Finally. This is full implementation of my RFC: https://www.redhat.com/archives/libvir-list/2016-November/msg00691.html The first two patches were posted separately, but since they lack review I'm sending them here too because they are important for the feature: https://www.redhat.com/archives/libvir-list/2016-November/msg01060.html All of these patches: a) can be found on my github: https://github.com/zippy2/libvirt/tree/qemu_container_v2 b) pass my basic testing: - run domain with device passthrough - device hot(un-)plug (disks, RNGs, chardevs, PCI/USB) c) seem to add negligible overhead to domain startup process Michal Privoznik (21): qemu: Create hugepage path on per domain basis security: Implement virSecurityManagerSetHugepages virprocess: Introduce virProcessSetupPrivateMountNS virfile: Introduce virFileSetupDev virfile: Introduce ACL helpers virusb: Introduce virUSBDeviceGetPath virscsi: Introduce virSCSIDeviceGetPath qemu_cgroup: Expose defaultDeviceACL qemu: Spawn qemu under mount namespace qemu: Prepare disks when starting a domain qemu: Prepare hostdevs when starting a domain qemu: Prepare chardevs when starting a domain qemu: Prepare TPM when starting a domain qemu: Prepare inputs when starting a domain qemu: Prepare RNGs when starting a domain qemu: Enter the namespace on relabelling qemu: Manage /dev entry on disk hotplug qemu: Manage /dev entry on hostdev hotplug qemu: Manage /dev entry on chardev hotplug qemu: Manage /dev entry on RNG hotplug qemu: Let users opt-out from containerization configure.ac | 12 +- src/Makefile.am | 7 +- src/libvirt_private.syms | 9 + src/lxc/lxc_container.c | 20 +- src/lxc/lxc_controller.c | 32 +- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 8 + src/qemu/qemu_cgroup.c | 2 +- src/qemu/qemu_cgroup.h | 1 + src/qemu/qemu_command.c | 4 +- src/qemu/qemu_conf.c | 50 +- src/qemu/qemu_conf.h | 18 +- src/qemu/qemu_domain.c | 1147 ++++++++++++++++++++ src/qemu/qemu_domain.h | 42 + src/qemu/qemu_driver.c | 24 +- src/qemu/qemu_hotplug.c | 90 +- src/qemu/qemu_process.c | 53 +- src/qemu/qemu_security.c | 208 ++++ src/qemu/qemu_security.h | 55 + src/qemu/test_libvirtd_qemu.aug.in | 1 + src/security/security_dac.c | 11 + src/security/security_selinux.c | 10 + src/util/virfile.c | 153 +++ src/util/virfile.h | 17 + src/util/virprocess.c | 38 + src/util/virprocess.h | 2 + src/util/virscsi.c | 6 + src/util/virscsi.h | 1 + src/util/virusb.c | 5 + src/util/virusb.h | 1 + .../qemuxml2argv-hugepages-numa.args | 4 +- .../qemuxml2argv-hugepages-pages.args | 14 +- .../qemuxml2argv-hugepages-pages2.args | 2 +- .../qemuxml2argv-hugepages-pages3.args | 2 +- .../qemuxml2argv-hugepages-pages5.args | 2 +- .../qemuxml2argv-hugepages-shared.args | 12 +- tests/qemuxml2argvdata/qemuxml2argv-hugepages.args | 2 +- .../qemuxml2argv-memory-hotplug-dimm-addr.args | 4 +- .../qemuxml2argv-memory-hotplug-dimm.args | 4 +- 39 files changed, 1933 insertions(+), 141 deletions(-) create mode 100644 src/qemu/qemu_security.c create mode 100644 src/qemu/qemu_security.h -- 2.8.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
