2013-10-03 13:02:02 +00:00
|
|
|
<qemuCaps>
|
|
|
|
<flag name='vnc-colon'/>
|
|
|
|
<flag name='no-reboot'/>
|
|
|
|
<flag name='drive'/>
|
|
|
|
<flag name='name'/>
|
|
|
|
<flag name='uuid'/>
|
|
|
|
<flag name='vnet-hdr'/>
|
|
|
|
<flag name='migrate-qemu-tcp'/>
|
|
|
|
<flag name='migrate-qemu-exec'/>
|
|
|
|
<flag name='drive-cache-v2'/>
|
|
|
|
<flag name='drive-format'/>
|
|
|
|
<flag name='vga'/>
|
|
|
|
<flag name='0.10'/>
|
|
|
|
<flag name='mem-path'/>
|
|
|
|
<flag name='drive-serial'/>
|
|
|
|
<flag name='migrate-qemu-unix'/>
|
|
|
|
<flag name='chardev'/>
|
|
|
|
<flag name='enable-kvm'/>
|
|
|
|
<flag name='monitor-json'/>
|
|
|
|
<flag name='balloon'/>
|
|
|
|
<flag name='device'/>
|
|
|
|
<flag name='sdl'/>
|
|
|
|
<flag name='smp-topology'/>
|
|
|
|
<flag name='netdev'/>
|
|
|
|
<flag name='rtc'/>
|
|
|
|
<flag name='vhost-net'/>
|
|
|
|
<flag name='no-hpet'/>
|
|
|
|
<flag name='no-kvm-pit'/>
|
|
|
|
<flag name='pci-configfd'/>
|
|
|
|
<flag name='nodefconfig'/>
|
|
|
|
<flag name='boot-menu'/>
|
|
|
|
<flag name='fsdev'/>
|
|
|
|
<flag name='name-process'/>
|
|
|
|
<flag name='drive-readonly'/>
|
|
|
|
<flag name='smbios-type'/>
|
|
|
|
<flag name='vga-qxl'/>
|
|
|
|
<flag name='spice'/>
|
|
|
|
<flag name='vga-none'/>
|
|
|
|
<flag name='migrate-qemu-fd'/>
|
|
|
|
<flag name='boot-index'/>
|
|
|
|
<flag name='hda-duplex'/>
|
|
|
|
<flag name='drive-aio'/>
|
|
|
|
<flag name='pci-multibus'/>
|
|
|
|
<flag name='pci-bootindex'/>
|
|
|
|
<flag name='ccid-emulated'/>
|
|
|
|
<flag name='ccid-passthru'/>
|
|
|
|
<flag name='chardev-spicevmc'/>
|
|
|
|
<flag name='virtio-tx-alg'/>
|
|
|
|
<flag name='device-qxl-vga'/>
|
|
|
|
<flag name='pci-multifunction'/>
|
|
|
|
<flag name='virtio-blk-pci.ioeventfd'/>
|
|
|
|
<flag name='sga'/>
|
|
|
|
<flag name='virtio-blk-pci.event_idx'/>
|
|
|
|
<flag name='virtio-net-pci.event_idx'/>
|
|
|
|
<flag name='cache-directsync'/>
|
|
|
|
<flag name='piix3-usb-uhci'/>
|
|
|
|
<flag name='piix4-usb-uhci'/>
|
|
|
|
<flag name='usb-ehci'/>
|
|
|
|
<flag name='ich9-usb-ehci1'/>
|
|
|
|
<flag name='vt82c686b-usb-uhci'/>
|
|
|
|
<flag name='pci-ohci'/>
|
|
|
|
<flag name='usb-hub'/>
|
|
|
|
<flag name='no-shutdown'/>
|
|
|
|
<flag name='cache-unsafe'/>
|
|
|
|
<flag name='rombar'/>
|
|
|
|
<flag name='ich9-ahci'/>
|
|
|
|
<flag name='no-acpi'/>
|
|
|
|
<flag name='fsdev-readonly'/>
|
|
|
|
<flag name='virtio-blk-pci.scsi'/>
|
|
|
|
<flag name='blk-sg-io'/>
|
|
|
|
<flag name='drive-copy-on-read'/>
|
|
|
|
<flag name='cpu-host'/>
|
|
|
|
<flag name='fsdev-writeout'/>
|
|
|
|
<flag name='drive-iotune'/>
|
|
|
|
<flag name='system_wakeup'/>
|
|
|
|
<flag name='scsi-disk.channel'/>
|
|
|
|
<flag name='scsi-block'/>
|
|
|
|
<flag name='transaction'/>
|
|
|
|
<flag name='block-job-async'/>
|
|
|
|
<flag name='scsi-cd'/>
|
|
|
|
<flag name='ide-cd'/>
|
|
|
|
<flag name='no-user-config'/>
|
|
|
|
<flag name='hda-micro'/>
|
|
|
|
<flag name='dump-guest-memory'/>
|
|
|
|
<flag name='nec-usb-xhci'/>
|
|
|
|
<flag name='balloon-event'/>
|
|
|
|
<flag name='bridge'/>
|
|
|
|
<flag name='lsi'/>
|
|
|
|
<flag name='virtio-scsi-pci'/>
|
|
|
|
<flag name='blockio'/>
|
|
|
|
<flag name='disable-s3'/>
|
|
|
|
<flag name='disable-s4'/>
|
|
|
|
<flag name='ide-drive.wwn'/>
|
|
|
|
<flag name='scsi-disk.wwn'/>
|
|
|
|
<flag name='seccomp-sandbox'/>
|
|
|
|
<flag name='dump-guest-core'/>
|
|
|
|
<flag name='seamless-migration'/>
|
|
|
|
<flag name='block-commit'/>
|
|
|
|
<flag name='vnc'/>
|
|
|
|
<flag name='drive-mirror'/>
|
|
|
|
<flag name='usb-host.bootindex'/>
|
|
|
|
<flag name='blockdev-snapshot-sync'/>
|
|
|
|
<flag name='qxl'/>
|
|
|
|
<flag name='VGA'/>
|
|
|
|
<flag name='cirrus-vga'/>
|
|
|
|
<flag name='vmware-svga'/>
|
|
|
|
<flag name='device-video-primary'/>
|
|
|
|
<flag name='usb-serial'/>
|
|
|
|
<flag name='usb-net'/>
|
|
|
|
<flag name='add-fd'/>
|
|
|
|
<flag name='nbd-server'/>
|
|
|
|
<flag name='virtio-rng'/>
|
|
|
|
<flag name='rng-random'/>
