diff options
| author | Matt Housh <jaeger@crux.ninja> | 2022-07-30 14:39:45 -0500 |
|---|---|---|
| committer | Matt Housh <jaeger@crux.ninja> | 2022-07-30 14:39:45 -0500 |
| commit | 62b2e94a6e8314a5ec22f7c80b8e403454e0e871 (patch) | |
| tree | 289d71da651b29493d2683e695f4279799f25aaf | |
| parent | 21ad2d8899b94fa211b68f02b84cfb7b8971363f (diff) | |
| download | contrib-62b2e94a6e8314a5ec22f7c80b8e403454e0e871.tar.gz contrib-62b2e94a6e8314a5ec22f7c80b8e403454e0e871.tar.xz | |
libvirt: initial import, version 8.5.0
| -rw-r--r-- | libvirt/.footprint | 713 | ||||
| -rw-r--r-- | libvirt/.signature | 9 | ||||
| -rw-r--r-- | libvirt/Pkgfile | 36 | ||||
| -rw-r--r-- | libvirt/libvirtd.conf | 531 | ||||
| -rwxr-xr-x | libvirt/libvirtd.rc | 36 | ||||
| -rwxr-xr-x | libvirt/pre-install | 10 | ||||
| -rw-r--r-- | libvirt/qemu.conf | 954 | ||||
| -rwxr-xr-x | libvirt/virtlogd.rc | 37 |
8 files changed, 2326 insertions, 0 deletions
diff --git a/libvirt/.footprint b/libvirt/.footprint new file mode 100644 index 000000000..98b1573bf --- /dev/null +++ b/libvirt/.footprint @@ -0,0 +1,713 @@ +drwxr-xr-x root/root etc/ +drwxr-xr-x root/root etc/libvirt/ +-rw-r--r-- root/root etc/libvirt/libvirt-admin.conf +-rw-r--r-- root/root etc/libvirt/libvirt.conf +-rw-r--r-- root/root etc/libvirt/libvirtd.conf +-rw-r--r-- root/root etc/libvirt/lxc.conf +drwxr-xr-x root/root etc/libvirt/lxc/ +drwxr-xr-x root/root etc/libvirt/lxc/autostart/ +drwxr-xr-x root/root etc/libvirt/nwfilter/ +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-arp.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-dhcp-server.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-dhcp.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-dhcpv6-server.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-dhcpv6.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-incoming-ipv4.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-incoming-ipv6.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-ipv4.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/allow-ipv6.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/clean-traffic-gateway.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/clean-traffic.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-arp-ip-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-arp-mac-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-arp-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-ip-multicast.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-ip-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-ipv6-multicast.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-ipv6-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-mac-broadcast.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-mac-spoofing.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-other-l2-traffic.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/no-other-rarp-traffic.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/qemu-announce-self-rarp.xml +-rw-r--r-- root/root etc/libvirt/nwfilter/qemu-announce-self.xml +-rw-r--r-- root/root etc/libvirt/qemu-lockd.conf +-rw-r--r-- root/root etc/libvirt/qemu.conf +drwxr-xr-x root/root etc/libvirt/qemu/ +drwxr-xr-x root/root etc/libvirt/qemu/autostart/ +drwxr-xr-x root/root etc/libvirt/qemu/networks/ +drwxr-xr-x root/root etc/libvirt/qemu/networks/autostart/ +lrwxrwxrwx root/root etc/libvirt/qemu/networks/autostart/default.xml -> ../default.xml +-rw-r--r-- root/root etc/libvirt/qemu/networks/default.xml +drwxr-xr-x root/root etc/libvirt/secrets/ +drwxr-xr-x root/root etc/libvirt/storage/ +drwxr-xr-x root/root etc/libvirt/storage/autostart/ +-rw-r--r-- root/root etc/libvirt/virt-login-shell.conf +-rw-r--r-- root/root etc/libvirt/virtchd.conf +-rw-r--r-- root/root etc/libvirt/virtinterfaced.conf +-rw-r--r-- root/root etc/libvirt/virtlockd.conf +-rw-r--r-- root/root etc/libvirt/virtlogd.conf +-rw-r--r-- root/root etc/libvirt/virtlxcd.conf +-rw-r--r-- root/root etc/libvirt/virtnetworkd.conf +-rw-r--r-- root/root etc/libvirt/virtnodedevd.conf +-rw-r--r-- root/root etc/libvirt/virtnwfilterd.conf +-rw-r--r-- root/root etc/libvirt/virtproxyd.conf +-rw-r--r-- root/root etc/libvirt/virtqemud.conf +-rw-r--r-- root/root etc/libvirt/virtsecretd.conf +-rw-r--r-- root/root etc/libvirt/virtstoraged.conf +-rw-r--r-- root/root etc/libvirt/virtvboxd.conf +drwxr-xr-x root/root etc/logrotate.d/ +-rw-r--r-- root/root etc/logrotate.d/libvirtd +-rw-r--r-- root/root etc/logrotate.d/libvirtd.libxl +-rw-r--r-- root/root etc/logrotate.d/libvirtd.lxc +-rw-r--r-- root/root etc/logrotate.d/libvirtd.qemu +drwxr-xr-x root/root etc/rc.d/ +-rwxr-xr-x root/root etc/rc.d/libvirtd +-rwxr-xr-x root/root etc/rc.d/virtlogd +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/bin/ +-rwxr-xr-x root/root usr/bin/virsh +-rwxr-xr-x root/root usr/bin/virt-admin +-rwxr-xr-x root/root usr/bin/virt-host-validate +-rwxr-xr-x root/root usr/bin/virt-login-shell +-rwxr-xr-x root/root usr/bin/virt-pki-query-dn +-rwxrwxr-x root/root usr/bin/virt-pki-validate +-rwxr-xr-x root/root usr/bin/virt-qemu-run +-rwxr-xr-x root/root usr/bin/virt-ssh-helper +-rwxrwxr-x root/root usr/bin/virt-xml-validate +drwxr-xr-x root/root usr/include/ +drwxr-xr-x root/root usr/include/libvirt/ +-rw-r--r-- root/root usr/include/libvirt/libvirt-admin.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-common.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-domain-checkpoint.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-domain-snapshot.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-domain.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-event.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-host.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-interface.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-lxc.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-network.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-nodedev.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-nwfilter.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-qemu.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-secret.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-storage.h +-rw-r--r-- root/root usr/include/libvirt/libvirt-stream.h +-rw-r--r-- root/root usr/include/libvirt/libvirt.h +-rw-r--r-- root/root usr/include/libvirt/virterror.h +drwxr-xr-x root/root usr/lib/ +drwxr-xr-x root/root usr/lib/firewalld/ +drwxr-xr-x root/root usr/lib/firewalld/zones/ +-rw-r--r-- root/root usr/lib/firewalld/zones/libvirt.xml +-rwxr-xr-x root/root usr/lib/libnss_libvirt.so.2 +-rwxr-xr-x root/root usr/lib/libnss_libvirt_guest.so.2 +lrwxrwxrwx root/root usr/lib/libvirt-admin.so -> libvirt-admin.so.0 +lrwxrwxrwx root/root usr/lib/libvirt-admin.so.0 -> libvirt-admin.so.0.8005.0 +-rwxr-xr-x root/root usr/lib/libvirt-admin.so.0.8005.0 +lrwxrwxrwx root/root usr/lib/libvirt-lxc.so -> libvirt-lxc.so.0 +lrwxrwxrwx root/root usr/lib/libvirt-lxc.so.0 -> libvirt-lxc.so.0.8005.0 +-rwxr-xr-x root/root usr/lib/libvirt-lxc.so.0.8005.0 +lrwxrwxrwx root/root usr/lib/libvirt-qemu.so -> libvirt-qemu.so.0 +lrwxrwxrwx root/root usr/lib/libvirt-qemu.so.0 -> libvirt-qemu.so.0.8005.0 +-rwxr-xr-x root/root usr/lib/libvirt-qemu.so.0.8005.0 +lrwxrwxrwx root/root usr/lib/libvirt.so -> libvirt.so.0 +lrwxrwxrwx root/root usr/lib/libvirt.so.0 -> libvirt.so.0.8005.0 +-rwxr-xr-x root/root usr/lib/libvirt.so.0.8005.0 +drwxr-xr-x root/root usr/lib/libvirt/ +drwxr-xr-x root/root usr/lib/libvirt/connection-driver/ +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_ch.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_interface.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_lxc.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_network.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_secret.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_storage.so +-rwxr-xr-x root/root usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so +-rwxrwxr-x root/root usr/lib/libvirt/libvirt-guests.sh +-rwxr-xr-x root/root usr/lib/libvirt/libvirt_iohelper +-rwxr-xr-x root/root usr/lib/libvirt/libvirt_leaseshelper +-rwxr-xr-x root/root usr/lib/libvirt/libvirt_lxc +-rwxr-xr-x root/root usr/lib/libvirt/libvirt_parthelper +drwxr-xr-x root/root usr/lib/libvirt/lock-driver/ +-rwxr-xr-x root/root usr/lib/libvirt/lock-driver/lockd.so +drwxr-xr-x root/root usr/lib/libvirt/storage-backend/ +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_disk.so +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.so +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_mpath.so +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_scsi.so +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_vstorage.so +-rwxr-xr-x root/root usr/lib/libvirt/storage-backend/libvirt_storage_backend_zfs.so +drwxr-xr-x root/root usr/lib/libvirt/storage-file/ +-rwxr-xr-x root/root usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so +-rwxr-xr-x root/root usr/lib/libvirt/virt-login-shell-helper +drwxr-xr-x root/root usr/lib/pkgconfig/ +-rw-r--r-- root/root usr/lib/pkgconfig/libvirt-admin.pc +-rw-r--r-- root/root usr/lib/pkgconfig/libvirt-lxc.pc +-rw-r--r-- root/root usr/lib/pkgconfig/libvirt-qemu.pc +-rw-r--r-- root/root usr/lib/pkgconfig/libvirt.pc +drwxr-xr-x root/root usr/lib/sysctl.d/ +-rw-r--r-- root/root usr/lib/sysctl.d/60-libvirtd.conf +-rw-r--r-- root/root usr/lib/sysctl.d/60-qemu-postcopy-migration.conf +drwxr-xr-x root/root usr/sbin/ +-rwxr-xr-x root/root usr/sbin/libvirtd +-rwxr-xr-x root/root usr/sbin/virtchd +-rwxr-xr-x root/root usr/sbin/virtinterfaced +-rwxr-xr-x root/root usr/sbin/virtlockd +-rwxr-xr-x root/root usr/sbin/virtlogd +-rwxr-xr-x root/root usr/sbin/virtlxcd +-rwxr-xr-x root/root usr/sbin/virtnetworkd +-rwxr-xr-x root/root usr/sbin/virtnodedevd +-rwxr-xr-x root/root usr/sbin/virtnwfilterd +-rwxr-xr-x root/root usr/sbin/virtproxyd +-rwxr-xr-x root/root usr/sbin/virtqemud +-rwxr-xr-x root/root usr/sbin/virtsecretd +-rwxr-xr-x root/root usr/sbin/virtstoraged +-rwxr-xr-x root/root usr/sbin/virtvboxd +drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/augeas/ +drwxr-xr-x root/root usr/share/augeas/lenses/ +-rw-r--r-- root/root usr/share/augeas/lenses/libvirt_lockd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/libvirtd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/libvirtd_lxc.aug +-rw-r--r-- root/root usr/share/augeas/lenses/libvirtd_qemu.aug +drwxr-xr-x root/root usr/share/augeas/lenses/tests/ +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_libvirt_lockd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_libvirtd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_libvirtd_lxc.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtchd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtinterfaced.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtlockd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtlogd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtlxcd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtnetworkd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtnodedevd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtnwfilterd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtproxyd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtqemud.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtsecretd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtstoraged.aug +-rw-r--r-- root/root usr/share/augeas/lenses/tests/test_virtvboxd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtchd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtinterfaced.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtlockd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtlogd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtlxcd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtnetworkd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtnodedevd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtnwfilterd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtproxyd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtqemud.