diff --git a/root/etc/libvirt/qemu.conf b/root/etc/libvirt/qemu.conf deleted file mode 100755 index df4f05a..0000000 --- a/root/etc/libvirt/qemu.conf +++ /dev/null @@ -1,823 +0,0 @@ -# Master configuration file for the QEMU driver. -# All settings described here are optional - if omitted, sensible -# defaults are used. - -# Use of TLS requires that x509 certificates be issued. The default is -# to keep them in /etc/pki/qemu. This directory must contain -# -# ca-cert.pem - the CA master certificate -# server-cert.pem - the server certificate signed with ca-cert.pem -# server-key.pem - the server private key -# -# and optionally may contain -# -# dh-params.pem - the DH params configuration file -# -# If the directory does not exist, libvirtd will fail to start. If the -# directory doesn't contain the necessary files, QEMU domains will fail -# to start if they are configured to use TLS. -# -# In order to overwrite the default path alter the following. This path -# definition will be used as the default path for other *_tls_x509_cert_dir -# configuration settings if their default path does not exist or is not -# specifically set. -# -#default_tls_x509_cert_dir = "/etc/pki/qemu" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# an encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing an x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client who does not have a -# certificate signed by the CA in /etc/pki/qemu/ca-cert.pem -# -# The default_tls_x509_cert_dir directory must also contain -# -# client-cert.pem - the client certificate signed with the ca-cert.pem -# client-key.pem - the client private key -# -#default_tls_x509_verify = 1 - -# -# Libvirt assumes the server-key.pem file is unencrypted by default. -# To use an encrypted server-key.pem file, the password to decrypt -# the PEM file is required. This can be provided by creating a secret -# object in libvirt and then to uncomment this setting to set the UUID -# of the secret. -# -# NB This default all-zeros UUID will not work. Replace it with the -# output from the UUID for the TLS secret from a 'virsh secret-list' -# command and then uncomment the entry -# -#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -# VNC is configured to listen on 127.0.0.1 by default. -# To make it listen on all public interfaces, uncomment -# this next option. -# -# NB, strong recommendation to enable TLS + x509 certificate -# verification when allowing public access -# -#vnc_listen = "0.0.0.0" - -# Enable this option to have VNC served over an automatically created -# unix socket. This prevents unprivileged access from users on the -# host machine, though most VNC clients do not support it. -# -# This will only be enabled for VNC configurations that have listen -# type=address but without any address specified. This setting takes -# preference over vnc_listen. -# -#vnc_auto_unix_socket = 1 - -# Enable use of TLS encryption on the VNC server. This requires -# a VNC client which supports the VeNCrypt protocol extension. -# Examples include vinagre, virt-viewer, virt-manager and vencrypt -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to setup CA and issue a server certificate -# before enabling this. -# -#vnc_tls = 1 - - -# In order to override the default TLS certificate location for -# vnc certificates, supply a valid path to the certificate directory. -# If the provided path does not exist, libvirtd will fail to start. -# If the path is not provided, but vnc_tls = 1, then the -# default_tls_x509_cert_dir path will be used. -# -#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" - - -# Uncomment and use the following option to override the default secret -# UUID provided in the default_tls_x509_secret_uuid parameter. -# -#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# an encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing an x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. -# -# If this option is not supplied, it will be set to the value of -# "default_tls_x509_verify". -# -#vnc_tls_x509_verify = 1 - - -# The default VNC password. Only 8 bytes are significant for -# VNC passwords. This parameter is only used if the per-domain -# XML config does not already provide a password. To allow -# access without passwords, leave this commented out. An empty -# string will still enable passwords, but be rejected by QEMU, -# effectively preventing any use of VNC. Obviously change this -# example here before you set this. -# -#vnc_password = "XYZ12345" - - -# Enable use of SASL encryption on the VNC server. This requires -# a VNC client which supports the SASL protocol extension. -# Examples include vinagre, virt-viewer and virt-manager -# itself. UltraVNC, RealVNC, TightVNC do not support this -# -# It is necessary to configure /etc/sasl2/qemu.conf to choose -# the desired SASL plugin (eg, GSSPI for Kerberos) -# -#vnc_sasl = 1 - - -# The default SASL configuration file is located in /etc/sasl2/ -# When running libvirtd unprivileged, it may be desirable to -# override the configs