SHA256
1
0
forked from pool/libvirt
libvirt/suse-qemu-conf.patch
James Fehlig 278a149fdc Accepting request 253577 from home:jfehlig:branches:Virtualization
Note:  tarball verification is now done using %gpg_verify, along
with the .asc file the upstream libvirt maintainer now generates
for each release.  This approach requires using the upstream .gz
tarball, which is slightly larger than the regenerated .bz2 one.

- Update to libvirt 1.2.9
  - Introduce virNodeAllocPages
  - event: introduce new event for tunable values
  - Add support for fetching statistics of completed jobs
  - CVE-2014-3657: domain_conf: fix domain deadlock
  - CVE-2014-3633: qemu: blkiotune: Use correct definition when
    looking up disk
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Drop upstream patches: 3e745e8f-CVE-2014-3633.patch,
    libvirt-guests-wait-for-ntp.patch
- Verify tarball with associated .asc file
  Add: libvirt.keyring, libvirt-1.2.9.tar.gz.asc
  Use upstream .gz tarball instead of locally generated .bz2

OBS-URL: https://build.opensuse.org/request/show/253577
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=411
2014-10-01 22:29:37 +00:00

50 lines
2.0 KiB
Diff

Index: libvirt-1.2.9/src/qemu/qemu.conf
===================================================================
--- libvirt-1.2.9.orig/src/qemu/qemu.conf
+++ libvirt-1.2.9/src/qemu/qemu.conf
@@ -200,7 +200,16 @@
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
#security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
@@ -417,11 +426,22 @@
#allow_disk_format_probing = 1
-# In order to prevent accidentally starting two domains that
-# share one writable disk, libvirt offers two approaches for
-# locking files. The first one is sanlock, the other one,
-# virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock. lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks. sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines. sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# Specify lockd or sanlock to enable protection of virtual machine disk
+# content.
#
#lock_manager = "lockd"