[libvirt] [PATCH v4 00/15] Implement alternative metadata locking
John Ferlan
jferlan at redhat.com
Thu Nov 15 18:40:49 UTC 2018
On 11/14/18 7:44 AM, Michal Privoznik wrote:
> v4 of:
>
> https://www.redhat.com/archives/libvir-list/2018-October/msg00861.html
>
> diff to v3:
> - Introduced a config knob to enable/disable metadata locking (except
> not really). We want to have a knob that enables/disables remembering
> of original owner. This knob in turn enables metadata locking. The
> reason is that metadata locking on its own doesn't make any sense.
> Anyway, the qemu.conf change is not done (it'll be done in upcoming
> patch set that implements original owner remembering), so if you want
> to see these patches in action you'll need to apply the following
> patch:
>
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index 32da9a7351..0080b0d021 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -347,6 +347,8 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
> if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
> goto error;
>
> + cfg->rememberOwner = true;
> +
> if (privileged &&
> qemuDomainNamespaceAvailable(QEMU_DOMAIN_NS_MOUNT) &&
> virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
>
>
> - I've fixed small issues raised in review of v3.
> Note that patches 01 and 02 are ACKed already but I'm sending them for
> completeness (probably doesn't make much sense to merge them while this
> is still under review, does it?).
>
>
> Michal Prívozník (15):
> virprocess: Introduce virProcessRunInFork
> virprocess: Make virProcessRunInMountNamespace use virProcessRunInFork
> qemu_tpm: Pass virDomainObjPtr instead of virDomainDefPtr
> qemu_domain: Track if domain remembers original owner
> virSecurityManagerTransactionCommit: Do metadata locking iff enabled
> in config
> security_manager: Rework metadata locking
> Revert "security_manager: Load lock plugin on init"
> Revert "qemu_conf: Introduce metadata_lock_manager"
> Revert "lock_manager: Allow disabling configFile for
> virLockManagerPluginNew"
> Revert "lock_driver: Introduce VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK"
> Revert "lock_driver: Introduce
> VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA"
> Revert "_virLockManagerLockDaemonPrivate: Move @hasRWDisks into dom
> union"
> Revert "lock_driver: Introduce new
> VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON"
> Revert "lock_driver_lockd: Introduce
> VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_METADATA flag"
> Revert "virlockspace: Allow caller to specify start and length offset
> in virLockSpaceAcquireResource"
>
> cfg.mk | 4 +-
> src/libvirt_private.syms | 1 +
> src/locking/lock_daemon_dispatch.c | 11 +-
> src/locking/lock_driver.h | 12 -
> src/locking/lock_driver_lockd.c | 421 ++++++++++-------------------
> src/locking/lock_driver_lockd.h | 1 -
> src/locking/lock_driver_sanlock.c | 44 +--
> src/locking/lock_manager.c | 10 +-
> src/lxc/lxc_controller.c | 3 +-
> src/lxc/lxc_driver.c | 2 +-
> src/qemu/qemu_conf.c | 1 -
> src/qemu/qemu_conf.h | 2 +-
> src/qemu/qemu_domain.c | 7 +
> src/qemu/qemu_domain.h | 3 +
> src/qemu/qemu_driver.c | 3 -
> src/qemu/qemu_extdevice.c | 16 +-
> src/qemu/qemu_extdevice.h | 4 +-
> src/qemu/qemu_process.c | 9 +-
> src/qemu/qemu_security.c | 87 ++++--
> src/qemu/qemu_security.h | 4 +-
> src/qemu/qemu_tpm.c | 24 +-
> src/qemu/qemu_tpm.h | 4 +-
> src/security/security_dac.c | 54 ++--
> src/security/security_driver.h | 3 +-
> src/security/security_manager.c | 259 +++++++++---------
> src/security/security_manager.h | 22 +-
> src/security/security_selinux.c | 53 ++--
> src/security/security_stack.c | 5 +-
> src/util/virlockspace.c | 15 +-
> src/util/virlockspace.h | 4 -
> src/util/virprocess.c | 82 ++++--
> src/util/virprocess.h | 16 ++
> tests/seclabeltest.c | 2 +-
> tests/securityselinuxlabeltest.c | 2 +-
> tests/securityselinuxtest.c | 2 +-
> tests/testutilsqemu.c | 2 +-
> tests/virlockspacetest.c | 29 +-
> 37 files changed, 573 insertions(+), 650 deletions(-)
>
Consider the "Revert" patches all :
Reviewed-by: John Ferlan <jferlan at redhat.com>
John
I ran the series through my Coverity checker and it didn't find anything new
More information about the libvir-list
mailing list