From 02f6ab4b61256c3eb2bfb9496d10410f0fe472f085509e0828e8c1dc7fd366c9 Mon Sep 17 00:00:00 2001
From: Vasily Ulyanov <vasily.ulyanov@suse.com>
Date: Wed, 3 Jan 2024 12:18:09 +0000
Subject: [PATCH] Accepting request 1136511 from
 home:vulyanov:branches:Virtualization

- Fix seccomp profile for post-copy migration
  0004-seccomp-Use-Names-field-to-define-the-syscall.patch
- Set ExclusiveArch conditionally depending on the distro
- Remove SLE15 SP4 from the distro check (end of general support)

OBS-URL: https://build.opensuse.org/request/show/1136511
OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=143
---
 ...se-Names-field-to-define-the-syscall.patch | 27 +++++++++++++
 kubevirt.changes                              |  8 ++++
 kubevirt.spec                                 | 39 ++++++++++++-------
 3 files changed, 59 insertions(+), 15 deletions(-)
 create mode 100644 0004-seccomp-Use-Names-field-to-define-the-syscall.patch

diff --git a/0004-seccomp-Use-Names-field-to-define-the-syscall.patch b/0004-seccomp-Use-Names-field-to-define-the-syscall.patch
new file mode 100644
index 0000000..81f3c45
--- /dev/null
+++ b/0004-seccomp-Use-Names-field-to-define-the-syscall.patch
@@ -0,0 +1,27 @@
+From 0564fc86b7387d2c3b9f16a5f712ed3282c894e5 Mon Sep 17 00:00:00 2001
+From: Vasiliy Ulyanov <vulyanov@suse.de>
+Date: Fri, 15 Dec 2023 13:22:10 +0100
+Subject: [PATCH] seccomp: Use 'Names' field to define the syscall
+
+Apparently, 'Name' has been deprecated in favour of 'Names'. Some
+container runtimes do not handle 'Name' and thus fail to correctly set
+the profile for seccomp.
+
+Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
+---
+ pkg/virt-handler/seccomp/seccomp.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/virt-handler/seccomp/seccomp.go b/pkg/virt-handler/seccomp/seccomp.go
+index abc20b24af9e..f2ff71ac0bcc 100644
+--- a/pkg/virt-handler/seccomp/seccomp.go
++++ b/pkg/virt-handler/seccomp/seccomp.go
+@@ -70,7 +70,7 @@ func defaultProfile() *seccomp.Seccomp {
+ 	}
+ 
+ 	profile.Syscalls = append(profile.Syscalls, &seccomp.Syscall{
+-		Name:   "userfaultfd",
++		Names:  []string{"userfaultfd"},
+ 		Action: seccomp.ActAllow,
+ 		Args:   []*seccomp.Arg{},
+ 	})
diff --git a/kubevirt.changes b/kubevirt.changes
index fe0d83a..eca7632 100644
--- a/kubevirt.changes
+++ b/kubevirt.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jan  3 09:53:18 UTC 2024 - Vasily Ulyanov <vasily.ulyanov@suse.com>
+
+- Fix seccomp profile for post-copy migration
+  0004-seccomp-Use-Names-field-to-define-the-syscall.patch
+- Set ExclusiveArch conditionally depending on the distro
+- Remove SLE15 SP4 from the distro check (end of general support)
+
 -------------------------------------------------------------------
 Tue Nov 14 07:36:17 UTC 2023 - Vasily Ulyanov <vasily.ulyanov@suse.com>
 
diff --git a/kubevirt.spec b/kubevirt.spec
index 47c8cad..da63a36 100644
--- a/kubevirt.spec
+++ b/kubevirt.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package kubevirt
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,19 @@
 #
 
 
+%if 0%{?sle_version} && !0%{?is_opensuse}
+# SLE
+%define _exclusive_arch x86_64
+%else
+%if 0%{?suse_version} == 1600
+# ALP
+%define _exclusive_arch x86_64
+%else
+# TW
+%define _exclusive_arch x86_64 aarch64
+%endif
+%endif
+
 Name:           kubevirt
 Version:        1.1.0
 Release:        0
@@ -31,6 +44,7 @@ Source100:      %{name}-rpmlintrc
 Patch1:         0001-Update-google.golang.org-grpc-to-1.56.3.patch
 Patch2:         0002-virt-launcher-fix-qemu-non-root-path.patch
 Patch3:         0003-cgroupsv2-reconstruct-device-allowlist.patch
+Patch4:         0004-seccomp-Use-Names-field-to-define-the-syscall.patch
 BuildRequires:  glibc-devel-static
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
@@ -38,7 +52,7 @@ BuildRequires:  rsync
 BuildRequires:  sed
 BuildRequires:  golang(API) >= 1.19
 BuildRequires:  pkgconfig(libvirt)
-ExclusiveArch:  x86_64 aarch64
+ExclusiveArch:  %{_exclusive_arch}
 
 %description
 Kubevirt is a virtual machine management add-on for Kubernetes
@@ -165,11 +179,6 @@ the Kubevirt container images.
 #
 distro='%{?sle_version}:%{?is_opensuse}%{!?is_opensuse:0}'
 case "${distro}" in
-150400:0)
-    tagprefix=suse/sles/15.4
-    labelprefix=com.suse.kubevirt
-    registry=registry.suse.com
-    ;;
 150500:0)
     tagprefix=suse/sles/15.5
     labelprefix=com.suse.kubevirt
@@ -186,14 +195,14 @@ case "${distro}" in
     registry=registry.opensuse.org
     ;;
 *)
-    %if 0%{?suse_version} == 1600
-        tagprefix=alp/kubevirt
-        labelprefix=com.suse.kubevirt
-        registry=registry.suse.com
-    %else
-        echo "Unsupported distro: ${distro}" >&2
-        exit 1
-    %endif
+%if 0%{?suse_version} == 1600
+    tagprefix=alp/kubevirt
+    labelprefix=com.suse.kubevirt
+    registry=registry.suse.com
+%else
+    echo "Unsupported distro: ${distro}" >&2
+    exit 1
+%endif
     ;;
 esac