libvirt/suse-qemu-conf.patch

Index: libvirt-1.2.1/src/qemu/qemu.conf
===================================================================
--- libvirt-1.2.1.orig/src/qemu/qemu.conf
+++ libvirt-1.2.1/src/qemu/qemu.conf
@@ -200,7 +200,16 @@
 # a special value; security_driver can be set to that value in
 # isolation, but it cannot appear in a list of drivers.
 #
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros.  If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances.  Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
 #security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
 
 # If set to non-zero, then the default security labeling
 # will make guests confined. If set to zero, then guests
@@ -402,6 +411,15 @@
 #allow_disk_format_probing = 1
 
 
+# SUSE note:
+# Many lock managers, sanlock included, will kill the resources
+# they protect when terminated.  E.g. the sanlock daemon will kill
+# any virtual machines for which it holds disk leases when the
+# daemon is stopped or restarted.  Administrators must be vigilant
+# when enabling a lock manager since simply updating the manager
+# may cause it to be restarted, potentially killing the resources
+# it protects.
+#
 # To enable 'Sanlock' project based locking of the file
 # content (to prevent two VMs writing to the same
 # disk), uncomment this