Accepting request 684124 from Virtualization
OBS-URL: https://build.opensuse.org/request/show/684124 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=275
This commit is contained in:
commit
5cc78c273e
@ -18,10 +18,10 @@ them.
|
||||
create mode 100644 src/conf/domain_stats.c
|
||||
create mode 100644 src/conf/domain_stats.h
|
||||
|
||||
Index: libvirt-5.0.0/src/conf/domain_stats.c
|
||||
Index: libvirt-5.1.0/src/conf/domain_stats.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libvirt-5.0.0/src/conf/domain_stats.c
|
||||
+++ libvirt-5.1.0/src/conf/domain_stats.c
|
||||
@@ -0,0 +1,139 @@
|
||||
+/*
|
||||
+ * domain_stats.c: domain stats extraction helpers
|
||||
@ -162,10 +162,10 @@ Index: libvirt-5.0.0/src/conf/domain_stats.c
|
||||
+}
|
||||
+
|
||||
+#undef STATS_ADD_NET_PARAM
|
||||
Index: libvirt-5.0.0/src/conf/domain_stats.h
|
||||
Index: libvirt-5.1.0/src/conf/domain_stats.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libvirt-5.0.0/src/conf/domain_stats.h
|
||||
+++ libvirt-5.1.0/src/conf/domain_stats.h
|
||||
@@ -0,0 +1,64 @@
|
||||
+/*
|
||||
+ * domain_stats.h: domain stats extraction helpers
|
||||
@ -231,11 +231,11 @@ Index: libvirt-5.0.0/src/conf/domain_stats.h
|
||||
+ int *maxparams);
|
||||
+
|
||||
+#endif /* __DOMAIN_STATS_H */
|
||||
Index: libvirt-5.0.0/src/libvirt_private.syms
|
||||
Index: libvirt-5.1.0/src/libvirt_private.syms
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libvirt_private.syms
|
||||
+++ libvirt-5.0.0/src/libvirt_private.syms
|
||||
@@ -661,6 +661,9 @@ virDomainConfNWFilterInstantiate;
|
||||
--- libvirt-5.1.0.orig/src/libvirt_private.syms
|
||||
+++ libvirt-5.1.0/src/libvirt_private.syms
|
||||
@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate;
|
||||
virDomainConfNWFilterTeardown;
|
||||
virDomainConfVMNWFilterTeardown;
|
||||
|
||||
@ -245,7 +245,7 @@ Index: libvirt-5.0.0/src/libvirt_private.syms
|
||||
|
||||
# conf/interface_conf.h
|
||||
virInterfaceDefFormat;
|
||||
@@ -1550,6 +1553,7 @@ virCgroupGetMemoryUsage;
|
||||
@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage;
|
||||
virCgroupGetMemSwapHardLimit;
|
||||
virCgroupGetMemSwapUsage;
|
||||
virCgroupGetPercpuStats;
|
||||
@ -253,10 +253,10 @@ Index: libvirt-5.0.0/src/libvirt_private.syms
|
||||
virCgroupHasController;
|
||||
virCgroupHasEmptyTasks;
|
||||
virCgroupKillPainfully;
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
Index: libvirt-5.1.0/src/qemu/qemu_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
|
||||
@@ -67,6 +67,7 @@
|
||||
#include "virarptable.h"
|
||||
#include "viruuid.h"
|
||||
@ -265,7 +265,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
#include "domain_audit.h"
|
||||
#include "node_device_conf.h"
|
||||
#include "virpci.h"
|
||||
@@ -19969,21 +19970,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
|
||||
@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
|
||||
int *maxparams,
|
||||
unsigned int privflags ATTRIBUTE_UNUSED)
|
||||
{
|
||||
@ -288,7 +288,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
}
|
||||
|
||||
|
||||
@@ -20173,37 +20160,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
|
||||
@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
|
||||
int *maxparams)
|
||||
{
|
||||
qemuDomainObjPrivatePtr priv = dom->privateData;
|
||||
@ -327,7 +327,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
}
|
||||
|
||||
|
||||
@@ -20401,44 +20358,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
|
||||
@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -372,7 +372,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
static int
|
||||
qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
|
||||
virDomainObjPtr dom,
|
||||
@@ -20446,68 +20365,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
|
||||
@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
|
||||
int *maxparams,
|
||||
unsigned int privflags ATTRIBUTE_UNUSED)
|
||||
{
|
||||
@ -442,7 +442,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
#define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \
|
||||
do { \
|
||||
char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
|
||||
@@ -20740,10 +20600,10 @@ qemuDomainGetStatsBlockExportHeader(virD
|
||||
@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
@ -455,7 +455,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
if (src->id)
|
||||
QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex",
|
||||
src->id);
|
||||
@@ -20897,7 +20757,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
|
||||
@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
|
||||
* after the iteration than it is to iterate twice; but we still
|
||||
* want count listed first. */
|
||||
count_index = record->nparams;
|
||||
@ -464,7 +464,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
|
||||
for (i = 0; i < dom->def->ndisks; i++) {
|
||||
if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats,
|
||||
@@ -20922,8 +20782,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
|
||||
@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
|
||||
|
||||
#undef QEMU_ADD_BLOCK_PARAM_ULL
|
||||
|
||||
@ -473,7 +473,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
#define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \
|
||||
do { \
|
||||
char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
|
||||
@@ -20975,7 +20833,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
|
||||
@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
|
||||
if (niothreads == 0)
|
||||
return 0;
|
||||
|
||||
@ -482,7 +482,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
|
||||
for (i = 0; i < niothreads; i++) {
|
||||
if (iothreads[i]->poll_valid) {
|
||||
@@ -21008,8 +20866,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
|
||||
@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
|
||||
|
||||
#undef QEMU_ADD_IOTHREAD_PARAM_ULL
|
||||
|
||||
@ -491,11 +491,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
static int
|
||||
qemuDomainGetStatsPerfOneEvent(virPerfPtr perf,
|
||||
virPerfEventType type,
|
||||
Index: libvirt-5.0.0/src/util/vircgroup.c
|
||||
Index: libvirt-5.1.0/src/util/vircgroup.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/util/vircgroup.c
|
||||
+++ libvirt-5.0.0/src/util/vircgroup.c
|
||||
@@ -2796,6 +2796,44 @@ virCgroupControllerAvailable(int control
|
||||
--- libvirt-5.1.0.orig/src/util/vircgroup.c
|
||||
+++ libvirt-5.1.0/src/util/vircgroup.c
|
||||
@@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -540,7 +540,7 @@ Index: libvirt-5.0.0/src/util/vircgroup.c
|
||||
#else /* !__linux__ */
|
||||
|
||||
bool
|
||||
@@ -2805,6 +2843,15 @@ virCgroupAvailable(void)
|
||||
@@ -2809,6 +2847,15 @@ virCgroupAvailable(void)
|
||||
}
|
||||
|
||||
|
||||
@ -556,10 +556,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.c
|
||||
int
|
||||
virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED,
|
||||
bool create ATTRIBUTE_UNUSED,
|
||||
Index: libvirt-5.0.0/src/util/vircgroup.h
|
||||
Index: libvirt-5.1.0/src/util/vircgroup.h
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/util/vircgroup.h
|
||||
+++ libvirt-5.0.0/src/util/vircgroup.h
|
||||
--- libvirt-5.1.0.orig/src/util/vircgroup.h
|
||||
+++ libvirt-5.1.0/src/util/vircgroup.h
|
||||
@@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou
|
||||
int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller);
|
||||
|
||||
@ -570,10 +570,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.h
|
||||
+ int *maxparams);
|
||||
+
|
||||
#endif /* LIBVIRT_VIRCGROUP_H */
|
||||
Index: libvirt-5.0.0/src/conf/Makefile.inc.am
|
||||
Index: libvirt-5.1.0/src/conf/Makefile.inc.am
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/conf/Makefile.inc.am
|
||||
+++ libvirt-5.0.0/src/conf/Makefile.inc.am
|
||||
--- libvirt-5.1.0.orig/src/conf/Makefile.inc.am
|
||||
+++ libvirt-5.1.0/src/conf/Makefile.inc.am
|
||||
@@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \
|
||||
conf/domain_audit.h \
|
||||
conf/domain_nwfilter.c \
|
||||
|
46
0001-apparmor-Check-libvirtd-profile-status-by-name.patch
Normal file
46
0001-apparmor-Check-libvirtd-profile-status-by-name.patch
Normal file
@ -0,0 +1,46 @@
|
||||
From b1a50c10c95747dacd31a23b5c73ec4f938af329 Mon Sep 17 00:00:00 2001
|
||||
From: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri, 1 Mar 2019 14:34:17 -0700
|
||||
Subject: [PATCH 1/2] apparmor: Check libvirtd profile status by name
|
||||
|
||||
Commit a3ab6d42 changed the libvirtd profile to a named profile,
|
||||
breaking the apparmor driver's ability to detect if the profile is
|
||||
active. When the apparmor driver loads it checks the status of the
|
||||
libvirtd profile using the full binary path, which fails since the
|
||||
profile is now referenced by name. If the apparmor driver is
|
||||
explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails
|
||||
to load too.
