diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 359f8f1009..683aadb908 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -32,11 +32,14 @@ module Libvirtd_qemu = | str_entry "vnc_password" | bool_entry "vnc_sasl" | str_entry "vnc_sasl_dir" - | str_entry "spice_listen" + | bool_entry "vnc_allow_host_audio" + + let spice_entry = str_entry "spice_listen" | bool_entry "spice_tls" | str_entry "spice_tls_x509_cert_dir" | str_entry "spice_password" - | str_entry "security_driver" + + let security_entry = str_entry "security_driver" | bool_entry "security_default_confined" | bool_entry "security_require_confined" | str_entry "user" @@ -44,27 +47,37 @@ module Libvirtd_qemu = | bool_entry "dynamic_ownership" | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" - | str_entry "save_image_format" + + let save_entry = str_entry "save_image_format" | str_entry "dump_image_format" | str_entry "auto_dump_path" | bool_entry "auto_dump_bypass_cache" | bool_entry "auto_start_bypass_cache" - | str_entry "hugetlbfs_mount" - | bool_entry "mac_filter" - | bool_entry "relaxed_acs_check" - | bool_entry "vnc_allow_host_audio" + + let process_entry = str_entry "hugetlbfs_mount" | bool_entry "clear_emulator_capabilities" - | bool_entry "allow_disk_format_probing" | bool_entry "set_process_name" | int_entry "max_processes" | int_entry "max_files" + + let device_entry = bool_entry "mac_filter" + | bool_entry "relaxed_acs_check" + | bool_entry "allow_disk_format_probing" | str_entry "lock_manager" - | int_entry "max_queued" + + let rpc_entry = int_entry "max_queued" | int_entry "keepalive_interval" | int_entry "keepalive_count" (* Each enty in the config is one of the following three ... *) let entry = vnc_entry + | spice_entry + | security_entry + | save_entry + | process_entry + | device_entry + | rpc_entry + let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] let empty = [ label "#empty" . eol ] diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index c78d55146c..ed4683cedd 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -88,6 +88,16 @@ #vnc_sasl_dir = "/some/directory/sasl2" +# QEMU implements an extension for providing audio over a VNC connection, +# though if your VNC client does not support it, your only chance for getting +# sound output is through regular audio backends. By default, libvirt will +# disable all QEMU sound backends if using VNC, since they can cause +# permissions issues. Enabling this option will make libvirtd honor the +# QEMU_AUDIO_DRV environment variable when using VNC. +# +#vnc_allow_host_audio = 0 + + # SPICE is configured to listen on 127.0.0.1 by default. # To make it listen on all public interfaces, uncomment @@ -253,29 +263,6 @@ #hugetlbfs_mount = "/dev/hugepages" -# mac_filter enables MAC addressed based filtering on bridge ports. -# This currently requires ebtables to be installed. -# -#mac_filter = 1 - - -# By default, PCI devices below non-ACS switch are not allowed to be assigned -# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to -# be assigned to guests. -# -#relaxed_acs_check = 1 - - -# QEMU implements an extension for providing audio over a VNC connection, -# though if your VNC client does not support it, your only chance for getting -# sound output is through regular audio backends. By default, libvirt will -# disable all QEMU sound backends if using VNC, since they can cause -# permissions issues. Enabling this option will make libvirtd honor the -# QEMU_AUDIO_DRV environment variable when using VNC. -# -#vnc_allow_host_audio = 0 - - # If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. @@ -286,18 +273,6 @@ #clear_emulator_capabilities = 1 -# If allow_disk_format_probing is enabled, libvirt will probe disk -# images to attempt to identify their format, when not otherwise -# specified in the XML. This is disabled by default. -# -# WARNING: Enabling probing is a security hole in almost all -# deployments. It is strongly recommended that users update their -# guest XML elements to include -# elements instead of enabling this option. -# -#allow_disk_format_probing = 1 - - # If enabled, libvirt will have QEMU set its process name to # "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU # process will appear as "qemu:VM_NAME" in process listings and @@ -317,12 +292,41 @@ #max_processes = 0 #max_files = 0 + + +# mac_filter enables MAC addressed based filtering on bridge ports. +# This currently requires ebtables to be installed. +# +#mac_filter = 1 + + +# By default, PCI devices below non-ACS switch are not allowed to be assigned +# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to +# be assigned to guests. +# +#relaxed_acs_check = 1 + + +# If allow_disk_format_probing is enabled, libvirt will probe disk +# images to attempt to identify their format, when not otherwise +# specified in the XML. This is disabled by default. +# +# WARNING: Enabling probing is a security hole in almost all +# deployments. It is strongly recommended that users update their +# guest XML elements to include +# elements instead of enabling this option. +# +#allow_disk_format_probing = 1 + + # To enable 'Sanlock' project based locking of the file # content (to prevent two VMs writing to the same # disk), uncomment this # #lock_manager = "sanlock" + + # Set limit of maximum APIs queued on one domain. All other APIs # over this threshold will fail on acquiring job lock. Specially, # setting to zero turns this feature off.