Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libvirt.1263
suse-qemu-conf.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File suse-qemu-conf.patch of Package libvirt.1263
Index: libvirt-1.2.5/src/qemu/qemu.conf =================================================================== --- libvirt-1.2.5.orig/src/qemu/qemu.conf +++ libvirt-1.2.5/src/qemu/qemu.conf @@ -201,11 +201,20 @@ # isolation, but it cannot appear in a list of drivers. # #security_driver = "selinux" +#security_driver = "apparmor" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests # will be unconfined by default. Defaults to 1. -#security_default_confined = 1 +# +# SUSE Note: +# Currently, Apparmor is the default security framework in SUSE +# distros. If Apparmor is enabled on the host, libvirtd is +# generously confined but users must opt-in to confine qemu +# instances. Change this to a non-zero value to enable default +# Apparmor confinement of qemu instances. +# +security_default_confined = 0 # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. @@ -402,16 +411,26 @@ #allow_disk_format_probing = 1 -# In order to prevent accidentally starting two domains that -# share one writable disk, libvirt offers two approaches for -# locking files. The first one is sanlock, the other one, -# virtlockd, is then our own implementation. Accepted values -# are "sanlock" and "lockd". +# SUSE note: +# Two lock managers are supported: lockd and sanlock. lockd, which +# is provided by the virtlockd service, uses advisory locks (flock(2)) +# to protect virtual machine disks. sanlock uses the notion of leases +# to protect virtual machine disks and is more appropriate in a SAN +# environment. +# +# For most deployments that require virtual machine disk protection, +# lockd is recommended since it is easy to configure and the virtlockd +# service can be restarted without terminating any running virtual +# machines. sanlock, which may be preferred in some SAN environments, +# has the disadvantage of not being able to be restarted without +# first terminating all virtual machines for which it holds leases. +# +# Specify lockd or sanlock to enable protection of virtual machine disk +# content. # #lock_manager = "lockd" - # Set limit of maximum APIs queued on one domain. All other APIs # over this threshold will fail on acquiring job lock. Specially, # setting to zero turns this feature off.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