in this location. Set this parameter to -# point to the directory, and create a qemu.conf in that location -# -#vnc_sasl_dir = "/some/directory/sasl2" - - -# QEMU implements an extension for providing audio over a VNC connection, -# though if your VNC client does not support it, your only chance for getting -# sound output is through regular audio backends. By default, libvirt will -# disable all QEMU sound backends if using VNC, since they can cause -# permissions issues. Enabling this option will make libvirtd honor the -# QEMU_AUDIO_DRV environment variable when using VNC. -# -#vnc_allow_host_audio = 0 - - - -# SPICE is configured to listen on 127.0.0.1 by default. -# To make it listen on all public interfaces, uncomment -# this next option. -# -# NB, strong recommendation to enable TLS + x509 certificate -# verification when allowing public access -# -#spice_listen = "0.0.0.0" - - -# Enable use of TLS encryption on the SPICE server. -# -# It is necessary to setup CA and issue a server certificate -# before enabling this. -# -#spice_tls = 1 - - -# In order to override the default TLS certificate location for -# spice certificates, supply a valid path to the certificate directory. -# If the provided path does not exist, libvirtd will fail to start. -# If the path is not provided, but spice_tls = 1, then the -# default_tls_x509_cert_dir path will be used. -# -#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" - - -# Enable this option to have SPICE served over an automatically created -# unix socket. This prevents unprivileged access from users on the -# host machine. -# -# This will only be enabled for SPICE configurations that have listen -# type=address but without any address specified. This setting takes -# preference over spice_listen. -# -#spice_auto_unix_socket = 1 - - -# The default SPICE password. This parameter is only used if the -# per-domain XML config does not already provide a password. To -# allow access without passwords, leave this commented out. An -# empty string will still enable passwords, but be rejected by -# QEMU, effectively preventing any use of SPICE. Obviously change -# this example here before you set this. -# -#spice_password = "XYZ12345" - - -# Enable use of SASL encryption on the SPICE server. This requires -# a SPICE client which supports the SASL protocol extension. -# -# It is necessary to configure /etc/sasl2/qemu.conf to choose -# the desired SASL plugin (eg, GSSPI for Kerberos) -# -#spice_sasl = 1 - -# The default SASL configuration file is located in /etc/sasl2/ -# When running libvirtd unprivileged, it may be desirable to -# override the configs in this location. Set this parameter to -# point to the directory, and create a qemu.conf in that location -# -#spice_sasl_dir = "/some/directory/sasl2" - -# Enable use of TLS encryption on the chardev TCP transports. -# -# It is necessary to setup CA and issue a server certificate -# before enabling this. -# -#chardev_tls = 1 - - -# In order to override the default TLS certificate location for character -# device TCP certificates, supply a valid path to the certificate directory. -# If the provided path does not exist, libvirtd will fail to start. -# If the path is not provided, but chardev_tls = 1, then the -# default_tls_x509_cert_dir path will be used. -# -#chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# an encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing an x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the chardev_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. -# -# If this option is not supplied, it will be set to the value of -# "default_tls_x509_verify". -# -#chardev_tls_x509_verify = 1 - - -# Uncomment and use the following option to override the default secret -# UUID provided in the default_tls_x509_secret_uuid parameter. -# -# NB This default all-zeros UUID will not work. Replace it with the -# output from the UUID for the TLS secret from a 'virsh secret-list' -# command and then uncomment the entry -# -#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -# Enable use of TLS encryption for all VxHS network block devices that -# don't specifically disable. -# -# When the VxHS network block device server is set up appropriately, -# x509 certificates are required for authentication between the clients -# (qemu processes) and the remote VxHS server. -# -# It is necessary to setup CA and issue the client certificate before -# enabling this. -# -#vxhs_tls = 1 - - -# In order to override the default TLS certificate location for VxHS -# backed storage, supply a valid path to the certificate directory. -# This is used to authenticate the VxHS block device clients to the VxHS -# server. -# -# If the provided path does not exist, libvirtd will fail to start. -# If the path is not provided, but vxhs_tls = 1, then the -# default_tls_x509_cert_dir path will be used. -# -# VxHS block device clients expect the client certificate and key to be -# present in the certificate directory along with the CA master certificate. -# If