Separate the guest created QEMU monitor socket location
from the libvirtd create XML / PID data files, to improve
security separation when running QEMU non-root
* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
* src/qemu_conf.h: Add libDir and cacheDir directory paths
* src/qemu_driver.c: Move QEMU monitor socket from
stateDir to libDir to avoid making security critical directory
accessible to QEMU guests.
* src/util.c: Delay running hook till after damonizing to
ensure pidfile is still written before changing UID/GID
Define an <encryption> tag specifying volume encryption format and
format-depenedent parameters (e.g. passphrase, cipher name, key
length, key).
Currently the only defined parameter is a reference to a "secret"
(passphrase/key) managed using the virSecret* API.
Only the qcow/qcow2 encryption format, and a "default" format used to
let libvirt choose the format during volume creation, is currently
supported.
This patch does not add any users; the <encryption> tag is added in
the following patches to both volumes (to support encrypted volume
creation) and domains.
* docs/*.html: Re-generate
* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
Add page describing storage encryption data format
* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
Add RNG schema for storage encryption format
* po/POTFILES.in: Add src/storage_encryption_conf.c
* src/libvirt_private.syms: Export virStorageEncryption* functions
* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
helper APIs for dealing with storage encryption format
* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
RNG schema
This patch adds a "secret" as a separately managed object, using a
special-purpose API to transfer the secret values between nodes and
libvirt users.
* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
schema for virSecret objects
* docs/*html: Re-generated
* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
describing the virSecret XML schema
* include/libvirt/libvirt.h.in: Define the new virSecret public
API
* src/libvirt_public.syms: Export symbols for new public APIs
* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
files list
* configure.in: Check for pkcheck which indicates new policykit
* qemud/Makefile.am: Install different versions of policy
* qemud/libvirtd.policy: Rename to libvirtd.policy-0
* qemud/libvirtd.policy-1: new style policy
* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
policykit API via external pkcheck helper
* src/remote_internal.c: Don't prompt for polkit auth with new
policykit API
* libvirt.spec.in: deal with new policy install locations & deps
Allow qemu user to open kernel/initrds in this dir, but still prevent
others from listing it.
* libvirt.spec.in: set /var/lib/libvirt/boot perms to 0711
polkit was disabled by default for a reason - because we selectively
enable it on newer fedoras rather than disable it on older fedoras
Same fix needed for netcf
It's not needed at build time
Removed in Fedora by:
* Fri Jun 5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
- Remove the qemu BuildRequires
Disabled on < f12 for now until netcf is in Fedora updates
BuildRequires netcf if enabled, pass --without-netcf if its disabled
* libvirt.spec.in: enabled netcf by default
* libvirt.spec.in: make a client rpm with shared libs, client binaries
and resources needed by those, and a small number of fixes and
cleanups in the spec file.
* configure.in: Add --with-qemu-user and --with-qemu-group args
* libvirt.spec.in: use 'qemu' for user/group for Fedora >= 12
* qemud/libvirtd_qemu.arg, qemud/test_libvirtd_qemu.aug,
src/qemu.conf: Add 'user' and 'group' args for configuration
* src/Makefile.am: Create %localstatedir/cache/libvirt/qemu
* src/qemu_conf.c, src/qemu_conf.h: Load user/group from config
* src/qemu_driver.c: Change user ID/group ID when launching QEMU
guests. Change user/group ownership on disks/usb/pci devs.
