SHA256
1
0
forked from pool/libvirt
libvirt/suse-qemu-conf.patch
James Fehlig 0e53c763a0 - Update to libvirt 1.2.1
- CVE-2014-0028, CVE-2014-1447, CVE-2013-6458, CVE-2013-6457,
    CVE-2013-6436
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped upstream patches: 5e397d9c-test-fix-dbus-crash.patch,
    78af457e-fix-virnettlscontexttest.patch,
    9faf3f29-LXC-memtune.patch, f8c1cb90-CVE-2013-6436.patch,
    libxl-hvm-nic.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=342
2014-01-17 19:45:49 +00:00

38 lines
1.4 KiB
Diff

Index: libvirt-1.2.1/src/qemu/qemu.conf
===================================================================
--- libvirt-1.2.1.orig/src/qemu/qemu.conf
+++ libvirt-1.2.1/src/qemu/qemu.conf
@@ -200,7 +200,16 @@
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
#security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
@@ -402,6 +411,15 @@
#allow_disk_format_probing = 1
+# SUSE note:
+# Many lock managers, sanlock included, will kill the resources
+# they protect when terminated. E.g. the sanlock daemon will kill
+# any virtual machines for which it holds disk leases when the
+# daemon is stopped or restarted. Administrators must be vigilant
+# when enabling a lock manager since simply updating the manager
+# may cause it to be restarted, potentially killing the resources
+# it protects.
+#
# To enable 'Sanlock' project based locking of the file
# content (to prevent two VMs writing to the same
# disk), uncomment this