|
||||
|
||||
Instead of only checking the profile status by full binary path,
|
||||
also check by profile name. The full path check is retained in case
|
||||
users have a customized libvirtd profile with full path.
|
||||
|
||||
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
---
|
||||
src/security/security_apparmor.c | 12 +++++++++---
|
||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: libvirt-5.1.0/src/security/security_apparmor.c
|
||||
===================================================================
|
||||
--- libvirt-5.1.0.orig/src/security/security_apparmor.c
|
||||
+++ libvirt-5.1.0/src/security/security_apparmor.c
|
||||
@@ -257,10 +257,16 @@ use_apparmor(void)
|
||||
if (access(APPARMOR_PROFILES_PATH, R_OK) != 0)
|
||||
goto cleanup;
|
||||
|
||||
+ /* First check profile status using full binary path. If that fails
|
||||
+ * check using profile name.
|
||||
+ */
|
||||
rc = profile_status(libvirt_daemon, 1);
|
||||
- /* Error or unconfined should all result in -1*/
|
||||
- if (rc < 0)
|
||||
- rc = -1;
|
||||
+ if (rc < 0) {
|
||||
+ rc = profile_status("libvirtd", 1);
|
||||
+ /* Error or unconfined should all result in -1*/
|
||||
+ if (rc < 0)
|
||||
+ rc = -1;
|
||||
+ }
|
||||
|
||||
cleanup:
|
||||
VIR_FREE(libvirt_daemon);
|
@ -19,10 +19,10 @@ reworking this patch and submitting it to upstream libvirt.
|
||||
src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 91 insertions(+)
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
|
||||
|
||||
#undef LIBXL_SET_MEMSTAT
|
||||
|
@ -0,0 +1,40 @@
|
||||
From 85001fd799deb33338aed627b3c3a6870cb70d2d Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||
Date: Fri, 1 Mar 2019 11:29:51 +0100
|
||||
Subject: [PATCH] qemu: Fix query-cpus-fast target architecture detection
|
||||
|
||||
Since qemu 2.13 reports the target architecture in a property called
|
||||
'target' additionally to the property 'arch', that has been used in
|
||||
qemu 2.12 in the response data of 'query-cpus-fast'.
|
||||
Libvirts monitor code prefers the 'target' property over 'arch'.
|
||||
|
||||
At least for s390(x), target is reported as 's390x' while arch is 's390'.
|
||||
In a later step a comparison is performed against 's390' which fails for
|
||||
qemu 2.13 and later.
|
||||
|
||||
In consequence the architecture specific data for s390 won't be extracted
|
||||
from the returned data, leading to incorrect values being reported by
|
||||
virsh domstats --vcpu.
|
||||
|
||||
Changing to check explicitly for 's390' and 's390x'.
|
||||
|
||||
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
|
||||
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
|
||||
---
|
||||
src/qemu/qemu_monitor_json.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
Index: libvirt-5.1.0/src/qemu/qemu_monitor_json.c
|
||||
===================================================================
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu_monitor_json.c
|
||||
+++ libvirt-5.1.0/src/qemu/qemu_monitor_json.c
|
||||
@@ -1772,7 +1772,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONVal
|
||||
goto cleanup;
|
||||
|
||||
/* process optional architecture-specific data */
|
||||
- if (STREQ_NULLABLE(arch, "s390"))
|
||||
+ if (STREQ_NULLABLE(arch, "s390") || STREQ_NULLABLE(arch, "s390x"))
|
||||
qemuMonitorJSONExtractCPUS390Info(entry, cpus + i);
|
||||
}
|
||||
|
@ -9,10 +9,10 @@ them using the existing API.
|
||||
src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 138 insertions(+)
|
||||
|
||||
Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
Index: libvirt-5.1.0/src/lxc/lxc_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
|
||||
@@ -75,6 +75,7 @@
|
||||
#include "viraccessapichecklxc.h"
|
||||
#include "virhostdev.h"
|
||||
@ -21,7 +21,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_LXC
|
||||
|
||||
@@ -5408,6 +5409,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
|
||||
@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -164,7 +164,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
|
||||
/* Function Tables */
|
||||
static virHypervisorDriver lxcHypervisorDriver = {
|
||||
@@ -5503,6 +5640,7 @@ static virHypervisorDriver lxcHypervisor
|
||||
@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor
|
||||
.nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */
|
||||
.nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */
|
||||
.domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */
|
||||
|
@ -1,34 +0,0 @@
|
||||
commit 11c8aca938bff7f6b7fb9def732262f3ad9e91f9
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Thu Jan 10 15:18:36 2019 -0700
|
||||
|
||||
libxl: Set current memory value after successful balloon
|
||||
|
||||
The libxl driver does not set the new memory value in the active domain def
|
||||
after a successful balloon. This results in the old memory value in
|
||||
<currentMemory>. E.g.
|
||||
|
||||
virsh dumpxml test | grep currentMemory
|
||||
<currentMemory unit='KiB'>20971520</currentMemory>
|
||||
virsh setmem test 16777216 --live
|
||||
virsh dumpxml test | grep currentMemory
|
||||
<currentMemory unit='KiB'>20971520</currentMemory>
|
||||
|
||||
Set the new memory value in active domain def after a successful call to
|
||||
libxl_set_memory_target().
|
||||
|
||||
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
@@ -1676,6 +1676,7 @@ libxlDomainSetMemoryFlags(virDomainPtr d
|
||||
" with libxenlight"), vm->def->id);
|
||||
goto endjob;
|
||||
}
|
||||
+ vm->def->mem.cur_balloon = newmem;
|
||||
}
|
||||
|
||||
if (flags & VIR_DOMAIN_MEM_CONFIG) {
|
@ -1,103 +0,0 @@
|
||||
commit 17f6a257f1ea484489277f4da38be914b246a30b
|
||||
Author: Erik Skultety <eskultet@redhat.com>
|
||||
Date: Thu Jan 31 15:16:50 2019 +0100
|
||||
|
||||
security: dac: Relabel /dev/sev in the namespace
|
||||
|
||||
The default permissions (0600 root:root) are of no use to the qemu
|
||||
process so we need to change the owner to qemu iff running with
|
||||
namespaces.
