forked from pool/libvirt
278a149fdc
Note: tarball verification is now done using %gpg_verify, along with the .asc file the upstream libvirt maintainer now generates for each release. This approach requires using the upstream .gz tarball, which is slightly larger than the regenerated .bz2 one. - Update to libvirt 1.2.9 - Introduce virNodeAllocPages - event: introduce new event for tunable values - Add support for fetching statistics of completed jobs - CVE-2014-3657: domain_conf: fix domain deadlock - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 3e745e8f-CVE-2014-3633.patch, libvirt-guests-wait-for-ntp.patch - Verify tarball with associated .asc file Add: libvirt.keyring, libvirt-1.2.9.tar.gz.asc Use upstream .gz tarball instead of locally generated .bz2 OBS-URL: https://build.opensuse.org/request/show/253577 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=411
50 lines
2.0 KiB
Diff
50 lines
2.0 KiB
Diff
Index: libvirt-1.2.9/src/qemu/qemu.conf
|
|
===================================================================
|
|
--- libvirt-1.2.9.orig/src/qemu/qemu.conf
|
|
+++ libvirt-1.2.9/src/qemu/qemu.conf
|
|
@@ -200,7 +200,16 @@
|
|
# a special value; security_driver can be set to that value in
|
|
# isolation, but it cannot appear in a list of drivers.
|
|
#
|
|
+# SUSE Note:
|
|
+# Currently, Apparmor is the default security framework in SUSE
|
|
+# distros. If Apparmor is enabled on the host, libvirtd is
|
|
+# generously confined but users must opt-in to confine qemu
|
|
+# instances. Change this to 'apparmor' to enable Apparmor
|
|
+# confinement of qemu instances.
|
|
+#
|
|
#security_driver = "selinux"
|
|
+# security_driver = "apparmor"
|
|
+security_driver = "none"
|
|
|
|
# If set to non-zero, then the default security labeling
|
|
# will make guests confined. If set to zero, then guests
|
|
@@ -417,11 +426,22 @@
|
|
#allow_disk_format_probing = 1
|
|
|
|
|
|
-# In order to prevent accidentally starting two domains that
|
|
-# share one writable disk, libvirt offers two approaches for
|
|
-# locking files. The first one is sanlock, the other one,
|
|
-# virtlockd, is then our own implementation. Accepted values
|
|
-# are "sanlock" and "lockd".
|
|
+# SUSE note:
|
|
+# Two lock managers are supported: lockd and sanlock. lockd, which
|
|
+# is provided by the virtlockd service, uses advisory locks (flock(2))
|
|
+# to protect virtual machine disks. sanlock uses the notion of leases
|
|
+# to protect virtual machine disks and is more appropriate in a SAN
|
|
+# environment.
|
|
+#
|
|
+# For most deployments that require virtual machine disk protection,
|
|
+# lockd is recommended since it is easy to configure and the virtlockd
|
|
+# service can be restarted without terminating any running virtual
|
|
+# machines. sanlock, which may be preferred in some SAN environments,
|
|
+# has the disadvantage of not being able to be restarted without
|
|
+# first terminating all virtual machines for which it holds leases.
|
|
+#
|
|
+# Specify lockd or sanlock to enable protection of virtual machine disk
|
|
+# content.
|
|
#
|
|
#lock_manager = "lockd"
|
|
|