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtsecretd.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtstoraged.aug +-rw-r--r-- root/root usr/share/augeas/lenses/virtvboxd.aug +drwxr-xr-x root/root usr/share/doc/ +drwxr-xr-x root/root usr/share/doc/libvirt/ +drwxr-xr-x root/root usr/share/doc/libvirt/examples/ +drwxr-xr-x root/root usr/share/doc/libvirt/examples/c/ +drwxr-xr-x root/root usr/share/doc/libvirt/examples/c/admin/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/client_close.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/client_info.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/client_limits.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/list_clients.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/list_servers.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/logging.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/admin/threadpool_params.c +drwxr-xr-x root/root usr/share/doc/libvirt/examples/c/domain/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/domain/dommigrate.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/domain/domtop.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/domain/info1.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/domain/rename.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/domain/suspend.c +drwxr-xr-x root/root usr/share/doc/libvirt/examples/c/misc/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/misc/event-test.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/misc/hellolibvirt.c +-rw-r--r-- root/root usr/share/doc/libvirt/examples/c/misc/openauth.c +drwxr-xr-x root/root usr/share/doc/libvirt/examples/polkit/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/polkit/libvirt-acl.rules +drwxr-xr-x root/root usr/share/doc/libvirt/examples/sh/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/sh/virt-lxc-convert +drwxr-xr-x root/root usr/share/doc/libvirt/examples/systemtap/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/systemtap/events.stp +-rw-r--r-- root/root usr/share/doc/libvirt/examples/systemtap/lock-debug.stp +-rw-r--r-- root/root usr/share/doc/libvirt/examples/systemtap/qemu-monitor.stp +-rw-r--r-- root/root usr/share/doc/libvirt/examples/systemtap/rpc-monitor.stp +drwxr-xr-x root/root usr/share/doc/libvirt/examples/xml/ +drwxr-xr-x root/root usr/share/doc/libvirt/examples/xml/storage/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/pool-dir.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/pool-fs.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/pool-logical.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/pool-netfs.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-cow.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-qcow.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-qcow2.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-raw.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-sparse.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/storage/vol-vmdk.xml +drwxr-xr-x root/root usr/share/doc/libvirt/examples/xml/test/ +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testdev.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testdomfc4.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testdomfv0.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testnetdef.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testnetpriv.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testnode.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testnodeinline.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testpool.xml +-rw-r--r-- root/root usr/share/doc/libvirt/examples/xml/test/testvol.xml +drwxr-xr-x root/root usr/share/doc/libvirt/html/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/404.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/acl.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/aclpolkit.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/advanced-tests.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/android-chrome-192x192.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/android-chrome-256x256.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/api.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/api_extension.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/apple-touch-icon.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/apps.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/auditlog.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/auth.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/best-practices.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/bindings.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/browserconfig.xml +-rw-r--r-- root/root usr/share/doc/libvirt/html/bugs.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/cgroups.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/ci.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/coding-style.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/committer-guidelines.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/compiling.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/contact.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/contribute.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/csharp.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/css/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/css/fonts.css +-rw-r--r-- root/root usr/share/doc/libvirt/html/css/generic.css +-rw-r--r-- root/root usr/share/doc/libvirt/html/css/libvirt.css +-rw-r--r-- root/root usr/share/doc/libvirt/html/css/main.css +-rw-r--r-- root/root usr/share/doc/libvirt/html/css/mobile.css +-rw-r--r-- root/root usr/share/doc/libvirt/html/daemons.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/dbus.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/docs.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/downloads.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drivers.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvbhyve.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvch.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvesx.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvhyperv.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvlxc.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvnodedev.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvopenvz.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvqemu.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvsecret.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvtest.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvvbox.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvvirtuozzo.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvvmware.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/drvxen.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/errors.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/favicon-16x16.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/favicon-32x32.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/favicon.ico +-rw-r--r-- root/root usr/share/doc/libvirt/html/firewall.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/fonts/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/LICENSE.rst +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-bold-italic.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-bold.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-italic.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-light-italic.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-light.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-mono-bold.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-mono-light.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-mono-regular.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-mono-semibold.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/fonts/overpass-regular.woff +-rw-r--r-- root/root usr/share/doc/libvirt/html/format.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatbackup.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatcaps.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatcheckpoint.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatdomain.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatdomaincaps.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatnetwork.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatnetworkport.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatnode.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatnwfilter.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatsecret.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatsnapshot.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatstorage.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatstoragecaps.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/formatstorageencryption.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/glib-adoption.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/go/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/go/libvirt.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/go/libvirtxml.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/goals.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/governance.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/hacking.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/hooks.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/html/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/home.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/index-admin.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/index-lxc.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/index-qemu.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/index.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/left.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-admin.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-common.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-checkpoint.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-snapshot.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-domain.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-event.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-host.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-interface.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-lxc.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-network.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-nodedev.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-nwfilter.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-qemu.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-secret.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-storage.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-libvirt-stream.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/libvirt-virterror.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/right.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/html/up.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/hvsupport.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/images/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/event_loop_simple.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/event_loop_worker.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/libvirt-daemon-arch.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/libvirt-driver-arch.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/libvirt-object-model.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/libvirt-virConnect-example.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/migration-managed-direct.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/migration-managed-p2p.