From nobody Tue Sep 9 19:08:47 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752840443; cv=none; d=zohomail.com; s=zohoarc; b=j7ZFpZGChEpnOU2WzNSwtIiaX3JpdPhg8os5VcOHppRQdKvf9a1uJEcFlyD5hnnZUZ9tGOYgSPU6nfb+y1qp5K8jDHTzW1nYNo+6eVarqPcWzChydajcaONUE6+VbDEy68/XjBLzeT+CspXzJKBPK6Ta8GSGAq08kIVIzi0oCoA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752840443; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=XxdFxqmteD3LMU21YL+3I2jnG2BySB3XGAK59RxKTgc=; b=dXuZRmR7hN3qcXRHqQVi4VrZc6H7RjuTFdiv6rLDHHQaQTUDdczq1ZbnkP9xq2fOMx3fRRrygcRcLcfpdcitNW/3Smk5yK1nMp2jokeMRWoszuEnxjrQ6VS+FpSNiSRh8D1O1HkcYqHeRoWnjdYq746E01ABO5c1dfMDq20lAKI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752840443905433.7167112420534; Fri, 18 Jul 2025 05:07:23 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 0632BA50; Fri, 18 Jul 2025 08:07:23 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id BF98E1554; Fri, 18 Jul 2025 08:05:47 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id ECAB0150F; Fri, 18 Jul 2025 08:05:42 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E7E531397 for ; Fri, 18 Jul 2025 08:05:41 -0400 (EDT) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-83-tPY8FTqLMW2CHW7RjQ5wZw-1; Fri, 18 Jul 2025 08:05:40 -0400 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 38D2419541A7 for ; Fri, 18 Jul 2025 12:05:39 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.137]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2DC6930001B1; Fri, 18 Jul 2025 12:05:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752840341; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xJVPFCkQAqK1hYGebzN6pJdQH1tebaJXUx+imM1QgdA=; b=NXBuUhlhSAdpaNgBLmIFBxw7FJVkDnzzdEfBUZwiSd2duYyKqTtCimL+0OCMmMqjFd12vX PHUElnyI3L0b2Yukc92z+vLTGNzFI6yJYNKSybYBQzg6KUc9QcMPrSqhbgsih45xd40phW NjN0bJ5j3Iz0pJQDfkfdzuEiUARH5zY= X-MC-Unique: tPY8FTqLMW2CHW7RjQ5wZw-1 X-Mimecast-MFC-AGG-ID: tPY8FTqLMW2CHW7RjQ5wZw_1752840339 To: devel@lists.libvirt.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 2/3] qemu: sanitize blank lines in config file Date: Fri, 18 Jul 2025 13:05:32 +0100 Message-ID: <20250718120533.2591376-3-berrange@redhat.com> In-Reply-To: <20250718120533.2591376-1-berrange@redhat.com> References: <20250718120533.2591376-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: cIIQxiTpt9fvPvOHYa_4_BM3TFlIbkcbVgYmR5zIIF8_1752840339 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 4FHFIZOKLZNQFP4YOFFNEE2VKQABRUMV X-Message-ID-Hash: 4FHFIZOKLZNQFP4YOFFNEE2VKQABRUMV X-MailFrom: berrange@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?= Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752840446323116600 Content-Type: text/plain; charset="utf-8" From: Daniel P. Berrang=C3=A9 We mostly use 2 blank lines between config file entries to improve readability. Fix where we don't do that. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Peter Krempa --- src/qemu/qemu.conf.in | 50 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in index 9bb52b5927..eee190cf0b 100644 --- a/src/qemu/qemu.conf.in +++ b/src/qemu/qemu.conf.in @@ -48,6 +48,7 @@ # #default_tls_x509_verify =3D 1 =20 + # # Libvirt assumes the server-key.pem file is unencrypted by default. # To use an encrypted server-key.pem file, the password to decrypt @@ -71,6 +72,7 @@ # #vnc_listen =3D "0.0.0.0" =20 + # Enable this option to have VNC served over an automatically created # unix socket. This prevents unprivileged access from users on the # host machine, though most VNC clients do not support it. @@ -81,6 +83,7 @@ # #vnc_auto_unix_socket =3D 1 =20 + # Enable use of TLS encryption on the VNC server. This requires # a VNC client which supports the VeNCrypt protocol extension. # Examples include vinagre, virt-viewer, virt-manager and vencrypt @@ -222,6 +225,7 @@ # #spice_sasl =3D 1 =20 + # The default SASL configuration file is located in /etc/sasl2/ # When running libvirtd unprivileged, it may be desirable to # override the configs in this location. Set this parameter to @@ -229,6 +233,7 @@ # #spice_sasl_dir =3D "/some/directory/sasl2" =20 + # RDP is configured to listen on 127.0.0.1 by default. # To make it listen on all public interfaces, uncomment # this next option. @@ -242,11 +247,13 @@ # #rdp_tls_x509_cert_dir =3D "/etc/pki/libvirt-rdp" =20 + # The default RDP username. This parameter is only used if the # per-domain XML config does not already provide a username. # #rdp_username =3D "user" =20 + # The default RDP password. This parameter is only used if the # per-domain XML config does not already provide a password. # By default, RDP server will not allow password-less