[libvirt] [PATCH] qemu_capabilities: fix issue with discarding old capabilities
Daniel P. Berrange
berrange at redhat.com
Mon Sep 15 09:24:42 UTC 2014
On Fri, Sep 12, 2014 at 06:42:08PM +0200, Pavel Hrdina wrote:
> On 09/12/2014 06:25 PM, Daniel P. Berrange wrote:
> >On Fri, Sep 12, 2014 at 06:10:44PM +0200, Pavel Hrdina wrote:
> >>There was a bug that if libvirtd binary has been updated than the
> >>capability file wasn't reloaded therefore new capabilities introduced
> >>in libvirt cannot be used because the cached version was loaded.
> >>
> >>Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135431
> >
> >That bug is all about FIPS support.
>
> Yes it's about FIPS support but it's already in libvirt. I've tested it
> and actually by removing cached file to force detect new capabilities and
> after that it worked.
>
> Now I realized that even checking the selfctime during start of libvirtd
> isn't sufficient because you can enable the FIPS support for kenrel without
> updating the libvirtd binary.
Ah, so the actual bug is that the capabilities we detect have a dependancy
on (libvirtd binary, qemu binary, sysfs/procfs settings). It is pretty
difficult to deal with sysfs/procfs chances & caching here, since there's
no way I know to detect when sysfs/procfs settings change.
I wouldn't want to check the sysfs/procfs settings every time. Perhaps it
would suffice to just do a check on sysfs/procfs when libvirtd starts up,
so we can say that if you change FIPS sysfs settings you must restart
libvirtd ?
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list