|
||||
|
||||
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/security/security_dac.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/security_dac.c
|
||||
+++ libvirt-5.0.0/src/security/security_dac.c
|
||||
@@ -48,6 +48,7 @@
|
||||
VIR_LOG_INIT("security.security_dac");
|
||||
|
||||
#define SECURITY_DAC_NAME "dac"
|
||||
+#define DEV_SEV "/dev/sev"
|
||||
|
||||
typedef struct _virSecurityDACData virSecurityDACData;
|
||||
typedef virSecurityDACData *virSecurityDACDataPtr;
|
||||
@@ -1690,6 +1691,16 @@ virSecurityDACRestoreMemoryLabel(virSecu
|
||||
|
||||
|
||||
static int
|
||||
+virSecurityDACRestoreSEVLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
+ virDomainDefPtr def ATTRIBUTE_UNUSED)
|
||||
+{
|
||||
+ /* we only label /dev/sev when running with namespaces, so we don't need to
|
||||
+ * restore anything */
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
bool migrated,
|
||||
@@ -1759,6 +1770,11 @@ virSecurityDACRestoreAllLabel(virSecurit
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
+ if (def->sev) {
|
||||
+ if (virSecurityDACRestoreSEVLabel(mgr, def) < 0)
|
||||
+ rc = -1;
|
||||
+ }
|
||||
+
|
||||
if (def->os.loader && def->os.loader->nvram &&
|
||||
virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
|
||||
rc = -1;
|
||||
@@ -1833,6 +1849,36 @@ virSecurityDACSetMemoryLabel(virSecurity
|
||||
|
||||
|
||||
static int
|
||||
+virSecurityDACSetSEVLabel(virSecurityManagerPtr mgr,
|
||||
+ virDomainDefPtr def)
|
||||
+{
|
||||
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
+ virSecurityLabelDefPtr seclabel;
|
||||
+ uid_t user;
|
||||
+ gid_t group;
|
||||
+
|
||||
+ /* Skip chowning /dev/sev if namespaces are disabled as we'd significantly
|
||||
+ * increase the chance of a DOS attack on SEV
|
||||
+ */
|
||||
+ if (!priv->mountNamespace)
|
||||
+ return 0;
|
||||
+
|
||||
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
+ if (seclabel && !seclabel->relabel)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV,
|
||||
+ user, group, false) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
const char *stdin_path ATTRIBUTE_UNUSED,
|
||||
@@ -1902,6 +1948,11 @@ virSecurityDACSetAllLabel(virSecurityMan
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (def->sev) {
|
||||
+ if (virSecurityDACSetSEVLabel(mgr, def) < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (virSecurityDACGetImageIds(secdef, priv, &user, &group))
|
||||
return -1;
|
||||
|
33
4ec3cf9a-apparmor-rules.patch
Normal file
33
4ec3cf9a-apparmor-rules.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit 4ec3cf9a0fc3d76058ea363a6c35df19e67e6261
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri Mar 1 15:05:36 2019 -0700
|
||||
|
||||
apparmor: Add ptrace and signal rules for named profile
|
||||
|
||||
Commit a3ab6d42 changed the libvirtd profile to a named profile
|
||||
but neglected to accommodate the change in the qemu profile
|
||||
ptrace and signal rules. As a result, libvirtd is unable to
|
||||
signal confined qemu processes and hence unable to shutdown
|
||||
or destroy VMs.
|
||||
|
||||
Add ptrace and signal rules that reference the libvirtd profile
|
||||
by name in addition to full binary path.
|
||||
|
||||
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
Acked-by: Jamie Strandboge <jamie@canonical.com>
|
||||
|
||||
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
===================================================================
|
||||
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
|
||||
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
@@ -16,8 +16,10 @@
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
+ ptrace (readby, tracedby) peer=libvirtd,
|
||||
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
|
||||
|
||||
+ signal (receive) peer=libvirtd,
|
||||
signal (receive) peer=/usr/sbin/libvirtd,
|
||||
|
||||
/dev/net/tun rw,
|
@ -1,25 +0,0 @@
|
||||
commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6
|
||||
Author: Peter Krempa <pkrempa@redhat.com>
|
||||
Date: Mon Feb 4 16:24:15 2019 +0100
|
||||
|
||||
qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
|
||||
|
||||
It will not work. This breaks qemu capabilities probing as a user.
|
||||
|
||||
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||||
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
|
||||
#if WITH_CAPNG
|
||||
/* QEMU might run into permission issues, e.g. /dev/sev (0600), override
|
||||
* them just for the purpose of probing */
|
||||
- virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
|
||||
+ if (geteuid() == 0)
|
||||
+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
|
||||
#endif
|
||||
|
||||
virCommandSetGID(cmd->cmd, cmd->runGid);
|
@ -1,60 +0,0 @@
|
||||
commit 6fd4c8f8785a063112c8161a3a3f5ad3cb6647ea
|
||||
Author: Erik Skultety <eskultet@redhat.com>
|
||||
Date: Tue Jan 22 13:46:16 2019 +0100
|
||||
|
||||
qemu: domain: Add /dev/sev into the domain mount namespace selectively
|
||||
|
||||
Instead of exposing /dev/sev to every domain, do it selectively.
|
||||
|
||||
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_domain.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_domain.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_domain.c
|
||||
@@ -116,6 +116,7 @@ VIR_ENUM_IMPL(qemuDomainNamespace, QEMU_
|
||||
#define DEVPREFIX "/dev/"
|
||||
#define DEV_VFIO "/dev/vfio/vfio"
|
||||
#define DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
|
||||
+#define DEV_SEV "/dev/sev"
|
||||
|
||||
|
||||
struct _qemuDomainLogContext {
|
||||
@@ -12018,6 +12019,26 @@ qemuDomainSetupLoader(virQEMUDriverConfi
|
||||
}
|
||||
|
||||
|
||||
+static int
|
||||
+qemuDomainSetupLaunchSecurity(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
|
||||
+ virDomainObjPtr vm,
|
||||
+ const struct qemuDomainCreateDeviceData *data)
|
||||
+{
|
||||
+ virDomainSEVDefPtr sev = vm->def->sev;
|
||||
+
|
||||
+ if (!sev || sev->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV)
|
||||
+ return 0;
|
||||
+
|
||||
+ VIR_DEBUG("Setting up launch security");
|
||||
+
|
||||
+ if (qemuDomainCreateDevice(DEV_SEV, data, false) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ VIR_DEBUG("Set up launch security");
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
int
|
||||
qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
|
||||
virSecurityManagerPtr mgr,
|
||||
@@ -12089,6 +12110,9 @@ qemuDomainBuildNamespace(virQEMUDriverCo
|
||||
if (qemuDomainSetupLoader(cfg, vm, &data) < 0)
|
||||
goto cleanup;
|
||||
|
||||
+ if (qemuDomainSetupLaunchSecurity(cfg, vm, &data) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
/* Save some mount points because we want to share them with the host */
|
||||
for (i = 0; i < ndevMountsPath; i++) {
|
||||
struct stat sb;
|
@ -1,38 +0,0 @@
|
||||
commit 70c2933da24dc4b004118afe2f9acaeabc42c0ad
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri Jan 11 17:26:03 2019 -0700
|
||||
|
||||
apparmor: Add support for named profiles
|
||||
|
||||
Upstream apparmor is switching to named profiles. In short,
|
||||
|
||||
/usr/sbin/dnsmasq {
|
||||
|
||||
becomes
|
||||
|
||||
profile dnsmasq /usr/sbin/dnsmasq {
|
||||
|
||||
Consequently, any profiles that reference profiles in a peer= condition
|
||||
need to be updated if the referenced profile switches to a named profile.
|
||||
Apparmor commit 9ab45d81 switched dnsmasq to a named profile. ATM it is
|
||||
the only named profile switch that has affected libvirt. Add rules to the
|
||||
libvirtd profile to reference dnsmasq in peer= conditions by profile name.
