Accepting request 542716 from home:jfehlig:branches:Virtualization

- apparmor: allow libvirtd to send signals to unconfined processes
  suse-apparmor-signal.patch
  boo#1065123

- qemu: Tolerate storage source private data being NULL
  8056721c-qemu-null-storage-source.patch
  bsc#1068752

OBS-URL: https://build.opensuse.org/request/show/542716
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=638
This commit is contained in:
James Fehlig 2017-11-17 22:24:52 +00:00 committed by Git OBS Bridge
parent 9d8a1a2b86
commit 119ff95911
4 changed files with 167 additions and 8 deletions

View File

@ -0,0 +1,115 @@
commit 8056721cbb75a717604a1f7971440726d9d85045
Author: Peter Krempa <pkrempa@redhat.com>
Date: Thu Nov 9 12:51:25 2017 +0100
qemu: Tolerate storage source private data being NULL
In some cases it does not make sense to pursue that the private data
will be allocated (especially when we don't need to put anything in it).
Ensure that the code works without it.
This also fixes few crashes pointed out in
https://bugzilla.redhat.com/show_bug.cgi?id=1510323
Index: libvirt-3.9.0/src/qemu/qemu_command.c
===================================================================
--- libvirt-3.9.0.orig/src/qemu/qemu_command.c
+++ libvirt-3.9.0/src/qemu/qemu_command.c
@@ -1362,12 +1362,17 @@ qemuBuildDriveSourceStr(virDomainDiskDef
{
int actualType = virStorageSourceGetActualType(disk->src);
qemuDomainStorageSourcePrivatePtr srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
- qemuDomainSecretInfoPtr secinfo = srcpriv->secinfo;
- qemuDomainSecretInfoPtr encinfo = srcpriv->encinfo;
+ qemuDomainSecretInfoPtr secinfo = NULL;
+ qemuDomainSecretInfoPtr encinfo = NULL;
virJSONValuePtr srcprops = NULL;
char *source = NULL;
int ret = -1;
+ if (srcpriv) {
+ secinfo = srcpriv->secinfo;
+ encinfo = srcpriv->encinfo;
+ }
+
if (qemuDiskSourceNeedsProps(disk->src) &&
!(srcprops = qemuDiskSourceGetProps(disk->src)))
goto cleanup;
@@ -2239,8 +2244,13 @@ qemuBuildDiskDriveCommandLine(virCommand
bool driveBoot = false;
virDomainDiskDefPtr disk = def->disks[i];
qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
- qemuDomainSecretInfoPtr secinfo = srcPriv->secinfo;
- qemuDomainSecretInfoPtr encinfo = srcPriv->encinfo;
+ qemuDomainSecretInfoPtr secinfo = NULL;
+ qemuDomainSecretInfoPtr encinfo = NULL;
+
+ if (srcPriv) {
+ secinfo = srcPriv->secinfo;
+ encinfo = srcPriv->encinfo;
+ }
if (disk->info.bootIndex) {
bootindex = disk->info.bootIndex;
Index: libvirt-3.9.0/src/qemu/qemu_hotplug.c
===================================================================
--- libvirt-3.9.0.orig/src/qemu/qemu_hotplug.c
+++ libvirt-3.9.0/src/qemu/qemu_hotplug.c
@@ -259,6 +259,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
qemuDomainObjPrivatePtr priv = vm->privateData;
qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
+ qemuDomainSecretInfoPtr secinfo = NULL;
const char *format = NULL;
char *sourcestr = NULL;
@@ -268,6 +269,9 @@ qemuDomainChangeEjectableMedia(virQEMUDr
goto cleanup;
}
+ if (srcPriv)
+ secinfo = srcPriv->secinfo;
+
if (disk->device != VIR_DOMAIN_DISK_DEVICE_FLOPPY &&
disk->device != VIR_DOMAIN_DISK_DEVICE_CDROM) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -300,7 +304,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
}
if (!virStorageSourceIsEmpty(newsrc)) {
- if (qemuGetDriveSourceString(newsrc, srcPriv->secinfo, &sourcestr) < 0)
+ if (qemuGetDriveSourceString(newsrc, secinfo, &sourcestr) < 0)
goto error;
if (virStorageSourceGetActualType(newsrc) != VIR_STORAGE_TYPE_DIR) {
@@ -371,8 +375,8 @@ qemuDomainAttachDiskGeneric(virConnectPt
virJSONValuePtr secobjProps = NULL;
virJSONValuePtr encobjProps = NULL;
qemuDomainStorageSourcePrivatePtr srcPriv;
- qemuDomainSecretInfoPtr secinfo;
- qemuDomainSecretInfoPtr encinfo;
+ qemuDomainSecretInfoPtr secinfo = NULL;
+ qemuDomainSecretInfoPtr encinfo = NULL;
if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0)
goto cleanup;
@@ -384,13 +388,16 @@ qemuDomainAttachDiskGeneric(virConnectPt
goto error;
srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
- secinfo = srcPriv->secinfo;
+ if (srcPriv) {
+ secinfo = srcPriv->secinfo;
+ encinfo = srcPriv->encinfo;
+ }
+
if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
goto error;
}
- encinfo = srcPriv->encinfo;
if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
goto error;