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/migration-native.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/migration-tunnel.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/images/migration-unmanaged-direct.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/index.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/java.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/js/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/js/main.js +drwxr-xr-x root/root usr/share/doc/libvirt/html/kbase/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/backing_chains.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/debuglogs.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/domainstatecapture.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/index.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/kbase/internals/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/command.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/eventloop.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/incremental-backup.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/locking.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/migration.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/overview.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/qemu-event-handlers.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/qemu-migration.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/qemu-threads.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/internals/rpc.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/kvm-realtime.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/launch_security_sev.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/live_full_disk_backup.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/locking-lockd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/locking-sanlock.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/locking.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/memorydevices.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/merging_disk_image_chains.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/qemu-core-dump.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/qemu-passthrough-security.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/rpm-deployment.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/s390_protected_virt.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/secureusage.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/snapshots.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/systemtap.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/tlscerts.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/kbase/virtiofs.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/libvirt-go-xml.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/libvirt-go.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/logging.html +drwxr-xr-x root/root usr/share/doc/libvirt/html/logos/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-dark-256.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-dark-800.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-dark.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-light-256.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-light-800.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-banner-light.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-base.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-128.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-192.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-256.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-96.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-powered-128.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-powered-192.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-powered-256.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-powered-96.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square-powered.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-square.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-sticker-hexagon.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/logos/logo-sticker-square.svg +-rw-r--r-- root/root usr/share/doc/libvirt/html/macos.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manifest.json +drwxr-xr-x root/root usr/share/doc/libvirt/html/manpages/ +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/index.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/libvirt-guests.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/libvirtd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-atset1.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-atset2.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-atset3.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-linux.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-osx.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-qnum.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-usb.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-win32.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeycode-xtkbd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeyname-linux.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeyname-osx.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virkeyname-win32.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virsh.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-admin.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-host-validate.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-login-shell.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-pki-query-dn.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-pki-validate.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-qemu-run.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-sanlock-cleanup.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-ssh-helper.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virt-xml-validate.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtbhyved.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtinterfaced.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtlockd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtlogd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtlxcd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtnetworkd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtnodedevd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtnwfilterd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtproxyd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtqemud.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtsecretd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtstoraged.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtvboxd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtvzd.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/manpages/virtxend.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/migration.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/mstile-150x150.png +-rw-r--r-- root/root usr/share/doc/libvirt/html/newreposetup.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/news.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/nss.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/pci-addresses.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/pci-hotplug.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/php.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/platforms.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/programming-languages.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/python.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/remote.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/securityprocess.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/storage.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/strategy.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/styleguide.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/submitting-patches.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/support.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/testapi.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/testsuites.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/testtck.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/uri.html +-rw-r--r-- root/root usr/share/doc/libvirt/html/windows.html +drwxr-xr-x root/root usr/share/libvirt/ +drwxr-xr-x root/root usr/share/libvirt/api/ +-rw-r--r-- root/root usr/share/libvirt/api/libvirt-admin-api.xml +-rw-r--r-- root/root usr/share/libvirt/api/libvirt-api.xml +-rw-r--r-- root/root usr/share/libvirt/api/libvirt-lxc-api.xml +-rw-r--r-- root/root usr/share/libvirt/api/libvirt-qemu-api.xml +drwxr-xr-x root/root usr/share/libvirt/cpu_map/ +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_FT-2000plus.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_Falkor.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_Kunpeng-920.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_Tengyun-S2500.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_ThunderX299xx.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_cortex-a53.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_cortex-a57.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_cortex-a72.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_features.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/arm_vendors.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/index.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWER10.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWER6.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWER7.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWER8.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWER9.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWERPC_e5500.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_POWERPC_e6500.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/ppc64_vendors.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_486.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Broadwell-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Broadwell-noTSX-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Broadwell-noTSX.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Broadwell.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Cascadelake-Server-noTSX.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Cascadelake-Server.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Conroe.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Cooperlake.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Dhyana.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_EPYC.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Haswell-noTSX.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Haswell.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Icelake-Client-noTSX.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Icelake-Client.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Icelake-Server-noTSX.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Icelake-Server.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_IvyBridge-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_IvyBridge.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Nehalem-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Nehalem.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Opteron_G1.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Opteron_G2.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Opteron_G3.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Opteron_G4.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Opteron_G5.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Penryn.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_SandyBridge-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_SandyBridge.