|
||||
|
||||
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
|
||||
+++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
|
||||
@@ -52,9 +52,11 @@
|
||||
|
||||
ptrace (read,trace) peer=unconfined,
|
||||
ptrace (read,trace) peer=/usr/sbin/libvirtd,
|
||||
+ ptrace (read,trace) peer=dnsmasq,
|
||||
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
|
||||
ptrace (read,trace) peer=libvirt-*,
|
||||
|
||||
+ signal (send) peer=dnsmasq,
|
||||
signal (send) peer=/usr/sbin/dnsmasq,
|
||||
signal (read, send) peer=libvirt-*,
|
||||
signal (send) set=("kill", "term") peer=unconfined,
|
@ -1,112 +0,0 @@
|
||||
commit a2d3dea9d41dba313d9566120a8ec9d358567bd0
|
||||
Author: Erik Skultety <eskultet@redhat.com>
|
||||
Date: Thu Jan 24 10:33:01 2019 +0100
|
||||
|
||||
qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues
|
||||
|
||||
This is mainly about /dev/sev and its default permissions 0600. Of
|
||||
course, rule of 'tinfoil' would be that we can't trust anything, but the
|
||||
probing code in QEMU is considered safe from security's perspective + we
|
||||
can't create an udev rule for this at the moment, because ioctls and
|
||||
file system permissions aren't cross-checked in kernel and therefore a
|
||||
user with read permissions could issue a 'privileged' operation on SEV
|
||||
which is currently only limited to root.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1665400
|
||||
|
||||
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
@@ -53,6 +53,10 @@
|
||||
#include <stdarg.h>
|
||||
#include <sys/utsname.h>
|
||||
|
||||
+#if WITH_CAPNG
|
||||
+# include <cap-ng.h>
|
||||
+#endif
|
||||
+
|
||||
#define VIR_FROM_THIS VIR_FROM_QEMU
|
||||
|
||||
VIR_LOG_INIT("qemu.qemu_capabilities");
|
||||
@@ -4521,6 +4525,13 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
|
||||
NULL);
|
||||
virCommandAddEnvPassCommon(cmd->cmd);
|
||||
virCommandClearCaps(cmd->cmd);
|
||||
+
|
||||
+#if WITH_CAPNG
|
||||
+ /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
|
||||
+ * them just for the purpose of probing */
|
||||
+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
|
||||
+#endif
|
||||
+
|
||||
virCommandSetGID(cmd->cmd, cmd->runGid);
|
||||
virCommandSetUID(cmd->cmd, cmd->runUid);
|
||||
|
||||
Index: libvirt-5.0.0/src/util/virutil.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/util/virutil.c
|
||||
+++ libvirt-5.0.0/src/util/virutil.c
|
||||
@@ -1502,8 +1502,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
|
||||
{
|
||||
size_t i;
|
||||
int capng_ret, ret = -1;
|
||||
- bool need_setgid = false, need_setuid = false;
|
||||
+ bool need_setgid = false;
|
||||
+ bool need_setuid = false;
|
||||
bool need_setpcap = false;
|
||||
+ const char *capstr = NULL;
|
||||
|
||||
/* First drop all caps (unless the requested uid is "unchanged" or
|
||||
* root and clearExistingCaps wasn't requested), then add back
|
||||
@@ -1512,14 +1514,18 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
|
||||
*/
|
||||
|
||||
if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0))
|
||||
- capng_clear(CAPNG_SELECT_BOTH);
|
||||
+ capng_clear(CAPNG_SELECT_BOTH);
|
||||
|
||||
for (i = 0; i <= CAP_LAST_CAP; i++) {
|
||||
+ capstr = capng_capability_to_name(i);
|
||||
+
|
||||
if (capBits & (1ULL << i)) {
|
||||
capng_update(CAPNG_ADD,
|
||||
CAPNG_EFFECTIVE|CAPNG_INHERITABLE|
|
||||
CAPNG_PERMITTED|CAPNG_BOUNDING_SET,
|
||||
i);
|
||||
+
|
||||
+ VIR_DEBUG("Added '%s' to child capabilities' set", capstr);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1579,6 +1585,27 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+# ifdef PR_CAP_AMBIENT
|
||||
+ /* we couldn't do this in the loop earlier above, because the capabilities
|
||||
+ * were not applied yet, since in order to add a capability into the AMBIENT
|
||||
+ * set, it has to be present in both the PERMITTED and INHERITABLE sets
|
||||
+ * (capabilities(7))
|
||||
+ */
|
||||
+ for (i = 0; i <= CAP_LAST_CAP; i++) {
|
||||
+ capstr = capng_capability_to_name(i);
|
||||
+
|
||||
+ if (capBits & (1ULL << i)) {
|
||||
+ if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0) {
|
||||
+ virReportSystemError(errno,
|
||||
+ _("prctl failed to enable '%s' in the "
|
||||
+ "AMBIENT set"),
|
||||
+ capstr);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+# endif
|
||||
+
|
||||
/* Set bounding set while we have CAP_SETPCAP. Unfortunately we cannot
|
||||
* do this if we failed to get the capability above, so ignore the
|
||||
* return value.
|
@ -1,38 +0,0 @@
|
||||
commit a3ab6d42d825499af44b8f19f9299e150d9687bc
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri Jan 11 17:59:59 2019 -0700
|
||||
|
||||
apparmor: convert libvirtd profile to a named profile
|
||||
|
||||
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
|
||||
+++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
|
||||
@@ -2,7 +2,7 @@
|
||||
#include <tunables/global>
|
||||
@{LIBVIRT}="libvirt"
|
||||
|
||||
-/usr/sbin/libvirtd flags=(attach_disconnected) {
|
||||
+profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/dbus>
|
||||
|
||||
@@ -51,7 +51,7 @@
|
||||
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
|
||||
|
||||
ptrace (read,trace) peer=unconfined,
|
||||
- ptrace (read,trace) peer=/usr/sbin/libvirtd,
|
||||
+ ptrace (read,trace) peer=@{profile_name},
|
||||
ptrace (read,trace) peer=dnsmasq,
|
||||
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
|
||||
ptrace (read,trace) peer=libvirt-*,
|
||||
@@ -123,6 +123,7 @@
|
||||
# For communication/control from libvirtd
|
||||
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
|
||||
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
|
||||
+ signal (receive) set=("term") peer=libvirtd,
|
||||
|
||||
/dev/net/tun rw,
|
||||
/etc/qemu/** r,
|
@ -1,50 +0,0 @@
|
||||
commit a404ac34768e975bd420d1eeac3811563da67e3f
|
||||
Author: Erik Skultety <eskultet@redhat.com>
|
||||
Date: Mon Jan 21 14:50:11 2019 +0100
|
||||
|
||||
qemu: cgroup: Expose /dev/sev/ only to domains that require SEV
|
||||
|
||||
SEV has a limit on number of concurrent guests. From security POV we
|
||||
should only expose resources (any resources for that matter) to domains
|
||||
that truly need them.
|
||||
|
||||
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_cgroup.c
|
||||
@@ -692,6 +692,22 @@ qemuTeardownChardevCgroup(virDomainObjPt
|
||||
|
||||
|
||||
static int
|
||||
+qemuSetupSEVCgroup(virDomainObjPtr vm)
|
||||
+{
|
||||
+ qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
+ int ret;
|
||||
+
|
||||
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
|
||||
+ return 0;
|
||||
+
|
||||
+ ret = virCgroupAllowDevicePath(priv->cgroup, "/dev/sev",
|
||||
+ VIR_CGROUP_DEVICE_RW, false);
|
||||
+ virDomainAuditCgroupPath(vm, priv->cgroup, "allow", "/dev/sev",
|
||||
+ "rw", ret);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
qemuSetupDevicesCgroup(virDomainObjPtr vm)
|
||||
{
|
||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||
@@ -798,6 +814,9 @@ qemuSetupDevicesCgroup(virDomainObjPtr v
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ if (vm->def->sev && qemuSetupSEVCgroup(vm) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
ret = 0;
|
||||
cleanup:
|
||||
virObjectUnref(cfg);
|
@ -1,7 +1,7 @@
|
||||
Index: libvirt-5.0.0/src/security/apparmor/libvirt-lxc
|
||||
Index: libvirt-5.1.0/src/security/apparmor/libvirt-lxc
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-lxc
|
||||
+++ libvirt-5.0.0/src/security/apparmor/libvirt-lxc
|
||||
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-lxc
|
||||
+++ libvirt-5.1.0/src/security/apparmor/libvirt-lxc
|
||||
@@ -2,39 +2,15 @@
|
||||
|
||||
#include <abstractions/base>
|
||||
|
@ -1,64 +0,0 @@
|
||||
commit b6440119185a4e307654a8d26d6d551a2675bf82
|
||||
Author: Erik Skultety <eskultet@redhat.com>
|
||||
Date: Mon Jan 21 14:48:02 2019 +0100
|
||||
|
||||
qemu: conf: Remove /dev/sev from the default cgroup device acl list
|
||||
|
||||
We should not give domains access to something they don't necessarily
|
||||
need by default. Remove it from the qemu driver docs too.
