From 9ae36308d4fe0dd3311b8eb21125dddf9aae73b8700331c5ce2af1695f03f1ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 20 Jan 2015 08:09:54 +0000 Subject: [PATCH 1/4] Accepting request 282003 from home:mlatimer:branches:Virtualization - Apparmor profile regression breaks Xen domains. bsc#913799 apparmor-xen-fixup.patch apparmor-allow-helpers.patch apparmor-tck-raw-packets.patch OBS-URL: https://build.opensuse.org/request/show/282003 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=434 --- apparmor-allow-helpers.patch | 34 +++++++++++++++++++ apparmor-tck-raw-packets.patch | 34 +++++++++++++++++++ apparmor-xen-fixup.patch | 61 ++++++++++++++++++++++++++++++++++ libvirt.changes | 8 +++++ libvirt.spec | 6 ++++ 5 files changed, 143 insertions(+) create mode 100644 apparmor-allow-helpers.patch create mode 100644 apparmor-tck-raw-packets.patch create mode 100644 apparmor-xen-fixup.patch diff --git a/apparmor-allow-helpers.patch b/apparmor-allow-helpers.patch new file mode 100644 index 0000000..65bb0bf --- /dev/null +++ b/apparmor-allow-helpers.patch @@ -0,0 +1,34 @@ +From b2bf7c00b79de032bd7eeb6ba9c970895223a53f Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Mike Latimer +Date: Mon, 19 Jan 2015 17:12:33 -0700 +Subject: [PATCH 2/3] Grant access to helpers + +Apparmor must not prevent access to required helper programs. The following +helpers should be allowed to run in unconfined execution mode: + + - libvirt_parthelper + - libvirt_iohelper + +--- + examples/apparmor/usr.sbin.libvirtd | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd +index 9917836..ab6572a 100644 +--- a/examples/apparmor/usr.sbin.libvirtd ++++ b/examples/apparmor/usr.sbin.libvirtd +@@ -57,6 +57,8 @@ + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + /usr/{lib,lib64}/libvirt/* PUxr, ++ /usr/{lib,lib64}/libvirt/libvirt_parthelper Ux, ++ /usr/{lib,lib64}/libvirt/libvirt_iohelper Ux, + /etc/libvirt/hooks/** rmix, + /etc/xen/scripts/** rmix, + +-- +1.8.4.5 + diff --git a/apparmor-tck-raw-packets.patch b/apparmor-tck-raw-packets.patch new file mode 100644 index 0000000..8a31047 --- /dev/null +++ b/apparmor-tck-raw-packets.patch @@ -0,0 +1,34 @@ +From 3a94e34f2a411a2e371c8ead1fe54f7bdeaf0422 Mon Sep 17 00:00:00 2001 +Message-Id: <3a94e34f2a411a2e371c8ead1fe54f7bdeaf0422.1421716686.git.mlatimer@suse.com> +In-Reply-To: +References: +From: Mike Latimer +Date: Mon, 19 Jan 2015 18:18:02 -0700 +Subject: [PATCH 3/3] Fix apparmor issues for tck + +The network and nwfilter tests contained in the libvirt-TCK testkit can fail +unless access to raw network packets is granted. Without this access, the +following apparmor error can be seen while running the tests: + + apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd" + pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768 + +--- + examples/apparmor/usr.sbin.libvirtd | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd +index ab6572a..3cd6b58 100644 +--- a/examples/apparmor/usr.sbin.libvirtd ++++ b/examples/apparmor/usr.sbin.libvirtd +@@ -35,6 +35,7 @@ + network inet6 stream, + network inet6 dgram, + network packet dgram, ++ network packet raw, + + # Very lenient profile for libvirtd since we want to first focus on confining + # the guests. Guests will have a very restricted profile. +-- +1.8.4.5 + diff --git a/apparmor-xen-fixup.patch b/apparmor-xen-fixup.patch new file mode 100644 index 0000000..ae15615 --- /dev/null +++ b/apparmor-xen-fixup.patch @@ -0,0 +1,61 @@ +From b286f2c50bdea753c9c490687db90071dff137ad Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Mike Latimer +Date: Mon, 19 Jan 2015 16:48:59 -0700 +Subject: [PATCH 1/3] Fix apparmor issues for Xen + +In order for apparmor to work properly in Xen environments, the following +access rights need to be allowed: + + - Allow CAP_SYS_PACCT, which is required when resetting some multi-port + Broadcom cards by writting to the PCI config space + + - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without + this setting, an error 'Resource temporarily unavailable' can be seen + while attempting to mmap memory. At the same time, the following + apparmor message is seen: + + apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd" + pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14 + capname="ipc_lock" + + - Allow access to distribution specific directories: + /usr/{lib,lib64}/xen/bin + +--- + examples/apparmor/usr.sbin.libvirtd | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd +index 7151052..9917836 100644 +--- a/examples/apparmor/usr.sbin.libvirtd ++++ b/examples/apparmor/usr.sbin.libvirtd +@@ -13,6 +13,7 @@ + capability sys_admin, + capability sys_module, + capability sys_ptrace, ++ capability sys_pacct, + capability sys_nice, + capability sys_chroot, + capability setuid, +@@ -24,6 +25,7 @@ + capability mknod, + capability fsetid, + capability audit_write, ++ capability ipc_lock, + + # Needed for vfio + capability sys_resource, +@@ -45,6 +47,7 @@ + /usr/sbin/* PUx, + /lib/udev/scsi_id PUx, + /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, ++ /usr/{lib,lib64}/xen/bin/* Ux, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, +-- +1.8.4.5 + diff --git a/libvirt.changes b/libvirt.changes index 24079ed..2d3bf84 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Jan 20 01:46:52 UTC 2015 - mlatimer@suse.com + +- Apparmor profile regression breaks Xen domains. bsc#913799 + apparmor-xen-fixup.patch + apparmor-allow-helpers.patch + apparmor-tck-raw-packets.patch + ------------------------------------------------------------------- Mon Jan 5 09:44:12 UTC 2015 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index faaf86c..415f67e 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -436,6 +436,9 @@ Source99: baselibs.conf # Upstream patches Patch0: 30c6aecc-apparmor-lib64.patch # Patches pending upstream review +Patch100: apparmor-xen-fixup.patch +Patch101: apparmor-allow-helpers.patch +Patch102: apparmor-tck-raw-packets.patch # Need to go upstream Patch150: xen-name-for-devid.patch Patch151: xen-pv-cdrom.patch @@ -966,6 +969,9 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %prep %setup -q %patch0 -p1 +%patch100 -p1 +%patch101 -p1 +%patch102 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 From 5dda10253d4a7998a181eb2a448d2a6a0506460f78113f43d3dd324f03f32182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 20 Jan 2015 13:32:02 +0000 Subject: [PATCH 2/4] Accepting request 282079 from home:cbosdonnat:branches:Virtualization - Fixed patches to pass make syntax-check OBS-URL: https://build.opensuse.org/request/show/282079 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=435 --- libvirt-guests-init-script.patch | 28 ++++++++++++++-------------- libvirt-suse-netcontrol.patch | 4 ++-- libvirt.changes | 5 +++++ xen-name-for-devid.patch | 9 ++++----- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index cfbfae7..1c54f2f 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -84,16 +84,16 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in + i=1 + rets=10 + run_virsh $uri list > /dev/null 2>&1 -+ while [ $? -ne 0 -a $i -lt $rets ]; do -+ sleep 1 -+ echo -n . -+ i=$(($i + 1)) -+ run_virsh $uri list > /dev/null 2>&1 ++ while test $? -ne 0 && test $i -lt $rets; do ++ sleep 1 ++ echo -n . ++ i=$(($i + 1)) ++ run_virsh $uri list > /dev/null 2>&1 + done + if [ $i -eq $rets ]; then -+ eval_gettext "libvirt-guests unable to connect to URI: $uri" -+ echo -+ return 1 ++ eval_gettext "libvirt-guests unable to connect to URI: $uri" ++ echo ++ return 1 + fi + return 0 +} @@ -123,12 +123,12 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in test_connect "$uri" || continue -+ await_daemon_up $uri -+ if [ $? -ne 0 ]; then -+ eval_gettext "Ignoring guests on $uri URI, can't connect" -+ echo -+ continue -+ fi ++ await_daemon_up $uri ++ if [ $? -ne 0 ]; then ++ eval_gettext "Ignoring guests on $uri URI, can't connect" ++ echo ++ continue ++ fi + eval_gettext "Resuming guests on \$uri URI..."; echo for guest in $list; do diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 927be38..796abcc 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -45,7 +45,7 @@ Index: libvirt-1.2.11/src/Makefile.am +if WITH_NETCONTROL +INTERFACE_DRIVER_SOURCES += \ + interface/interface_backend_netcf.c -+endif ++endif WITH_NETCONTROL if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c @@ -112,7 +112,7 @@ Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c +{ + int vp; + -+ switch(priority) { ++ switch (priority) { + case NC_LOG_FATAL: + case NC_LOG_ERROR: + vp = VIR_LOG_ERROR; diff --git a/libvirt.changes b/libvirt.changes index 2d3bf84..bbe65b5 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jan 20 13:29:02 UTC 2015 - cbosdonnat@suse.com + +- Fixed patches to pass make syntax-check + ------------------------------------------------------------------- Tue Jan 20 01:46:52 UTC 2015 - mlatimer@suse.com diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index c5860df..4b7f1c3 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -42,7 +42,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c - xenUnifiedPrivatePtr priv = conn->privateData; - char *xref; - char *tmp; -+ unsigned int i; ++ size_t i; const char *driver = virDomainDiskGetDriver(dev->data.disk); if (dev->type == VIR_DOMAIN_DEVICE_DISK) { @@ -113,7 +113,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { -@@ -3388,17 +3392,44 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3388,17 +3392,43 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "pci"); @@ -124,7 +124,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c - if (xref == NULL) - return -1; + /* For PCI devices, the device BFD can be used directly. */ -+ for (i = 0 ; i < def->nhostdevs ; i++) { ++ for (i = 0; i < def->nhostdevs; i++) { + char *dst_bdf; + virDomainHostdevDefPtr hostdev = def->hostdevs[i]; + @@ -153,8 +153,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return -1; -+ } -+ else { ++ } else { + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return 0; From 6d5d1ecad308ead4ceab936c483000f217b751c3ea8b97dcca083e35c4264013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Tue, 20 Jan 2015 14:17:38 +0000 Subject: [PATCH 3/4] Accepting request 282088 from home:cbosdonnat:branches:Virtualization Fixed unused attribute warning OBS-URL: https://build.opensuse.org/request/show/282088 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=436 --- libvirt-suse-netcontrol.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 796abcc..fcf87de 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -102,7 +102,7 @@ Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c +#ifdef WITH_NETCONTROL +static void -+interface_nc_log_driver(const char *category, ++interface_nc_log_driver(const char *category ATTRIBUTE_UNUSED, + int priority, + const char *func, + const char *file, From 919b8be3888deb054cd1706a71085148ac6fbeb6ac74f288b285e69138ab66b9 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 28 Jan 2015 04:12:58 +0000 Subject: [PATCH 4/4] Accepting request 283071 from home:jfehlig:branches:Virtualization - Update to libvirt 1.2.12 - CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots - CVE-2015-0236: qemu: Check ACLs when dumping security info from save image - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 30c6aecc-apparmor-lib64.patch, apparmor-xen-fixup.patch, apparmor-allow-helpers.patch, apparmor-tck-raw-packets.patch - Disable a hugepage test that is failing on ppc, ppc64, and ppc64le architectures - disable-hugepage-test.patch OBS-URL: https://build.opensuse.org/request/show/283071 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=437 --- 30c6aecc-apparmor-lib64.patch | 73 ---------------------- apparmor-allow-helpers.patch | 34 ---------- apparmor-no-mount.patch | 6 +- apparmor-tck-raw-packets.patch | 34 ---------- apparmor-xen-fixup.patch | 61 ------------------ blockcopy-check-dst-identical-device.patch | 8 +-- disable-hugepage-test.patch | 22 +++++++ disable-virCgroupGetPercpuStats-test.patch | 59 +++++++++++------ fix-pci-attach-xen-driver.patch | 10 +-- libvirt-1.2.11.tar.gz | 3 - libvirt-1.2.11.tar.gz.asc | 7 --- libvirt-1.2.12.tar.gz | 3 + libvirt-1.2.12.tar.gz.asc | 7 +++ libvirt-guests-init-script.patch | 34 +++++----- libvirt-power8-models.patch | 6 +- libvirt-suse-netcontrol.patch | 44 ++++++------- libvirt.changes | 16 +++++ libvirt.spec | 16 +++-- libvirtd-defaults.patch | 20 +++--- libvirtd-init-script.patch | 6 +- ppc64le-canonical-name.patch | 6 +- qemu-apparmor-screenshot.patch | 6 +- support-managed-pci-xen-driver.patch | 18 +++--- suse-qemu-conf.patch | 12 ++-- systemd-service-xen.patch | 6 +- virtlockd-init-script.patch | 12 ++-- xen-name-for-devid.patch | 12 ++-- xen-pv-cdrom.patch | 6 +- 28 files changed, 202 insertions(+), 345 deletions(-) delete mode 100644 30c6aecc-apparmor-lib64.patch delete mode 100644 apparmor-allow-helpers.patch delete mode 100644 apparmor-tck-raw-packets.patch delete mode 100644 apparmor-xen-fixup.patch create mode 100644 disable-hugepage-test.patch delete mode 100644 libvirt-1.2.11.tar.gz delete mode 100644 libvirt-1.2.11.tar.gz.asc create mode 100644 libvirt-1.2.12.tar.gz create mode 100644 libvirt-1.2.12.tar.gz.asc diff --git a/30c6aecc-apparmor-lib64.patch b/30c6aecc-apparmor-lib64.patch deleted file mode 100644 index ce7bd20..0000000 --- a/30c6aecc-apparmor-lib64.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 30c6aecc449202e930249215c6514d6c13a46c83 Mon Sep 17 00:00:00 2001 -From: Cedric Bosdonnat -Date: Mon, 15 Dec 2014 15:14:48 +0100 -Subject: [PATCH] Teach AppArmor, that /usr/lib64 may exist. - -The apparmor profiles forgot about /usr/lib64 folders, just add lib64 -as a possible alternative to lib in the paths ---- - examples/apparmor/libvirt-qemu | 2 +- - examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++-- - examples/apparmor/usr.sbin.libvirtd | 4 ++-- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu -index c6de6dd..7aad391 100644 ---- a/examples/apparmor/libvirt-qemu -+++ b/examples/apparmor/libvirt-qemu -@@ -111,7 +111,7 @@ - /usr/bin/qemu-sparc32plus rmix, - /usr/bin/qemu-sparc64 rmix, - /usr/bin/qemu-x86_64 rmix, -- /usr/lib/qemu/block-curl.so mr, -+ /usr/{lib,lib64}/qemu/block-curl.so mr, - - # for save and resume - /bin/dash rmix, -diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -index bceaaff..b34fb35 100644 ---- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper -+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -@@ -1,7 +1,7 @@ - # Last Modified: Mon Apr 5 15:10:27 2010 - #include - --/usr/lib/libvirt/virt-aa-helper { -+profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { - #include - - # needed for searching directories -@@ -20,7 +20,7 @@ - /sys/devices/ r, - /sys/devices/** r, - -- /usr/lib/libvirt/virt-aa-helper mr, -+ /usr/{lib,lib64}/libvirt/virt-aa-helper mr, - /sbin/apparmor_parser Ux, - - /etc/apparmor.d/libvirt/* r, -diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd -index 3011eff..7151052 100644 ---- a/examples/apparmor/usr.sbin.libvirtd -+++ b/examples/apparmor/usr.sbin.libvirtd -@@ -44,7 +44,7 @@ - /usr/bin/* PUx, - /usr/sbin/* PUx, - /lib/udev/scsi_id PUx, -- /usr/lib/xen-common/bin/xen-toolstack PUx, -+ /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, - - # force the use of virt-aa-helper - audit deny /sbin/apparmor_parser rwxl, -@@ -53,7 +53,7 @@ - audit deny /sys/kernel/security/apparmor/matching rwxl, - audit deny /sys/kernel/security/apparmor/.* rwxl, - /sys/kernel/security/apparmor/profiles r, -- /usr/lib/libvirt/* PUxr, -+ /usr/{lib,lib64}/libvirt/* PUxr, - /etc/libvirt/hooks/** rmix, - /etc/xen/scripts/** rmix, - --- -2.1.2 - diff --git a/apparmor-allow-helpers.patch b/apparmor-allow-helpers.patch deleted file mode 100644 index 65bb0bf..0000000 --- a/apparmor-allow-helpers.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b2bf7c00b79de032bd7eeb6ba9c970895223a53f Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: Mike Latimer -Date: Mon, 19 Jan 2015 17:12:33 -0700 -Subject: [PATCH 2/3] Grant access to helpers - -Apparmor must not prevent access to required helper programs. The following -helpers should be allowed to run in unconfined execution mode: - - - libvirt_parthelper - - libvirt_iohelper - ---- - examples/apparmor/usr.sbin.libvirtd | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd -index 9917836..ab6572a 100644 ---- a/examples/apparmor/usr.sbin.libvirtd -+++ b/examples/apparmor/usr.sbin.libvirtd -@@ -57,6 +57,8 @@ - audit deny /sys/kernel/security/apparmor/.* rwxl, - /sys/kernel/security/apparmor/profiles r, - /usr/{lib,lib64}/libvirt/* PUxr, -+ /usr/{lib,lib64}/libvirt/libvirt_parthelper Ux, -+ /usr/{lib,lib64}/libvirt/libvirt_iohelper Ux, - /etc/libvirt/hooks/** rmix, - /etc/xen/scripts/** rmix, - --- -1.8.4.5 - diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch index 763b0ce..23085f7 100644 --- a/apparmor-no-mount.patch +++ b/apparmor-no-mount.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/examples/apparmor/libvirt-lxc +Index: libvirt-1.2.12/examples/apparmor/libvirt-lxc =================================================================== ---- libvirt-1.2.10.orig/examples/apparmor/libvirt-lxc -+++ libvirt-1.2.10/examples/apparmor/libvirt-lxc +--- libvirt-1.2.12.orig/examples/apparmor/libvirt-lxc ++++ libvirt-1.2.12/examples/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include diff --git a/apparmor-tck-raw-packets.patch b/apparmor-tck-raw-packets.patch deleted file mode 100644 index 8a31047..0000000 --- a/apparmor-tck-raw-packets.