Index: libvirt-1.2.2/src/qemu/qemu.conf =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu.conf +++ libvirt-1.2.2/src/qemu/qemu.conf @@ -200,7 +200,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. # +# SUSE Note: +# Currently, Apparmor is the default security framework in SUSE +# distros. If Apparmor is enabled on the host, libvirtd is +# generously confined but users must opt-in to confine qemu +# instances. Change this to 'apparmor' to enable Apparmor +# confinement of qemu instances. +# #security_driver = "selinux" +# security_driver = "apparmor" +security_driver = "none" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests @@ -402,10 +411,25 @@ #allow_disk_format_probing = 1 -# To enable 'Sanlock' project based locking of the file -# content (to prevent two VMs writing to the same -# disk), uncomment this +# SUSE note: +# Two lock managers are supported: lockd and sanlock. lockd, which +# is provided by the virtlockd service, uses advisory locks (flock(2)) +# to protect virtual machine disks. sanlock uses the notion of leases +# to protect virtual machine disks and is more appropriate in a SAN +# environment. +# +# For most deployments that require virtual machine disk protection, +# lockd is recommended since it is easy to configure and the virtlockd +# service can be restarted without terminating any running virtual +# machines. sanlock, which may be preferred in some SAN environments, +# has the disadvantage of not being able to be restarted without +# first terminating all virtual machines for which it holds leases. +# +# To enable lockd or sanlock based protection of virtual machine disk +# content (to prevent two VMs writing to the same disk), uncomment one +# of the following # +#lock_manager = "lockd" #lock_manager = "sanlock"