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Fri Nov 17 21:59:28 UTC 2017 - jfehlig@suse.com
- apparmor: allow libvirtd to send signals to unconfined processes
suse-apparmor-signal.patch
boo#1065123
-------------------------------------------------------------------
Fri Nov 17 18:37:43 UTC 2017 - jfehlig@suse.com
- qemu: Tolerate storage source private data being NULL
8056721c-qemu-null-storage-source.patch
bsc#1068752
-------------------------------------------------------------------
Wed Nov 8 21:10:34 UTC 2017 - jfehlig@suse.com

View File

@ -300,6 +300,7 @@ Source4: libvirt-supportconfig
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: 8056721c-qemu-null-storage-source.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -322,14 +323,15 @@ Patch205: suse-libvirtd-service-xen.patch
Patch206: suse-qemu-conf.patch
Patch207: suse-ovmf-paths.patch
Patch208: suse-apparmor-libnl-paths.patch
Patch209: support-managed-pci-xen-driver.patch
Patch210: xen-sxpr-disk-type.patch
Patch211: libxl-support-block-script.patch
Patch212: apparmor-no-mount.patch
Patch213: qemu-apparmor-screenshot.patch
Patch214: libvirt-suse-netcontrol.patch
Patch215: lxc-wait-after-eth-del.patch
Patch216: libxl-qemu-emulator-caps.patch
Patch209: suse-apparmor-signal.patch
Patch210: support-managed-pci-xen-driver.patch
Patch211: xen-sxpr-disk-type.patch
Patch212: libxl-support-block-script.patch
Patch213: apparmor-no-mount.patch
Patch214: qemu-apparmor-screenshot.patch
Patch215: libvirt-suse-netcontrol.patch
Patch216: lxc-wait-after-eth-del.patch
Patch217: libxl-qemu-emulator-caps.patch
# SLES-Only patches
%if ! 0%{?is_opensuse}
Patch400: virt-create-rootfs.patch
@ -876,6 +878,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%prep
%setup -q
%patch0 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
@ -903,6 +906,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch214 -p1
%patch215 -p1
%patch216 -p1
%patch217 -p1
%if ! 0%{?is_opensuse}
%patch400 -p1
%endif

View File

@ -0,0 +1,26 @@
apparmor: allow libvirtd to send signals to unconfined processes
When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0),
qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing
sending signals to unconfined processes. Without the rule, libvirtd
is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the
following denial in audit.log
type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal"
profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send"
denied_mask="send" signal=term peer="unconfined"
Index: libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-3.9.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
@@ -60,6 +60,9 @@
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
+ # When confinement is not enforced (security_default_confined = 0), qemu
+ # processes run unconfined, hence 'peer=unconfined'
+ signal send set=(hup,kill,term) peer=unconfined,
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.