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 3a94e34f2a411a2e371c8ead1fe54f7bdeaf0422 Mon Sep 17 00:00:00 2001 -Message-Id: <3a94e34f2a411a2e371c8ead1fe54f7bdeaf0422.1421716686.git.mlatimer@suse.com> -In-Reply-To: -References: -From: Mike Latimer -Date: Mon, 19 Jan 2015 18:18:02 -0700 -Subject: [PATCH 3/3] Fix apparmor issues for tck - -The network and nwfilter tests contained in the libvirt-TCK testkit can fail -unless access to raw network packets is granted. Without this access, the -following apparmor error can be seen while running the tests: - - apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd" - pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768 - ---- - examples/apparmor/usr.sbin.libvirtd | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd -index ab6572a..3cd6b58 100644 ---- a/examples/apparmor/usr.sbin.libvirtd -+++ b/examples/apparmor/usr.sbin.libvirtd -@@ -35,6 +35,7 @@ - network inet6 stream, - network inet6 dgram, - network packet dgram, -+ network packet raw, - - # Very lenient profile for libvirtd since we want to first focus on confining - # the guests. Guests will have a very restricted profile. --- -1.8.4.5 - diff --git a/apparmor-xen-fixup.patch b/apparmor-xen-fixup.patch deleted file mode 100644 index ae15615..0000000 --- a/apparmor-xen-fixup.patch +++ /dev/null @@ -1,61 +0,0 @@ -From b286f2c50bdea753c9c490687db90071dff137ad Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: Mike Latimer -Date: Mon, 19 Jan 2015 16:48:59 -0700 -Subject: [PATCH 1/3] Fix apparmor issues for Xen - -In order for apparmor to work properly in Xen environments, the following -access rights need to be allowed: - - - Allow CAP_SYS_PACCT, which is required when resetting some multi-port - Broadcom cards by writting to the PCI config space - - - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without - this setting, an error 'Resource temporarily unavailable' can be seen - while attempting to mmap memory. At the same time, the following - apparmor message is seen: - - apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd" - pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14 - capname="ipc_lock" - - - Allow access to distribution specific directories: - /usr/{lib,lib64}/xen/bin - ---- - examples/apparmor/usr.sbin.libvirtd | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd -index 7151052..9917836 100644 ---- a/examples/apparmor/usr.sbin.libvirtd -+++ b/examples/apparmor/usr.sbin.libvirtd -@@ -13,6 +13,7 @@ - capability sys_admin, - capability sys_module, - capability sys_ptrace, -+ capability sys_pacct, - capability sys_nice, - capability sys_chroot, - capability setuid, -@@ -24,6 +25,7 @@ - capability mknod, - capability fsetid, - capability audit_write, -+ capability ipc_lock, - - # Needed for vfio - capability sys_resource, -@@ -45,6 +47,7 @@ - /usr/sbin/* PUx, - /lib/udev/scsi_id PUx, - /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, -+ /usr/{lib,lib64}/xen/bin/* Ux, - - # force the use of virt-aa-helper - audit deny /sbin/apparmor_parser rwxl, --- -1.8.4.5 - diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index f298bc9..a689d6e 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-1.2.10/src/qemu/qemu_driver.c +Index: libvirt-1.2.12/src/qemu/qemu_driver.c =================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_driver.c -+++ libvirt-1.2.10/src/qemu/qemu_driver.c -@@ -15936,6 +15936,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-1.2.12.orig/src/qemu/qemu_driver.c ++++ libvirt-1.2.12/src/qemu/qemu_driver.c +@@ -15954,6 +15954,15 @@ qemuDomainBlockCopyCommon(virDomainObjPt virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", _("non-file destination not supported yet")); } diff --git a/disable-hugepage-test.patch b/disable-hugepage-test.patch new file mode 100644 index 0000000..8192ada --- /dev/null +++ b/disable-hugepage-test.patch @@ -0,0 +1,22 @@ +tests: disable hugepages-pages6 test on ppc architectures + +hugepages-pages6 test in qemuxml2argvtest fails on all ppc, ppc64, +and ppc64le with the following error: + +libvirt: QEMU Driver error : internal error: hugepage backing not +supported by '/usr/bin/qemu'. + +Disable the test by applying this patch for arch in 'ppc ppc64 ppc64le'. + +Index: libvirt-1.2.12/tests/qemuxml2argvtest.c +=================================================================== +--- libvirt-1.2.12.orig/tests/qemuxml2argvtest.c ++++ libvirt-1.2.12/tests/qemuxml2argvtest.c +@@ -716,7 +716,6 @@ mymain(void) + DO_TEST_FAILURE("hugepages-pages4", QEMU_CAPS_MEM_PATH, + QEMU_CAPS_OBJECT_MEMORY_RAM, QEMU_CAPS_OBJECT_MEMORY_FILE); + DO_TEST("hugepages-pages5", QEMU_CAPS_MEM_PATH); +- DO_TEST("hugepages-pages6", NONE); + DO_TEST("nosharepages", QEMU_CAPS_MACHINE_OPT, QEMU_CAPS_MEM_MERGE); + DO_TEST("disk-cdrom", NONE); + DO_TEST("disk-cdrom-network-http", QEMU_CAPS_KVM, QEMU_CAPS_DEVICE, diff --git a/disable-virCgroupGetPercpuStats-test.patch b/disable-virCgroupGetPercpuStats-test.patch index b0e4480..b743079 100644 --- a/disable-virCgroupGetPercpuStats-test.patch +++ b/disable-virCgroupGetPercpuStats-test.