2014-07-02 21:21:03 +02:00
|
|
|
Index: libvirt-1.2.6/src/qemu/qemu.conf
|
2011-10-18 23:25:37 +02:00
|
|
|
===================================================================
|
2014-07-02 21:21:03 +02:00
|
|
|
--- libvirt-1.2.6.orig/src/qemu/qemu.conf
|
|
|
|
+++ libvirt-1.2.6/src/qemu/qemu.conf
|
- Update to libvirt 1.1.4
- Add support for AArch64 architecture
- Various improvements on test code and test driver
- Don't link virt-login-shell against libvirt.so
- Close all non-stdio FDs in virt-login-shell
- Only allow 'stderr' log output when running setuid
- Fix perms for virConnectDomainXML{To,From}Native
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Drop upstream patches: e7f400a1-CVE-2013-4296.patch,
2dba0323-CVE-2013-4297.patch, db7a5688-CVE-2013-4311.patch,
e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch,
e4697b92-CVE-2013-4311.patch, 8294aa0c-CVE-2013-4399.patch,
484cc321-fix-spice-migration.patch,
79552754-libvirtd-chardev-crash.patch,
57687fd6-CVE-2013-4401.patch, ae53e5d1-CVE-2013-4400.patch,
8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch,
3e2f27e1-CVE-2013-4400.patch, 5a0ea4b7-CVE-2013-4400.patch,
843bdb2f-CVE-2013-4400.patch,
bd773e74-lxc-terminate-machine.patch,
e350826c-python-fix-fd-passing.patch
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=329
2013-11-20 21:02:26 +01:00
|
|
|
@@ -200,7 +200,16 @@
|
2012-09-26 00:22:08 +02:00
|
|
|
# a special value; security_driver can be set to that value in
|
|
|
|
# isolation, but it cannot appear in a list of drivers.
|
2011-10-18 23:25:37 +02:00
|
|
|
#
|
|
|
|
+# SUSE Note:
|
|
|
|
+# Currently, Apparmor is the default security framework in SUSE
|
|
|
|
+# distros. If Apparmor is enabled on the host, libvirtd is
|
|
|
|
+# generously confined but users must opt-in to confine qemu
|
|
|
|
+# instances. Change this to 'apparmor' to enable Apparmor
|
|
|
|
+# confinement of qemu instances.
|
|
|
|
+#
|
2012-06-20 02:00:14 +02:00
|
|
|
#security_driver = "selinux"
|
2012-11-02 18:55:26 +01:00
|
|
|
+# security_driver = "apparmor"
|
2011-10-18 23:25:37 +02:00
|
|
|
+security_driver = "none"
|
|
|
|
|
2012-02-15 20:01:07 +01:00
|
|
|
# If set to non-zero, then the default security labeling
|
|
|
|
# will make guests confined. If set to zero, then guests
|
2014-04-02 14:48:46 +02:00
|
|
|
@@ -402,11 +411,22 @@
|
2012-06-20 02:00:14 +02:00
|
|
|
#allow_disk_format_probing = 1
|
|
|
|
|
2012-02-16 18:05:01 +01:00
|
|
|
|
2014-04-02 14:48:46 +02:00
|
|
|
-# In order to prevent accidentally starting two domains that
|
|
|
|
-# share one writable disk, libvirt offers two approaches for
|
|
|
|
-# locking files. The first one is sanlock, the other one,
|
|
|
|
-# virtlockd, is then our own implementation. Accepted values
|
|
|
|
-# are "sanlock" and "lockd".
|
2012-02-16 18:05:01 +01:00
|
|
|
+# SUSE note:
|
2014-03-04 20:05:01 +01:00
|
|
|
+# Two lock managers are supported: lockd and sanlock. lockd, which
|
|
|
|
+# is provided by the virtlockd service, uses advisory locks (flock(2))
|
|
|
|
+# to protect virtual machine disks. sanlock uses the notion of leases
|
|
|
|
+# to protect virtual machine disks and is more appropriate in a SAN
|
|
|
|
+# environment.
|
2012-02-16 18:05:01 +01:00
|
|
|
+#
|
2014-03-04 20:05:01 +01:00
|
|
|
+# For most deployments that require virtual machine disk protection,
|
|
|
|
+# lockd is recommended since it is easy to configure and the virtlockd
|
|
|
|
+# service can be restarted without terminating any running virtual
|
|
|
|
+# machines. sanlock, which may be preferred in some SAN environments,
|
|
|
|
+# has the disadvantage of not being able to be restarted without
|
|
|
|
+# first terminating all virtual machines for which it holds leases.
|
|
|
|
+#
|
2014-04-02 14:48:46 +02:00
|
|
|
+# Specify lockd or sanlock to enable protection of virtual machine disk
|
|
|
|
+# content.
|
2014-03-04 20:05:01 +01:00
|
|
|
#
|
2014-04-02 14:48:46 +02:00
|
|
|
#lock_manager = "lockd"
|
2014-03-04 20:05:01 +01:00
|
|
|
|