diff --git a/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch b/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch new file mode 100644 index 0000000..74442ed --- /dev/null +++ b/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch @@ -0,0 +1,45 @@ +From 2089ab2112e763d6de5888e498afc4fbdc3376db Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Wed, 20 Dec 2017 17:36:10 +0100 +Subject: [PATCH] netserver: close clients before stopping all drivers + +So far clients were closed when disposing the daemon, after the state +driver cleanup. This was leading to libvirtd crashing at shutdown due +to missing driver. + +Moving the client close in virNetServerClose() fixes the problem. + +Reviewed-by: Erik Skultety +--- + src/rpc/virnetserver.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c +index 2b76daab5..43f889e2a 100644 +--- a/src/rpc/virnetserver.c ++++ b/src/rpc/virnetserver.c +@@ -774,10 +774,8 @@ void virNetServerDispose(void *obj) + virObjectUnref(srv->programs[i]); + VIR_FREE(srv->programs); + +- for (i = 0; i < srv->nclients; i++) { +- virNetServerClientClose(srv->clients[i]); ++ for (i = 0; i < srv->nclients; i++) + virObjectUnref(srv->clients[i]); +- } + VIR_FREE(srv->clients); + + VIR_FREE(srv->mdnsGroupName); +@@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv) + for (i = 0; i < srv->nservices; i++) + virNetServerServiceClose(srv->services[i]); + ++ for (i = 0; i < srv->nclients; i++) ++ virNetServerClientClose(srv->clients[i]); ++ + virObjectUnlock(srv); + } + +-- +2.15.1 + diff --git a/lxc-hostname.patch b/b475a91b-add-virStringFilterChars-string-utility.patch similarity index 68% rename from lxc-hostname.patch rename to b475a91b-add-virStringFilterChars-string-utility.patch index d5f56a5..e1999ca 100644 --- a/lxc-hostname.patch +++ b/b475a91b-add-virStringFilterChars-string-utility.patch @@ -1,8 +1,21 @@ +From b475a91b7753281eb60b87f75b0055fe3c139276 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Mon, 18 Dec 2017 15:46:53 +0100 +Subject: [PATCH 1/2] Add virStringFilterChars() string utility + +Add a function to filter a string based on a list of valid characters. +--- + src/libvirt_private.syms | 1 + + src/util/virstring.c | 24 ++++++++++++++++++++++++ + src/util/virstring.h | 1 + + tests/virstringtest.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 72 insertions(+) + diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index de4ec4d44..43971db67 100644 +index 18d0f2adf..6662c8dac 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms -@@ -2751,6 +2751,7 @@ virStrcpy; +@@ -2755,6 +2755,7 @@ virStrcpy; virStrdup; virStringBufferIsPrintable; virStringEncodeBase64; @@ -10,61 +23,8 @@ index de4ec4d44..43971db67 100644 virStringHasChars; virStringHasControlChars; virStringIsEmpty; -diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c -index b7216d6ee..246145fcd 100644 ---- a/src/lxc/lxc_container.c -+++ b/src/lxc/lxc_container.c -@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd, - return 0; - } - -+static const char hostname_validchars[] = -+ "abcdefghijklmnopqrstuvwxyz" -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" -+ "0123456789-"; -+ -+static int lxcContainerSetHostname(virDomainDefPtr def) -+{ -+ int ret = -1; -+ char *name = NULL; -+ char *hostname = NULL; -+ -+ /* Filter the VM name to get a valid hostname */ -+ if (VIR_STRDUP(name, def->name) < 0) -+ goto cleanup; -+ -+ /* RFC 1123 allows 0-9 digits as a first character in hostname */ -+ virStringFilterChars(name, hostname_validchars); -+ hostname = name; -+ if (strlen(name) > 0 && name[0] == '-') -+ hostname = name + 1; -+ -+ if (sethostname(hostname, strlen(hostname)) < 0) { -+ virReportSystemError(errno, "%s", _("Failed to set hostname")); -+ goto cleanup; -+ } -+ ret = 0; -+ -+ cleanup: -+ VIR_FREE(name); -+ return ret; -+} - - /** - * lxcContainerChild: -@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data) - goto cleanup; - } - -+ if (lxcContainerSetHostname(vmDef) < 0) -+ goto cleanup; -+ -+ - /* drop a set of root capabilities */ - if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0) - goto cleanup; diff --git a/src/util/virstring.c b/src/util/virstring.c -index b2ebce27f..b808aff2c 100644 +index 0cb06bdc9..1c58df915 100644 --- a/src/util/virstring.c +++ b/src/util/virstring.c @@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str) @@ -174,3 +134,6 @@ index 320f7a398..e8518ede1 100644 return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } +-- +2.15.1 + diff --git a/daemon-close-crasher.patch b/daemon-close-crasher.patch deleted file mode 100644 index 1e41658..0000000 --- a/daemon-close-crasher.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: libvirt-3.10.0/src/rpc/virnetserver.c -=================================================================== ---- libvirt-3.10.0.orig/src/rpc/virnetserver.c -+++ libvirt-3.10.0/src/rpc/virnetserver.c -@@ -775,7 +775,6 @@ void virNetServerDispose(void *obj) - VIR_FREE(srv->programs); - - for (i = 0; i < srv->nclients; i++) { -- virNetServerClientClose(srv->clients[i]); - virObjectUnref(srv->clients[i]); - } - VIR_FREE(srv->clients); -@@ -796,6 +795,9 @@ void virNetServerClose(virNetServerPtr s - for (i = 0; i < srv->nservices; i++) - virNetServerServiceClose(srv->services[i]); - -+ for (i = 0; i < srv->nclients; i++) -+ virNetServerClientClose(srv->clients[i]); -+ - virObjectUnlock(srv); - } - diff --git a/faec1958-lxc-set-hostname-based-on-container-name.patch b/faec1958-lxc-set-hostname-based-on-container-name.patch new file mode 100644 index 0000000..cefc477 --- /dev/null +++ b/faec1958-lxc-set-hostname-based-on-container-name.patch @@ -0,0 +1,69 @@ +From faec1958614bfcdb535b1bcc0ddac8cde4516e1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Mon, 18 Dec 2017 15:48:33 +0100 +Subject: [PATCH 2/2] lxc: set a hostname based on the container name + +Set a transient hostname on containers. The hostname is computed from +the container name, only keeping the valid characters [a-zA-Z0-9-] in it. +This filtering is based on RFC 1123 and allows a digit to start the +hostname. +--- + src/lxc/lxc_container.c | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c +index b7216d6ee..96fceaf1b 100644 +--- a/src/lxc/lxc_container.c ++++ b/src/lxc/lxc_container.c +@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd, + return 0; + } + ++static const char hostname_validchars[] = ++ "abcdefghijklmnopqrstuvwxyz" ++ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" ++ "0123456789-"; ++ ++static int lxcContainerSetHostname(virDomainDefPtr def) ++{ ++ int ret = -1; ++ char *name = NULL; ++ char *hostname = NULL; ++ ++ /* Filter the VM name to get a valid hostname */ ++ if (VIR_STRDUP(name, def->name) < 0) ++ goto cleanup; ++ ++ /* RFC 1123 allows 0-9 digits as a first character in hostname */ ++ virStringFilterChars(name, hostname_validchars); ++ hostname = name; ++ if (strlen(name) > 0 && name[0] == '-') ++ hostname = name + 1; ++ ++ if (sethostname(hostname, strlen(hostname)) < 0) { ++ virReportSystemError(errno, "%s", _("Failed to set hostname")); ++ goto cleanup; ++ } ++ ret = 0; ++ ++ cleanup: ++ VIR_FREE(name); ++ return ret; ++} + + /** + * lxcContainerChild: +@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data) + goto cleanup; + } + ++ if (lxcContainerSetHostname(vmDef) < 0) ++ goto cleanup; ++ ++ + /* drop a set of