using the default environment, default_tls_x509_verify must be configured. -# Since this is only a client the server-key.pem certificate is not needed. -# Thus a VxHS directory must contain the following: -# -# ca-cert.pem - the CA master certificate -# client-cert.pem - the client certificate signed with the ca-cert.pem -# client-key.pem - the client private key -# -#vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs" - - - -# Enable use of TLS encryption for all NBD disk devices that don't -# specifically disable it. -# -# When the NBD server is set up appropriately, x509 certificates are required -# for authentication between the client and the remote NBD server. -# -# It is necessary to setup CA and issue the client certificate before -# enabling this. -# -#nbd_tls = 1 - - -# In order to override the default TLS certificate location for NBD -# backed storage, supply a valid path to the certificate directory. -# This is used to authenticate the NBD block device clients to the NBD -# server. -# -# If the provided path does not exist, libvirtd will fail to start. -# If the path is not provided, but nbd_tls = 1, then the -# default_tls_x509_cert_dir path will be used. -# -# NBD block device clients expect the client certificate and key to be -# present in the certificate directory along with the CA certificate. -# Since this is only a client the server-key.pem certificate is not needed. -# Thus a NBD directory must contain the following: -# -# ca-cert.pem - the CA master certificate -# client-cert.pem - the client certificate signed with the ca-cert.pem -# client-key.pem - the client private key -# -#nbd_tls_x509_cert_dir = "/etc/pki/libvirt-nbd" - - -# In order to override the default TLS certificate location for migration -# certificates, supply a valid path to the certificate directory. If the -# provided path does not exist, libvirtd will fail to start. If the path is -# not provided, but migrate_tls = 1, then the default_tls_x509_cert_dir path -# will be used. Once/if a default certificate is enabled/defined, migration -# will then be able to use the certificate via migration API flags. -# -#migrate_tls_x509_cert_dir = "/etc/pki/libvirt-migrate" - - -# The default TLS configuration only uses certificates for the server -# allowing the client to verify the server's identity and establish -# an encrypted channel. -# -# It is possible to use x509 certificates for authentication too, by -# issuing an x509 certificate to every client who needs to connect. -# -# Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the migrate_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. -# -# If this option is not supplied, it will be set to the value of -# "default_tls_x509_verify". -# -#migrate_tls_x509_verify = 1 - - -# Uncomment and use the following option to override the default secret -# UUID provided in the default_tls_x509_secret_uuid parameter. -# -# NB This default all-zeros UUID will not work. Replace it with the -# output from the UUID for the TLS secret from a 'virsh secret-list' -# command and then uncomment the entry -# -#migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" - - -# By default, if no graphical front end is configured, libvirt will disable -# QEMU audio output since directly talking to alsa/pulseaudio may not work -# with various security settings. If you know what you're doing, enable -# the setting below and libvirt will passthrough the QEMU_AUDIO_DRV -# environment variable when using nographics. -# -#nographics_allow_host_audio = 1 - - -# Override the port for creating both VNC and SPICE sessions (min). -# This defaults to 5900 and increases for consecutive sessions -# or when ports are occupied, until it hits the maximum. -# -# Minimum must be greater than or equal to 5900 as lower number would -# result into negative vnc display number. -# -# Maximum must be less than 65536, because higher numbers do not make -# sense as a port number. -# -#remote_display_port_min = 5900 -#remote_display_port_max = 65535 - -# VNC WebSocket port policies, same rules apply as with remote display -# ports. VNC WebSockets use similar display <-> port mappings, with -# the exception being that ports start from 5700 instead of 5900. -# -#remote_websocket_port_min = 5700 -#remote_websocket_port_max = 65535 - -# The default security driver is SELinux. If SELinux is disabled -# on the host, then the security driver will automatically disable -# itself. If you wish to disable QEMU SELinux security driver while -# leaving SELinux enabled for the host in general, then set this -# to 'none' instead. It's also possible to use more than one security -# driver at the same time, for this use a list of names separated by -# comma and delimited by square brackets. For example: -# -# security_driver = [ "selinux", "apparmor" ] -# -# Notes: The DAC security driver is always enabled; as a result, the -# value of security_driver cannot contain "dac". The value "none" is -# a special value; security_driver can be set to that value in -# isolation, but it cannot appear in a list of drivers. -# -#security_driver = "selinux" - -# If set to non-zero, then the default security labeling -# will make guests confined. If set to zero, then guests -# will be unconfined by default. Defaults to 1. -#security_default_confined = 1 - -# If set to non-zero, then attempts to create unconfined -# guests will be blocked. Defaults to 0. -#security_require_confined = 1 - -# The user for QEMU processes run by the system instance. It can be -# specified as a user name or as a user id. The qemu driver will try to -# parse this value first as a name and then, if the name doesn't exist, -# as a user id. -# -# Since a sequence of digits is a valid user name, a leading plus sign -# can be used to ensure that a user id will not be interpreted as a user -# name. -# -# Some examples of valid values are: -# -# user = "qemu" # A user named "qemu" -# user = "+0" # Super user (uid=0) -# user = "100" # A user named "100" or a user with uid=100 -# -#user = "root" - -# The group for QEMU processes run by the system instance. It can be -# specified in a similar way to user. -#group = "root" - -# Whether libvirt should dynamically change file ownership -# to match the configured user/group above. Defaults to 1. -# Set to 0 to disable file ownership changes. -#dynamic_ownership = 1 - -# What cgroup controllers to make use of with QEMU guests -# -# - 'cpu' - use for scheduler tunables -# - 'devices' - use for device whitelisting -# - 'memory' - use for memory tunables -# - 'blkio' - use for block devices I/O tunables -# - 'cpuset' - use for CPUs and memory nodes -# - 'cpuacct' - use for CPUs statistics. -# -# NB, even if configured here, they won't be used unless -# the administrator has mounted cgroups, e.g.: -# -# mkdir /dev/cgroup -# mount -t cgroup -o devices,cpu,memory,blkio,cpuset none /dev/cgroup -# -# They can be mounted anywhere, and different controllers -# can be mounted in different locations. libvirt will detect -# where they are located. -# -#cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ] - -# This is the basic set of devices allowed / required by -# all virtual machines. -# -# As well as this, any configured block backed disks, -# all sound device, and all PTY devices are allowed. -# -# This will only need setting if newer QEMU suddenly -# wants some device we don't already know about. -# -#cgroup_device_acl = [ -# "/dev/null", "/dev/full", "/dev/zero", -# "/dev/random", "/dev/urandom", -# "/dev/ptmx", "/dev/kvm", -# "/dev/rtc","/dev/hpet" -#] -# -# RDMA migration requires the following extra files to be added to the list: -# "/dev/infiniband/rdma_cm", -# "/dev/infiniband/issm0", -# "/dev/infiniband/issm1", -# "/dev/infiniband/umad0", -# "/dev/infiniband/umad1", -# "/dev/infiniband/uverbs0" - - -# The default format for QEMU/KVM guest save images is raw; that is, the -# memory from the domain is dumped out directly to a file. If you have -# guests with a large amount of memory, however, this can take up quite -# a bit of space. If you would like to compress the images while they -# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" -# for save_image_format. Note that this means you slow down the process of -# saving a domain in order to save disk space; the list above is in descending -# order by performance and ascending order by compression ratio. -# -# save_image_format is used when you use 'virsh save' or 'virsh managedsave' -# at scheduled saving, and it is an error if the specified save_image_format -# is not valid, or the requested compression program can't be found. -# -# dump_image_format is used when you use 'virsh dump' at emergency -# crashdump, and if the specified dump_image_format is not valid, or -# the requested compression program can't be found, this falls -# back to "raw" compression. -# -# snapshot_image_format specifies the compression algorithm of the memory save -# image when an external snapshot of a domain is taken. This does not apply -# on disk image format. It is an error if the specified format isn't valid, -# or the requested compression program can't be found. -# -#save_image_format = "raw" -#dump_image_format = "raw" -#snapshot_image_format = "raw" - -# When a domain is configured to be auto-dumped when libvirtd receives a -# watchdog event from qemu guest, libvirtd will save dump files in directory -# specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump -# -#auto_dump_path = "/var/lib/libvirt/qemu/dump" - -# When a domain is configured to be auto-dumped, enabling this flag -# has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the -# virDomainCoreDump API. That is, the system will avoid using the -# file system cache while writing the dump file, but may cause -# slower operation. -# -#auto_dump_bypass_cache = 0 - -# When a domain is configured to be auto-started, enabling this flag -# has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag -# with the virDomainCreateWithFlags API. That is, the system will -# avoid using the file system cache when