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Client-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Client.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Server-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Skylake-Server.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Snowridge.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_Westmere.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_athlon.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_core2duo.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_coreduo.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_cpu64-rhel5.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_cpu64-rhel6.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_features.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_kvm32.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_kvm64.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_n270.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_pentium.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_pentium2.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_pentium3.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_pentiumpro.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_phenom.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_qemu32.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_qemu64.xml +-rw-r--r-- root/root usr/share/libvirt/cpu_map/x86_vendors.xml +drwxr-xr-x root/root usr/share/libvirt/schemas/ +-rw-r--r-- root/root usr/share/libvirt/schemas/basictypes.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/capability.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/cpu.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/cputypes.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domain.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domainbackup.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domaincaps.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domaincheckpoint.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domaincommon.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/domainsnapshot.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/interface.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/network.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/networkcommon.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/networkport.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/nodedev.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/nwfilter.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/nwfilter_params.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/nwfilterbinding.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/secret.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/storagecommon.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/storagepool.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/storagepoolcaps.rng +-rw-r--r-- root/root usr/share/libvirt/schemas/storagevol.rng +-rw-r--r-- root/root usr/share/libvirt/test-screenshot.png +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/virsh.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-admin.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-host-validate.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-login-shell.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-pki-query-dn.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-pki-validate.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-qemu-run.1.gz +-rw-r--r-- root/root usr/share/man/man1/virt-xml-validate.1.gz +drwxr-xr-x root/root usr/share/man/man7/ +-rw-r--r-- root/root usr/share/man/man7/virkeycode-atset1.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-atset2.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-atset3.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-linux.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-osx.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-qnum.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-usb.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-win32.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeycode-xtkbd.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeyname-linux.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeyname-osx.7.gz +-rw-r--r-- root/root usr/share/man/man7/virkeyname-win32.7.gz +drwxr-xr-x root/root usr/share/man/man8/ +-rw-r--r-- root/root usr/share/man/man8/libvirt-guests.8.gz +-rw-r--r-- root/root usr/share/man/man8/libvirtd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virt-ssh-helper.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtinterfaced.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtlockd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtlogd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtlxcd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtnetworkd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtnodedevd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtnwfilterd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtproxyd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtqemud.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtsecretd.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtstoraged.8.gz +-rw-r--r-- root/root usr/share/man/man8/virtvboxd.8.gz +drwxr-xr-x root/root var/ +drwxr-xr-x root/root var/cache/ +drwxr-xr-x root/root var/cache/libvirt/ +drwxr-xr-x root/root var/cache/libvirt/qemu/ +drwxr-xr-x root/root var/lib/ +drwxr-xr-x root/root var/lib/libvirt/ +drwxr-xr-x root/root var/lib/libvirt/boot/ +drwxr-xr-x root/root var/lib/libvirt/ch/ +drwxr-xr-x root/root var/lib/libvirt/dnsmasq/ +drwxr-xr-x root/root var/lib/libvirt/filesystems/ +drwxr-xr-x root/root var/lib/libvirt/images/ +drwxr-xr-x root/root var/lib/libvirt/lockd/ +drwxr-xr-x root/root var/lib/libvirt/lockd/files/ +drwxr-xr-x root/root var/lib/libvirt/lxc/ +drwxr-xr-x root/root var/lib/libvirt/network/ +drwxr-xr-x root/root var/lib/libvirt/qemu/ +drwxr-xr-x root/root var/lib/libvirt/qemu/channel/ +drwxr-xr-x root/root var/lib/libvirt/qemu/channel/target/ +drwxr-xr-x root/root var/lib/libvirt/qemu/checkpoint/ +drwxr-xr-x root/root var/lib/libvirt/qemu/dump/ +drwxr-xr-x root/root var/lib/libvirt/qemu/nvram/ +drwxr-xr-x root/root var/lib/libvirt/qemu/ram/ +drwxr-xr-x root/root var/lib/libvirt/qemu/save/ +drwxr-xr-x root/root var/lib/libvirt/qemu/snapshot/ +drwxr-xr-x root/root var/lib/libvirt/swtpm/ +drwxr-xr-x root/root var/log/ +drwxr-xr-x root/root var/log/libvirt/ +drwxr-xr-x root/root var/log/libvirt/ch/ +drwxr-xr-x root/root var/log/libvirt/lxc/ +drwxr-xr-x root/root var/log/libvirt/qemu/ +drwxr-xr-x root/root var/log/swtpm/ +drwxr-xr-x root/root var/log/swtpm/libvirt/ +drwxr-xr-x root/root var/log/swtpm/libvirt/qemu/ +drwxr-xr-x root/root var/run/ +drwxr-xr-x root/root var/run/libvirt/ +drwxr-xr-x root/root var/run/libvirt/ch/ +drwxr-xr-x root/root var/run/libvirt/common/ +drwxr-xr-x root/root var/run/libvirt/interface/ +drwxr-xr-x root/root var/run/libvirt/lockd/ +drwxr-xr-x root/root var/run/libvirt/lxc/ +drwxr-xr-x root/root var/run/libvirt/network/ +drwxr-xr-x root/root var/run/libvirt/nodedev/ +drwxr-xr-x root/root var/run/libvirt/nwfilter-binding/ +drwxr-xr-x root/root var/run/libvirt/nwfilter/ +drwxr-xr-x root/root var/run/libvirt/qemu/ +drwxr-xr-x root/root var/run/libvirt/qemu/dbus/ +drwxr-xr-x root/root var/run/libvirt/qemu/slirp/ +drwxr-xr-x root/root var/run/libvirt/qemu/swtpm/ +drwxr-xr-x root/root var/run/libvirt/secrets/ +drwxr-xr-x root/root var/run/libvirt/storage/ diff --git a/libvirt/.signature b/libvirt/.signature new file mode 100644 index 000000000..8257e7f16 --- /dev/null +++ b/libvirt/.signature @@ -0,0 +1,9 @@ +untrusted comment: verify with /etc/ports/contrib.pub +RWSagIOpLGJF37fSmpaKTpYPYrRfqU8ZCOaScy/iiqtFtRW5arSMEEtrh4OVqXXaXCWG20pJLjYIk5q0o3eCCMilZ8+tnqDQkwc= +SHA256 (Pkgfile) = 9a313b2218e2750731f22be31b0c3f8d127a82aade7805d7b680199d1f051e9b +SHA256 (.footprint) = 524a5f7eccfcbaf8815eb96dd83639ef15508c88391892b7802d565c243a990b +SHA256 (libvirt-8.5.0.tar.xz) = 401e99b5e1b83de39a86347e091a85eb4dba82a87053dfcb5aa250328f97db62 +SHA256 (libvirtd.rc) = b62fe40b1d37121ef2028df278d0b1b0e2f21d4c0c37f4ab0a9648dbf3abee29 +SHA256 (virtlogd.rc) = dbe3db36ad364fb2f40cf45d3886daec5b44aff37d5e0c434fb6d3532333a528 +SHA256 (libvirtd.conf) = 669409a55d55552272d82ad643432f528a84ab4ab50d43b889ca30cad0b86251 +SHA256 (qemu.conf) = 21315d29e44e29556ed55d42a43733c069f926cfad696083a523342e2784cbe1 diff --git a/libvirt/Pkgfile b/libvirt/Pkgfile new file mode 100644 index 000000000..e54243905 --- /dev/null +++ b/libvirt/Pkgfile @@ -0,0 +1,36 @@ +# Description: API for virtualization +# URL: https://libvirt.org/ +# Maintainer: Matt Housh, jaeger at crux dot ninja +# Depends on: meson libxml2 libxslt rpcsvc-proto glib gnutls xorg-libpciaccess python3-docutils qemu parted nss yajl +# Nice to have: bash-completion + +name=libvirt +version=8.5.0 +release=1 +source=(https://libvirt.org/sources/$name-$version.tar.xz + libvirtd.rc virtlogd.rc libvirtd.conf qemu.conf) + +build() { + meson setup $name-$version build \ + --prefix=/usr \ + --libexecdir=/usr/lib/$name \ + --buildtype=plain \ + -Ddriver_qemu=enabled \ + -Dqemu_user=libvirt \ + -Dqemu_group=libvirt \ + -Dtests=disabled + meson compile -C build + DESTDIR=$PKG meson install -C build + + install -D -o root -g root -m 0755 $SRC/libvirtd.rc \ + $PKG/etc/rc.d/libvirtd + install -D -o root -g root -m 0755 $SRC/virtlogd.rc \ + $PKG/etc/rc.d/virtlogd + + install -D -o root -g root -m 0644 $SRC/libvirtd.conf \ + $PKG/etc/libvirt/libvirtd.conf + install -D -o root -g root -m 0644 $SRC/qemu.conf \ + $PKG/etc/libvirt/qemu.conf + + rm -r $PKG/usr/share/locale +} diff --git a/libvirt/libvirtd.conf b/libvirt/libvirtd.conf new file mode 100644 index 000000000..ee44affe8 --- /dev/null +++ b/libvirt/libvirtd.conf @@ -0,0 +1,531 @@ +# Master libvirt daemon configuration file +# + +################################################################# +# +# Network connectivity controls +# + +# Flag listening for secure TLS connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# It is necessary to setup a CA and issue server certificates before +# using this capability. +# +# This is enabled by default, uncomment this to disable it +#listen_tls = 0 + +# Listen for unencrypted TCP connections on the public TCP/IP port. +# NB, must pass the --listen flag to the libvirtd process for this to +# have any effect. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Using the TCP socket requires SASL authentication by default. Only +# SASL mechanisms which support data encryption are allowed. This is +# DIGEST_MD5 and GSSAPI (Kerberos5) +# +# This is disabled by default, uncomment this to enable it. +#listen_tcp = 1 + + + +# Override the port for accepting secure TLS connections +# This can be a port number, or service name +# +# This setting is not required or honoured if using systemd socket +# activation. +# +#tls_port = "16514" + +# Override the port for accepting insecure TCP connections +# This can be a port number, or service name +# +# This setting is not required or honoured if using systemd socket +# activation. +# +#tcp_port = "16509" + + +# Override the default configuration which binds to all network +# interfaces. This can be a numeric IPv4/6 address, or hostname +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# If the libvirtd service is started in parallel with network +# startup (e.g. with systemd), binding to addresses other than +# the wildcards (0.0.0.0/::) might not be available yet. +# +#listen_addr = "192.168.0.1" + + +################################################################# +# +# UNIX socket access controls +# + +# Set the UNIX domain socket group ownership. This can be used to +# allow a 'trusted' set of users access to management capabilities +# without becoming root. