libvirt/suse-qemu-conf.patch

SUSE adjustments to qemu.conf

This patch contains SUSE-specific adjustments to the upstream
qemu.conf configuration file. In the future, it might make
sense to separate these changes into individual patches (e.g.
suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.

Index: libvirt-7.2.0/src/qemu/qemu.conf
===================================================================
--- libvirt-7.2.0.orig/src/qemu/qemu.conf
+++ libvirt-7.2.0/src/qemu/qemu.conf
@@ -491,10 +491,19 @@
 # isolation, but it cannot appear in a list of drivers.
 #
 #security_driver = "selinux"
+#security_driver = "apparmor"
 
 # If set to non-zero, then the default security labeling
 # will make guests confined. If set to zero, then guests
-# will be unconfined by default. Defaults to 1.
+# will be unconfined by default. Defaults to 0.
+#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros.  If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances.  Change this to a non-zero value to enable default
+# Apparmor confinement of qemu instances.
+#
 #security_default_confined = 1
 
 # If set to non-zero, then attempts to create unconfined
@@ -729,11 +738,22 @@
 #relaxed_acs_check = 1
 
 
-# In order to prevent accidentally starting two domains that
-# share one writable disk, libvirt offers two approaches for
-# locking files. The first one is sanlock, the other one,
-# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock.  lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks.  sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines.  sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# Specify lockd or sanlock to enable protection of virtual machine disk
+# content.
 #
 #lock_manager = "lockd"
 
Index: libvirt-7.2.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-7.2.0.orig/src/qemu/qemu_conf.c
+++ libvirt-7.2.0/src/qemu/qemu_conf.c
@@ -272,7 +272,7 @@ virQEMUDriverConfigPtr virQEMUDriverConf
     cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
     cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON);
 
-    cfg->securityDefaultConfined = true;
+    cfg->securityDefaultConfined = false;
     cfg->securityRequireConfined = false;
 
     cfg->keepAliveInterval = 5;
Index: libvirt-7.2.0/src/qemu/test_libvirtd_qemu.aug.in
===================================================================
--- libvirt-7.2.0.orig/src/qemu/test_libvirtd_qemu.aug.in
+++ libvirt-7.2.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -45,6 +45,7 @@ module Test_libvirtd_qemu =
 { "remote_websocket_port_min" = "5700" }
 { "remote_websocket_port_max" = "65535" }
 { "security_driver" = "selinux" }
+{ "security_driver" = "apparmor" }
 { "security_default_confined" = "1" }
 { "security_require_confined" = "1" }
 { "user" = "root" }