restoring any managed state -# file, but may cause slower operation. -# -#auto_start_bypass_cache = 0 - -# If provided by the host and a hugetlbfs mount point is configured, -# a guest may request huge page backing. When this mount point is -# unspecified here, determination of a host mount point in /proc/mounts -# will be attempted. Specifying an explicit mount overrides detection -# of the same in /proc/mounts. Setting the mount point to "" will -# disable guest hugepage backing. If desired, multiple mount points can -# be specified at once, separated by comma and enclosed in square -# brackets, for example: -# -# hugetlbfs_mount = ["/dev/hugepages2M", "/dev/hugepages1G"] -# -# The size of huge page served by specific mount point is determined by -# libvirt at the daemon startup. -# -# NB, within these mount points, guests will create memory backing -# files in a location of $MOUNTPOINT/libvirt/qemu -# -#hugetlbfs_mount = "/dev/hugepages" - - -# Path to the setuid helper for creating tap devices. This executable -# is used to create interfaces when libvirtd is -# running unprivileged. libvirt invokes the helper directly, instead -# of using "-netdev bridge", for security reasons. -#bridge_helper = "/usr/lib/qemu/qemu-bridge-helper" - - - -# If clear_emulator_capabilities is enabled, libvirt will drop all -# privileged capabilities of the QEMU/KVM emulator. This is enabled by -# default. -# -# Warning: Disabling this option means that a compromised guest can -# exploit the privileges and possibly do damage to the host. -# -#clear_emulator_capabilities = 1 - - -# If enabled, libvirt will have QEMU set its process name to -# "qemu:VM_NAME", where VM_NAME is the name of the VM. The QEMU -# process will appear as "qemu:VM_NAME" in process listings and -# other system monitoring tools. By default, QEMU does not set -# its process title, so the complete QEMU command (emulator and -# its arguments) appear in process listings. -# -#set_process_name = 1 - - -# If max_processes is set to a positive integer, libvirt will use -# it to set the maximum number of processes that can be run by qemu -# user. This can be used to override default value set by host OS. -# The same applies to max_files which sets the limit on the maximum -# number of opened files. -# -#max_processes = 0 -#max_files = 0 - -# If max_core is set to a non-zero integer, then QEMU will be -# permitted to create core dumps when it crashes, provided its -# RAM size is smaller than the limit set. -# -# Be warned that the core dump will include a full copy of the -# guest RAM, if the 'dump_guest_core' setting has been enabled, -# or if the guest XML contains -# -# ...guest ram... -# -# If guest RAM is to be included, ensure the max_core limit -# is set to at least the size of the largest expected guest -# plus another 1GB for any QEMU host side memory mappings. -# -# As a special case it can be set to the string "unlimited" to -# to allow arbitrarily sized core dumps. -# -# By default the core dump size is set to 0 disabling all dumps -# -# Size is a positive integer specifying bytes or the -# string "unlimited" -# -#max_core = "unlimited" - -# Determine if guest RAM is included in QEMU core dumps. By -# default guest RAM will be excluded if a new enough QEMU is -# present. Setting this to '1' will force guest RAM to always -# be included in QEMU core dumps. -# -# This setting will be ignored if the guest XML has set the -# dumpcore attribute on the element. -# -#dump_guest_core = 1 - -# mac_filter enables MAC addressed based filtering on bridge ports. -# This currently requires ebtables to be installed. -# -#mac_filter = 1 - - -# By default, PCI devices below non-ACS switch are not allowed to be assigned -# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to -# be assigned to guests. -# -#relaxed_acs_check = 1 - - -# In order to prevent accidentally starting two domains that -# share one writable disk, libvirt offers two approaches for -# locking files. The first one is sanlock, the other one, -# virtlockd, is then our own implementation. Accepted values -# are "sanlock" and "lockd". -# -#lock_manager = "lockd" - - -# Set limit of maximum APIs queued on one domain. All other APIs -# over this threshold will fail on acquiring job lock. Specially, -# setting to zero turns this feature off. -# Note, that job lock is per domain. -# -#max_queued = 0 - -################################################################### -# Keepalive protocol: -# This allows qemu driver to detect broken connections to remote -# libvirtd during peer-to-peer migration. A keepalive message is -# sent to the daemon after keepalive_interval seconds of inactivity -# to check if the daemon is still responding; keepalive_count is a -# maximum number of keepalive messages that are allowed to be sent -# to the daemon without getting any response before the connection -# is considered broken. In other words, the connection is -# automatically closed approximately after -# keepalive_interval * (keepalive_count + 1) seconds