[libvirt] [PATCH] qemu_capabilities: fix issue with discarding old capabilities

[Daniel P. Berrange]

On Fri, Sep 12, 2014 at 06:42:08PM +0200, Pavel Hrdina wrote:
> On 09/12/2014 06:25 PM, Daniel P. Berrange wrote:
> >On Fri, Sep 12, 2014 at 06:10:44PM +0200, Pavel Hrdina wrote:
> >>There was a bug that if libvirtd binary has been updated than the
> >>capability file wasn't reloaded therefore new capabilities introduced
> >>in libvirt cannot be used because the cached version was loaded.
> >>
> >>Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135431
> >
> >That bug is all about FIPS support.
> 
> Yes it's about FIPS support but it's already in libvirt. I've tested it
> and actually by removing cached file to force detect new capabilities and
> after that it worked.
> 
> Now I realized that even checking the selfctime during start of libvirtd
> isn't sufficient because you can enable the FIPS support for kenrel without
> updating the libvirtd binary.

Ah, so the actual bug is that the capabilities we detect have a dependancy
on (libvirtd binary, qemu binary, sysfs/procfs settings). It is pretty
difficult to deal with sysfs/procfs chances & caching here, since there's
no way I know to detect when sysfs/procfs settings change. 

I wouldn't want to check the sysfs/procfs settings every time. Perhaps it
would suffice to just do a check on sysfs/procfs when libvirtd starts up,
so we can say that if you change FIPS sysfs settings you must restart
libvirtd ?

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|