libvirt/SOURCES/libvirt-qemu-sanitize-blank-lines-in-config-file.patch

From 6921381e6831f942029b922e6f0ef6b7ca0c6c58 Mon Sep 17 00:00:00 2001
Message-ID: <6921381e6831f942029b922e6f0ef6b7ca0c6c58.1755522824.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Wed, 16 Jul 2025 16:30:52 +0100
Subject: [PATCH] qemu: sanitize blank lines in config file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We mostly use 2 blank lines between config file entries to
improve readability. Fix where we don't do that.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 0b9cfa791f2bd135ea36fe03fd1a8d6c8bf5e3d6)

Resolves: https://issues.redhat.com/browse/RHEL-106276
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/qemu/qemu.conf.in | 41 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 3365834200..988d176a28 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -48,7 +48,7 @@
 #
 #default_tls_x509_verify = 1
 
-#
+
 # Libvirt assumes the server-key.pem file is unencrypted by default.
 # To use an encrypted server-key.pem file, the password to decrypt
 # the PEM file is required. This can be provided by creating a secret
@@ -71,6 +71,7 @@
 #
 #vnc_listen = "0.0.0.0"
 
+
 # Enable this option to have VNC served over an automatically created
 # unix socket. This prevents unprivileged access from users on the
 # host machine, though most VNC clients do not support it.
@@ -81,6 +82,7 @@
 #
 #vnc_auto_unix_socket = 1
 
+
 # Enable use of TLS encryption on the VNC server. This requires
 # a VNC client which supports the VeNCrypt protocol extension.
 # Examples include vinagre, virt-viewer, virt-manager and vencrypt
@@ -222,6 +224,7 @@
 #
 #spice_sasl = 1
 
+
 # The default SASL configuration file is located in /etc/sasl2/
 # When running libvirtd unprivileged, it may be desirable to
 # override the configs in this location. Set this parameter to
@@ -229,6 +232,7 @@
 #
 #spice_sasl_dir = "/some/directory/sasl2"
 
+
 # Enable use of TLS encryption on the chardev TCP transports.
 #
 # It is necessary to setup CA and issue a server certificate
@@ -468,6 +472,7 @@
 #remote_display_port_min = 5900
 #remote_display_port_max = 65535
 
+
 # VNC WebSocket port policies, same rules apply as with remote display
 # ports.  VNC WebSockets use similar display <-> port mappings, with
 # the exception being that ports start from 5700 instead of 5900.
@@ -475,6 +480,7 @@
 #remote_websocket_port_min = 5700
 #remote_websocket_port_max = 65535
 
+
 # The default security driver is SELinux. If SELinux is disabled
 # on the host, then the security driver will automatically disable
 # itself. If you wish to disable QEMU SELinux security driver while
@@ -492,15 +498,18 @@
 #
 #security_driver = "selinux"
 
+
 # If set to non-zero, then the default security labeling
 # will make guests confined. If set to zero, then guests
 # will be unconfined by default. Defaults to 1.
 #security_default_confined = 1
 
+
 # If set to non-zero, then attempts to create unconfined
 # guests will be blocked. Defaults to 0.
 #security_require_confined = 1
 
+
 # The user for QEMU processes run by the system instance. It can be
 # specified as a user name or as a user id. The qemu driver will try to
 # parse this value first as a name and then, if the name doesn't exist,
@@ -518,20 +527,24 @@
 #
 #user = "@QEMU_USER@"
 
+
 # The group for QEMU processes run by the system instance. It can be
 # specified in a similar way to user.
 #group = "@QEMU_GROUP@"
 
+
 # Whether libvirt should dynamically change file ownership
 # to match the configured user/group above. Defaults to 1.
 # Set to 0 to disable file ownership changes.
 #dynamic_ownership = 1
 
+
 # Whether libvirt should remember and restore the original
 # ownership over files it is relabeling. Defaults to 1, set
 # to 0 to disable the feature.
 #remember_owner = 1
 
+
 # What cgroup controllers to make use of with QEMU guests
 #
 #  - 'cpu' - use for scheduler tunables
@@ -553,6 +566,7 @@
 #
 #cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]
 
+
 # This is the basic set of devices allowed / required by
 # all virtual machines.
 #
@@ -612,12 +626,14 @@
 #dump_image_format = "raw"
 #snapshot_image_format = "raw"
 
+
 # When a domain is configured to be auto-dumped when libvirtd receives a
 # watchdog event from qemu guest, libvirtd will save dump files in directory
 # specified by auto_dump_path. Default value is /var/lib/libvirt/qemu/dump
 #
 #auto_dump_path = "/var/lib/libvirt/qemu/dump"
 
+
 # When a domain is configured to be auto-dumped, enabling this flag
 # has the same effect as using the VIR_DUMP_BYPASS_CACHE flag with the
 # virDomainCoreDump API.  That is, the system will avoid using the
@@ -626,6 +642,7 @@
 #
 #auto_dump_bypass_cache = 0
 
+
 # When a domain is configured to be auto-started, enabling this flag
 # has the same effect as using the VIR_DOMAIN_START_BYPASS_CACHE flag
 # with the virDomainCreateWithFlags API.  That is, the system will
@@ -634,6 +651,7 @@
 #
 #auto_start_bypass_cache = 0
 