since the last -# message received from the daemon. If keepalive_interval is set to -# -1, qemu driver will not send keepalive requests during -# peer-to-peer migration; however, the remote libvirtd can still -# send them and source libvirtd will send responses. When -# keepalive_count is set to 0, connections will be automatically -# closed after keepalive_interval seconds of inactivity without -# sending any keepalive messages. -# -#keepalive_interval = 5 -#keepalive_count = 5 - - - -# Use seccomp syscall sandbox in QEMU. -# 1 == seccomp enabled, 0 == seccomp disabled -# -# If it is unset (or -1), then seccomp will be enabled -# only if QEMU >= 2.11.0 is detected, otherwise it is -# left disabled. This ensures the default config gets -# protection for new QEMU using the blacklist approach. -# -#seccomp_sandbox = 1 - - -# Override the listen address for all incoming migrations. Defaults to -# 0.0.0.0, or :: if both host and qemu are capable of IPv6. -#migration_address = "0.0.0.0" - - -# The default hostname or IP address which will be used by a migration -# source for transferring migration data to this host. The migration -# source has to be able to resolve this hostname and connect to it so -# setting "localhost" will not work. By default, the host's configured -# hostname is used. -#migration_host = "host.example.com" - - -# Override the port range used for incoming migrations. -# -# Minimum must be greater than 0, however when QEMU is not running as root, -# setting the minimum to be lower than 1024 will not work. -# -# Maximum must not be greater than 65535. -# -#migration_port_min = 49152 -#migration_port_max = 49215 - - - -# Timestamp QEMU's log messages (if QEMU supports it) -# -# Defaults to 1. -# -#log_timestamp = 0 - - -# Location of master nvram file -# -# When a domain is configured to use UEFI instead of standard -# BIOS it may use a separate storage for UEFI variables. If -# that's the case libvirt creates the variable store per domain -# using this master file as image. Each UEFI firmware can, -# however, have different variables store. Therefore the nvram is -# a list of strings when a single item is in form of: -# ${PATH_TO_UEFI_FW}:${PATH_TO_UEFI_VARS}. -# Later, when libvirt creates per domain variable store, this list is -# searched for the master image. The UEFI firmware can be called -# differently for different guest architectures. For instance, it's OVMF -# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default -# follows this scheme. -#nvram = [ -# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd", -# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd", -# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", -# "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd" -#] - -# The backend to use for handling stdout/stderr output from -# QEMU processes. -# -# 'file': QEMU writes directly to a plain file. This is the -# historical default, but allows QEMU to inflict a -# denial of service attack on the host by exhausting -# filesystem space -# -# 'logd': QEMU writes to a pipe provided by virtlogd daemon. -# This is the current default, providing protection -# against denial of service by performing log file -# rollover when a size limit is hit. -# -#stdio_handler = "logd" - -# QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the -# most verbose, and 0 representing no debugging output. -# -# The current logging levels defined in the gluster GFAPI are: -# -# 0 - None -# 1 - Emergency -# 2 - Alert -# 3 - Critical -# 4 - Error -# 5 - Warning -# 6 - Notice -# 7 - Info -# 8 - Debug -# 9 - Trace -# -# Defaults to 4 -# -#gluster_debug_level = 9 - -# To enhance security, QEMU driver is capable of creating private namespaces -# for each domain started. Well, so far only "mount" namespace is supported. If -# enabled it means qemu process is unable to see all the devices on the system, -# only those configured for the domain in question. Libvirt then manages -# devices entries throughout the domain lifetime. This namespace is turned on -# by default. -#namespaces = [ "mount" ] - -# This directory is used for memoryBacking source if configured as file. -# NOTE: big files will be stored here -#memory_backing_dir = "/var/lib/libvirt/qemu/ram" - -# Path to the SCSI persistent reservations helper. This helper is -# used whenever are enabled for SCSI LUN devices. -#pr_helper = "/usr/bin/qemu-pr-helper" - -# User for the swtpm TPM Emulator -# -# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs -# and uses; alternative is 'root' -# -#swtpm_user = "tss" -#swtpm_group = "tss" - -nvram = [ - "/usr/share/ovmf/x64/OVMF_CODE.fd:/usr/share/ovmf/x64/OVMF_VARS.fd" -] diff --git a/root/etc/pulse/default.pa b/root/etc/pulse/default.pa deleted file mode 100755 index 3284e23..0000000 --- a/root/etc/pulse/default.pa +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/pulseaudio -nF -# -# This file is part of PulseAudio. -# -# PulseAudio is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# PulseAudio