Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
docs/news.xml | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/docs/news.xml b/docs/news.xml
index 55d6a3926b..fcc42698b3 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -50,6 +50,18 @@
<section title="Improvements">
</section>
<section title="Bug fixes">
+ <change>
+ <summary>
+ qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing
+ </summary>
+ <description>
+ By default, libvirt runs the QEMU process as qemu:qemu which could
+ cause issues during probing as some features (like AMD SEV) might be
+ inaccesible to QEMU because of file system permissions. Therefore,
+ CAP_DAC_OVERRIDE is granted to overcome these for the purposes of
+ probing.
+ </description>
+ </change>
<change>
<summary>
storage: Add default mount options for fs/netfs storage pools
--
2.20.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, 2019-02-01 at 13:07 +0100, Erik Skultety wrote: [...] > + By default, libvirt runs the QEMU process as qemu:qemu which could > + cause issues during probing as some features (like AMD SEV) might be > + inaccesible to QEMU because of file system permissions. Therefore, > + CAP_DAC_OVERRIDE is granted to overcome these for the purposes of > + probing. You can wrap 'qemu:qemu' and 'CAP_DAC_OVERRIDE' in <code> elements so that they will look nicer in the HTML version. I'd also change ' (like AMD SEV)' to ', like AMD SEV,', but feel free to leave it alone if you like it better that way. Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, Feb 01, 2019 at 01:53:47PM +0100, Andrea Bolognani wrote: > On Fri, 2019-02-01 at 13:07 +0100, Erik Skultety wrote: > [...] > > + By default, libvirt runs the QEMU process as qemu:qemu which could > > + cause issues during probing as some features (like AMD SEV) might be > > + inaccesible to QEMU because of file system permissions. Therefore, > > + CAP_DAC_OVERRIDE is granted to overcome these for the purposes of > > + probing. > > You can wrap 'qemu:qemu' and 'CAP_DAC_OVERRIDE' in <code> elements > so that they will look nicer in the HTML version. > > I'd also change ' (like AMD SEV)' to ', like AMD SEV,', but feel > free to leave it alone if you like it better that way. Fixed and pushed. Thanks, Erik -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.