root capabilities */ + if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0) + goto cleanup; +-- +2.15.1 + diff --git a/fix-virt-aa-helper-profile.patch b/fix-virt-aa-helper-profile.patch new file mode 100644 index 0000000..949baee --- /dev/null +++ b/fix-virt-aa-helper-profile.patch @@ -0,0 +1,28 @@ +From 29eed5ffb8776f4e4ecf6dc6b3ee7f320f679e7e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Tue, 2 Jan 2018 09:54:46 +0100 +Subject: [PATCH] apparmor: fix virt-aa-helper profile + +Fix rule introduced by commit 0f33025a: + * to handle /var/run not being a symlink to /run + * to be properly parsed: missing comma at the end. +--- + examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper +index 9c822b644..105f09e43 100644 +--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper ++++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper +@@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { + /var/lib/libvirt/images/** r, + /{media,mnt,opt,srv}/** r, + # For virt-sandbox +- /run/libvirt/**/[sv]d[a-z] r ++ /{,var/}run/libvirt/**/[sv]d[a-z] r, + + /**.img r, + /**.raw r, +-- +2.15.1 + diff --git a/libvirt.changes b/libvirt.changes index c600627..8a35d65 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,4 +1,18 @@ ------------------------------------------------------------------- +Wed Jan 3 10:46:26 UTC 2018 - cbosdonnat@suse.com + +- Fix apparmor rules for virt-aa-helper (bsc#1074265) + fix-virt-aa-helper-profile.patch +- Lift VirtualBox dependency version to include 5.2.x +- Update upstreamed patches + Removed patches: + * daemon-close-crasher.patch + * lxc-hostname.patch + Added patches: + * 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch + * b475a91b-add-virStringFilterChars-string-utility.patch + * faec1958-lxc-set-hostname-based-on-container-name.patch +------------------------------------------------------------------- Wed Dec 20 16:58:50 UTC 2017 - cbosdonnat@suse.com - Close clients before drivers are cleaned up to avoid crash at diff --git a/libvirt.spec b/libvirt.spec index 2fe39a1..e89d0d2 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -312,9 +312,13 @@ Patch0: 2d07f1f0-fix-storage-crash.patch Patch1: 69ed99c7-dom0-persistent.patch Patch2: 8599aedd-libvirt-guests-dom0-filter.patch Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch +Patch4: b475a91b-add-virStringFilterChars-string-utility.patch +Patch5: faec1958-lxc-set-hostname-based-on-container-name.patch +Patch6: 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch +Patch102: fix-virt-aa-helper-profile.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -322,8 +326,6 @@ Patch152: libvirt-power8-models.patch Patch153: ppc64le-canonical-name.patch Patch154: libxl-set-migration-constraints.patch Patch155: libxl-set-cach-mode.patch -Patch156: lxc-hostname.patch -Patch157: daemon-close-crasher.patch # Our patches Patch200: suse-libvirtd-disable-tls.patch Patch201: suse-libvirtd-sysconfig-settings.patch @@ -796,7 +798,7 @@ Requires: %{name}-daemon-driver-storage = %{version}-%{release} Requires: %{name}-daemon-driver-vbox = %{version}-%{release} # Specify supported virtualbox API explicitly. See ./src/vbox # Reference bsc#1017189 -Requires: virtualbox < 5.2 +Requires: virtualbox < 5.3 %description daemon-vbox Server side daemon and driver required to manage the virtualization @@ -893,16 +895,18 @@ libvirt plugin for NSS for translating domain names into IP addresses. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch100 -p1 %patch101 -p1 +%patch102 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 %patch154 -p1 %patch155 -p1 -%patch156 -p1 -%patch157 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1