On 11/15/18 7:40 PM, John Ferlan wrote: > > > On 11/14/18 7:44 AM, Michal Privoznik wrote: >> v4 of: >> >> https://www.redhat.com/archives/libvir-list/2018-October/msg00861.html >> >> diff to v3: >> - Introduced a config knob to enable/disable metadata locking (except >> not really). We want to have a knob that enables/disables remembering >> of original owner. This knob in turn enables metadata locking. The >> reason is that metadata locking on its own doesn't make any sense. >> Anyway, the qemu.conf change is not done (it'll be done in upcoming >> patch set that implements original owner remembering), so if you want >> to see these patches in action you'll need to apply the following >> patch: >> >> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c >> index 32da9a7351..0080b0d021 100644 >> --- a/src/qemu/qemu_conf.c >> +++ b/src/qemu/qemu_conf.c >> @@ -347,6 +347,8 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) >> if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST))) >> goto error; >> >> + cfg->rememberOwner = true; >> + >> if (privileged && >> qemuDomainNamespaceAvailable(QEMU_DOMAIN_NS_MOUNT) && >> virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0) >> >> >> - I've fixed small issues raised in review of v3. >> Note that patches 01 and 02 are ACKed already but I'm sending them for >> completeness (probably doesn't make much sense to merge them while this >> is still under review, does it?). >> >> >> Michal Prívozník (15): >> virprocess: Introduce virProcessRunInFork >> virprocess: Make virProcessRunInMountNamespace use virProcessRunInFork >> qemu_tpm: Pass virDomainObjPtr instead of virDomainDefPtr >> qemu_domain: Track if domain remembers original owner >> virSecurityManagerTransactionCommit: Do metadata locking iff enabled >> in config >> security_manager: Rework metadata locking >> Revert "security_manager: Load lock plugin on init" >> Revert "qemu_conf: Introduce metadata_lock_manager" >> Revert "lock_manager: Allow disabling configFile for >> virLockManagerPluginNew" >> Revert "lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK" >> Revert "lock_driver: Introduce >> VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA" >> Revert "_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom >> union" >> Revert "lock_driver: Introduce new >> VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON" >> Revert "lock_driver_lockd: Introduce >> VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag" >> Revert "virlockspace: Allow caller to specify start and length offset >> in virLockSpaceAcquireResource" >> >> cfg.mk | 4 +- >> src/libvirt_private.syms | 1 + >> src/locking/lock_daemon_dispatch.c | 11 +- >> src/locking/lock_driver.h | 12 - >> src/locking/lock_driver_lockd.c | 421 ++++++++++------------------- >> src/locking/lock_driver_lockd.h | 1 - >> src/locking/lock_driver_sanlock.c | 44 +-- >> src/locking/lock_manager.c | 10 +- >> src/lxc/lxc_controller.c | 3 +- >> src/lxc/lxc_driver.c | 2 +- >> src/qemu/qemu_conf.c | 1 - >> src/qemu/qemu_conf.h | 2 +- >> src/qemu/qemu_domain.c | 7 + >> src/qemu/qemu_domain.h | 3 + >> src/qemu/qemu_driver.c | 3 - >> src/qemu/qemu_extdevice.c | 16 +- >> src/qemu/qemu_extdevice.h | 4 +- >> src/qemu/qemu_process.c | 9 +- >> src/qemu/qemu_security.c | 87 ++++-- >> src/qemu/qemu_security.h | 4 +- >> src/qemu/qemu_tpm.c | 24 +- >> src/qemu/qemu_tpm.h | 4 +- >> src/security/security_dac.c | 54 ++-- >> src/security/security_driver.h | 3 +- >> src/security/security_manager.c | 259 +++++++++--------- >> src/security/security_manager.h | 22 +- >> src/security/security_selinux.c | 53 ++-- >> src/security/security_stack.c | 5 +- >> src/util/virlockspace.c | 15 +- >> src/util/virlockspace.h | 4 - >> src/util/virprocess.c | 82 ++++-- >> src/util/virprocess.h | 16 ++ >> tests/seclabeltest.c | 2 +- >> tests/securityselinuxlabeltest.c | 2 +- >> tests/securityselinuxtest.c | 2 +- >> tests/testutilsqemu.c | 2 +- >> tests/virlockspacetest.c | 29 +- >> 37 files changed, 573 insertions(+), 650 deletions(-) >> > > Consider the "Revert" patches all : > > Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx> > > John > > I ran the series through my Coverity checker and it didn't find anything new > Thank you for the review. I've pushed these. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