|
||||
|
||||
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
||||
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/docs/drvqemu.html.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/docs/drvqemu.html.in
|
||||
+++ libvirt-5.0.0/docs/drvqemu.html.in
|
||||
@@ -396,8 +396,7 @@ chmod o+x /path/to/directory
|
||||
/dev/null, /dev/full, /dev/zero,
|
||||
/dev/random, /dev/urandom,
|
||||
/dev/ptmx, /dev/kvm, /dev/kqemu,
|
||||
-/dev/rtc, /dev/hpet, /dev/net/tun,
|
||||
-/dev/sev
|
||||
+/dev/rtc, /dev/hpet, /dev/net/tun
|
||||
</pre>
|
||||
|
||||
<p>
|
||||
Index: libvirt-5.0.0/src/qemu/qemu.conf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-5.0.0/src/qemu/qemu.conf
|
||||
@@ -484,7 +484,7 @@
|
||||
# "/dev/null", "/dev/full", "/dev/zero",
|
||||
# "/dev/random", "/dev/urandom",
|
||||
# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||
-# "/dev/rtc","/dev/hpet", "/dev/sev"
|
||||
+# "/dev/rtc","/dev/hpet"
|
||||
#]
|
||||
#
|
||||
# RDMA migration requires the following extra files to be added to the list:
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_cgroup.c
|
||||
@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = {
|
||||
"/dev/null", "/dev/full", "/dev/zero",
|
||||
"/dev/random", "/dev/urandom",
|
||||
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||
- "/dev/rtc", "/dev/hpet", "/dev/sev",
|
||||
+ "/dev/rtc", "/dev/hpet",
|
||||
NULL,
|
||||
};
|
||||
#define DEVICE_PTY_MAJOR 136
|
||||
Index: libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
|
||||
+++ libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
|
||||
@@ -62,7 +62,6 @@ module Test_libvirtd_qemu =
|
||||
{ "8" = "/dev/kqemu" }
|
||||
{ "9" = "/dev/rtc" }
|
||||
{ "10" = "/dev/hpet" }
|
||||
- { "11" = "/dev/sev" }
|
||||
}
|
||||
{ "save_image_format" = "raw" }
|
||||
{ "dump_image_format" = "raw" }
|
@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu <cyliu@suse.com>
|
||||
src/qemu/qemu_driver.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
Index: libvirt-5.1.0/src/qemu/qemu_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_driver.c
|
||||
@@ -17798,6 +17798,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
|
||||
@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
|
38
f38ef0fa-no-RDMA-check.patch
Normal file
38
f38ef0fa-no-RDMA-check.patch
Normal file
@ -0,0 +1,38 @@
|
||||
commit f38ef0fac0582ac0cbb749af9d3f8ba515a6084a
|
||||
Author: Pavel Hrdina <phrdina@redhat.com>
|
||||
Date: Thu Mar 7 17:52:55 2019 +0100
|
||||
|
||||
util: skip RDMA detection for non-PCI network devices
|
||||
|
||||
Only PCI devices have '/sys/class/net/<ifname>/device/resource' so we
|
||||
need to skip this check for all other network devices.
|
||||
|
||||
Without this patch and RDMA enabled libvirt will not detect any network
|
||||
device that doesn't have the path above which includes 'lo', 'virbr',
|
||||
'tun', etc.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639258
|
||||
|
||||
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
|
||||
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
|
||||
|
||||
Index: libvirt-5.1.0/src/util/virnetdev.c
|
||||
===================================================================
|
||||
--- libvirt-5.1.0.orig/src/util/virnetdev.c
|
||||
+++ libvirt-5.1.0/src/util/virnetdev.c
|
||||
@@ -2914,8 +2914,14 @@ virNetDevRDMAFeature(const char *ifname,
|
||||
|
||||
if (virAsprintf(ð_devpath, SYSFS_NET_DIR "%s/device/resource", ifname) < 0)
|
||||
goto cleanup;
|
||||
- if (!virFileExists(eth_devpath))
|
||||
+
|
||||
+ /* If /sys/class/net/<ifname>/device/resource doesn't exist it is not a PCI
|
||||
+ * device and therefore it will not have RDMA. */
|
||||
+ if (!virFileExists(eth_devpath)) {
|
||||
+ ret = 0;
|
||||
goto cleanup;
|
||||
+ }
|
||||
+
|
||||
if (virFileReadAll(eth_devpath, RESOURCE_FILE_LEN, ð_res_buf) < 0)
|
||||
goto cleanup;
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:afa81dbbc90b5209575930a820a222ff371e5ece5c1d8ec8f46b53c52b73b2e7
|
||||
size 14832576
|
@ -1,10 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABAgAGBQJcPjX/AAoJEBVYiyZZa+pdu0MH/3FuXogeJV1NbW+DPKxVnmxS
|
||||
2GDQou2auTZ8SRjCUfR+jLMyYRwrdf2m8+9n1HEeiT8iILwzj/9MjeJFD7+8Czye
|
||||
LxDJaDhaDc/pXeVVx94DVb6KrxS660PYHNbZH3fUMWzOD1oPVvpVwmNCiOO8BXHH
|
||||
laY7fDvH3C2Um3s4vDpMuRKXtvCW+dJuwLPn2OJgfUCmD9fLfvN889PS5NP3Rr5i
|
||||
b/YNYzyfn7Zg0vIe5t/a6uoPp7qeICWG40X+TMiIOz9EjFvQfwQqBNtxoHjZH2Kb
|
||||
fY/KCX6lAWftFxxw+hqnSArwcDs5t6Uuqk96gGs0K6xXqnJVFHGKR9N1ps1KIaA=
|
||||
=MwoM
|
||||
-----END PGP SIGNATURE-----
|
3
libvirt-5.1.0.tar.xz
Normal file
3
libvirt-5.1.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:26f97a53d3172f07f8b63884d845ed71307c4675dc4e1b281c59d253e1e323ab
|
||||
size 14893608
|
10
libvirt-5.1.0.tar.xz.asc
Normal file
10
libvirt-5.1.0.tar.xz.asc
Normal file
@ -0,0 +1,10 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABAgAGBQJcfPYaAAoJEBVYiyZZa+pdr5QH/iyjpJYjAebt3UM8JO6b83gu
|
||||
ybcvvYyQEWQGK7afPYXdhOhgCA99Wn7oJc/+IcUufFVhzOrcJyLRgb+M7FRgtOrt
|
||||
BiUswGkYFOUIwBUDnT6Ynxtdl6ESAJJGhzXPFpUShyhxrHPh0Jr77sRJfgz93U/9
|
||||
t1IZ133EVm+Eynqejb5BDponPc28/1CsI37UL7ogCCFKNN0QTGBjkkXfGlD3FAtk
|
||||
zVYdl88e4MTW73d7EmK3I/zum0Wojp8HTD+RH69TjHt3ozoSFYvQHwlKxafNC6Mo
|
||||
1hR7QbpSAO2cA27waINUbtRHnEabiNgv9MlrJ54kDiFoUlJWeH7frzR6uNIRHjc=
|
||||
=13hI
|
||||
-----END PGP SIGNATURE-----
|
@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML
|
||||
|
||||
From: <ro@suse.de>
|
||||
|
||||
Index: libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml
|
||||
Index: libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/cpu_map/ppc64_POWER8.xml
|
||||
+++ libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml
|
||||
--- libvirt-5.1.0.orig/src/cpu_map/ppc64_POWER8.xml
|
||||
+++ libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
|
||||
@@ -4,5 +4,7 @@
|
||||
<pvr value='0x004b0000' mask='0xffff0000'/>
|
||||
<pvr value='0x004c0000' mask='0xffff0000'/>
|
||||
|
@ -1,8 +1,8 @@
|
||||
Index: libvirt-5.0.0/configure.ac
|
||||
Index: libvirt-5.1.0/configure.ac
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/configure.ac
|
||||
+++ libvirt-5.0.0/configure.ac
|
||||
@@ -255,6 +255,7 @@ LIBVIRT_ARG_LIBSSH
|
||||
--- libvirt-5.1.0.orig/configure.ac
|
||||
+++ libvirt-5.1.0/configure.ac
|
||||
@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
|
||||
LIBVIRT_ARG_LIBXML
|
||||
LIBVIRT_ARG_MACVTAP
|
||||
LIBVIRT_ARG_NETCF
|
||||
@ -10,7 +10,7 @@ Index: libvirt-5.0.0/configure.ac
|
||||
LIBVIRT_ARG_NLS
|
||||
LIBVIRT_ARG_NSS
|
||||
LIBVIRT_ARG_NUMACTL
|
||||
@@ -298,6 +299,7 @@ LIBVIRT_CHECK_LIBSSH
|
||||
@@ -300,6 +301,7 @@ LIBVIRT_CHECK_LIBSSH
|
||||
LIBVIRT_CHECK_LIBXML
|
||||
LIBVIRT_CHECK_MACVTAP
|
||||
LIBVIRT_CHECK_NETCF
|
||||
@ -18,7 +18,7 @@ Index: libvirt-5.0.0/configure.ac
|
||||
LIBVIRT_CHECK_NLS
|
||||
LIBVIRT_CHECK_NUMACTL
|
||||
LIBVIRT_CHECK_NWFILTER
|
||||
@@ -1012,6 +1014,7 @@ LIBVIRT_RESULT_LIBXL
|
||||
@@ -1015,6 +1017,7 @@ LIBVIRT_RESULT_LIBXL
|
||||
LIBVIRT_RESULT_LIBXML
|
||||
LIBVIRT_RESULT_MACVTAP
|
||||
LIBVIRT_RESULT_NETCF
|
||||
@ -26,10 +26,10 @@ Index: libvirt-5.0.0/configure.ac
