SHA256
1
0
forked from pool/libvirt
libvirt/suse-qemu-conf.patch
James Fehlig 0119ca3996 - Update to libvirt 1.1.0
- Adding device removal or deletion events
  - Introduce new domain create APIs to pass pre-opened FDs to LXC
  - Add interface versions for Xen 4.3
  - Add new public API virDomainSetMemoryStatsPeriod
  - Various LXC improvements
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Drop upstream patches: f38c8185-CVE-2013-2230.patch,
    fd2e3c4c-xen-sysctl-domctl.patch, dfc69235-CVE-2013-4153.patch,
    96518d43-CVE-2013-4154.patch, fe89fd3b-storage-pool-deadlock.patch
  - Drop relax-qemu-usergroup-check.patch - no longer needed
    after hypervisor-specific daemon package split

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=290
2013-07-30 20:33:47 +00:00

38 lines
1.4 KiB
Diff

Index: libvirt-1.1.1/src/qemu/qemu.conf
===================================================================
--- libvirt-1.1.1.orig/src/qemu/qemu.conf
+++ libvirt-1.1.1/src/qemu/qemu.conf
@@ -175,7 +175,16 @@
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
#security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
@@ -371,6 +380,15 @@
#allow_disk_format_probing = 1
+# SUSE note:
+# Many lock managers, sanlock included, will kill the resources
+# they protect when terminated. E.g. the sanlock daemon will kill
+# any virtual machines for which it holds disk leases when the
+# daemon is stopped or restarted. Administrators must be vigilant
+# when enabling a lock manager since simply updating the manager
+# may cause it to be restarted, potentially killing the resources
+# it protects.
+#
# To enable 'Sanlock' project based locking of the file
# content (to prevent two VMs writing to the same
# disk), uncomment this