The need to have something like this in the first place is driven by
KubeVirt (see [1] and [2]). A draft version of this series has been
integrated into KubeVirt and it has been confirmed that it was
effective in removing the need to use LD_PRELOAD hacks in the storage
provider.

Changes from [v1]:

  * documented more explicitly that the newly introduced option is
    intended for very specific scenarios and not general usage; as
    part of this, the NEWS update has been dropped too;
  * made a few tweaks and addressed a few oversight based on review
    feedback;
  * several preparatory cleanup patches have been pushed.

Changes from [v0]:

  * reworked approach.

CC'ing Stefan so he can have a look at the TPM part and shout if I've
gotten anything wrong :)

[v1] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/XEISMPGRJHFRT4LZ3MJ3L3XR7OPOQKPM/
[v0] https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/MMKVR54LD3SDG5CMSXUECV7I57LMJJTH/
[1] https://issues.redhat.com/browse/CNV-34322
[2] https://issues.redhat.com/browse/CNV-39370

Andrea Bolognani (5):
  security: Fix alignment
  qemu: Introduce shared_filesystems configuration option
  qemu: Propagate shared_filesystems
  utils: Use overrides in virFileIsSharedFS()
  qemu: Always set labels for TPM state

 src/lxc/lxc_controller.c           |  3 +-
 src/lxc/lxc_driver.c               |  2 +-
 src/lxc/lxc_process.c              |  4 +-
 src/qemu/libvirtd_qemu.aug         |  3 ++
 src/qemu/qemu.conf.in              | 23 ++++++++
 src/qemu/qemu_conf.c               | 17 ++++++
 src/qemu/qemu_conf.h               |  2 +
 src/qemu/qemu_domain.c             |  7 ++-
 src/qemu/qemu_extdevice.c          |  2 +-
 src/qemu/qemu_migration.c          | 23 ++++----
 src/qemu/qemu_security.c           | 85 +++++++++++++++++++++++-------
 src/qemu/qemu_tpm.c                | 38 +++++++------
 src/qemu/qemu_tpm.h                | 10 ++--
 src/qemu/test_libvirtd_qemu.aug.in |  5 ++
 src/security/security_apparmor.c   |  2 +
 src/security/security_dac.c        | 47 +++++++++++++----
 src/security/security_driver.h     |  8 ++-
 src/security/security_manager.c    | 33 +++++++++---
 src/security/security_manager.h    |  9 +++-
 src/security/security_nop.c        |  5 ++
 src/security/security_selinux.c    | 56 +++++++++++++++-----
 src/security/security_stack.c      | 32 ++++++++---
 src/util/virfile.c                 | 53 +++++++++++++++++--
 src/util/virfile.h                 |  3 +-
 tests/securityselinuxlabeltest.c   |  2 +-
 tests/virfiletest.c                |  2 +-
 26 files changed, 370 insertions(+), 106 deletions(-)

-- 
2.44.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org