I'd like to do this in QEMU 3.1. I think it's time to drop
> support for old systems that have only Python 2.
>
> We still have a few scripts that are not required for building
> QEMU that st
On Mon, Oct 15, 2018 at 11:02:03AM +0100, Peter Maydell wrote:
> On 15 October 2018 at 10:32, Daniel P. Berrangé wrote:
> > On Sat, Oct 13, 2018 at 02:02:27AM -0300, Eduardo Habkost wrote:
> >> Signed-off-by: Eduardo Habkost
> >> ---
> >> I'd like to d
ping, does any block maintainer want to queue this one ?
On Fri, Dec 08, 2017 at 01:34:16PM +, Daniel P. Berrange wrote:
> qemu-io puts the TTY into non-canonical mode, which means no EOF processing is
> done and thus getchar() will never return the EOF constant. Instead we have to
> query the
On Tue, Jan 30, 2018 at 03:13:42AM +0800, Zihan Yang wrote:
> Currently, socket_connect doesn't allow custom socket options,
> which is inconvenient when the caller wants a different kind of
> socket from that the socket_connect provides. This patch allows
> custom config in socket_connect by provi
201 - 300 of 1885 matches
Mail list logo
