a58c0b5ccc
- Add support for AArch64 architecture
- Various improvements on test code and test driver
- Don't link virt-login-shell against libvirt.so
- Close all non-stdio FDs in virt-login-shell
- Only allow 'stderr' log output when running setuid
- Fix perms for virConnectDomainXML{To,From}Native
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Drop upstream patches: e7f400a1-CVE-2013-4296.patch,
2dba0323-CVE-2013-4297.patch, db7a5688-CVE-2013-4311.patch,
e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch,
e4697b92-CVE-2013-4311.patch, 8294aa0c-CVE-2013-4399.patch,
484cc321-fix-spice-migration.patch,
79552754-libvirtd-chardev-crash.patch,
57687fd6-CVE-2013-4401.patch, ae53e5d1-CVE-2013-4400.patch,
8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch,
3e2f27e1-CVE-2013-4400.patch, 5a0ea4b7-CVE-2013-4400.patch,
843bdb2f-CVE-2013-4400.patch,
bd773e74-lxc-terminate-machine.patch,
e350826c-python-fix-fd-passing.patch
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=329
38 lines
1.4 KiB
Diff
38 lines
1.4 KiB
Diff
Index: libvirt-1.1.4/src/qemu/qemu.conf
|
|
===================================================================
|
|
--- libvirt-1.1.4.orig/src/qemu/qemu.conf
|
|
+++ libvirt-1.1.4/src/qemu/qemu.conf
|
|
@@ -200,7 +200,16 @@
|
|
# a special value; security_driver can be set to that value in
|
|
# isolation, but it cannot appear in a list of drivers.
|
|
#
|
|
+# SUSE Note:
|
|
+# Currently, Apparmor is the default security framework in SUSE
|
|
+# distros. If Apparmor is enabled on the host, libvirtd is
|
|
+# generously confined but users must opt-in to confine qemu
|
|
+# instances. Change this to 'apparmor' to enable Apparmor
|
|
+# confinement of qemu instances.
|
|
+#
|
|
#security_driver = "selinux"
|
|
+# security_driver = "apparmor"
|
|
+security_driver = "none"
|
|
|
|
# If set to non-zero, then the default security labeling
|
|
# will make guests confined. If set to zero, then guests
|
|
@@ -402,6 +411,15 @@
|
|
#allow_disk_format_probing = 1
|
|
|
|
|
|
+# SUSE note:
|
|
+# Many lock managers, sanlock included, will kill the resources
|
|
+# they protect when terminated. E.g. the sanlock daemon will kill
|
|
+# any virtual machines for which it holds disk leases when the
|
|
+# daemon is stopped or restarted. Administrators must be vigilant
|
|
+# when enabling a lock manager since simply updating the manager
|
|
+# may cause it to be restarted, potentially killing the resources
|
|
+# it protects.
|
|
+#
|
|
# To enable 'Sanlock' project based locking of the file
|
|
# content (to prevent two VMs writing to the same
|
|
# disk), uncomment this
|