[libvirt] [PATCH v1 00/21] Run qemu under its own namespace

Thu Nov 24 14:47:49 UTC 2016

Finally. This is full implementation of my RFC:

https://www.redhat.com/archives/libvir-list/2016-November/msg00691.html

The first two patches were posted separately, but since they lack
review I'm sending them here too because they are important for
the feature:

https://www.redhat.com/archives/libvir-list/2016-November/msg01060.html

All of these patches:

a) can be found on my github:
https://github.com/zippy2/libvirt/tree/qemu_container_v2

b) pass my basic testing:
  - run domain with device passthrough
  - device hot(un-)plug (disks, RNGs, chardevs, PCI/USB)

c) seem to add negligible overhead to domain startup process

Michal Privoznik (21):
  qemu: Create hugepage path on per domain basis
  security: Implement virSecurityManagerSetHugepages
  virprocess: Introduce virProcessSetupPrivateMountNS
  virfile: Introduce virFileSetupDev
  virfile: Introduce ACL helpers
  virusb: Introduce virUSBDeviceGetPath
  virscsi: Introduce virSCSIDeviceGetPath
  qemu_cgroup: Expose defaultDeviceACL
  qemu: Spawn qemu under mount namespace
  qemu: Prepare disks when starting a domain
  qemu: Prepare hostdevs when starting a domain
  qemu: Prepare chardevs when starting a domain
  qemu: Prepare TPM when starting a domain
  qemu: Prepare inputs when starting a domain
  qemu: Prepare RNGs when starting a domain
  qemu: Enter the namespace on relabelling
  qemu: Manage /dev entry on disk hotplug
  qemu: Manage /dev entry on hostdev hotplug
  qemu: Manage /dev entry on chardev hotplug
  qemu: Manage /dev entry on RNG hotplug
  qemu: Let users opt-out from containerization

 configure.ac                                       |   12 +-
 src/Makefile.am                                    |    7 +-
 src/libvirt_private.syms                           |    9 +
 src/lxc/lxc_container.c                            |   20 +-
 src/lxc/lxc_controller.c                           |   32 +-
 src/qemu/libvirtd_qemu.aug                         |    1 +
 src/qemu/qemu.conf                                 |    8 +
 src/qemu/qemu_cgroup.c                             |    2 +-
 src/qemu/qemu_cgroup.h                             |    1 +
 src/qemu/qemu_command.c                            |    4 +-
 src/qemu/qemu_conf.c                               |   50 +-
 src/qemu/qemu_conf.h                               |   18 +-
 src/qemu/qemu_domain.c                             | 1147 ++++++++++++++++++++
 src/qemu/qemu_domain.h                             |   42 +
 src/qemu/qemu_driver.c                             |   24 +-
 src/qemu/qemu_hotplug.c                            |   90 +-
 src/qemu/qemu_process.c                            |   53 +-
 src/qemu/qemu_security.c                           |  208 ++++
 src/qemu/qemu_security.h                           |   55 +
 src/qemu/test_libvirtd_qemu.aug.in                 |    1 +
 src/security/security_dac.c                        |   11 +
 src/security/security_selinux.c                    |   10 +
 src/util/virfile.c                                 |  153 +++
 src/util/virfile.h                                 |   17 +
 src/util/virprocess.c                              |   38 +
 src/util/virprocess.h                              |    2 +
 src/util/virscsi.c                                 |    6 +
 src/util/virscsi.h                                 |    1 +
 src/util/virusb.c                                  |    5 +
 src/util/virusb.h                                  |    1 +
 .../qemuxml2argv-hugepages-numa.args               |    4 +-
 .../qemuxml2argv-hugepages-pages.args              |   14 +-
 .../qemuxml2argv-hugepages-pages2.args             |    2 +-
 .../qemuxml2argv-hugepages-pages3.args             |    2 +-
 .../qemuxml2argv-hugepages-pages5.args             |    2 +-
 .../qemuxml2argv-hugepages-shared.args             |   12 +-
 tests/qemuxml2argvdata/qemuxml2argv-hugepages.args |    2 +-
 .../qemuxml2argv-memory-hotplug-dimm-addr.args     |    4 +-
 .../qemuxml2argv-memory-hotplug-dimm.args          |    4 +-
 39 files changed, 1933 insertions(+), 141 deletions(-)
 create mode 100644 src/qemu/qemu_security.c
 create mode 100644 src/qemu/qemu_security.h

-- 
2.8.4