|
||||
LIBVIRT_RESULT_NLS
|
||||
LIBVIRT_RESULT_NSS
|
||||
LIBVIRT_RESULT_NUMACTL
|
||||
Index: libvirt-5.0.0/tools/virsh.c
|
||||
Index: libvirt-5.1.0/tools/virsh.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/virsh.c
|
||||
+++ libvirt-5.0.0/tools/virsh.c
|
||||
--- libvirt-5.1.0.orig/tools/virsh.c
|
||||
+++ libvirt-5.1.0/tools/virsh.c
|
||||
@@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
|
||||
vshPrint(ctl, " Interface");
|
||||
# if defined(WITH_NETCF)
|
||||
@ -39,10 +39,10 @@ Index: libvirt-5.0.0/tools/virsh.c
|
||||
# elif defined(WITH_UDEV)
|
||||
vshPrint(ctl, " udev");
|
||||
# endif
|
||||
Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c
|
||||
Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-5.0.0/src/interface/interface_backend_netcf.c
|
||||
--- libvirt-5.1.0.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-5.1.0/src/interface/interface_backend_netcf.c
|
||||
@@ -21,7 +21,12 @@
|
||||
|
||||
#include <config.h>
|
||||
@ -126,10 +126,10 @@ Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c
|
||||
if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
|
||||
return -1;
|
||||
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
|
||||
Index: libvirt-5.0.0/src/interface/interface_driver.c
|
||||
Index: libvirt-5.1.0/src/interface/interface_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-5.0.0/src/interface/interface_driver.c
|
||||
--- libvirt-5.1.0.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-5.1.0/src/interface/interface_driver.c
|
||||
@@ -30,8 +30,15 @@ interfaceRegister(void)
|
||||
if (netcfIfaceRegister() == 0)
|
||||
return 0;
|
||||
@ -147,10 +147,10 @@ Index: libvirt-5.0.0/src/interface/interface_driver.c
|
||||
if (udevIfaceRegister() == 0)
|
||||
return 0;
|
||||
#endif /* WITH_UDEV */
|
||||
Index: libvirt-5.0.0/m4/virt-netcontrol.m4
|
||||
Index: libvirt-5.1.0/m4/virt-netcontrol.m4
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libvirt-5.0.0/m4/virt-netcontrol.m4
|
||||
+++ libvirt-5.1.0/m4/virt-netcontrol.m4
|
||||
@@ -0,0 +1,39 @@
|
||||
+dnl The libnetcontrol library
|
||||
+dnl
|
||||
@ -191,10 +191,10 @@ Index: libvirt-5.0.0/m4/virt-netcontrol.m4
|
||||
+AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
|
||||
+ LIBVIRT_RESULT_LIB([NETCONTROL])
|
||||
+])
|
||||
Index: libvirt-5.0.0/src/interface/Makefile.inc.am
|
||||
Index: libvirt-5.1.0/src/interface/Makefile.inc.am
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/interface/Makefile.inc.am
|
||||
+++ libvirt-5.0.0/src/interface/Makefile.inc.am
|
||||
--- libvirt-5.1.0.orig/src/interface/Makefile.inc.am
|
||||
+++ libvirt-5.1.0/src/interface/Makefile.inc.am
|
||||
@@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \
|
||||
$(NULL)
|
||||
|
||||
|
@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 11 22:50:43 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- util: skip RDMA detection for non-PCI network devices
|
||||
f38ef0fa-no-RDMA-check.patch
|
||||
bsc#1112182
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 6 20:34:53 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- qemu: s390: show correct CPU status after guest crash
|
||||
0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch
|
||||
bsc#1127841
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 6 17:11:49 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- apparmor: fix more fallout from changing libvirtd profile to a
|
||||
named profile
|
||||
4ec3cf9a-apparmor-rules.patch,
|
||||
0001-apparmor-Check-libvirtd-profile-status-by-name.patch
|
||||
boo#1125841
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 4 18:52:57 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- Update to libvirt 5.1.0
|
||||
- Many incremental improvements and bug fixes, see
|
||||
http://libvirt.org/news.html
|
||||
- Dropped patches:
|
||||
11c8aca9-libxl-set-mem-after-balloon.patch,
|
||||
70c2933d-apparmor-named-profiles.patch,
|
||||
a3ab6d42-apparmor-conv-libvirtd-named-profile.patch,
|
||||
b6440119-qemu-conf-sev.patch,
|
||||
a404ac34-qemu-cgroup-sev.patch,
|
||||
6fd4c8f8-qemu-domain-sev.patch,
|
||||
17f6a257-security-dac-sev.patch,
|
||||
a2d3dea9-qemu-caps-dac-override-sev.patch,
|
||||
620d9dd5-qemu-no-dac-override-nonroot.patch
|
||||
- jsc#SLE-3887, jsc#SLE-4480, jsc#SLE-4577
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 27 19:01:22 UTC 2019 - jfehlig@suse.com
|
||||
|
||||
|
51
libvirt.spec
51
libvirt.spec
@ -12,7 +12,7 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
@ -51,6 +51,7 @@
|
||||
%define with_numactl 0%{!?_without_numactl:0}
|
||||
%define with_numad 0%{!?_without_numad:0}
|
||||
%define with_firewalld 0%{!?_without_firewalld:0}
|
||||
%define with_firewalld_zone 0%{!?_without_firewalld_zone:0}
|
||||
%define with_libssh 0%{!?_without_libssh:0}
|
||||
%define with_bash_completion 0%{!?_without_bash_completion:0}
|
||||
|
||||
@ -177,12 +178,12 @@
|
||||
%endif
|
||||
|
||||
%if %{with_wireshark}
|
||||
%define wireshark_plugindir %(pkg-config --variable plugindir wireshark)
|
||||
%define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan
|
||||
%endif
|
||||
|
||||
Name: libvirt
|
||||
Url: http://libvirt.org/
|
||||
Version: 5.0.0
|
||||
Version: 5.1.0
|
||||
Release: 0
|
||||
Summary: Library providing a virtualization API
|
||||
License: LGPL-2.1-or-later
|
||||
@ -313,7 +314,7 @@ BuildRequires: systemtap-sdt-devel
|
||||
BuildRequires: numad
|
||||
%endif
|
||||
%if %{with_wireshark}
|
||||
BuildRequires: wireshark-devel >= 2.1.0
|
||||
BuildRequires: wireshark-devel >= 2.4.0
|
||||
%endif
|
||||
%if %{with_libssh}
|
||||
BuildRequires: libssh-devel >= 0.7.0
|
||||
@ -332,18 +333,13 @@ Source6: libvirtd-relocation-server.xml
|
||||
Source99: baselibs.conf
|
||||
Source100: %{name}-rpmlintrc
|
||||
# Upstream patches
|
||||
Patch0: 11c8aca9-libxl-set-mem-after-balloon.patch
|
||||
Patch1: 70c2933d-apparmor-named-profiles.patch
|
||||
Patch2: a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
|
||||
Patch3: b6440119-qemu-conf-sev.patch
|
||||
Patch4: a404ac34-qemu-cgroup-sev.patch
|
||||
Patch5: 6fd4c8f8-qemu-domain-sev.patch
|
||||
Patch6: 17f6a257-security-dac-sev.patch
|
||||
Patch7: a2d3dea9-qemu-caps-dac-override-sev.patch
|
||||
Patch8: 620d9dd5-qemu-no-dac-override-nonroot.patch
|
||||
Patch0: 4ec3cf9a-apparmor-rules.patch
|
||||
Patch1: f38ef0fa-no-RDMA-check.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
Patch102: 0001-apparmor-Check-libvirtd-profile-status-by-name.patch
|
||||
Patch103: 0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch
|
||||
# Need to go upstream
|
||||
Patch150: xen-pv-cdrom.patch
|
||||
Patch151: blockcopy-check-dst-identical-device.patch
|
||||
@ -859,7 +855,7 @@ Includes the Sanlock lock manager plugin for the QEMU driver
|
||||
Summary: Wireshark plugin for libvirt RPC protocol
|
||||
Group: Productivity/Networking/Diagnostic
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Requires: wireshark
|
||||
Requires: wireshark >= 2.4.0
|
||||
|
||||
%description -n wireshark-plugin-libvirt
|
||||
Wireshark dissector plugin for better analysis of libvirt RPC traffic.
