mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-01 02:25:24 +00:00
0d968ad715
Currently the QEMU stdout/stderr streams are written directly to a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those can be rotated by logrotate (using copytruncate option) this is not very efficient. It also leaves open a window of opportunity for a compromised/broken QEMU to DOS the host filesystem by writing lots of text to stdout/stderr. This makes it possible to connect the stdout/stderr file handles to a pipe that is provided by virtlogd. The virtlogd daemon will read from this pipe and write data to the log file, performing file rotation whenever a pre-determined size limit is reached. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
82 lines
2.4 KiB
Plaintext
82 lines
2.4 KiB
Plaintext
module Test_libvirtd_qemu =
|
|
::CONFIG::
|
|
|
|
test Libvirtd_qemu.lns get conf =
|
|
{ "vnc_listen" = "0.0.0.0" }
|
|
{ "vnc_auto_unix_socket" = "1" }
|
|
{ "vnc_tls" = "1" }
|
|
{ "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
|
|
{ "vnc_tls_x509_verify" = "1" }
|
|
{ "vnc_password" = "XYZ12345" }
|
|
{ "vnc_sasl" = "1" }
|
|
{ "vnc_sasl_dir" = "/some/directory/sasl2" }
|
|
{ "vnc_allow_host_audio" = "0" }
|
|
{ "spice_listen" = "0.0.0.0" }
|
|
{ "spice_tls" = "1" }
|
|
{ "spice_tls_x509_cert_dir" = "/etc/pki/libvirt-spice" }
|
|
{ "spice_password" = "XYZ12345" }
|
|
{ "spice_sasl" = "1" }
|
|
{ "spice_sasl_dir" = "/some/directory/sasl2" }
|
|
{ "nographics_allow_host_audio" = "1" }
|
|
{ "remote_display_port_min" = "5900" }
|
|
{ "remote_display_port_max" = "65535" }
|
|
{ "remote_websocket_port_min" = "5700" }
|
|
{ "remote_websocket_port_max" = "65535" }
|
|
{ "security_driver" = "selinux" }
|
|
{ "security_default_confined" = "1" }
|
|
{ "security_require_confined" = "1" }
|
|
{ "user" = "root" }
|
|
{ "group" = "root" }
|
|
{ "dynamic_ownership" = "1" }
|
|
{ "cgroup_controllers"
|
|
{ "1" = "cpu" }
|
|
{ "2" = "devices" }
|
|
{ "3" = "memory" }
|
|
{ "4" = "blkio" }
|
|
{ "5" = "cpuset" }
|
|
{ "6" = "cpuacct" }
|
|
}
|
|
{ "cgroup_device_acl"
|
|
{ "1" = "/dev/null" }
|
|
{ "2" = "/dev/full" }
|
|
{ "3" = "/dev/zero" }
|
|
{ "4" = "/dev/random" }
|
|
{ "5" = "/dev/urandom" }
|
|
{ "6" = "/dev/ptmx" }
|
|
{ "7" = "/dev/kvm" }
|
|
{ "8" = "/dev/kqemu" }
|
|
{ "9" = "/dev/rtc" }
|
|
{ "10" = "/dev/hpet" }
|
|
{ "11" = "/dev/vfio/vfio" }
|
|
}
|
|
{ "save_image_format" = "raw" }
|
|
{ "dump_image_format" = "raw" }
|
|
{ "snapshot_image_format" = "raw" }
|
|
{ "auto_dump_path" = "/var/lib/libvirt/qemu/dump" }
|
|
{ "auto_dump_bypass_cache" = "0" }
|
|
{ "auto_start_bypass_cache" = "0" }
|
|
{ "hugetlbfs_mount" = "/dev/hugepages" }
|
|
{ "bridge_helper" = "/usr/libexec/qemu-bridge-helper" }
|
|
{ "clear_emulator_capabilities" = "1" }
|
|
{ "set_process_name" = "1" }
|
|
{ "max_processes" = "0" }
|
|
{ "max_files" = "0" }
|
|
{ "mac_filter" = "1" }
|
|
{ "relaxed_acs_check" = "1" }
|
|
{ "allow_disk_format_probing" = "1" }
|
|
{ "lock_manager" = "lockd" }
|
|
{ "max_queued" = "0" }
|
|
{ "keepalive_interval" = "5" }
|
|
{ "keepalive_count" = "5" }
|
|
{ "seccomp_sandbox" = "1" }
|
|
{ "migration_address" = "0.0.0.0" }
|
|
{ "migration_host" = "host.example.com" }
|
|
{ "migration_port_min" = "49152" }
|
|
{ "migration_port_max" = "49215" }
|
|
{ "log_timestamp" = "0" }
|
|
{ "nvram"
|
|
{ "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
|
|
{ "2" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
|
|
}
|
|
{ "stdio_handler" = "logd" }
|