+
 # If provided by the host and a hugetlbfs mount point is configured,
 # a guest may request huge page backing.  When this mount point is
 # unspecified here, determination of a host mount point in /proc/mounts
@@ -682,6 +700,7 @@
 #max_processes = 0
 #max_files = 0
 
+
 # If max_threads_per_process is set to a positive integer, libvirt
 # will use it to set the maximum number of threads that can be
 # created by a qemu process. Some VM configurations can result in
@@ -692,6 +711,7 @@
 #
 #max_threads_per_process = 0
 
+
 # If max_core is set to a non-zero integer, then QEMU will be
 # permitted to create core dumps when it crashes, provided its
 # RAM size is smaller than the limit set.
@@ -716,6 +736,7 @@
 #
 #max_core = "unlimited"
 
+
 # Determine if guest RAM is included in QEMU core dumps. By
 # default guest RAM will be excluded if a new enough QEMU is
 # present and host kernel supports it. Setting this to '1' will
@@ -726,6 +747,7 @@
 #
 #dump_guest_core = 1
 
+
 # mac_filter enables MAC addressed based filtering on bridge ports.
 # This currently requires ebtables to be installed.
 #
@@ -755,6 +777,7 @@
 #
 #max_queued = 0
 
+
 ###################################################################
 # Keepalive protocol:
 # This allows qemu driver to detect broken connections to remote
@@ -778,7 +801,6 @@
 #keepalive_count = 5
 
 
-
 # Use seccomp syscall filtering sandbox in QEMU.
 # 1 == filter enabled, 0 == filter disabled
 #
@@ -813,7 +835,6 @@
 #migration_port_max = 49215
 
 
-
 # Timestamp QEMU's log messages (if QEMU supports it)
 #
 # Defaults to 1.
@@ -853,6 +874,7 @@
 #   "/usr/share/AAVMF/AAVMF32_CODE.fd:/usr/share/AAVMF/AAVMF32_VARS.fd"
 #]
 
+
 # The backend to use for handling stdout/stderr output from
 # QEMU processes.
 #
@@ -868,6 +890,7 @@
 #
 #stdio_handler = "logd"
 
+
 # QEMU gluster libgfapi log level, debug levels are 0-9, with 9 being the
 # most verbose, and 0 representing no debugging output.
 #
@@ -888,6 +911,7 @@
 #
 #gluster_debug_level = 9
 
+
 # virtiofsd debug
 #
 # Whether to enable the debugging output of the virtiofsd daemon.
@@ -895,6 +919,7 @@
 #
 #virtiofsd_debug = 1
 
+
 # To enhance security, QEMU driver is capable of creating private namespaces
 # for each domain started. Well, so far only "mount" namespace is supported. If
 # enabled it means qemu process is unable to see all the devices on the system,
@@ -903,24 +928,29 @@
 # by default.
 #namespaces = [ "mount" ]
 
+
 # This directory is used for memoryBacking source if configured as file.
 # NOTE: big files will be stored here
 #memory_backing_dir = "/var/lib/libvirt/qemu/ram"
 
+
 # Path to the SCSI persistent reservations helper. This helper is
 # used whenever <reservations/> are enabled for SCSI LUN devices.
 # If this is not an absolute path, the program will be searched for
 # in $PATH as well as a few additional directories.
 #pr_helper = "qemu-pr-helper"
 
+
 # Path to the SLIRP networking helper.
 #slirp_helper = "/usr/bin/slirp-helper"
 
+
 # Path to the dbus-daemon
 # If this is not an absolute path, the program will be searched for
 # in $PATH.
 #dbus_daemon = "dbus-daemon"
 
+
 # User for the swtpm TPM Emulator
 #
 # Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
@@ -929,6 +959,7 @@
 #swtpm_user = "tss"
 #swtpm_group = "tss"
 
+
 # For debugging and testing purposes it's sometimes useful to be able to disable
 # libvirt behaviour based on the capabilities of the qemu process. This option
 # allows to do so. DO _NOT_ use in production and beaware that the behaviour
@@ -936,6 +967,7 @@
 #
 #capability_filters = [ "capname" ]
 
+
 # 'deprecation_behavior' setting controls how the qemu process behaves towards
 # deprecated commands and arguments used by libvirt.
 #
@@ -967,6 +999,7 @@
 #
 #deprecation_behavior = "none"
 
+
 # If this is set then QEMU and its threads will run in a separate scheduling
 # group meaning no other process will share Hyper Threads of a single core with
 # QEMU. Each QEMU has its own group.
@@ -983,6 +1016,7 @@
 #              scheduling group
 #sched_core = "none"
 
+
 # Using nbdkit to access remote disk sources
 #
 # If this is set then libvirt will use nbdkit to access remote disk sources
@@ -994,6 +1028,7 @@
 #
 #storage_use_nbdkit = @USE_NBDKIT_DEFAULT@
 
+
 # libvirt will normally prevent migration if the storage backing the VM is not
 # on a shared filesystems. Sometimes, however, the storage *is* shared despite
 # not being detected as such: for example, this is the case when one of the
-- 
2.50.1