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/tests/vircgrouptest.c +Index: libvirt-1.2.12/tests/vircgrouptest.c =================================================================== ---- libvirt-1.2.10.orig/tests/vircgrouptest.c -+++ libvirt-1.2.10/tests/vircgrouptest.c +--- libvirt-1.2.12.orig/tests/vircgrouptest.c ++++ libvirt-1.2.12/tests/vircgrouptest.c @@ -33,7 +33,6 @@ # include "virlog.h" # include "virfile.h" @@ -10,7 +10,7 @@ Index: libvirt-1.2.10/tests/vircgrouptest.c # define VIR_FROM_THIS VIR_FROM_NONE -@@ -533,68 +532,6 @@ static int testCgroupAvailable(const voi +@@ -533,91 +532,6 @@ static int testCgroupAvailable(const voi return 0; } @@ -19,13 +19,35 @@ Index: libvirt-1.2.10/tests/vircgrouptest.c - virCgroupPtr cgroup = NULL; - size_t i; - int rv, ret = -1; -- virTypedParameter params[2]; +- virTypedParameterPtr params = NULL; +-# define EXPECTED_NCPUS 160 - -- // TODO: mock nodeGetCPUCount() as well & check 2nd cpu, too -- unsigned long long expected[] = { -- 1413142688153030ULL +- unsigned long long expected[EXPECTED_NCPUS] = { +- 0, 0, 0, 0, 0, 0, 0, 0, +- 7059492996, 0, 0, 0, 0, 0, 0, 0, +- 4180532496, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, +- 1957541268, 0, 0, 0, 0, 0, 0, 0, +- 2065932204, 0, 0, 0, 0, 0, 0, 0, +- 18228689414, 0, 0, 0, 0, 0, 0, 0, +- 4245525148, 0, 0, 0, 0, 0, 0, 0, +- 2911161568, 0, 0, 0, 0, 0, 0, 0, +- 1407758136, 0, 0, 0, 0, 0, 0, 0, +- 1836807700, 0, 0, 0, 0, 0, 0, 0, +- 1065296618, 0, 0, 0, 0, 0, 0, 0, +- 2046213266, 0, 0, 0, 0, 0, 0, 0, +- 747889778, 0, 0, 0, 0, 0, 0, 0, +- 709566900, 0, 0, 0, 0, 0, 0, 0, +- 444777342, 0, 0, 0, 0, 0, 0, 0, +- 5683512916, 0, 0, 0, 0, 0, 0, 0, +- 635751356, 0, 0, 0, 0, 0, 0, 0, - }; - +- if (VIR_ALLOC_N(params, EXPECTED_NCPUS) < 0) +- goto cleanup; +- - if ((rv = virCgroupNewPartition("/virtualmachines", true, - (1 << VIR_CGROUP_CONTROLLER_CPU) | - (1 << VIR_CGROUP_CONTROLLER_CPUACCT), @@ -34,37 +56,37 @@ Index: libvirt-1.2.10/tests/vircgrouptest.c - goto cleanup; - } - -- if (nodeGetCPUCount() < 1) { +- if (nodeGetCPUCount() != EXPECTED_NCPUS) { - fprintf(stderr, "Unexpected: nodeGetCPUCount() yields: %d\n", nodeGetCPUCount()); - goto cleanup; - } - - if ((rv = virCgroupGetPercpuStats(cgroup, - params, -- 2, 0, 1, 0)) < 0) { +- 1, 0, EXPECTED_NCPUS, 0)) < 0) { - fprintf(stderr, "Failed call to virCgroupGetPercpuStats for /virtualmachines cgroup: %d\n", -rv); - goto cleanup; - } - -- for (i = 0; i < ARRAY_CARDINALITY(expected); i++) { +- for (i = 0; i < EXPECTED_NCPUS; i++) { - if (!STREQ(params[i].field, VIR_DOMAIN_CPU_STATS_CPUTIME)) { - fprintf(stderr, -- "Wrong parameter name value from virCgroupGetPercpuStats (is: %s)\n", -- params[i].field); +- "Wrong parameter name value from virCgroupGetPercpuStats at %zu (is: %s)\n", +- i, params[i].field); - goto cleanup; - } - - if (params[i].type != VIR_TYPED_PARAM_ULLONG) { - fprintf(stderr, -- "Wrong parameter value type from virCgroupGetPercpuStats (is: %d)\n", -- params[i].type); +- "Wrong parameter value type from virCgroupGetPercpuStats at %zu (is: %d)\n", +- i, params[i].type); - goto cleanup; - } - - if (params[i].value.ul != expected[i]) { - fprintf(stderr, -- "Wrong value from virCgroupGetMemoryUsage (expected %llu)\n", -- params[i].value.ul); +- "Wrong value from virCgroupGetMemoryUsage at %zu (expected %llu)\n", +- i, params[i].value.ul); - goto cleanup; - } - } @@ -73,13 +95,14 @@ Index: libvirt-1.2.10/tests/vircgrouptest.c - - cleanup: - virCgroupFree(&cgroup); +- VIR_FREE(params); - return ret; -} - static int testCgroupGetMemoryUsage(const void *args ATTRIBUTE_UNUSED) { virCgroupPtr cgroup = NULL; -@@ -800,9 +737,6 @@ mymain(void) +@@ -823,9 +737,6 @@ mymain(void) if (virtTestRun("virCgroupGetMemoryUsage works", testCgroupGetMemoryUsage, NULL) < 0) ret = -1; diff --git a/fix-pci-attach-xen-driver.patch b/fix-pci-attach-xen-driver.patch index 4ed8386..a4d4fe4 100644 --- a/fix-pci-attach-xen-driver.patch +++ b/fix-pci-attach-xen-driver.patch @@ -8,11 +8,11 @@ uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.2.10/src/xen/xend_internal.c +Index: libvirt-1.2.12/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.10.orig/src/xen/xend_internal.c -+++ libvirt-1.2.10/src/xen/xend_internal.c -@@ -2221,6 +2221,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr +--- libvirt-1.2.12.orig/src/xen/xend_internal.c ++++ libvirt-1.2.12/src/xen/xend_internal.c +@@ -2216,6 +2216,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; char *target = NULL; @@ -20,7 +20,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); -@@ -2319,8 +2320,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr +@@ -2314,8 +2315,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr } sexpr = virBufferContentAndReset(&buf); diff --git a/libvirt-1.2.11.tar.gz b/libvirt-1.2.11.tar.gz deleted file mode 100644 index 9332f1c..0000000 --- a/libvirt-1.2.11.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc -size 30571605 diff --git a/libvirt-1.2.11.tar.gz.asc b/libvirt-1.2.11.tar.gz.asc deleted file mode 100644 index cf6cffb..0000000 --- a/libvirt-1.2.11.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlSLprsACgkQRga4pd6VvB9dIgCgiRsIp7IpLVT3rGLmJeGFlWIL -TIsAnimwS0VUT5YtHfkgNIzYOUjK7yq+ -=Voyk ------END PGP SIGNATURE----- diff --git a/libvirt-1.2.12.tar.gz b/libvirt-1.2.12.tar.gz new file mode 100644 index 0000000..99ad1bb --- /dev/null +++ b/libvirt-1.2.12.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eff5227f774560d97f0b44402a444e821c51e8cd44add89f74bc3c1f4dede66a +size 30710487 diff --git a/libvirt-1.2.12.tar.gz.asc b/libvirt-1.2.12.tar.gz.asc new file mode 100644 index 0000000..0e7c0b3 --- /dev/null +++ b/libvirt-1.2.12.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlTHRKkACgkQRga4pd6VvB9v3ACdFFlw9zp0ewEPOBt2e7cTDAL6 +f7wAoJQBTFtnMKpgTMazQBUGBD9a02lb +=urda +-----END PGP SIGNATURE----- diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index 1c54f2f..3f20b07 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.2.10/tools/libvirt-guests.init.in +Index: libvirt-1.2.12/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.2.10.orig/tools/libvirt-guests.init.in -+++ libvirt-1.2.10/tools/libvirt-guests.init.in +--- libvirt-1.2.12.orig/tools/libvirt-guests.init.in ++++ libvirt-1.2.12/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.2.10/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.2.10/tools/libvirt-guests.sh.in +Index: libvirt-1.2.12/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.2.10.