From 119ff95911abc1d9a791e7c07a3398a1e11c5f73fa2b319d8bb3c399328c0937 Mon Sep 17 00:00:00 2001
From: James Fehlig <jfehlig@suse.com>
Date: Fri, 17 Nov 2017 22:24:52 +0000
Subject: [PATCH] Accepting request 542716 from
 home:jfehlig:branches:Virtualization

- apparmor: allow libvirtd to send signals to unconfined processes
  suse-apparmor-signal.patch
  boo#1065123

- qemu: Tolerate storage source private data being NULL
  8056721c-qemu-null-storage-source.patch
  bsc#1068752

OBS-URL: https://build.opensuse.org/request/show/542716
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=638
---
 8056721c-qemu-null-storage-source.patch | 115 ++++++++++++++++++++++++
 libvirt.changes                         |  14 +++
 libvirt.spec                            |  20 +++--
 suse-apparmor-signal.patch              |  26 ++++++
 4 files changed, 167 insertions(+), 8 deletions(-)
 create mode 100644 8056721c-qemu-null-storage-source.patch
 create mode 100644 suse-apparmor-signal.patch

diff --git a/8056721c-qemu-null-storage-source.patch b/8056721c-qemu-null-storage-source.patch
new file mode 100644
index 0000000..f888683
--- /dev/null
+++ b/8056721c-qemu-null-storage-source.patch
@@ -0,0 +1,115 @@
+commit 8056721cbb75a717604a1f7971440726d9d85045
+Author: Peter Krempa <pkrempa@redhat.com>
+Date:   Thu Nov 9 12:51:25 2017 +0100
+
+    qemu: Tolerate storage source private data being NULL
+    
+    In some cases it does not make sense to pursue that the private data
+    will be allocated (especially when we don't need to put anything in it).
+    
+    Ensure that the code works without it.
+    
+    This also fixes few crashes pointed out in
+    https://bugzilla.redhat.com/show_bug.cgi?id=1510323
+
+Index: libvirt-3.9.0/src/qemu/qemu_command.c
+===================================================================
+--- libvirt-3.9.0.orig/src/qemu/qemu_command.c
++++ libvirt-3.9.0/src/qemu/qemu_command.c
+@@ -1362,12 +1362,17 @@ qemuBuildDriveSourceStr(virDomainDiskDef
+ {
+     int actualType = virStorageSourceGetActualType(disk->src);
+     qemuDomainStorageSourcePrivatePtr srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
+-    qemuDomainSecretInfoPtr secinfo = srcpriv->secinfo;
+-    qemuDomainSecretInfoPtr encinfo = srcpriv->encinfo;
++    qemuDomainSecretInfoPtr secinfo = NULL;
++    qemuDomainSecretInfoPtr encinfo = NULL;
+     virJSONValuePtr srcprops = NULL;
+     char *source = NULL;
+     int ret = -1;
+ 
++    if (srcpriv) {
++        secinfo = srcpriv->secinfo;
++        encinfo = srcpriv->encinfo;
++    }
++
+     if (qemuDiskSourceNeedsProps(disk->src) &&
+         !(srcprops = qemuDiskSourceGetProps(disk->src)))
+         goto cleanup;
+@@ -2239,8 +2244,13 @@ qemuBuildDiskDriveCommandLine(virCommand
+         bool driveBoot = false;
+         virDomainDiskDefPtr disk = def->disks[i];
+         qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
+-        qemuDomainSecretInfoPtr secinfo = srcPriv->secinfo;
+-        qemuDomainSecretInfoPtr encinfo = srcPriv->encinfo;
++        qemuDomainSecretInfoPtr secinfo = NULL;
++        qemuDomainSecretInfoPtr encinfo = NULL;
++
++        if (srcPriv) {
++            secinfo = srcPriv->secinfo;
++            encinfo = srcPriv->encinfo;
++        }
+ 
+         if (disk->info.bootIndex) {
+             bootindex = disk->info.bootIndex;
+Index: libvirt-3.9.0/src/qemu/qemu_hotplug.c
+===================================================================
+--- libvirt-3.9.0.orig/src/qemu/qemu_hotplug.c
++++ libvirt-3.9.0/src/qemu/qemu_hotplug.c
+@@ -259,6 +259,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
+     qemuDomainObjPrivatePtr priv = vm->privateData;
+     qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
+     qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
++    qemuDomainSecretInfoPtr secinfo = NULL;
+     const char *format = NULL;
+     char *sourcestr = NULL;
+ 
+@@ -268,6 +269,9 @@ qemuDomainChangeEjectableMedia(virQEMUDr
+         goto cleanup;
+     }
+ 
++    if (srcPriv)
++        secinfo = srcPriv->secinfo;
++
+     if (disk->device != VIR_DOMAIN_DISK_DEVICE_FLOPPY &&
+         disk->device != VIR_DOMAIN_DISK_DEVICE_CDROM) {
+         virReportError(VIR_ERR_INTERNAL_ERROR,
+@@ -300,7 +304,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
+     }
+ 
+     if (!virStorageSourceIsEmpty(newsrc)) {
+-        if (qemuGetDriveSourceString(newsrc, srcPriv->secinfo, &sourcestr) < 0)
++        if (qemuGetDriveSourceString(newsrc, secinfo, &sourcestr) < 0)
+             goto error;
+ 
+         if (virStorageSourceGetActualType(newsrc) != VIR_STORAGE_TYPE_DIR) {
+@@ -371,8 +375,8 @@ qemuDomainAttachDiskGeneric(virConnectPt
+     virJSONValuePtr secobjProps = NULL;
+     virJSONValuePtr encobjProps = NULL;
+     qemuDomainStorageSourcePrivatePtr srcPriv;
+-    qemuDomainSecretInfoPtr secinfo;
+-    qemuDomainSecretInfoPtr encinfo;
++    qemuDomainSecretInfoPtr secinfo = NULL;
++    qemuDomainSecretInfoPtr encinfo = NULL;
+ 
+     if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0)
+         goto cleanup;
+@@ -384,13 +388,16 @@ qemuDomainAttachDiskGeneric(virConnectPt
+         goto error;
+ 
+     srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
+-    secinfo = srcPriv->secinfo;
++    if (srcPriv) {
++        secinfo = srcPriv->secinfo;
++        encinfo = srcPriv->encinfo;
++    }
++
+     if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+         if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
+             goto error;
+     }
+ 
+-    encinfo = srcPriv->encinfo;
+     if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
+         goto error;
+ 
diff --git a/libvirt.changes b/libvirt.changes
index b49b5ee..6ad02b4 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Nov 17 21:59:28 UTC 2017 - jfehlig@suse.com
+
+- apparmor: allow libvirtd to send signals to unconfined processes
+  suse-apparmor-signal.patch
+  boo#1065123
+
+-------------------------------------------------------------------
+Fri Nov 17 18:37:43 UTC 2017 - jfehlig@suse.com
+
+- qemu: Tolerate storage source private data being NULL
+  8056721c-qemu-null-storage-source.patch
+  bsc#1068752
+
 -------------------------------------------------------------------
 Wed Nov  8 21:10:34 UTC 2017 - jfehlig@suse.com
 
