The virtlockd daemon has existed for years now, but we have never turned it on by default, requiring explicit user opt-in. This leaves users unprotected against accidents out of the box. By turning it on by default, users will at least be protected for mistakes involving local files, and files on shared filesystems that support fcntl() (eg NFS). In turning it on the various services files are updated to have the same dependancies for virtlockd as we have for virtlogd now, since turning the latter on exposed some gaps. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- daemon/libvirtd.service.in | 1 + src/locking/virtlockd.service.in | 1 + src/locking/virtlockd.socket.in | 1 + src/qemu/qemu.conf | 2 +- src/qemu/qemu_conf.c | 3 +++ 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in index bbf27da..c72dde5 100644 --- a/daemon/libvirtd.service.in +++ b/daemon/libvirtd.service.in @@ -6,6 +6,7 @@ [Unit] Description=Virtualization daemon Requires=virtlogd.socket +Requires=virtlockd.socket Before=libvirt-guests.service After=network.target After=dbus.service diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in index 57089b0..69b568f 100644 --- a/src/locking/virtlockd.service.in +++ b/src/locking/virtlockd.service.in @@ -1,6 +1,7 @@ [Unit] Description=Virtual machine lock manager Requires=virtlockd.socket +Before=libvirtd.service Documentation=man:virtlockd(8) Documentation=http://libvirt.org diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in index 9808bbb..45e0f20 100644 --- a/src/locking/virtlockd.socket.in +++ b/src/locking/virtlockd.socket.in @@ -1,5 +1,6 @@ [Unit] Description=Virtual machine lock manager socket +Before=libvirtd.service [Socket] ListenStream=@localstatedir@/run/libvirt/virtlockd-sock diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index a8cd369..3239f7b 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -535,7 +535,7 @@ # share one writable disk, libvirt offers two approaches for # locking files. The first one is sanlock, the other one, # virtlockd, is then our own implementation. Accepted values -# are "sanlock" and "lockd". +# are "sanlock", "lockd", "nop". The default is "lockd". # #lock_manager = "lockd" diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 6613d59..d4c6cdc 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -314,6 +314,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) cfg->glusterDebugLevel = 4; cfg->stdioLogD = true; + if (VIR_STRDUP(cfg->lockManagerName, "lockd") < 0) + goto error; + if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST))) goto error; -- 2.9.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