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.2.10/tools/libvirt-guests.sh.in +--- libvirt-1.2.12.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.2.12/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -101,7 +101,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in # test_connect URI # check if URI is reachable test_connect() -@@ -116,7 +136,7 @@ list_guests() { +@@ -116,7 +137,7 @@ list_guests() { list=$(run_virsh_c "$uri" list --uuid $persistent) if [ $? -ne 0 ]; then @@ -110,7 +110,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in return 1 fi -@@ -142,7 +162,7 @@ guest_is_on() { +@@ -142,7 +163,7 @@ guest_is_on() { guest_running=false id=$(run_virsh "$uri" domid "$uuid") if [ $? -ne 0 ]; then @@ -119,7 +119,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in return 1 fi -@@ -190,6 +210,13 @@ start() { +@@ -190,6 +211,13 @@ start() { test_connect "$uri" || continue @@ -133,7 +133,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in eval_gettext "Resuming guests on \$uri URI..."; echo for guest in $list; do name=$(guest_name "$uri" "$guest") -@@ -403,7 +429,7 @@ shutdown_guests_parallel() +@@ -403,7 +431,7 @@ shutdown_guests_parallel() timeout=$(($timeout - 1)) if [ $timeout -le 0 ]; then eval_gettext "Timeout expired while shutting down domains"; echo @@ -142,7 +142,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in return fi else -@@ -431,7 +457,7 @@ stop() { +@@ -431,7 +459,7 @@ stop() { if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0" echo @@ -151,7 +151,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in return fi fi -@@ -479,14 +505,14 @@ stop() { +@@ -479,14 +507,14 @@ stop() { if [ $? -ne 0 ]; then eval_gettext "Failed to list persistent guests on \$uri" echo @@ -168,7 +168,7 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in set +f return fi -@@ -545,14 +571,13 @@ gueststatus() { +@@ -545,14 +573,13 @@ gueststatus() { rh_status() { if [ -f "$LISTFILE" ]; then gettext "stopped, with saved guests"; echo @@ -185,16 +185,16 @@ Index: libvirt-1.2.10/tools/libvirt-guests.sh.in fi fi } -@@ -597,4 +622,4 @@ case "$1" in +@@ -597,4 +624,4 @@ case "$1" in usage ;; esac -exit $RETVAL +rc_exit -Index: libvirt-1.2.10/tools/libvirt-guests.sysconf +Index: libvirt-1.2.12/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.2.10.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.2.10/tools/libvirt-guests.sysconf +--- libvirt-1.2.12.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.2.12/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index e0cd402..397fa87 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.11/src/cpu/cpu_map.xml +Index: libvirt-1.2.12/src/cpu/cpu_map.xml =================================================================== ---- libvirt-1.2.11.orig/src/cpu/cpu_map.xml -+++ libvirt-1.2.11/src/cpu/cpu_map.xml +--- libvirt-1.2.12.orig/src/cpu/cpu_map.xml ++++ libvirt-1.2.12/src/cpu/cpu_map.xml @@ -657,5 +657,15 @@ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index fcf87de..ee23c5b 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.11/configure.ac +Index: libvirt-1.2.12/configure.ac =================================================================== ---- libvirt-1.2.11.orig/configure.ac -+++ libvirt-1.2.11/configure.ac +--- libvirt-1.2.12.orig/configure.ac ++++ libvirt-1.2.12/configure.ac @@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL @@ -10,7 +10,7 @@ Index: libvirt-1.2.11/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2456,11 +2457,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2459,11 +2460,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.2.11/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2895,6 +2897,7 @@ LIBVIRT_RESULT_FUSE +@@ -2898,6 +2900,7 @@ LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_GLUSTER LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.2.11/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.2.11/src/Makefile.am +Index: libvirt-1.2.12/src/Makefile.am =================================================================== ---- libvirt-1.2.11.orig/src/Makefile.am -+++ libvirt-1.2.11/src/Makefile.am -@@ -859,6 +859,10 @@ if WITH_NETCF +--- libvirt-1.2.12.orig/src/Makefile.am ++++ libvirt-1.2.12/src/Makefile.am +@@ -860,6 +860,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ Index: libvirt-1.2.11/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1502,10 +1506,15 @@ if WITH_NETCF +@@ -1508,10 +1512,15 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else ! WITH_NETCF @@ -65,11 +65,11 @@ Index: libvirt-1.2.11/src/Makefile.am endif ! WITH_NETCF if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la -Index: libvirt-1.2.11/tools/virsh.c +Index: libvirt-1.2.12/tools/virsh.c =================================================================== ---- libvirt-1.2.11.orig/tools/virsh.c -+++ libvirt-1.2.11/tools/virsh.c -@@ -3341,6 +3341,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-1.2.12.orig/tools/virsh.c ++++ libvirt-1.2.12/tools/virsh.c +@@ -3348,6 +3348,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -78,10 +78,10 @@ Index: libvirt-1.2.11/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c +Index: libvirt-1.2.12/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.2.11.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.2.11/src/interface/interface_backend_netcf.c +--- libvirt-1.2.12.