|
||||
@ -876,15 +872,10 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch150 -p1
|
||||
%patch151 -p1
|
||||
%patch152 -p1
|
||||
@ -1006,6 +997,11 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%else
|
||||
%define arg_firewalld --without-firewalld
|
||||
%endif
|
||||
%if %{with_firewalld_zone}
|
||||
%define arg_firewalld_zone --with-firewalld-zone
|
||||
%else
|
||||
%define arg_firewalld_zone --without-firewalld-zone
|
||||
%endif
|
||||
%if %{with_wireshark}
|
||||
%define arg_wireshark --with-wireshark-dissector
|
||||
%else
|
||||
@ -1082,6 +1078,7 @@ export PYTHON=%{_bindir}/python3
|
||||
--with-dtrace \
|
||||
--with-driver-modules \
|
||||
%{?arg_firewalld} \
|
||||
%{?arg_firewalld_zone} \
|
||||
%{?arg_wireshark} \
|
||||
--with-nss-plugin \
|
||||
--libexecdir=%{_libdir}/%{name} \
|
||||
@ -1287,6 +1284,14 @@ if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ;
|
||||
done
|
||||
fi
|
||||
|
||||
%if %{with_firewalld_zone}
|
||||
%post daemon-driver-network
|
||||
%firewalld_reload
|
||||
|
||||
%postun daemon-driver-network
|
||||
%firewalld_reload
|
||||
%endif
|
||||
|
||||
%post daemon-config-network
|
||||
# Install the default network if one doesn't exist
|
||||
if test $1 -eq 1 && test ! -f %{_sysconfdir}/%{name}/qemu/networks/default.xml ; then
|
||||
@ -1433,6 +1438,9 @@ fi
|
||||
%attr(0755, root, root) %{_libdir}/%{name}/libvirt_leaseshelper
|
||||
%dir %{_libdir}/%{name}/connection-driver
|
||||
%{_libdir}/%{name}/connection-driver/libvirt_driver_network.so
|
||||
%if %{with_firewalld_zone}
|
||||
%{_prefix}/lib/firewalld/zones/libvirt.xml
|
||||
%endif
|
||||
|
||||
%files daemon-driver-nodedev
|
||||
%dir %{_libdir}/%{name}/connection-driver
|
||||
@ -1697,6 +1705,7 @@ fi
|
||||
%if %{with_wireshark}
|
||||
|
||||
%files -n wireshark-plugin-libvirt
|
||||
%dir %{wireshark_plugindir}/
|
||||
%{wireshark_plugindir}/libvirt.so
|
||||
%endif
|
||||
|
||||
|
@ -8,10 +8,10 @@ Date: Mon Jun 23 15:51:20 2014 -0600
|
||||
option, but domainReset can be implemented in the libxl driver by
|
||||
forcibly destroying the domain and starting it again.
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
@@ -1350,6 +1350,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
|
||||
}
|
||||
|
||||
|
@ -3,10 +3,10 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
|
||||
src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++
|
||||
1 file changed, 25 insertions(+)
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_conf.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_conf.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
|
||||
@@ -884,6 +884,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
#endif
|
||||
}
|
||||
|
@ -16,11 +16,11 @@ Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
tools/virsh.pod | 8 ++++++++
|
||||
6 files changed, 125 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h
|
||||
Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/include/libvirt/libvirt-domain.h
|
||||
+++ libvirt-5.0.0/include/libvirt/libvirt-domain.h
|
||||
@@ -1016,6 +1016,31 @@ typedef enum {
|
||||
--- libvirt-5.1.0.orig/include/libvirt/libvirt-domain.h
|
||||
+++ libvirt-5.1.0/include/libvirt/libvirt-domain.h
|
||||
@@ -1025,6 +1025,31 @@ typedef enum {
|
||||
*/
|
||||
# define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment"
|
||||
|
||||
@ -52,10 +52,10 @@ Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h
|
||||
/* Domain migration. */
|
||||
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
|
||||
unsigned long flags, const char *dname,
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
|
||||
@@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma
|
||||
const char *dname = NULL;
|
||||
const char *uri = NULL;
|
||||
@ -99,10 +99,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_migration.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_migration.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_migration.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_migration.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_migration.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_migration.c
|
||||
@@ -342,18 +342,39 @@ libxlMigrateDstReceive(virNetSocketPtr s
|
||||
static int
|
||||
libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver,
|
||||
@ -264,10 +264,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.c
|
||||
virObjectLock(vm);
|
||||
|
||||
if (ret < 0) {
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_migration.h
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_migration.h
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_migration.h
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_migration.h
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_migration.h
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_migration.h
|
||||
@@ -36,6 +36,10 @@
|
||||
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
|
||||
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
|
||||
@ -312,13 +312,13 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.h
|
||||
|
||||
virDomainPtr
|
||||
libxlDomainMigrationDstFinish(virConnectPtr dconn,
|
||||
Index: libvirt-5.0.0/tools/virsh-domain.c
|
||||
Index: libvirt-5.1.0/tools/virsh-domain.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/virsh-domain.c
|
||||
+++ libvirt-5.0.0/tools/virsh-domain.c
|
||||
@@ -10558,6 +10558,22 @@ static const vshCmdOptDef opts_migrate[]
|
||||
.type = VSH_OT_BOOL,
|
||||
.help = N_("use TLS for migration")
|
||||
--- libvirt-5.1.0.orig/tools/virsh-domain.c
|
||||
+++ libvirt-5.1.0/tools/virsh-domain.c
|
||||
@@ -10562,6 +10562,22 @@ static const vshCmdOptDef opts_migrate[]
|
||||
.type = VSH_OT_INT,
|
||||
.help = N_("post-copy migration bandwidth limit in MiB/s")
|
||||
},
|
||||
+ {.name = "max_iters",
|
||||
+ .type = VSH_OT_INT,
|
||||
@ -339,7 +339,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
|
||||
{.name = NULL}
|
||||
};
|
||||
|
||||
@@ -10581,6 +10597,7 @@ doMigrate(void *opaque)
|
||||
@@ -10585,6 +10601,7 @@ doMigrate(void *opaque)
|
||||
unsigned long long ullOpt = 0;
|
||||
int rv;
|
||||
virConnectPtr dconn = data->dconn;
|
||||
@ -347,7 +347,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
|
||||
|
||||
sigemptyset(&sigmask);
|
||||
sigaddset(&sigmask, SIGINT);
|
||||
@@ -10700,6 +10717,27 @@ doMigrate(void *opaque)
|
||||
@@ -10704,6 +10721,27 @@ doMigrate(void *opaque)
|
||||
goto save_error;
|
||||
}
|
||||
|
||||
@ -375,11 +375,11 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
|
||||
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
|
||||
goto out;
|
||||
if (opt) {
|
||||
Index: libvirt-5.0.0/tools/virsh.pod
|
||||
Index: libvirt-5.1.0/tools/virsh.pod
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/virsh.pod
|
||||
+++ libvirt-5.0.0/tools/virsh.pod
|
||||
@@ -1994,6 +1994,14 @@ Providing I<--tls> causes the migration
|
||||
--- libvirt-5.1.0.orig/tools/virsh.pod
|
||||
+++ libvirt-5.1.0/tools/virsh.pod
|
||||
@@ -1998,6 +1998,14 @@ Providing I<--tls> causes the migration
|
||||
the migration of the domain. Usage requires proper TLS setup for both source
|
||||
and target.