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# This is restricted to 'root' by default. +unix_sock_group = "libvirt" + +# Set the UNIX socket permissions for the R/O socket. This is used +# for monitoring VM status only +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows any user. If setting group ownership, you may want to +# restrict this too. +unix_sock_ro_perms = "0777" + +# Set the UNIX socket permissions for the R/W socket. This is used +# for full management of VMs +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows only root. If PolicyKit is enabled on the socket, +# the default will change to allow everyone (eg, 0777) +# +# If not using PolicyKit and setting group ownership for access +# control, then you may want to relax this too. +unix_sock_rw_perms = "0770" + +# Set the UNIX socket permissions for the admin interface socket. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +# Default allows only owner (root), do not change it unless you are +# sure to whom you are exposing the access to. +unix_sock_admin_perms = "0700" + +# Set the name of the directory in which sockets will be found/created. +# +# This setting is not required or honoured if using systemd socket +# activation. +# +unix_sock_dir = "/var/run/libvirt" + + + +################################################################# +# +# Authentication. +# +# There are the following choices available: +# +# - none: do not perform auth checks. If you can connect to the +# socket you are allowed. This is suitable if there are +# restrictions on connecting to the socket (eg, UNIX +# socket permissions), or if there is a lower layer in +# the network providing auth (eg, TLS/x509 certificates) +# +# - sasl: use SASL infrastructure. The actual auth scheme is then +# controlled from /etc/sasl2/libvirt.conf. For the TCP +# socket only GSSAPI & DIGEST-MD5 mechanisms will be used. +# For non-TCP or TLS sockets, any scheme is allowed. +# +# - polkit: use PolicyKit to authenticate. This is only suitable +# for use on the UNIX sockets. The default policy will +# require a user to supply their own password to gain +# full read/write access (aka sudo like), while anyone +# is allowed read/only access. +# + +# Set an authentication scheme for UNIX read-only sockets +# +# By default socket permissions allow anyone to connect +# +# If libvirt was compiled without support for 'polkit', then +# no access control checks are done, but libvirt still only +# allows execution of APIs which don't change state. +# +# If libvirt was compiled with support for 'polkit', then +# the libvirt socket will perform a check with polkit after +# connections. The default policy still allows any local +# user access. +# +# To restrict monitoring of domains you may wish to either +# enable 'sasl' here, or change the polkit policy definition. +#auth_unix_ro = "none" + +# Set an authentication scheme for UNIX read-write sockets. +# +# If libvirt was compiled without support for 'polkit', then +# the systemd .socket files will use SocketMode=0600 by default +# thus only allowing root user to connect, and 'auth_unix_rw' +# will default to 'none'. +# +# If libvirt was compiled with support for 'polkit', then +# the systemd .socket files will use SocketMode=0666 which +# allows any user to connect and 'auth_unix_rw' will default +# to 'polkit'. If you disable use of 'polkit' here, then it +# is essential to change the systemd SocketMode parameter +# back to 0600, to avoid an insecure configuration. +# +#auth_unix_rw = "none" + +# Change the authentication scheme for TCP sockets. +# +# If you don't enable SASL, then all TCP traffic is cleartext. +# Don't do this outside of a dev/test scenario. For real world +# use, always enable SASL and use the GSSAPI or DIGEST-MD5 +# mechanism in /etc/sasl2/libvirt.conf +#auth_tcp = "sasl" + +# Change the authentication scheme for TLS sockets. +# +# TLS sockets already have encryption provided by the TLS +# layer, and limited authentication is done by certificates +# +# It is possible to make use of any SASL authentication +# mechanism as well, by using 'sasl' for this option +#auth_tls = "none" + +# Enforce a minimum SSF value for TCP sockets +# +# The default minimum is currently 56 (single-DES) which will +# be raised to 112 in the future. +# +# This option can be used to set values higher than 112 +#tcp_min_ssf = 112 + + +# Change the API access control scheme +# +# By default an authenticated user is allowed access +# to all APIs. Access drivers can place restrictions +# on this. By default the 'nop' driver is enabled, +# meaning no access control checks are done once a +# client has authenticated with libvirtd +# +#access_drivers = [ "polkit" ] + +################################################################# +# +# TLS x509 certificate configuration +# + +# Use of TLS requires that x509 certificates be issued. The default locations +# for the certificate files is as follows: +# +# /etc/pki/CA/cacert.pem - The CA master certificate +# /etc/pki/libvirt/servercert.pem - The server certificate signed by cacert.pem +# /etc/pki/libvirt/private/serverkey.pem - The server private key +# +# It is possible to override the default locations by altering the 'key_file', +# 'cert_file', and 'ca_file' values and uncommenting them below. +# +# NB, overriding the default of one location requires uncommenting and +# possibly additionally overriding the other settings. +# + +# Override the default server key file path +# +#key_file = "/etc/pki/libvirt/private/serverkey.pem" + +# Override the default server certificate file path +# +#cert_file = "/etc/pki/libvirt/servercert.pem" + +# Override the default CA certificate path +# +#ca_file = "/etc/pki/CA/cacert.pem" + +# Specify a certificate revocation list. +# +# Defaults to not using a CRL, uncomment to enable it +#crl_file = "/etc/pki/CA/crl.pem" + + + +################################################################# +# +# Authorization controls +# + + +# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always run sanity checks. Uncommenting this +# will disable sanity checks which is not a good idea +#tls_no_sanity_certificate = 1 + +# Flag to disable verification of client certificates +# +# Client certificate verification is the primary authentication mechanism. +# Any client which does not present a certificate signed by the CA +# will be rejected. +# +# Default is to always verify. Uncommenting this will disable +# verification. +#tls_no_verify_certificate = 1 + + +# An access control list of allowed x509 Distinguished Names +# This list may contain wildcards such as +# +# "C=GB,ST=London,L=London,O=Red Hat,CN=*" +# +# Any * matches any number of consecutive spaces, like a simplified glob(7). +# +# The format of the DN for a particular certificate can be queried +# using: +# +# virt-pki-query-dn clientcert.pem +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no DN's are checked +#tls_allowed_dn_list = ["DN1", "DN2"] + + +# Override the compile time default TLS priority string. The +# default is usually "NORMAL" unless overridden at build time. +# Only set this is it is desired for libvirt to deviate from +# the global default settings. +# +#tls_priority="NORMAL" + + +# An access control list of allowed SASL usernames. The format for username +# depends on the SASL authentication mechanism. Kerberos usernames +# look like username@REALM +# +# This list may contain wildcards such as +# +# "*@EXAMPLE.COM" +# +# See the g_pattern_match function for the format of the wildcards. +# +# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html +# +# NB If this is an empty list, no client can connect, so comment out +# entirely rather than using empty list to disable these checks +# +# By default, no Username's are checked +#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ] + + +################################################################# +# +# Processing controls +# + +# The maximum number of concurrent client connections to allow +# over all sockets combined. +#max_clients = 5000 + +# The maximum length of queue of connections waiting to be +# accepted by the daemon. Note, that some protocols supporting +# retransmission may obey this so that a later reattempt at +# connection succeeds. +#max_queued_clients = 1000 + +# The maximum length of queue of accepted but not yet +# authenticated clients. The default value is 20. Set this to +# zero to turn this feature off. +#max_anonymous_clients = 20 + +# The minimum limit sets the number of workers to start up +# initially. If the number of active clients exceeds this, +# then more threads are spawned, up to max_workers limit. +# Typically you'd want max_workers to equal maximum number +# of clients allowed +#min_workers = 5 +#max_workers = 20 + + +# The number of priority workers. If all workers from above +# pool are stuck, some calls marked as high priority +# (notably domainDestroy) can be executed in this pool. +#prio_workers = 5 + +# Limit on concurrent requests from a single client +# connection. To avoid one client monopolizing the server +# this should be a small fraction of the global max_workers +# parameter. +#max_client_requests = 5 + +# Same processing controls, but this time for the admin interface. +# For description of each option, be so kind to scroll few lines +# upwards. + +#admin_min_workers = 1 +#admin_max_workers = 5 +#admin_max_clients = 5 +#admin_max_queued_clients = 5 +#admin_max_client_requests = 5 + +################################################################# +# +# Logging controls +# + +# Logging level: 4 errors, 3 warnings, 2 information, 1 debug +# basically 1 will log everything possible +# +# WARNING: USE OF THIS IS STRONGLY DISCOURAGED. +# +# WARNING: It outputs too much information to practically read. +# WARNING: The "log_filters" setting is recommended instead. +# +# WARNING: Journald applies rate limiting of messages and so libvirt +# WARNING: will limit "log_level" to only allow values 3 or 4 if +# WARNING: journald is the current output. +# +# WARNING: USE OF THIS IS STRONGLY DISCOURAGED. +#log_level = 3 + +# Logging filters: +# A filter allows to select a different logging level for a given category +# of logs. The format for a filter is: +# +# level:match +# +# where 'match' is a string which is matched against the category +# given in the VIR_LOG_INIT() at the top of each libvirt source +# file, e.g., "remote", "qemu", or "util.json". The 'match' in the +# filter matches using shell wildcard syntax (see 'man glob(7)'). +# The 'match' is always treated as a substring match. IOW a match +# string 'foo' is equivalent to '*foo*'. +# +# 'level' is the minimal level where matching messages should +# be logged: +# +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple filters can be defined in a single @log_filters, they just need +# to be separated by spaces. Note that libvirt performs "first" match, i.e. +# if there are concurrent filters, the first one that matches will be applied, +# given the order in @log_filters. +# +# A typical need is to capture information from a hypervisor driver, +# public API entrypoints and some of the utility code. Some utility +# code is very verbose and is generally not desired. Taking the QEMU +# hypervisor as an example, a suitable filter string for debugging +# might be to turn off object, json & event logging, but enable the +# rest of the util code: +# +#log_filters="1:qemu 1:libvirt 4:object 4:json 4:event 1:util" + +# Logging outputs: +# An output is one of the places to save logging information +# The format for an output can be: +# level:stderr +# output goes to stderr +# level:syslog:name +# use syslog for the output and use the given name as the ident +# level:file:file_path +# output to a file, with the given filepath +# level:journald +# output to journald