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.2.12/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -165,10 +165,10 @@ Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c return 0; } -Index: libvirt-1.2.11/src/interface/interface_driver.c +Index: libvirt-1.2.12/src/interface/interface_driver.c =================================================================== ---- libvirt-1.2.11.orig/src/interface/interface_driver.c -+++ libvirt-1.2.11/src/interface/interface_driver.c +--- libvirt-1.2.12.orig/src/interface/interface_driver.c ++++ libvirt-1.2.12/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -186,10 +186,10 @@ Index: libvirt-1.2.11/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.2.11/m4/virt-netcontrol.m4 +Index: libvirt-1.2.12/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.2.11/m4/virt-netcontrol.m4 ++++ libvirt-1.2.12/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index bbe65b5..7e3609d 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Jan 27 15:45:56 MST 2015 - jfehlig@suse.com + +- Update to libvirt 1.2.12 + - CVE-2015-0236: qemu: Check ACLs when dumping security info + from snapshots + - CVE-2015-0236: qemu: Check ACLs when dumping security info + from save image + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Drop upstream patches: 30c6aecc-apparmor-lib64.patch, + apparmor-xen-fixup.patch, apparmor-allow-helpers.patch, + apparmor-tck-raw-packets.patch + - Disable a hugepage test that is failing on ppc, ppc64, and + ppc64le architectures - disable-hugepage-test.patch + ------------------------------------------------------------------- Tue Jan 20 13:29:02 UTC 2015 - cbosdonnat@suse.com diff --git a/libvirt.spec b/libvirt.spec index 415f67e..f1cf72e 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -235,7 +235,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.2.11 +Version: 1.2.12 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -434,11 +434,7 @@ Source3: libvirtd.init Source4: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: 30c6aecc-apparmor-lib64.patch # Patches pending upstream review -Patch100: apparmor-xen-fixup.patch -Patch101: apparmor-allow-helpers.patch -Patch102: apparmor-tck-raw-packets.patch # Need to go upstream Patch150: xen-name-for-devid.patch Patch151: xen-pv-cdrom.patch @@ -456,6 +452,9 @@ Patch206: support-managed-pci-xen-driver.patch Patch207: systemd-service-xen.patch # Disable failing virCgroupGetPercpuStats unit test Patch208: disable-virCgroupGetPercpuStats-test.patch +%ifarch ppc ppc64 ppc64le +Patch209: disable-hugepage-test.patch +%endif %if %{with_apparmor} Patch250: apparmor-no-mount.patch Patch251: qemu-apparmor-screenshot.patch @@ -968,10 +967,6 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %prep %setup -q -%patch0 -p1 -%patch100 -p1 -%patch101 -p1 -%patch102 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -986,6 +981,9 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %patch206 -p1 %patch207 -p1 %patch208 -p1 +%ifarch ppc ppc64 ppc64le +%patch209 -p1 +%endif %if %{with_apparmor} %patch250 -p1 %patch251 -p1 diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 2caa275..6d34bd9 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/daemon/libvirtd.conf +Index: libvirt-1.2.12/daemon/libvirtd.conf =================================================================== ---- libvirt-1.2.10.orig/daemon/libvirtd.conf -+++ libvirt-1.2.10/daemon/libvirtd.conf +--- libvirt-1.2.12.orig/daemon/libvirtd.conf ++++ libvirt-1.2.12/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,11 +13,11 @@ Index: libvirt-1.2.10/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.2.10/daemon/libvirtd-config.c +Index: libvirt-1.2.12/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.2.10.orig/daemon/libvirtd-config.c -+++ libvirt-1.2.10/daemon/libvirtd-config.c -@@ -229,7 +229,7 @@ daemonConfigNew(bool privileged ATTRIBUT +--- libvirt-1.2.12.orig/daemon/libvirtd-config.c ++++ libvirt-1.2.12/daemon/libvirtd-config.c +@@ -242,7 +242,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -26,10 +26,10 @@ Index: libvirt-1.2.10/daemon/libvirtd-config.c data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-1.2.10/daemon/test_libvirtd.aug.in +Index: libvirt-1.2.12/daemon/test_libvirtd.aug.in =================================================================== ---- libvirt-1.2.10.orig/daemon/test_libvirtd.aug.in -+++ libvirt-1.2.10/daemon/test_libvirtd.aug.in +--- libvirt-1.2.12.orig/daemon/test_libvirtd.aug.in ++++ libvirt-1.2.12/daemon/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index e5ede6b..d239a65 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.2.10/daemon/libvirtd.sysconf +Index: libvirt-1.2.12/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.2.10.orig/daemon/libvirtd.sysconf -+++ libvirt-1.2.10/daemon/libvirtd.sysconf +--- libvirt-1.2.12.orig/daemon/libvirtd.sysconf ++++ libvirt-1.2.12/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index a3a4e8c..25aee28 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-1.2.10/src/util/virarch.c +Index: libvirt-1.2.12/src/util/virarch.c =================================================================== ---- libvirt-1.2.10.orig/src/util/virarch.c -+++ libvirt-1.2.10/src/util/virarch.c +--- libvirt-1.2.12.orig/src/util/virarch.c ++++ libvirt-1.2.12/src/util/virarch.c @@ -169,6 +169,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index 017df7f..2a74766 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.11/examples/apparmor/libvirt-qemu +Index: libvirt-1.2.12/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.2.11.orig/examples/apparmor/libvirt-qemu -+++ libvirt-1.2.11/examples/apparmor/libvirt-qemu +--- libvirt-1.2.12.orig/examples/apparmor/libvirt-qemu ++++ libvirt-1.2.12/examples/apparmor/libvirt-qemu @@ -124,6 +124,9 @@ /sys/bus/ r, /sys/class/ r, diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index bf9e21a..fb575ed 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.2.10/src/xenconfig/xen_common.c +Index: libvirt-1.2.12/src/xenconfig/xen_common.c =================================================================== ---- libvirt-1.2.10.orig/src/xenconfig/xen_common.c -+++ libvirt-1.2.10/src/xenconfig/xen_common.c +--- libvirt-1.2.12.orig/src/xenconfig/xen_common.c ++++ libvirt-1.2.12/src/xenconfig/xen_common.c @@ -401,6 +401,8 @@ xenParsePCI(virConfPtr conf, virDomainDe { virConfValuePtr list = virConfGetValue(conf, "pci"); @@ -66,10 +66,10 @@ Index: libvirt-1.2.10/src/xenconfig/xen_common.c hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-1.2.10/src/xenconfig/xen_sxpr.c +Index: libvirt-1.2.12/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.10.