1. 03 1月, 2018 7 次提交
  2. 02 1月, 2018 4 次提交
  3. 21 12月, 2017 3 次提交
  4. 20 12月, 2017 1 次提交
    • C
      virt-aa-helper: handle more disk images · 0f33025a
      Cédric Bosdonnat 提交于
      virt-aa-helper needs read access to the disk image to resolve symlinks
      and add the proper rules to the profile. Its profile whitelists a few
      common paths, but users can place their images anywhere.
      
      This commit helps users allowing access to their images by adding their
      own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
      
      This commit also adds rules to allow reading files named:
        - *.raw as this is a rather common disk image extension
        - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
      0f33025a
  5. 19 12月, 2017 2 次提交
  6. 18 12月, 2017 1 次提交
  7. 16 12月, 2017 1 次提交
  8. 15 12月, 2017 3 次提交
    • A
      cfg.mk: Simplify backslash alignment check · f131dacf
      Andrea Bolognani 提交于
      The use of [[:blank:]] was intended to cover tabs as well, but
      it couldn't possibly work in its current form, so the regex was
      tweaked in d09429ab.
      
      With the original reason for using [[:blank:]] now gone, we can
      replace its usage with plain spaces. A comment about the purpose
      of the check is added as well.
      Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
      f131dacf
    • L
      qemu: log error on attempts to set filterref on an OVS-connected interface · 16a9a281
      Laine Stump 提交于
      ebtables/iptables processing is skipped for any interface connected to
      Open vSwitch (they have their own packet filtering), likewise for
      midonet (according to
      http://blog.midokura.com/2016/04/midonet-rule-chains), but libvirt
      would allow adding a <filterref> to interfaces connected in these
      ways, so the user might mistakenly believe they were being protected.
      
      This patch checks for a non-NULL <virtualport> element for an
      interface (or its network) and logs an error if <virtualport> and
      <filterref> are both present. This could cause some previously working
      domains to no longer start, but that's really the whole point of this
      patch - to warn people that their filterref isn't protecting them as
      they might have thought.
      
      I don't bother checking this during post-parse validation, because
      such a check would be incomplete - it's possible that a network would
      have a <virtualport> that would be applied to an interface, and you
      can't know that until the domain is started.
      
      Resolves: https://bugzilla.redhat.com/1502754
      16a9a281
    • L
      qemu: delete exist bandwidth restrictions when they are removed from config · b21163bd
      Laine Stump 提交于
      When the <bandwidth> of an interface is changed with update-device,
      the old settings are cleared with tc, then new settings added with
      tc. But if the <bandwidth has been removed, the old settings weren't
      being removed, so the bandwidth restrictions would still be active on
      the interface although the interface status in libvirt showed that
      they had been removed.
      
      This patch fixes it by calling virNetDevBandwidthClear() if the
      "modification" to the interface bandwidth was to completely clear
      it.
      
      An alternative could have been to modify virNetDevBandwidthSet() to
      always clear existing bandwith settings at the beginning of the
      function (currently it short circuits in that case, doing nothing),
      but that would have led to cases where virNetDevBandwidthClear() was
      now being called in cases where it previously wasn't, and while many
      of those cases would be NOPs, there could be cases where it would
      cause an error. The way this patch works, the ...Clear() function is
      only called in cases where the ...Set() function had previously been
      called successfully, so the risk of regression is minimized.
      
        Resolves: https://bugzilla.redhat.com/1454709
      b21163bd
  9. 14 12月, 2017 16 次提交
  10. 13 12月, 2017 2 次提交