connections. @@ -254,6 +261,7 @@ # #rdp_password =3D "RDP12345" =20 + # Enable use of TLS encryption on the chardev TCP transports. # # It is necessary to setup CA and issue a server certificate @@ -457,6 +465,7 @@ #remote_display_port_min =3D 5900 #remote_display_port_max =3D 65535 =20 + # VNC WebSocket port policies, same rules apply as with remote display # ports. VNC WebSockets use similar display <-> port mappings, with # the exception being that ports start from 5700 instead of 5900. @@ -464,6 +473,7 @@ #remote_websocket_port_min =3D 5700 #remote_websocket_port_max =3D 65535 =20 + # The default security driver is SELinux. If SELinux is disabled # on the host, then the security driver will automatically disable # itself. If you wish to disable QEMU SELinux security driver while @@ -481,15 +491,18 @@ # #security_driver =3D "selinux" =20 + # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests # will be unconfined by default. Defaults to 1. #security_default_confined =3D 1 =20 + # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. #security_require_confined =3D 1 =20 + # The user for QEMU processes run by the system instance. It can be # specified as a user name or as a user id. The qemu driver will try to # parse this value first as a name and then, if the name doesn't exist, @@ -507,10 +520,12 @@ # #user =3D "@QEMU_USER@" =20 + # The group for QEMU processes run by the system instance. It can be # specified in a similar way to user. #group =3D "@QEMU_GROUP@" =20 + # Whether libvirt should dynamically change file ownership # to match the configured user/group above. Defaults to 1. # @@ -526,11 +541,13 @@ # Set to 0 to disable file ownership changes globally in the qemu driver. #dynamic_ownership =3D 1 =20 + # Whether libvirt should remember and restore the original # ownership over files it is relabeling. Defaults to 1, set # to 0 to disable the feature. #remember_owner =3D 1 =20 + # What cgroup controllers to make use of with QEMU guests # # - 'cpu' - use for scheduler tunables @@ -552,6 +569,7 @@ # #cgroup_controllers =3D [ "cpu", "devices", "memory", "blkio", "cpuset", "= cpuacct" ] =20 + # This is the basic set of devices allowed / required by # all virtual machines. # @@ -618,12 +636,14 @@ #dump_image_format =3D "raw" #snapshot_image_format =3D "raw" =20 + # When a domain is configured to be auto-dumped when libvirtd receives a # watchdog event from qemu guest, libvirtd will save dump files in directo= ry # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump # #auto_dump_path =3D "/var/lib/libvirt/qemu/dump" =20 + # When a domain is configured to be auto-dumped, enabling this flag # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the # virDomainCoreDump API. That is, the system will avoid using the @@ -632,6 +652,7 @@ # #auto_dump_bypass_cache =3D 0 =20 + # When a domain is configured to be auto-started, enabling this flag # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag # with the virDomainCreateWithFlags API. That is, the system will @@ -640,11 +661,13 @@ # #auto_start_bypass_cache =3D 0 =20 + # Delay in milliseconds between initiating the startup for # each VM, during autostart # #auto_start_delay =3D 0 =20 + # The settings for auto shutdown actions accept one of # four possible options: # @@ -669,6 +692,7 @@ # they are restarted, or saved and restored. #auto_shutdown_try_save =3D "persistent" =20 + # As above, but with a graceful shutdown action instead of # managed save. If managed save is enabled, shutdown will # be tried only on failure to perform managed save. @@ -683,6 +707,7 @@ # they are restarted, or saved and restored. #auto_shutdown_try_shutdown =3D "all" =20 + # As above, but with a forced poweroff instead of managed # save. If managed save or graceful shutdown are enabled, # forced poweroff will be tried only on failure of the @@ -702,16 +727,19 @@ # feature should to be enabled as well to ensure proper cleanup of the VMs. #auto_shutdown_poweroff =3D "all" =20 + # How may seconds to wait for running VMs to gracefully shutdown # when 'auto_shutdown_try_shutdown' is enabled. If set to 0 # then an arbitrary built-in default value will be used (which # is currently 30 secs) #auto_shutdown_wait =3D 30 =20 + # Whether VMs that are automatically powered off or saved during # host shutdown, should be set to restore on next boot #auto_shutdown_restore =3D 1 =20 + # When a domain is configured to be auto-saved on shutdown, enabling # this flag has the same effect as using the VIR_DOMAIN_SAVE_BYPASS_CACHE # flag with the virDomainManagedSave API. That is, the system will @@ -720,6 +748,7 @@ # #auto_save_bypass_cache =3D 0 =20 + # If provided by the host and a hugetlbfs mount point is configured, # a guest may request huge page backing. When this mount point is # unspecified here, determination of a host mount point in /proc/mounts @@ -768,6 +797,7 @@ #max_processes =3D 0 #max_files =3D 0 =20 + # If max_threads_per_process is set to a positive integer, libvirt # will use it to set the maximum number of threads that can be # created by a qemu process. Some VM configurations can result in @@ -778,6 +808,7 @@ # #max_threads_per_process =3D 0 =20 + # If max_core is set to a non-zero integer, then QEMU will be # permitted to create core dumps when it crashes, provided its # RAM size is smaller than the limit set. @@ -804,6 +835,7 @@ # #max_core =3D "unlimited" =20 + # Determine if guest RAM is included in QEMU core dumps. By # default guest RAM will be excluded on Linux platforms, # and included on all other patforms. Setting this to '1' will @@ -814,6 +846,7 @@ # #dump_guest_core =3D 1 =20 + # mac_filter enables MAC addressed based filtering on bridge ports. # This currently requires ebtables to be installed. # @@ -843,6 +876,7 @@ # #max_queued =3D 0 =20 + ################################################################### # Keepalive protocol: # This allows qemu driver to detect broken connections to remote @@ -866,7 +900,6 @@ #keepalive_count =3D 5 =20 =20 - # Use seccomp syscall filtering sandbox in QEMU. # 1 =3D=3D filter enabled, 0 =3D=3D filter disabled # @@ -901,7 +934,6 @@ #migration_port_max =3D 49215 =20 =20 - # Timestamp QEMU's log messages (if QEMU supports it) # # Defaults to 1. @@ -941,6 +973,7 @@ # "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" #] =20 + # The backend to use for handling stdout/stderr output from # QEMU processes. # @@ -956,6 +989,7 @@ # #stdio_handler =3D "logd" =20 + # QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the # most verbose, and 0 representing no debugging output. # @@ -976,6 +1010,7 @@ # #gluster_debug_level =3D 9 =20 + # virtiofsd debug # # Whether to enable the debugging output of the virtiofsd daemon. @@ -983,6 +1018,7 @@ # #virtiofsd_debug =3D 1 =20 + # To enhance security, QEMU driver is capable of creating private namespac= es # for each domain started. Well, so far only "mount" namespace is supporte= d. If # enabled it means qemu process is unable to see all the devices on the sy= stem, @@ -991,16 +1027,19 @@ # by default. #namespaces =3D [ "mount" ] =20 + # This directory is used for memoryBacking source if configured as file. # NOTE: big files will be stored here #memory_backing_dir =3D "/var/lib/libvirt/qemu/ram" =20 + # Path to the SCSI persistent reservations helper. This helper is # used whenever are enabled for SCSI LUN devices. # If this is not an absolute path, the program will be searched for # in $PATH as well as a few additional directories. #pr_helper =3D "qemu-pr-helper" =20 + # Path to the SLIRP networking helper. #slirp_helper =3D "/usr/bin/slirp-helper" =20 @@ -1010,11 +1049,13 @@ # in $PATH. #qemu_rdp =3D "qemu-rdp" =20 + # Path to the dbus-daemon # If this is not an absolute path, the program will be searched for # in $PATH. #dbus_daemon =3D "dbus-daemon" =20 + # User for the swtpm TPM Emulator # # Default is 'tss'; this is the same user that tcsd (TrouSerS) installs @@ -1023,6 +1064,7 @@ #swtpm_user =3D "tss" #swtpm_group =3D "tss" =20 + # For debugging and testing purposes it's sometimes useful to be able to d= isable # libvirt behaviour based on the capabilities of the qemu process. This op= tion # allows to do so. DO _NOT_ use in production and beaware that the behavio= ur @@ -1030,6 +1072,7 @@ # #capability_filters =3D [ "capname" ] =20 + # 'deprecation_behavior' setting controls how the qemu process behaves tow= ards # deprecated commands and arguments used by libvirt. # @@ -1061,6 +1104,7 @@ # #deprecation_behavior =3D "none" =20 + # If this is set then QEMU and its threads will run in a separate scheduli= ng # group meaning no other process will share Hyper Threads of a single core= with # QEMU. Each QEMU has its own group. @@ -1077,6 +1121,7 @@ # scheduling group #sched_core =3D "none" =20 + # Using nbdkit to access remote disk sources # # If this is set then libvirt will use nbdkit to access remote disk sources @@ -1088,6 +1133,7 @@ # #storage_use_nbdkit =3D @USE_NBDKIT_DEFAULT@ =20 + # libvirt will normally prevent migration if the storage backing the VM is= not # on a shared filesystems. Sometimes, however, the storage *is* shared des= pite # not being detected as such: for example, this is the case when one of the --=20 2.50.1