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.2.10/src/xenconfig/xen_sxpr.c +--- libvirt-1.2.12.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.2.12/src/xenconfig/xen_sxpr.c @@ -999,6 +999,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -93,7 +93,7 @@ Index: libvirt-1.2.10/src/xenconfig/xen_sxpr.c dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; dev->source.subsys.u.pci.addr.domain = domainID; dev->source.subsys.u.pci.addr.bus = busID; -@@ -1993,11 +1996,15 @@ static void +@@ -2005,11 +2008,15 @@ static void xenFormatSxprPCI(virDomainHostdevDefPtr def, virBufferPtr buf) { @@ -110,7 +110,7 @@ Index: libvirt-1.2.10/src/xenconfig/xen_sxpr.c } -@@ -2016,12 +2023,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP +@@ -2028,12 +2035,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP virBufferPtr buf, int detach) { @@ -123,7 +123,7 @@ Index: libvirt-1.2.10/src/xenconfig/xen_sxpr.c virBufferAddLit(buf, "(pci "); xenFormatSxprPCI(def, buf); if (detach) -@@ -2076,12 +2077,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, +@@ -2088,12 +2089,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, for (i = 0; i < def->nhostdevs; i++) { if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index fa32bb9..045a2c6 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/src/qemu/qemu.conf +Index: libvirt-1.2.12/src/qemu/qemu.conf =================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu.conf -+++ libvirt-1.2.10/src/qemu/qemu.conf +--- libvirt-1.2.12.orig/src/qemu/qemu.conf ++++ libvirt-1.2.12/src/qemu/qemu.conf @@ -204,7 +204,7 @@ # If set to non-zero, then the default security labeling @@ -39,10 +39,10 @@ Index: libvirt-1.2.10/src/qemu/qemu.conf # #lock_manager = "lockd" -Index: libvirt-1.2.10/src/qemu/qemu_conf.c +Index: libvirt-1.2.12/src/qemu/qemu_conf.c =================================================================== ---- libvirt-1.2.10.orig/src/qemu/qemu_conf.c -+++ libvirt-1.2.10/src/qemu/qemu_conf.c +--- libvirt-1.2.12.orig/src/qemu/qemu_conf.c ++++ libvirt-1.2.12/src/qemu/qemu_conf.c @@ -249,7 +249,7 @@ virQEMUDriverConfigPtr virQEMUDriverConf cfg->clearEmulatorCapabilities = true; diff --git a/systemd-service-xen.patch b/systemd-service-xen.patch index aad227e..42d5106 100644 --- a/systemd-service-xen.patch +++ b/systemd-service-xen.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/daemon/libvirtd.service.in +Index: libvirt-1.2.12/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.2.10.orig/daemon/libvirtd.service.in -+++ libvirt-1.2.10/daemon/libvirtd.service.in +--- libvirt-1.2.12.orig/daemon/libvirtd.service.in ++++ libvirt-1.2.12/daemon/libvirtd.service.in @@ -5,6 +5,8 @@ After=network.target After=dbus.service After=iscsid.service diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index 6175099..243720a 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.2.10/src/locking/virtlockd.sysconf +Index: libvirt-1.2.12/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.2.10.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.2.10/src/locking/virtlockd.sysconf +--- libvirt-1.2.12.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.2.12/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ Index: libvirt-1.2.10/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.2.10/src/locking/virtlockd.init.in +Index: libvirt-1.2.12/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.2.10.orig/src/locking/virtlockd.init.in -+++ libvirt-1.2.10/src/locking/virtlockd.init.in +--- libvirt-1.2.12.orig/src/locking/virtlockd.init.in ++++ libvirt-1.2.12/src/locking/virtlockd.init.in @@ -4,12 +4,14 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index 4b7f1c3..f584a63 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.2.10/src/xen/xend_internal.c +Index: libvirt-1.2.12/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.10.orig/src/xen/xend_internal.c -+++ libvirt-1.2.10/src/xen/xend_internal.c +--- libvirt-1.2.12.orig/src/xen/xend_internal.c ++++ libvirt-1.2.12/src/xen/xend_internal.c @@ -72,7 +72,7 @@ VIR_LOG_INIT("xen.xend_internal"); #define XEND_RCV_BUF_MAX_LEN (256 * 1024) @@ -27,7 +27,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c virDomainDeviceDefPtr dev, char *class, char *ref, int ref_len); -@@ -3325,37 +3325,35 @@ xenDaemonDomainBlockPeek(virConnectPtr c +@@ -3319,37 +3319,35 @@ xenDaemonDomainBlockPeek(virConnectPtr c * Returns 0 in case of success, -1 in case of failure. */ static int @@ -80,7 +80,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { char mac[VIR_MAC_STRING_BUFLEN]; virDomainNetDefPtr netdef = dev->data.net; -@@ -3363,16 +3361,22 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3357,16 +3355,22 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "vif"); @@ -113,7 +113,7 @@ Index: libvirt-1.2.10/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { -@@ -3388,17 +3392,43 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3382,17 +3386,43 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "pci"); diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index fd92d9a..8bbd998 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.10/src/xenconfig/xen_sxpr.c +Index: libvirt-1.2.12/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-1.2.10.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-1.2.10/src/xenconfig/xen_sxpr.c +--- libvirt-1.2.12.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-1.2.12/src/xenconfig/xen_sxpr.c @@ -334,7 +334,7 @@ xenParseSxprChar(const char *value, static int xenParseSxprDisks(virDomainDefPtr def,