Put memory dumps in %localstatedir/cache/libvirt/qemu
* src/util.c, src/util.h: Add convenient APIs for converting
username/groupname to user ID / group ID
* configure.in libvirt.spec.in src/Makefile.am
src/opennebula/one_client.[ch] src/opennebula/one_conf.h
src/opennebula/one_driver.[ch] : Finish the integration of OpenNebula,
avoid dependancy on OpenNebula libraries, require xmlrpc-c-devel
and build it by default, based on patch by Javier Fontan and DanB
suggestions
Daniel
from the post-install script:
Installing : libvirt
ln: creating symbolic link `/etc/libvirt/qemu/networks/autostart/default.xml': File exists
See https://bugzilla.redhat.com/462011
* configure.in docs/* NEWS: release of 0.5.0
* po/*: updated from the translators and merged
* docs/apibuild.py src/libvirt.c: avoid some warnings at doc
generation time
daniel
* src/domain_conf.c src/domain_conf.h src/qemu_conf.c
src/qemu_driver.c: Patch from Guido Günther allowing to pass
usb devices to qemu/kvm
* docs/libvirt.rng: add the new functionality to the grammar
* tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.args
tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address.xml
tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.args
tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.xml
tests/qemuxml2argvtest.c tests/qemuxml2xmltest.c: adding examples
to the regression tests
* libvirt.spec.in: fix the licence tag
Daniel
* include/libvirt/libvirt.h.in, src/libvirt.c, src/driver.h,
src/libvirt_sym.version: New virDomainMemoryPeek API.
* qemud/remote.c, qemud/remote_protocol.x, src/remote_internal.c:
Support for remote.
* src/qemu_driver.c: QEMU driver implementation of API.
* src/test.c: Test driver (null) implementation of API.
* docs/hvsupport.html.in: Document API.
* libvirt.spec.in: New path /var/cache/libvirt for temporary
storage of memory images.
* qemud/libvirtd.init.in: Remove any old temp files in
/var/cache/libvirt on restarts.
* src/Makefile.am: make install creates /var/cache/libvirt.
* configure.in: Detect mkdir -p.
* src/bridge.c, src/qemu_driver.c, configure.in: Try to detect
the paths of dnsmasq and brctl at compile time. If found
then compile them in, otherwise search $PATH at runtime.
* libvirt.spec.in: BR dnsmasq and bridge-utils so we have their
paths at compile time.
Mon Jun 11 14:10:00 BST 2007 Richard W.M. Jones <rjones@redhat.com>
* libvirt.spec.in: BuildRequires gnutls-devel and
set the remote PIDfile when configuring.
* qemud/Makefile.am: Distribute the Perl scripts.
* qemud/qemud.c: Only use QEMUD_DEBUG when ENABLE_DEBUG
is defined.
erroneous value of the hypercall XEN_V2_OP_SETMAXMEM
* libvirt.spec.in: applies changes from Jeremy Katz for libvirt
spec and also another fix from Michael Schwendt fixing rhbz#233874
Daniel
* libvirt.spec.in: BuildRequires: /sbin/iptables and
run configure with the --with-init-script and
--with-qemud-pid-file parameters.
* configure.in: it's --with-qemud-pid-file, not
--with-pid-file
include/libvirt/libvirt.h: preparing libvirt-0.1.9 release
* po/*.po: more updates and fix all the .po to not barf when msgfmt
tries to process them
Daniel
* proxy/libvirt_proxy.c src/libvirt.c src/proxy_internal.[ch]
src/xs_internal.[ch]: the virtGetOsType entry point was calling
the xenstore directly instead of going though driver, refactored
and implemented a specific new RPC with the proxy when this is
called as non-root fixes rhbz#214264 .
Daniel
* configure.in include/libvirt/virterror.h src/Makefile.am
src/conf.c src/conf.h src/virterror.c src/xen_internal.c:
adding a subset of Xen config file parser, and serializer
* tests/Makefile.am tests/conftest.c tests/test_conf.sh
tests/confdata/Makefile.am tests/confdata/fc4.conf
tests/confdata/fc4.out: adding test program for config in and out
Daniel
src/xen_internal.c: fixing the proxy installation, integrate in
the spec file and fix a few bugs in the proxy, seems to behave
correctly now.
* docs/apibuild.py docs/*: fixing the doc and API generator
Daniel
include/libvirt/virterror.h python/generator.py python/libvir.c
python/libvirt_wrap.h src/driver.h src/internal.h src/test.h
src/virsh.c src/virterror.c src/xend_internal.c src/xend_internal.h
src/xml.c src/xml.h: moved the includes from include/ to
include/libvirt to reflect the installed include tree. This
avoid using "" in the includes themselves.
Daniel