logging system +# In all cases 'level' is the minimal priority, acting as a filter +# 1: DEBUG +# 2: INFO +# 3: WARNING +# 4: ERROR +# +# Multiple outputs can be defined, they just need to be separated by spaces. +# e.g. to log all warnings and errors to syslog under the libvirtd ident: +#log_outputs="3:syslog:libvirtd" + + +################################################################## +# +# Auditing +# +# This setting allows usage of the auditing subsystem to be altered: +# +# audit_level == 0 -> disable all auditing +# audit_level == 1 -> enable auditing, only if enabled on host (default) +# audit_level == 2 -> enable auditing, and exit if disabled on host +# +#audit_level = 2 +# +# If set to 1, then audit messages will also be sent +# via libvirt logging infrastructure. Defaults to 0 +# +#audit_logging = 1 + +################################################################### +# UUID of the host: +# Host UUID is read from one of the sources specified in host_uuid_source. +# +# - 'smbios': fetch the UUID from 'dmidecode -s system-uuid' +# - 'machine-id': fetch the UUID from /etc/machine-id +# +# The host_uuid_source default is 'smbios'. If 'dmidecode' does not provide +# a valid UUID a temporary UUID will be generated. +# +# Another option is to specify host UUID in host_uuid. +# +# Keep the format of the example UUID below. UUID must not have all digits +# be the same. + +# NB This default all-zeros UUID will not work. Replace +# it with the output of the 'uuidgen' command and then +# uncomment this entry +#host_uuid = "00000000-0000-0000-0000-000000000000" +#host_uuid_source = "smbios" + +################################################################### +# Keepalive protocol: +# This allows libvirtd to detect broken client connections or even +# dead clients. A keepalive message is sent to a client after +# keepalive_interval seconds of inactivity to check if the client is +# still responding; keepalive_count is a maximum number of keepalive +# messages that are allowed to be sent to the client without getting +# any response before the connection is considered broken. In other +# words, the connection is automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the client. If keepalive_interval is set to +# -1, libvirtd will never send keepalive requests; however clients +# can still send them and the daemon will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + +# +# These configuration options are no longer used. There is no way to +# restrict such clients from connecting since they first need to +# connect in order to ask for keepalive. +# +#keepalive_required = 1 +#admin_keepalive_required = 1 + +# Keepalive settings for the admin interface +#admin_keepalive_interval = 5 +#admin_keepalive_count = 5 + +################################################################### +# Open vSwitch: +# This allows to specify a timeout for openvswitch calls made by +# libvirt. The ovs-vsctl utility is used for the configuration and +# its timeout option is set by default to 5 seconds to avoid +# potential infinite waits blocking libvirt. +# +#ovs_timeout = 5 diff --git a/libvirt/libvirtd.rc b/libvirt/libvirtd.rc new file mode 100755 index 000000000..cc82ea878 --- /dev/null +++ b/libvirt/libvirtd.rc @@ -0,0 +1,36 @@ +#!/bin/sh +# +# /etc/rc.d/libvirtd: start/stop libvirt daemon +# + +SSD=/sbin/start-stop-daemon +PROG=/usr/sbin/libvirtd +PID=/var/run/libvirtd.pid +OPTS="-d" + +case $1 in + start) + $SSD --start --pidfile $PID --exec $PROG -- $OPTS + ;; + stop) + $SSD --stop --retry 10 --pidfile $PID + ;; + restart) + $0 stop + $0 start + ;; + status) + $SSD --status --pidfile $PID + case $? in + 0) echo "$PROG is running with pid $(cat $PID)" ;; + 1) echo "$PROG is not running but the pid file $PID exists" ;; + 3) echo "$PROG is not running" ;; + 4) echo "Unable to determine the program status" ;; + esac + ;; + *) + echo "usage: $0 [start|stop|restart|status]" + ;; +esac + +# End of file diff --git a/libvirt/pre-install b/libvirt/pre-install new file mode 100755 index 000000000..d7b936de5 --- /dev/null +++ b/libvirt/pre-install @@ -0,0 +1,10 @@ +#!/bin/sh + +if [ -z "`getent group libvirt`" ]; then + /usr/sbin/groupadd --system libvirt +fi + +if [ -z "`getent passwd libvirt`" ]; then + /usr/sbin/useradd -r -g libvirt -d /etc/libvirt -s /bin/false -c "libvirt service user" libvirt + /usr/bin/passwd -l libvirt +fi diff --git a/libvirt/qemu.conf b/libvirt/qemu.conf new file mode 100644 index 000000000..1b9bbd61d --- /dev/null +++ b/libvirt/qemu.conf @@ -0,0 +1,954 @@ +# Master configuration file for the QEMU driver. +# All settings described here are optional - if omitted, sensible +# defaults are used. + +# Use of TLS requires that x509 certificates be issued. The default is +# to keep them in /etc/pki/qemu. This directory must contain +# +# ca-cert.pem - the CA master certificate +# server-cert.pem - the server certificate signed with ca-cert.pem +# server-key.pem - the server private key +# +# and optionally may contain +# +# dh-params.pem - the DH params configuration file +# +# If the directory does not exist, libvirtd will fail to start. If the +# directory doesn't contain the necessary files, QEMU domains will fail +# to start if they are configured to use TLS. +# +# In order to overwrite the default path alter the following. This path +# definition will be used as the default path for other *_tls_x509_cert_dir +# configuration settings if their default path does not exist or is not +# specifically set. +# +#default_tls_x509_cert_dir = "/etc/pki/qemu" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client who does not have a +# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem +# +# The default_tls_x509_cert_dir directory must also contain +# +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +# If this option is supplied it provides the default for the "_verify" option +# of specific TLS users such as vnc, backups, migration, etc. The specific +# users of TLS may override this by setting the specific "_verify" option. +# +# When not supplied the specific TLS users provide their own defaults. +# +#default_tls_x509_verify = 1 + +# +# Libvirt assumes the server-key.pem file is unencrypted by default. +# To use an encrypted server-key.pem file, the password to decrypt +# the PEM file is required. This can be provided by creating a secret +# object in libvirt and then to uncomment this setting to set the UUID +# of the secret. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# VNC is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#vnc_listen = "0.0.0.0" + +# Enable this option to have VNC served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine, though most VNC clients do not support it. +# +# This will only be enabled for VNC configurations that have listen +# type=address but without any address specified. This setting takes +# preference over vnc_listen. +# +#vnc_auto_unix_socket = 1 + +# Enable use of TLS encryption on the VNC server. This requires +# a VNC client which supports the VeNCrypt protocol extension. +# Examples include vinagre, virt-viewer, virt-manager and vencrypt +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#vnc_tls = 1 + + +# In order to override the default TLS certificate location for +# vnc certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vnc_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "0". +# +#vnc_tls_x509_verify = 1 + + +# The default VNC password. Only 8 bytes are significant for +# VNC passwords. This parameter is only used if the per-domain +# XML config does not already provide a password. To allow +# access without passwords, leave this commented out. An empty +# string will still enable passwords, but be rejected by QEMU, +# effectively preventing any use of VNC. Obviously change this +# example here before you set this. +# +#vnc_password = "XYZ12345" + + +# Enable use of SASL encryption on the VNC server. This requires +# a VNC client which supports the SASL protocol extension. +# Examples include vinagre, virt-viewer and virt-manager +# itself. UltraVNC, RealVNC, TightVNC do not support this +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#vnc_sasl = 1 + + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#vnc_sasl_dir = "/some/directory/sasl2" + + +# QEMU implements an extension for providing audio over a VNC connection, +# though if your VNC client does not support it, your only chance for getting +# sound output is through regular audio backends. By default, libvirt will +# disable all QEMU sound backends if using VNC, since they can cause +# permissions issues. Enabling this option will make libvirtd honor the +# QEMU_AUDIO_DRV environment variable when using VNC. +# +#vnc_allow_host_audio = 0 + + + +# SPICE is configured to listen on 127.0.0.1 by default. +# To make it listen on all public interfaces, uncomment +# this next option. +# +# NB, strong recommendation to enable TLS + x509 certificate +# verification when allowing public access +# +#spice_listen = "0.0.0.0" + + +# Enable use of TLS encryption on the SPICE server. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#spice_tls = 1 + + +# In order to override the default TLS certificate location for +# spice certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but spice_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" + + +# Enable this option to have SPICE served over an automatically created +# unix socket. This prevents unprivileged access from users on the +# host machine. +# +# This will only be enabled for SPICE configurations that have listen +# type=address but without any address specified. This setting takes +# preference over spice_listen. +# +#spice_auto_unix_socket = 1 + + +# The default SPICE password. This parameter is only used if the +# per-domain XML config does not already provide a password. To +# allow access without passwords, leave this commented out. An +# empty string will still enable passwords, but be rejected by +# QEMU, effectively preventing any use of SPICE. Obviously change +# this example here before you set this. +# +#spice_password = "XYZ12345" + + +# Enable use of SASL encryption on the SPICE server. This requires +# a SPICE client which supports the SASL protocol extension. +# +# It is necessary to configure /etc/sasl2/qemu.conf to choose +# the desired SASL plugin (eg, GSSPI for Kerberos) +# +#spice_sasl = 1 + +# The default SASL configuration file is located in /etc/sasl2/ +# When running libvirtd unprivileged, it may be desirable to +# override the configs in this location. Set this parameter to +# point to the directory, and create a qemu.conf in that location +# +#spice_sasl_dir = "/some/directory/sasl2" + +# Enable use of TLS encryption on the chardev TCP transports. +# +# It is necessary to setup CA and issue a server certificate +# before enabling this. +# +#chardev_tls = 1 + + +# In order to override the default TLS certificate location for character +# device TCP certificates, supply a valid path to the certificate directory. