[libvirt] [PATCH] qemu: turn on virtlockd by default

Daniel P. Berrange berrange at redhat.com
Wed Feb 1 16:54:01 UTC 2017 

The virtlockd daemon has existed for years now, but we have never
turned it on by default, requiring explicit user opt-in. This leaves
users unprotected against accidents out of the box.

By turning it on by default, users will at least be protected for
mistakes involving local files, and files on shared filesystems
that support fcntl() (eg NFS).

In turning it on the various services files are updated to have
the same dependancies for virtlockd as we have for virtlogd
now, since turning the latter on exposed some gaps.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 daemon/libvirtd.service.in       | 1 +
 src/locking/virtlockd.service.in | 1 +
 src/locking/virtlockd.socket.in  | 1 +
 src/qemu/qemu.conf               | 2 +-
 src/qemu/qemu_conf.c             | 3 +++
 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index bbf27da..c72dde5 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -6,6 +6,7 @@
 [Unit]
 Description=Virtualization daemon
 Requires=virtlogd.socket
+Requires=virtlockd.socket
 Before=libvirt-guests.service
 After=network.target
 After=dbus.service
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
index 57089b0..69b568f 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=Virtual machine lock manager
 Requires=virtlockd.socket
+Before=libvirtd.service
 Documentation=man:virtlockd(8)
 Documentation=http://libvirt.org
 
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
index 9808bbb..45e0f20 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -1,5 +1,6 @@
 [Unit]
 Description=Virtual machine lock manager socket
+Before=libvirtd.service
 
 [Socket]
 ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index a8cd369..3239f7b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -535,7 +535,7 @@
 # share one writable disk, libvirt offers two approaches for
 # locking files. The first one is sanlock, the other one,
 # virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# are "sanlock", "lockd", "nop". The default is "lockd".
 #
 #lock_manager = "lockd"
 
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 6613d59..d4c6cdc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -314,6 +314,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
     cfg->glusterDebugLevel = 4;
     cfg->stdioLogD = true;
 
+    if (VIR_STRDUP(cfg->lockManagerName, "lockd") < 0)
+        goto error;
+
     if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
         goto error;
 
-- 
2.9.3

More information about the libvir-list mailing list