[libvirt] [PATCH] news: Update for 3.9.0 release
Andrea Bolognani
abologna at redhat.com
Thu Nov 2 09:55:05 UTC 2017
On Wed, 2017-11-01 at 16:19 -0400, John Ferlan wrote:
> > + </summary>
> > + <description>
> > + This new API, also exposed through the
> > + <code>set-lifecycle-action</code> <code>virsh</code> command, allows
> > + the user to dynamically control how the guest will react to being
> > + powered off, being restarted or crashing.
>
> This one reads strangely to me... As a suggestion
>
> Provided a new API to allow dynamic guest lifecycle control for guest
> reactions to poweroff, restart, or crash type events related to the
> domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and
> <code>on_crash</code> elements. The <code>virsh
> set-lifecycle-action<code> command was created to control the actions.
You forgot to close the <code> element here ;)
> > + constraints that log have to be bigger than 100 KiB before they can
> > + be rotated solves the issue.
>
> s/issue.$/issue. However, this may increase the number of files until
> they are automatically rotated.
I don't think that's true: the same number of log files will be
created, it's just that now more files will be rotated. So I left
out that part.
> (Personally, not quite sure how that rotation actually occurs).
Not sure myself. I think the logrotate profile is installed along
with libvirt, but you have to enable it explicitly for rotation to
actually occur?
> > + <change>
> > + <summary>
> > + qemu: Ensure TLS clients always verify the server certificate
> > + </summary>
> > + <description>
> > + While it's reasonable to turn off client certificate validation,
> > + as setting it up can be non-trivial, clients should always verify
> > + the server certificate to avoid MITM attacks. libvirt was, however,
> > + using the same knob to control both checks, leading to
> > + CVE-2017-1000256 / LSN-2017-0002.
> > + </description>
> > + </change>
As suggested by Peter, I've moved this to a separate "Security"
section, and pushed the whole thing.
Thanks for the review and all the improvements :)
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list