libvirt/suse-qemu-conf.patch

Index: libvirt-1.2.2/src/qemu/qemu.conf
===================================================================
--- libvirt-1.2.2.orig/src/qemu/qemu.conf
+++ libvirt-1.2.2/src/qemu/qemu.conf
@@ -200,7 +200,16 @@
 # a special value; security_driver can be set to that value in
 # isolation, but it cannot appear in a list of drivers.
 #
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros.  If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances.  Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
 #security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
 
 # If set to non-zero, then the default security labeling
 # will make guests confined. If set to zero, then guests
@@ -402,10 +411,25 @@
 #allow_disk_format_probing = 1
 
 
-# To enable 'Sanlock' project based locking of the file
-# content (to prevent two VMs writing to the same
-# disk), uncomment this
+# SUSE note:
+# Two lock managers are supported: lockd and sanlock.  lockd, which
+# is provided by the virtlockd service, uses advisory locks (flock(2))
+# to protect virtual machine disks.  sanlock uses the notion of leases
+# to protect virtual machine disks and is more appropriate in a SAN
+# environment.
+#
+# For most deployments that require virtual machine disk protection,
+# lockd is recommended since it is easy to configure and the virtlockd
+# service can be restarted without terminating any running virtual
+# machines.  sanlock, which may be preferred in some SAN environments,
+# has the disadvantage of not being able to be restarted without
+# first terminating all virtual machines for which it holds leases.
+#
+# To enable lockd or sanlock based protection of virtual machine disk
+# content (to prevent two VMs writing to the same disk), uncomment one
+# of the following
 #
+#lock_manager = "lockd"
 #lock_manager = "sanlock"