diff --git a/libvirt.spec b/libvirt.spec
index 5b49e4c..480504f 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -300,6 +300,7 @@ Source4:        libvirt-supportconfig
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
+Patch0:         8056721c-qemu-null-storage-source.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -322,14 +323,15 @@ Patch205:       suse-libvirtd-service-xen.patch
 Patch206:       suse-qemu-conf.patch
 Patch207:       suse-ovmf-paths.patch
 Patch208:       suse-apparmor-libnl-paths.patch
-Patch209:       support-managed-pci-xen-driver.patch
-Patch210:       xen-sxpr-disk-type.patch
-Patch211:       libxl-support-block-script.patch
-Patch212:       apparmor-no-mount.patch
-Patch213:       qemu-apparmor-screenshot.patch
-Patch214:       libvirt-suse-netcontrol.patch
-Patch215:       lxc-wait-after-eth-del.patch
-Patch216:       libxl-qemu-emulator-caps.patch
+Patch209:       suse-apparmor-signal.patch
+Patch210:       support-managed-pci-xen-driver.patch
+Patch211:       xen-sxpr-disk-type.patch
+Patch212:       libxl-support-block-script.patch
+Patch213:       apparmor-no-mount.patch
+Patch214:       qemu-apparmor-screenshot.patch
+Patch215:       libvirt-suse-netcontrol.patch
+Patch216:       lxc-wait-after-eth-del.patch
+Patch217:       libxl-qemu-emulator-caps.patch
 # SLES-Only patches
 %if ! 0%{?is_opensuse}
 Patch400:       virt-create-rootfs.patch
@@ -876,6 +878,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 
 %prep
 %setup -q
+%patch0 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
@@ -903,6 +906,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch214 -p1
 %patch215 -p1
 %patch216 -p1
+%patch217 -p1
 %if ! 0%{?is_opensuse}
 %patch400 -p1
 %endif
diff --git a/suse-apparmor-signal.patch b/suse-apparmor-signal.patch
new file mode 100644
index 0000000..5705ef6
--- /dev/null
+++ b/suse-apparmor-signal.patch
@@ -0,0 +1,26 @@
+apparmor: allow libvirtd to send signals to unconfined processes
+
+When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0),
+qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing
+sending signals to unconfined processes. Without the rule, libvirtd
+is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the
+following denial in audit.log
+
+type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal"
+profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send"
+denied_mask="send" signal=term peer="unconfined"
+
+Index: libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
+===================================================================
+--- libvirt-3.9.0.orig/examples/apparmor/usr.sbin.libvirtd
++++ libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
+@@ -60,6 +60,9 @@
+ 
+   signal (send) peer=/usr/sbin/dnsmasq,
+   signal (read, send) peer=libvirt-*,
++  # When confinement is not enforced (security_default_confined = 0), qemu
++  # processes run unconfined, hence 'peer=unconfined'
++  signal send set=(hup,kill,term) peer=unconfined,
+ 
+   # Very lenient profile for libvirtd since we want to first focus on confining
+   # the guests. Guests will have a very restricted profile.