pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8f756c33df
libvirt/suse-qemu-conf.patch
James Fehlig 96a1f2af34 Accepting request 491883 from home:jfehlig:branches:Virtualization 
- Update to libvirt 3.3.0 RC1
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    ae102b5d7-qemu-fix-regression-when-hyperv-vendor_id-feature-is-used.patch
  - Bug fixes:
    bsc#978121, bsc#1017017, bsc#1032863, bsc#1033117, bsc#1034024,
    bsc#1034146
- libxl: add default controllers for USB devices
  libxl-def-usbctrl.patch
  bsc#1031056

OBS-URL: https://build.opensuse.org/request/show/491883
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=599
2017-04-28 16:14:51 +00:00

77 lines
3.1 KiB
Diff
Raw Blame History

SUSE adjustments to qemu.conf
This patch contains SUSE-specific adjustments to the upstream
qemu.conf configuration file. In the future, it might make
sense to separate these changes into individual patches (e.g.
suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.
Index: libvirt-3.3.0/src/qemu/qemu.conf
===================================================================
--- libvirt-3.3.0.orig/src/qemu/qemu.conf
+++ libvirt-3.3.0/src/qemu/qemu.conf
@@ -332,11 +332,20 @@
# isolation, but it cannot appear in a list of drivers.
#
#security_driver = "selinux"
+#security_driver = "apparmor"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
-# will be unconfined by default. Defaults to 1.
-#security_default_confined = 1
+# will be unconfined by default. Defaults to 0.
+#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to a non-zero value to enable default
+# Apparmor confinement of qemu instances.
+#
+security_default_confined = 0
# If set to non-zero, then attempts to create unconfined
# guests will be blocked. Defaults to 0.
@@ -580,11 +589,22 @@
#allow_disk_format_probing = 1
-# In order to prevent accidentally starting two domains that
-# share one writable disk, libvirt offers two approaches for
-# locking files. The first one is sanlock, the other one,
-# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock. lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks. sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines. sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# Specify lockd or sanlock to enable protection of virtual machine disk
+# content.
#
#lock_manager = "lockd"
@@ -675,9 +695,8 @@
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
# follows this scheme.
#nvram = [
-# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",
-# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd"
+# "/usr/share/qemu/ovmf-x86_64-ms-code.bin:/usr/share/qemu/ovmf-x86_64-ms-vars.bin",
+# "/usr/share/qemu/aavmf-aarch64-code.bin:/usr/share/qemu/aavmf-aarch64-vars.bin"
#]
# The backend to use for handling stdout/stderr output from
Reference in New Issue View Git Blame Copy Permalink