The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.
Changes from [v1]:
* documented more explicitly that the newly introduced option is
intended for very specific scenarios and not general usage; as
part of this, the NEWS update has been dropped too;
* made a few tweaks and addressed a few oversight based on review
feedback;
* several preparatory cleanup patches have been pushed.
Changes from [v0]:
* reworked approach.
CC'ing Stefan so he can have a look at the TPM part and shout if I've
gotten anything wrong :)
[v1] https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/XEISMPGRJHFRT4LZ3MJ3L3XR7OPOQKPM/
[v0] https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/MMKVR54LD3SDG5CMSXUECV7I57LMJJTH/
[1] https://issues.redhat.com/browse/CNV-34322
[2] https://issues.redhat.com/browse/CNV-39370
Andrea Bolognani (5):
security: Fix alignment
qemu: Introduce shared_filesystems configuration option
qemu: Propagate shared_filesystems
utils: Use overrides in virFileIsSharedFS()
qemu: Always set labels for TPM state
src/lxc/lxc_controller.c | 3 +-
src/lxc/lxc_driver.c | 2 +-
src/lxc/lxc_process.c | 4 +-
src/qemu/libvirtd_qemu.aug | 3 ++
src/qemu/qemu.conf.in | 23 ++++++++
src/qemu/qemu_conf.c | 17 ++++++
src/qemu/qemu_conf.h | 2 +
src/qemu/qemu_domain.c | 7 ++-
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_migration.c | 23 ++++----
src/qemu/qemu_security.c | 85 +++++++++++++++++++++++-------
src/qemu/qemu_tpm.c | 38 +++++++------
src/qemu/qemu_tpm.h | 10 ++--
src/qemu/test_libvirtd_qemu.aug.in | 5 ++
src/security/security_apparmor.c | 2 +
src/security/security_dac.c | 47 +++++++++++++----
src/security/security_driver.h | 8 ++-
src/security/security_manager.c | 33 +++++++++---
src/security/security_manager.h | 9 +++-
src/security/security_nop.c | 5 ++
src/security/security_selinux.c | 56 +++++++++++++++-----
src/security/security_stack.c | 32 ++++++++---
src/util/virfile.c | 53 +++++++++++++++++--
src/util/virfile.h | 3 +-
tests/securityselinuxlabeltest.c | 2 +-
tests/virfiletest.c | 2 +-
26 files changed, 370 insertions(+), 106 deletions(-)
--
2.44.0
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
