From nobody Mon May  6 20:34:31 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1485968268632866.945907159908;
 Wed, 1 Feb 2017 08:57:48 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v11Gs589014437;
	Wed, 1 Feb 2017 11:54:06 -0500
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v11Gs5pa002431 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 1 Feb 2017 11:54:05 -0500
Received: from t460.redhat.com (ovpn-117-116.ams2.redhat.com [10.36.117.116])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id v11Gs32l001599; Wed, 1 Feb 2017 11:54:04 -0500
From: "Daniel P. Berrange" <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Wed,  1 Feb 2017 16:54:01 +0000
Message-Id: <20170201165401.31708-1-berrange@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH] qemu: turn on virtlockd by default
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The virtlockd daemon has existed for years now, but we have never
turned it on by default, requiring explicit user opt-in. This leaves
users unprotected against accidents out of the box.

By turning it on by default, users will at least be protected for
mistakes involving local files, and files on shared filesystems
that support fcntl() (eg NFS).

In turning it on the various services files are updated to have
the same dependancies for virtlockd as we have for virtlogd
now, since turning the latter on exposed some gaps.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 daemon/libvirtd.service.in       | 1 +
 src/locking/virtlockd.service.in | 1 +
 src/locking/virtlockd.socket.in  | 1 +
 src/qemu/qemu.conf               | 2 +-
 src/qemu/qemu_conf.c             | 3 +++
 5 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
index bbf27da..c72dde5 100644
--- a/daemon/libvirtd.service.in
+++ b/daemon/libvirtd.service.in
@@ -6,6 +6,7 @@
 [Unit]
 Description=3DVirtualization daemon
 Requires=3Dvirtlogd.socket
+Requires=3Dvirtlockd.socket
 Before=3Dlibvirt-guests.service
 After=3Dnetwork.target
 After=3Ddbus.service
diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.servi=
ce.in
index 57089b0..69b568f 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=3DVirtual machine lock manager
 Requires=3Dvirtlockd.socket
+Before=3Dlibvirtd.service
 Documentation=3Dman:virtlockd(8)
 Documentation=3Dhttp://libvirt.org
=20
diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket=
.in
index 9808bbb..45e0f20 100644
--- a/src/locking/virtlockd.socket.in
+++ b/src/locking/virtlockd.socket.in
@@ -1,5 +1,6 @@
 [Unit]
 Description=3DVirtual machine lock manager socket
+Before=3Dlibvirtd.service
=20
 [Socket]
 ListenStream=3D@localstatedir@/run/libvirt/virtlockd-sock
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index a8cd369..3239f7b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -535,7 +535,7 @@
 # share one writable disk, libvirt offers two approaches for
 # locking files. The first one is sanlock, the other one,
 # virtlockd, is then our own implementation. Accepted values
-# are "sanlock" and "lockd".
+# are "sanlock", "lockd", "nop". The default is "lockd".
 #
 #lock_manager =3D "lockd"
=20
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 6613d59..d4c6cdc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -314,6 +314,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv=
ileged)
     cfg->glusterDebugLevel =3D 4;
     cfg->stdioLogD =3D true;
=20
+    if (VIR_STRDUP(cfg->lockManagerName, "lockd") < 0)
+        goto error;
+
     if (!(cfg->namespaces =3D virBitmapNew(QEMU_DOMAIN_NS_LAST)))
         goto error;
=20
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list