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but chardev_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +#chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "1". +# +#chardev_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# Enable use of TLS encryption for all VxHS network block devices that +# don't specifically disable. +# +# When the VxHS network block device server is set up appropriately, +# x509 certificates are required for authentication between the clients +# (qemu processes) and the remote VxHS server. +# +# It is necessary to setup CA and issue the client certificate before +# enabling this. +# +#vxhs_tls = 1 + + +# In order to override the default TLS certificate location for VxHS +# backed storage, supply a valid path to the certificate directory. +# This is used to authenticate the VxHS block device clients to the VxHS +# server. +# +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vxhs_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +# VxHS block device clients expect the client certificate and key to be +# present in the certificate directory along with the CA master certificate. +# If using the default environment, default_tls_x509_verify must be configured. +# Since this is only a client the server-key.pem certificate is not needed. +# Thus a VxHS directory must contain the following: +# +# ca-cert.pem - the CA master certificate +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +#vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#vxhs_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# Enable use of TLS encryption for all NBD disk devices that don't +# specifically disable it. +# +# When the NBD server is set up appropriately, x509 certificates are required +# for authentication between the client and the remote NBD server. +# +# It is necessary to setup CA and issue the client certificate before +# enabling this. +# +#nbd_tls = 1 + + +# In order to override the default TLS certificate location for NBD +# backed storage, supply a valid path to the certificate directory. +# This is used to authenticate the NBD block device clients to the NBD +# server. +# +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but nbd_tls = 1, then the +# default_tls_x509_cert_dir path will be used. +# +# NBD block device clients expect the client certificate and key to be +# present in the certificate directory along with the CA certificate. +# Since this is only a client the server-key.pem certificate is not needed. +# Thus a NBD directory must contain the following: +# +# ca-cert.pem - the CA master certificate +# client-cert.pem - the client certificate signed with the ca-cert.pem +# client-key.pem - the client private key +# +#nbd_tls_x509_cert_dir = "/etc/pki/libvirt-nbd" + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#nbd_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# In order to override the default TLS certificate location for migration +# certificates, supply a valid path to the certificate directory. If the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted migration is requested, then the +# default_tls_x509_cert_dir path will be used. Once/if a default certificate is +# enabled/defined, migration will then be able to use the certificate via +# migration API flags. +# +#migrate_tls_x509_cert_dir = "/etc/pki/libvirt-migrate" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied +# either, the default is "1". +# +#migrate_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not requested +# automatically. Setting 'migate_tls_force' to "1" will prevent any migration +# which is not using VIR_MIGRATE_TLS to ensure higher level of security in +# deployments with TLS. +# +#migrate_tls_force = 0 + + +# In order to override the default TLS certificate location for backup NBD +# server certificates, supply a valid path to the certificate directory. If the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted backup is requested, then the +# default_tls_x509_cert_dir path will be used. +# +#backup_tls_x509_cert_dir = "/etc/pki/libvirt-backup" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# certificate (as described in default_tls_x509_verify) signed by the +# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir). +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either, +# the default is "1". +# +#backup_tls_x509_verify = 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + +# By default, if no graphical front end is configured, libvirt will disable +# QEMU audio output since directly talking to alsa/pulseaudio may not work +# with various security settings. If you know what you're doing, enable +# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV +# environment variable when using nographics. +# +#nographics_allow_host_audio = 1 + + +# Override the port for creating both VNC and SPICE sessions (min). +# This defaults to 5900 and increases for consecutive sessions +# or when ports are occupied, until it hits the maximum. +# +# Minimum must be greater than or equal to 5900 as lower number would +# result into negative vnc display number. +# +# Maximum must be less than 65536, because higher numbers do not make +# sense as a port number. +# +#remote_display_port_min = 5900 +#remote_display_port_max = 65535 + +# VNC WebSocket port policies, same rules apply as with remote display +# ports. VNC WebSockets use similar display <-> port mappings, with +# the exception being that ports start from 5700 instead of 5900. +# +#remote_websocket_port_min = 5700 +#remote_websocket_port_max = 65535 + +# The default security driver is SELinux. If SELinux is disabled +# on the host, then the security driver will automatically disable +# itself. If you wish to disable QEMU SELinux security driver while +# leaving SELinux enabled for the host in general, then set this +# to 'none' instead. It's also possible to use more than one security +# driver at the same time, for this use a list of names separated by +# comma and delimited by square brackets. For example: +# +# security_driver = [ "selinux", "apparmor" ] +# +# Notes: The DAC security driver is always enabled; as a result, the +# value of security_driver cannot contain "dac". The value "none" is +# a special value; security_driver can be set to that value in +# isolation, but it cannot appear in a list of drivers. +# +#security_driver = "selinux" + +# If set to non-zero, then the default security labeling +# will make guests confined. If set to zero, then guests +# will be unconfined by default. Defaults to 1. +#security_default_confined = 1 + +# If set to non-zero, then attempts to create unconfined +# guests will be blocked. Defaults to 0. +#security_require_confined = 1 + +# The user for QEMU processes run by the system instance. It can be +# specified as a user name or as a user id. The qemu driver will try to +# parse this value first as a name and then, if the name doesn't exist, +# as a user id. +# +# Since a sequence of digits is a valid user name, a leading plus sign +# can be used to ensure that a user id will not be interpreted as a user +# name. +# +# Some examples of valid values are: +# +# user = "qemu" # A user named "qemu" +# user = "+0" # Super user (uid=0) +# user = "100" # A user named "100" or a user with uid=100 +# +user = "libvirt" + +# The group for QEMU processes run by the system instance. It can be +# specified in a similar way to user. +group = "libvirt" + +# Whether libvirt should dynamically change file ownership +# to match the configured user/group above. Defaults to 1. +# Set to 0 to disable file ownership changes. +#dynamic_ownership = 1 + +# Whether libvirt should remember and restore the original +# ownership over files it is relabeling. Defaults to 1, set +# to 0 to disable the feature. +#remember_owner = 1 + +# What cgroup controllers to make use of with QEMU guests +# +# - 'cpu' - use for scheduler tunables +# - 'devices' - use for device access control +# - 'memory' - use for memory tunables +# - 'blkio' - use for block devices I/O tunables +# - 'cpuset' - use for CPUs and memory nodes +# - 'cpuacct' - use for CPUs statistics. +# +# NB, even if configured here, they won't be used unless +# the administrator has mounted cgroups, e.g.: +# +# mkdir /dev/cgroup +# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup +# +# They can be mounted anywhere, and different controllers +# can be mounted in different locations. libvirt will detect +# where they are located. +# +#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] + +# This is the basic set of devices allowed / required by +# all virtual machines. +# +# As well as this, any configured block backed disks, +# all sound device, and all PTY devices are allowed. +# +# This will only need setting if newer QEMU suddenly +# wants some device we don't already know about. +# +#cgroup_device_acl = [ +# "/dev/null", "/dev/full", "/dev/zero", +# "/dev/random", "/dev/urandom", +# "/dev/ptmx", "/dev/kvm" +#] +# +# RDMA migration requires the following extra files to be added to the list: +# "/dev/infiniband/rdma_cm", +# "/dev/infiniband/issm0", +# "/dev/infiniband/issm1", +# "/dev/infiniband/umad0", +# "/dev/infiniband/umad1", +# "/dev/infiniband/uverbs0" + + +# The default format for QEMU/KVM guest save images is raw; that is, the +# memory from the domain is dumped out directly to a file. If you have +# guests with a large amount of memory, however, this can take up quite +# a bit of space. If you would like to compress the images while they +# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" +# for save_image_format. Note that this means you slow down the process of +# saving a domain in order to save disk space; the list above is in descending +# order by performance and ascending order by compression ratio. +# +# save_image_format is used when you use 'virsh save' or 'virsh managedsave' +# at scheduled saving, and it is an error if the specified save_image_format +# is not valid, or the requested compression program can't be found. +# +# dump_image_format is used when you use 'virsh dump' at emergency +# crashdump, and if the specified dump_image_format is not valid, or +# the requested compression program can't be found, this falls +# back to "raw" compression. +# +# snapshot_image_format specifies the compression algorithm of the memory save +# image when an external snapshot of a domain is taken. This does not apply +# on disk image format. It is an error if the specified format isn't valid, +# or the requested compression program can't be found. +# +#save_image_format = "raw" +#dump_image_format = "raw" +#snapshot_image_format = "raw" + +# When a domain is configured to be auto-dumped when libvirtd receives a +# watchdog event from qemu guest, libvirtd will save dump files in directory +# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump +# +#auto_dump_path = "/var/lib/libvirt/qemu/dump" + +# When a domain is configured to be auto-dumped, enabling this flag +# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the +# virDomainCoreDump API. That is, the system will avoid using the +# file system cache while writing the dump file, but may cause +# slower operation. +# +#auto_dump_bypass_cache = 0 + +# When a domain is configured to be auto-started, enabling this flag +# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag +# with the virDomainCreateWithFlags API. That is, the system will +# avoid using the file system cache when restoring any managed state +# file, but may cause slower operation. +# +#auto_start_bypass_cache = 0 + +# If provided by the host and a hugetlbfs mount point is configured, +# a guest may request huge page backing. When this mount point is +# unspecified here, determination of a host mount point in /proc/mounts +# will be attempted. Specifying an explicit mount overrides detection +# of the same in /proc/mounts. Setting the mount point to "" will +# disable guest hugepage backing. If desired, multiple mount points can +# be specified at once, separated by comma and enclosed in square +# brackets, for example: +# +# hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"] +# +# The size of huge page served by specific mount point is determined by +# libvirt at the daemon startup. +# +# NB, within these mount points, guests will create memory backing +# files in a location of $MOUNTPOINT/libvirt/qemu +# +#hugetlbfs_mount = "/dev/hugepages" + + +# Path to the setuid helper for creating tap devices. This executable +# is used to create <source type='bridge'> interfaces when libvirtd is +# running unprivileged. libvirt invokes the helper directly, instead +# of using "-netdev bridge", for security reasons. +#bridge_helper = "/usr/libexec/qemu-bridge-helper" + + +# If enabled, libvirt will have QEMU set its process name to +# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU +# process will appear as "qemu:VM_NAME" in process listings and +# other system monitoring tools. By default, QEMU does not set +# its process title, so the complete QEMU command (emulator and +# its arguments) appear in process listings. +# +#set_process_name = 1 + + +# If max_processes is set to a positive integer, libvirt will use +# it to set the maximum number of processes that can be run by qemu +# user. This can be used to override default value set by host OS. +# The same applies to max_files which sets the limit on the maximum +# number of opened files. +# +#max_processes = 0 +#max_files = 0 + +# If max_threads_per_process is set to a positive integer, libvirt +# will use it to set the maximum number of threads that can be +# created by a qemu process. Some VM configurations can result in +# qemu processes with tens of thousands of threads. systemd-based +# systems typically limit the number of threads per process to +# 16k. max_threads_per_process can be used to override default +# limits in the host OS. +# +#max_threads_per_process = 0 + +# If max_core is set to a non-zero integer, then QEMU will be +# permitted to create core dumps when it crashes, provided its +# RAM size is smaller than the limit set. +# +# Be warned that the core dump will include a full copy of the +# guest RAM, if the 'dump_guest_core' setting has been enabled, +# or if the guest XML contains +# +# <memory dumpcore="on">...guest ram...