[libvirt] [PATCH] correct security_require_confined default value

Eric Blake eblake at redhat.com
Tue Feb 14 13:34:39 UTC 2012


On 02/14/2012 06:10 AM, Jiri Denemark wrote:
> On Tue, Feb 14, 2012 at 18:38:24 +0800, ajia at redhat.com wrote:
>> From: Alex Jia <ajia at redhat.com>
>>
>> * src/qemu/qemu.conf: set security_require_confined default value to 0.
>>
>> Signed-off-by: Alex Jia <ajia at redhat.com>
>> ---
>>  src/qemu/qemu.conf |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>> index 95428c1..6cb3707 100644
>> --- a/src/qemu/qemu.conf
>> +++ b/src/qemu/qemu.conf
>> @@ -145,7 +145,7 @@
>>  
>>  # If set to non-zero, then attempts to create unconfined
>>  # guests will be blocked. Defaults to 0.
>> -# security_require_confined = 1
>> +# security_require_confined = 0
> 
> This is just a comment explaining how to set the value, I don't think we have
> any rule saying the values in comment are the default ones. The comment about
> is explicit about what the default value is.

In fact, I prefer leaving it as-is.  The idea is that the default is 0,
but the example has 1, so that you merely need uncomment the example to
change the default.

> 
> That said, this patch is not doing anything wrong but I think that if we want
> to do this, we should document the rule and fix all values at once to be
> consistent with it. And I don't think it's worth it.

Concur.  Let's just drop this one.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120214/d62c562d/attachment-0001.sig>


More information about the libvir-list mailing list