feat: Add support for running qemu-guest-agent in machine#175
Draft
ninja-quokka wants to merge 1 commit intocontainers:mainfrom
Draft
feat: Add support for running qemu-guest-agent in machine#175ninja-quokka wants to merge 1 commit intocontainers:mainfrom
ninja-quokka wants to merge 1 commit intocontainers:mainfrom
Conversation
Contributor
ninja-quokka
commented
Aug 25, 2025
ninja-quokka
commented
Signed-off-by: Lewis Roy <lewis@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ninja-quokka The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
ninja-quokka
commented
Aug 25, 2025
Comment on lines
+49
to
+51
| RUN --mount=type=bind,source=/qemuga-vsock.te,target=/run/qemuga-vsock.te,z <<EOF | ||
| /usr/bin/checkmodule -M -m -o /run/qemuga-vsock.mod /run/qemuga-vsock.te | ||
| /usr/bin/semodule_package -o /run/qemuga-vsock.pp -m /run/qemuga-vsock.mod |
Contributor
Author
There was a problem hiding this comment.
I'd rather do this in a build step so we don't need to install the checkpolicy package.
I could include the compiled qemuga-vsock.pp, it can be read with tools like sedismod but I think as a rule it's better to not include compiled files.
Luap99
reviewed
Aug 25, 2025
Member
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
What is the goal here? qemu is only used for linux so how will that help on other providers?
vyasgun
suggested changes
Apr 16, 2026
Member
vyasgun
left a comment
vyasgun
left a comment
There was a problem hiding this comment.
I don't have the access to push to this branch so I have made some suggestions.
| @@ -0,0 +1,11 @@ | |||
| Description=QEMU Guest Agent | |||
Member
There was a problem hiding this comment.
Suggested change
| Description=QEMU Guest Agent | |
| [Unit] | |
| Description=QEMU Guest Agent | |
| ConditionVirtualization=apple |
|
|
||
| [Service] | ||
| UMask=0077 | ||
| ExecStart=/usr/bin/qemu-ga --method=vsock-listen --path=3:1025 # Todo: The 3 may need to be dynamic |
Member
There was a problem hiding this comment.
Suggested change
| ExecStart=/usr/bin/qemu-ga --method=vsock-listen --path=3:1025 # Todo: The 3 may need to be dynamic | |
| ExecStart=/usr/bin/qemu-ga --method=vsock-listen --path=3:1234 |
6 tasks
Member
|
Hi @ninja-quokka, can you please rebase and address comments? If you don't have time, I will take over next week. |
Honny1
added a commit
to Honny1/podman-machine-os
that referenced
this pull request
May 6, 2026
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Honny1
added a commit
to Honny1/podman-machine-os
that referenced
this pull request
May 6, 2026
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Honny1
added a commit
to Honny1/podman-machine-os
that referenced
this pull request
May 6, 2026
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Honny1
added a commit
to Honny1/podman-machine-os
that referenced
this pull request
May 6, 2026
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Honny1
added a commit
to Honny1/podman-machine-os
that referenced
this pull request
May 6, 2026
Install qemu-guest-agent and configure it to listen on vsock port 1234 (matching the constant in containers/podman). The service is gated by a DMI sys_vendor check (ExecCondition) so it only runs on Podman machine providers that expose the vsock channel: vfkit (Apple Inc.), libkrun (Libkrun), and qemu (QEMU). A custom SELinux module allows virt_qemu_ga_t to use vsock sockets. Related PR: containers/podman#28527 Replace: containers#175 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.