</memory> +# +# If guest RAM is to be included, ensure the max_core limit +# is set to at least the size of the largest expected guest +# plus another 1GB for any QEMU host side memory mappings. +# +# As a special case it can be set to the string "unlimited" to +# to allow arbitrarily sized core dumps. +# +# By default the core dump size is set to 0 disabling all dumps +# +# Size is a positive integer specifying bytes or the +# string "unlimited" +# +#max_core = "unlimited" + +# Determine if guest RAM is included in QEMU core dumps. By +# default guest RAM will be excluded if a new enough QEMU is +# present. Setting this to '1' will force guest RAM to always +# be included in QEMU core dumps. +# +# This setting will be ignored if the guest XML has set the +# dumpcore attribute on the <memory> element. +# +#dump_guest_core = 1 + +# mac_filter enables MAC addressed based filtering on bridge ports. +# This currently requires ebtables to be installed. +# +#mac_filter = 1 + + +# By default, PCI devices below non-ACS switch are not allowed to be assigned +# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to +# be assigned to guests. +# +#relaxed_acs_check = 1 + + +# In order to prevent accidentally starting two domains that +# share one writable disk, libvirt offers two approaches for +# locking files. The first one is sanlock, the other one, +# virtlockd, is then our own implementation. Accepted values +# are "sanlock" and "lockd". +# +#lock_manager = "lockd" + + +# Set limit of maximum APIs queued on one domain. All other APIs +# over this threshold will fail on acquiring job lock. Specially, +# setting to zero turns this feature off. +# Note, that job lock is per domain. +# +#max_queued = 0 + +################################################################### +# Keepalive protocol: +# This allows qemu driver to detect broken connections to remote +# libvirtd during peer-to-peer migration. A keepalive message is +# sent to the daemon after keepalive_interval seconds of inactivity +# to check if the daemon is still responding; keepalive_count is a +# maximum number of keepalive messages that are allowed to be sent +# to the daemon without getting any response before the connection +# is considered broken. In other words, the connection is +# automatically closed approximately after +# keepalive_interval * (keepalive_count + 1) seconds since the last +# message received from the daemon. If keepalive_interval is set to +# -1, qemu driver will not send keepalive requests during +# peer-to-peer migration; however, the remote libvirtd can still +# send them and source libvirtd will send responses. When +# keepalive_count is set to 0, connections will be automatically +# closed after keepalive_interval seconds of inactivity without +# sending any keepalive messages. +# +#keepalive_interval = 5 +#keepalive_count = 5 + + + +# Use seccomp syscall filtering sandbox in QEMU. +# 1 == filter enabled, 0 == filter disabled +# +# Unless this option is disabled, QEMU will be run with +# a seccomp filter that stops it from executing certain +# syscalls. +# +#seccomp_sandbox = 1 + + +# Override the listen address for all incoming migrations. Defaults to +# 0.0.0.0, or :: if both host and qemu are capable of IPv6. +#migration_address = "0.0.0.0" + + +# The default hostname or IP address which will be used by a migration +# source for transferring migration data to this host. The migration +# source has to be able to resolve this hostname and connect to it so +# setting "localhost" will not work. By default, the host's configured +# hostname is used. +#migration_host = "host.example.com" + + +# Override the port range used for incoming migrations. +# +# Minimum must be greater than 0, however when QEMU is not running as root, +# setting the minimum to be lower than 1024 will not work. +# +# Maximum must not be greater than 65535. +# +#migration_port_min = 49152 +#migration_port_max = 49215 + + + +# Timestamp QEMU's log messages (if QEMU supports it) +# +# Defaults to 1. +# +#log_timestamp = 0 + + +# Location of master nvram file +# +# This configuration option is obsolete. Libvirt will follow the +# QEMU firmware metadata specification to automatically locate +# firmware images. See docs/interop/firmware.json in the QEMU +# source tree. These metadata files are distributed alongside any +# firmware images intended for use with QEMU. +# +# NOTE: if ANY firmware metadata files are detected, this setting +# will be COMPLETELY IGNORED. +# +# ------------------------------------------ +# +# When a domain is configured to use UEFI instead of standard +# BIOS it may use a separate storage for UEFI variables. If +# that's the case libvirt creates the variable store per domain +# using this master file as image. Each UEFI firmware can, +# however, have different variables store. Therefore the nvram is +# a list of strings when a single item is in form of: +# ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}. +# Later, when libvirt creates per domain variable store, this list is +# searched for the master image. The UEFI firmware can be called +# differently for different guest architectures. For instance, it's OVMF +# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default +# follows this scheme. +#nvram = [ +# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", +# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", +# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", +# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" +#] + +# The backend to use for handling stdout/stderr output from +# QEMU processes. +# +# 'file': QEMU writes directly to a plain file. This is the +# historical default, but allows QEMU to inflict a +# denial of service attack on the host by exhausting +# filesystem space +# +# 'logd': QEMU writes to a pipe provided by virtlogd daemon. +# This is the current default, providing protection +# against denial of service by performing log file +# rollover when a size limit is hit. +# +#stdio_handler = "logd" + +# QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the +# most verbose, and 0 representing no debugging output. +# +# The current logging levels defined in the gluster GFAPI are: +# +# 0 - None +# 1 - Emergency +# 2 - Alert +# 3 - Critical +# 4 - Error +# 5 - Warning +# 6 - Notice +# 7 - Info +# 8 - Debug +# 9 - Trace +# +# Defaults to 4 +# +#gluster_debug_level = 9 + +# virtiofsd debug +# +# Whether to enable the debugging output of the virtiofsd daemon. +# Possible values are 0 or 1. Disabled by default. +# +#virtiofsd_debug = 1 + +# To enhance security, QEMU driver is capable of creating private namespaces +# for each domain started. Well, so far only "mount" namespace is supported. If +# enabled it means qemu process is unable to see all the devices on the system, +# only those configured for the domain in question. Libvirt then manages +# devices entries throughout the domain lifetime. This namespace is turned on +# by default. +#namespaces = [ "mount" ] + +# This directory is used for memoryBacking source if configured as file. +# NOTE: big files will be stored here +#memory_backing_dir = "/var/lib/libvirt/qemu/ram" + +# Path to the SCSI persistent reservations helper. This helper is +# used whenever <reservations/> are enabled for SCSI LUN devices. +#pr_helper = "/usr/bin/qemu-pr-helper" + +# Path to the SLIRP networking helper. +#slirp_helper = "/usr/bin/slirp-helper" + +# Path to the dbus-daemon +#dbus_daemon = "/usr/bin/dbus-daemon" + +# User for the swtpm TPM Emulator +# +# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs +# and uses; alternative is 'root' +# +#swtpm_user = "tss" +#swtpm_group = "tss" + +# For debugging and testing purposes it's sometimes useful to be able to disable +# libvirt behaviour based on the capabilities of the qemu process. This option +# allows to do so. DO _NOT_ use in production and beaware that the behaviour +# may change across versions. +# +#capability_filters = [ "capname" ] + +# 'deprecation_behavior' setting controls how the qemu process behaves towards +# deprecated commands and arguments used by libvirt. +# +# This setting is meant for developers and CI efforts to make it obvious when +# libvirt relies on fields which are deprecated so that it can be fixes as soon +# as possible. +# +# Possible options are: +# "none" - (default) qemu is supposed to accept and output deprecated fields +# and commands +# "omit" - qemu is instructed to omit deprecated fields on output, behaviour +# towards fields and commands from qemu is not changed +# "reject" - qemu is instructed to report an error if a deprecated command or +# field is used by libvirtd +# "crash" - qemu crashes when an deprecated command or field is used by libvirtd +# +# For both "reject" and "crash" qemu is instructed to omit any deprecated fields +# on output. +# +# The "reject" option is less harsh towards the VMs but some code paths ignore +# errors reported by qemu and thus it may not be obvious that a deprecated +# command/field was used, thus it's suggested to use the "crash" option instead. +# +# In cases when qemu doesn't support configuring the behaviour this setting is +# silently ignored to allow testing older qemu versions without having to +# reconfigure libvirtd. +# +# DO NOT use in production. +# +#deprecation_behavior = "none" diff --git a/libvirt/virtlogd.rc b/libvirt/virtlogd.rc new file mode 100755 index 000000000..6f2f7dcd1 --- /dev/null +++ b/libvirt/virtlogd.rc @@ -0,0 +1,37 @@ +#!/bin/sh +# +# /etc/rc.d/virtlogd: start/stop virtlogd daemon +# + +SSD=/sbin/start-stop-daemon +PROG=/usr/sbin/virtlogd +PID=/var/run/virtlogd.pid +VIRTLOGD_PID=/var/run/virtlogd.pid +OPTS="-d" + +case $1 in + start) + $SSD --start --pidfile $PID --exec $PROG -- $OPTS + ;; + stop) + $SSD --stop --retry 10 --pidfile $PID + ;; + restart) + $0 stop + $0 start + ;; + status) + $SSD --status --pidfile $PID + case $? in + 0) echo "$PROG is running with pid $(cat $PID)" ;; + 1) echo "$PROG is not running but the pid file $PID exists" ;; + 3) echo "$PROG is not running" ;; + 4) echo "Unable to determine the program status" ;; + esac + ;; + *) + echo "usage: $0 [start|stop|restart|status]" + ;; +esac + +# End of file |