|
|
|
|
<flag name='rng-egd'/>
|
|
|
|
<flag name='dtb'/>
|
|
|
|
<flag name='megasas'/>
|
|
|
|
<flag name='ipv6-migration'/>
|
|
|
|
<flag name='machine-opt'/>
|
|
|
|
<flag name='machine-usb-opt'/>
|
|
|
|
<flag name='pci-bridge'/>
|
|
|
|
<flag name='vfio-pci'/>
|
|
|
|
<flag name='vfio-pci.bootindex'/>
|
|
|
|
<flag name='scsi-generic'/>
|
|
|
|
<flag name='scsi-generic.bootindex'/>
|
|
|
|
<flag name='mem-merge'/>
|
|
|
|
<flag name='vnc-websocket'/>
|
|
|
|
<flag name='mlock'/>
|
|
|
|
<flag name='vnc-share-policy'/>
|
|
|
|
<flag name='device-del-event'/>
|
|
|
|
<flag name='dmi-to-pci-bridge'/>
|
|
|
|
<flag name='i440fx-pci-hole64-size'/>
|
|
|
|
<flag name='q35-pci-hole64-size'/>
|
|
|
|
<flag name='usb-storage'/>
|
|
|
|
<flag name='usb-storage.removable'/>
|
|
|
|
<flag name='virtio-mmio'/>
|
|
|
|
<flag name='ich9-intel-hda'/>
|
2013-07-01 16:28:50 +00:00
|
|
|
<flag name='kvm-pit-lost-tick-policy'/>
|
qemu: add "-boot strict" to commandline whenever possible
This resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=888635
(which was already closed as CANTFIX because the qemu "-boot strict"
commandline option wasn't available at the time).
Problem: you couldn't have a domain that used PXE to boot, but also
had an un-bootable disk device *even if that disk wasn't listed in the
boot order*, because if PXE timed out (e.g. due to the bridge
forwarding delay), the BIOS would move on to the next target, which
would be the unbootable disk device (again - even though it wasn't
given a boot order), and get stuck at a "BOOT DISK FAILURE, PRESS ANY
KEY" message until a user intervened.
The solution available since sometime around QEMU 1.5, is to add
"-boot strict=on" to *every* qemu command. When this is done, if any
devices have a boot order specified, then QEMU will *only* attempt to
boot from those devices that have an explicit boot order, ignoring the
rest.
2013-12-02 12:07:12 +00:00
|
|
|
<flag name='boot-strict'/>
|
2013-12-09 09:11:15 +00:00
|
|
|
<flag name='pvpanic'/>
|
2013-12-13 13:51:24 +00:00
|
|
|
<flag name='reboot-timeout'/>
|
qemu: ask for -enable-fips when FIPS is required
On a system that is enforcing FIPS, most libraries honor the
current mode by default. Qemu, on the other hand, refused to
honor FIPS mode unless you add the '-enable-fips' command
line option; worse, this option is not discoverable via QMP,
and is only present on binaries built for Linux. So, if we
detect FIPS mode, then we unconditionally ask for FIPS; either
qemu is new enough to have the option and then correctly
cripple insecure VNC passwords, or it is so old that we are
correctly avoiding a FIPS violation by preventing qemu from
starting. Meanwhile, if we don't detect FIPS mode, then
omitting the argument is safe whether the qemu has the option
(but it would do nothing because FIPS is disabled) or whether
qemu lacks the option (including in the case where we are not
running on Linux).
The testsuite was a bit interesting: we don't want our test
to depend on whether it is being run in FIPS mode, so I had
to tweak things to set the capability bit outside of our
normal interaction with capability parsing.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474
* src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit.
* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally
set capability according to detection of FIPS mode.
* src/qemu/qemu_command.c (qemuBuildCommandLine): Use it.
* tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set
capability to test expected output.
* tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list.
* tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-12-05 21:47:09 +00:00
|
|
|
<flag name='enable-fips'/>
|
2014-01-16 16:11:14 +00:00
|
|
|
<flag name='spice-file-xfer-disable'/>
|
2014-01-30 11:19:12 +00:00
|
|
|
<flag name='spiceport'/>
|
2014-02-17 10:17:55 +00:00
|
|
|
<flag name='usb-kbd'/>
|
2013-10-03 13:02:02 +00:00
|
|
|
</qemuCaps>
|