[libvirt] [PATCH] docs: news: Update the release notes with the SEV permission fix

Erik Skultety posted 1 patch 2 weeks ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/e4c7055adadbc5b3e4d3a57fb1f533122099a4ac.1549022812.git.eskultet@redhat.com
docs/news.xml | 12 ++++++++++++
1 file changed, 12 insertions(+)

[libvirt] [PATCH] docs: news: Update the release notes with the SEV permission fix

Posted by Erik Skultety 2 weeks ago
Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 docs/news.xml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/news.xml b/docs/news.xml
index 55d6a3926b..fcc42698b3 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -50,6 +50,18 @@
     <section title="Improvements">
     </section>
     <section title="Bug fixes">
+      <change>
+        <summary>
+          qemu: Use CAP_DAC_OVERRIDE during QEMU capabilities probing
+        </summary>
+        <description>
+          By default, libvirt runs the QEMU process as qemu:qemu which could
+          cause issues during probing as some features (like AMD SEV) might be
+          inaccesible to QEMU because of file system permissions. Therefore,
+          CAP_DAC_OVERRIDE is granted to overcome these for the purposes of
+          probing.
+        </description>
+      </change>
       <change>
         <summary>
           storage: Add default mount options for fs/netfs storage pools
-- 
2.20.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] docs: news: Update the release notes with the SEV permission fix

Posted by Andrea Bolognani 2 weeks ago
On Fri, 2019-02-01 at 13:07 +0100, Erik Skultety wrote:
[...]
> +          By default, libvirt runs the QEMU process as qemu:qemu which could
> +          cause issues during probing as some features (like AMD SEV) might be
> +          inaccesible to QEMU because of file system permissions. Therefore,
> +          CAP_DAC_OVERRIDE is granted to overcome these for the purposes of
> +          probing.

You can wrap 'qemu:qemu' and 'CAP_DAC_OVERRIDE' in <code> elements
so that they will look nicer in the HTML version.

I'd also change ' (like AMD SEV)' to ', like AMD SEV,', but feel
free to leave it alone if you like it better that way.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] docs: news: Update the release notes with the SEV permission fix

Posted by Erik Skultety 2 weeks ago
On Fri, Feb 01, 2019 at 01:53:47PM +0100, Andrea Bolognani wrote:
> On Fri, 2019-02-01 at 13:07 +0100, Erik Skultety wrote:
> [...]
> > +          By default, libvirt runs the QEMU process as qemu:qemu which could
> > +          cause issues during probing as some features (like AMD SEV) might be
> > +          inaccesible to QEMU because of file system permissions. Therefore,
> > +          CAP_DAC_OVERRIDE is granted to overcome these for the purposes of
> > +          probing.
>
> You can wrap 'qemu:qemu' and 'CAP_DAC_OVERRIDE' in <code> elements
> so that they will look nicer in the HTML version.
>
> I'd also change ' (like AMD SEV)' to ', like AMD SEV,', but feel
> free to leave it alone if you like it better that way.

Fixed and pushed.

Thanks,
Erik

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list