is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with PulseAudio; if not, see . - -# This startup script is used only if PulseAudio is started per-user -# (i.e. not in system mode) - -.fail - -### Automatically restore the volume of streams and devices -load-module module-device-restore -load-module module-stream-restore -load-module module-card-restore - -### Use Avahi -load-module module-zeroconf-publish -load-module module-zeroconf-discover - -### Automatically augment property information from .desktop files -### stored in /usr/share/application -load-module module-augment-properties - -### Should be after module-*-restore but before module-*-detect -load-module module-switch-on-port-available - -### Load audio drivers statically -### (it's probably better to not load these drivers manually, but instead -### use module-udev-detect -- see below -- for doing this automatically) -#load-module module-alsa-sink -#load-module module-alsa-source device=hw:1,0 -#load-module module-oss device="/dev/dsp" sink_name=output source_name=input -#load-module module-oss-mmap device="/dev/dsp" sink_name=output source_name=input -#load-module module-null-sink -#load-module module-pipe-sink - -### Automatically load driver modules depending on the hardware available -.ifexists module-udev-detect.so -load-module module-udev-detect -.else -### Use the static hardware detection module (for systems that lack udev support) -load-module module-detect -.endif - -### Automatically connect sink and source if JACK server is present -.ifexists module-jackdbus-detect.so -.nofail -load-module module-jackdbus-detect channels=2 -.fail -.endif - -### Automatically load driver modules for Bluetooth hardware -.ifexists module-bluetooth-policy.so -load-module module-bluetooth-policy -.endif - -.ifexists module-bluetooth-discover.so -load-module module-bluetooth-discover -.endif - -### Load several protocols -load-module module-dbus-protocol -.ifexists module-esound-protocol-unix.so -load-module module-esound-protocol-unix -.endif -load-module module-native-protocol-unix - -### Network access (may be configured with paprefs, so leave this commented -### here if you plan to use paprefs) -#load-module module-esound-protocol-tcp -#load-module module-native-protocol-tcp -#load-module module-zeroconf-publish - -### Load the RTP receiver module (also configured via paprefs, see above) -#load-module module-rtp-recv - -### Load the RTP sender module (also configured via paprefs, see above) -#load-module module-null-sink sink_name=rtp format=s16be channels=2 rate=44100 sink_properties="device.description='RTP Multicast Sink'" -#load-module module-rtp-send source=rtp.monitor - -### Load additional modules from GSettings. This can be configured with the paprefs tool. -### Please keep in mind that the modules configured by paprefs might conflict with manually -### loaded modules. -.ifexists module-gsettings.so -.nofail -load-module module-gsettings -.fail -.endif - - -### Automatically restore the default sink/source when changed by the user -### during runtime -### NOTE: This should be loaded as early as possible so that subsequent modules -### that look up the default sink/source get the right value -load-module module-default-device-restore - -### Automatically move streams to the default sink if the sink they are -### connected to dies, similar for sources -load-module module-rescue-streams - -### Make sure we always have a sink around, even if it is a null sink. -load-module module-always-sink - -### Honour intended role device property -load-module module-intended-roles - -### Automatically suspend sinks/sources that become idle for too long -load-module module-suspend-on-idle - -### If autoexit on idle is enabled we want to make sure we only quit -### when no local session needs us anymore. -.ifexists module-console-kit.so -load-module module-console-kit -.endif -.ifexists module-systemd-login.so -load-module module-systemd-login -.endif - -### Enable positioned event sounds -load-module module-position-event-sounds - -### Cork music/video streams when a phone stream is active -load-module module-role-cork - -### Modules to allow autoloading of filters (such as echo cancellation) -### on demand. module-filter-heuristics tries to determine what filters -### make sense, and module-filter-apply does the heavy-lifting of -### loading modules and rerouting streams. -load-module module-filter-heuristics -load-module module-filter-apply - -### Make some devices default -#set-default-sink output -#set-default-source input diff --git a/root/etc/systemd/resolved.conf b/root/etc/systemd/resolved.conf deleted file mode 100755 index 2381aef..0000000 --- a/root/etc/systemd/resolved.conf +++ /dev/null @@ -1,24 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See resolved.conf(5) for details - -[Resolve] -#DNS= -#FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888 -#Domains= -#LLMNR=yes -MulticastDNS=yes -#DNSSEC=allow-downgrade -#DNSOverTLS=opportunistic -#Cache=yes -#DNSStubListener=yes -#ReadEtcHosts=yes