forked from pool/libvirt
794d4df5d5
implementation does not support libxl in Xen 4.2. - Update to libvirt 0.10.2 - network: define new API virNetworkUpdate - add support for QEmu sandbox support - blockjob: add virDomainBlockCommit - node_memory: Define the APIs to get/set memory parameters - list: Define new API virConnectListAllSecrets - list: Define new API virConnectListAllNWFilter - list: Define new API virConnectListAllNodeDevices - list: Define new API virConnectListAllInterfaces - list: Define new API virConnectListAllNetworks - list: Define new API virStoragePoolListAllVolumes - list: Define new API virStorageListAllStoragePools - parallels: add support of containers to the driver - Add PMSUSPENDED life cycle event - Add per-guest S3/S4 state configuration - qemu: Support for Block Device IO Limits OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=227
38 lines
1.4 KiB
Diff
38 lines
1.4 KiB
Diff
Index: libvirt-0.10.2/src/qemu/qemu.conf
|
|
===================================================================
|
|
--- libvirt-0.10.2.orig/src/qemu/qemu.conf
|
|
+++ libvirt-0.10.2/src/qemu/qemu.conf
|
|
@@ -169,7 +169,16 @@
|
|
# a special value; security_driver can be set to that value in
|
|
# isolation, but it cannot appear in a list of drivers.
|
|
#
|
|
+# SUSE Note:
|
|
+# Currently, Apparmor is the default security framework in SUSE
|
|
+# distros. If Apparmor is enabled on the host, libvirtd is
|
|
+# generously confined but users must opt-in to confine qemu
|
|
+# instances. Change this to 'apparmor' to enable Apparmor
|
|
+# confinement of qemu instances.
|
|
+#
|
|
#security_driver = "selinux"
|
|
+#security_driver = "apparmor"
|
|
+security_driver = "none"
|
|
|
|
# If set to non-zero, then the default security labeling
|
|
# will make guests confined. If set to zero, then guests
|
|
@@ -342,6 +351,15 @@
|
|
#allow_disk_format_probing = 1
|
|
|
|
|
|
+# SUSE note:
|
|
+# Many lock managers, sanlock included, will kill the resources
|
|
+# they protect when terminated. E.g. the sanlock daemon will kill
|
|
+# any virtual machines for which it holds disk leases when the
|
|
+# daemon is stopped or restarted. Administrators must be vigilant
|
|
+# when enabling a lock manager since simply updating the manager
|
|
+# may cause it to be restarted, potentially killing the resources
|
|
+# it protects.
|
|
+#
|
|
# To enable 'Sanlock' project based locking of the file
|
|
# content (to prevent two VMs writing to the same
|
|
# disk), uncomment this
|