|
||||
|
||||
|
@ -7,10 +7,10 @@ and npiv.
|
||||
|
||||
For more details, see bsc#954872 and FATE#319810
|
||||
|
||||
Index: libvirt-5.0.0/src/libxl/libxl_conf.c
|
||||
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-5.0.0/src/libxl/libxl_conf.c
|
||||
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
|
||||
@@ -884,6 +884,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
#endif
|
||||
}
|
||||
|
@ -13,10 +13,10 @@ device with the same name that is being created.
|
||||
src/lxc/lxc_process.c | 1 +
|
||||
3 files changed, 4 insertions(+)
|
||||
|
||||
Index: libvirt-5.0.0/src/lxc/lxc_controller.c
|
||||
Index: libvirt-5.1.0/src/lxc/lxc_controller.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/lxc/lxc_controller.c
|
||||
+++ libvirt-5.0.0/src/lxc/lxc_controller.c
|
||||
--- libvirt-5.1.0.orig/src/lxc/lxc_controller.c
|
||||
+++ libvirt-5.1.0/src/lxc/lxc_controller.c
|
||||
@@ -69,6 +69,7 @@
|
||||
#include "rpc/virnetdaemon.h"
|
||||
#include "virstring.h"
|
||||
@ -25,7 +25,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_LXC
|
||||
|
||||
@@ -2016,6 +2017,7 @@ static int virLXCControllerDeleteInterfa
|
||||
@@ -2017,6 +2018,7 @@ static int virLXCControllerDeleteInterfa
|
||||
if (virNetDevVethDelete(ctrl->veths[i]) < 0)
|
||||
ret = -1;
|
||||
}
|
||||
@ -33,10 +33,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c
|
||||
|
||||
return ret;
|
||||
}
|
||||
Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
Index: libvirt-5.1.0/src/lxc/lxc_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
|
||||
@@ -70,6 +70,7 @@
|
||||
#include "virtime.h"
|
||||
#include "virtypedparam.h"
|
||||
@ -45,7 +45,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
#include "virstring.h"
|
||||
#include "viraccessapicheck.h"
|
||||
#include "viraccessapichecklxc.h"
|
||||
@@ -3942,6 +3943,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
|
||||
@@ -3930,6 +3931,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
|
||||
case VIR_DOMAIN_NET_TYPE_NETWORK:
|
||||
case VIR_DOMAIN_NET_TYPE_ETHERNET:
|
||||
ignore_value(virNetDevVethDelete(veth));
|
||||
@ -53,7 +53,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
break;
|
||||
|
||||
case VIR_DOMAIN_NET_TYPE_DIRECT:
|
||||
@@ -4385,6 +4387,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
|
||||
@@ -4373,6 +4375,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
|
||||
virDomainAuditNet(vm, detach, NULL, "detach", false);
|
||||
goto cleanup;
|
||||
}
|
||||
@ -61,10 +61,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
|
||||
break;
|
||||
|
||||
/* It'd be nice to support this, but with macvlan
|
||||
Index: libvirt-5.0.0/src/lxc/lxc_process.c
|
||||
Index: libvirt-5.1.0/src/lxc/lxc_process.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/lxc/lxc_process.c
|
||||
+++ libvirt-5.0.0/src/lxc/lxc_process.c
|
||||
--- libvirt-5.1.0.orig/src/lxc/lxc_process.c
|
||||
+++ libvirt-5.1.0/src/lxc/lxc_process.c
|
||||
@@ -51,6 +51,7 @@
|
||||
#include "viratomic.h"
|
||||
#include "virprocess.h"
|
||||
@ -73,7 +73,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_process.c
|
||||
#include "netdev_bandwidth_conf.h"
|
||||
|
||||
#define VIR_FROM_THIS VIR_FROM_LXC
|
||||
@@ -215,6 +216,7 @@ static void virLXCProcessCleanup(virLXCD
|
||||
@@ -226,6 +227,7 @@ static void virLXCProcessCleanup(virLXCD
|
||||
}
|
||||
virDomainNetReleaseActualDevice(vm->def, iface);
|
||||
}
|
||||
|
@ -17,11 +17,11 @@ Signed-off-by: Martin Wilck <mwilck@suse.com>
|
||||
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: libvirt-5.0.0/src/network/bridge_driver.c
|
||||
Index: libvirt-5.1.0/src/network/bridge_driver.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/network/bridge_driver.c
|
||||
+++ libvirt-5.0.0/src/network/bridge_driver.c
|
||||
@@ -1456,7 +1456,14 @@ networkDnsmasqConfContents(virNetworkObj
|
||||
--- libvirt-5.1.0.orig/src/network/bridge_driver.c
|
||||
+++ libvirt-5.1.0/src/network/bridge_driver.c
|
||||
@@ -1378,7 +1378,14 @@ networkDnsmasqConfContents(virNetworkObj
|
||||
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
|
||||
if (ipdef->nranges || ipdef->nhosts) {
|
||||
virBufferAddLit(&configbuf, "dhcp-no-override\n");
|
||||
@ -37,10 +37,10 @@ Index: libvirt-5.0.0/src/network/bridge_driver.c
|
||||
}
|
||||
|
||||
if (ipdef->tftproot) {
|
||||
Index: libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
Index: libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
+++ libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
--- libvirt-5.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
+++ libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
@@ -10,7 +10,6 @@ bind-dynamic
|
||||
interface=virbr1
|
||||
dhcp-range=192.168.122.1,static
|
||||
|
@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64
|
||||
|
||||
See bnc#894956
|
||||
|
||||
Index: libvirt-5.0.0/src/util/virarch.c
|
||||
Index: libvirt-5.1.0/src/util/virarch.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/util/virarch.c
|
||||
+++ libvirt-5.0.0/src/util/virarch.c
|
||||
--- libvirt-5.1.0.orig/src/util/virarch.c
|
||||
+++ libvirt-5.1.0/src/util/virarch.c
|
||||
@@ -172,6 +172,8 @@ virArch virArchFromHost(void)
|
||||
arch = VIR_ARCH_I686;
|
||||
} else if (STREQ(ut.machine, "amd64")) {
|
||||
|
@ -1,8 +1,8 @@
|
||||
Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
|
||||
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu
|
||||
+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu
|
||||
@@ -221,3 +221,6 @@
|
||||
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
|
||||
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
@@ -222,3 +222,6 @@
|
||||
# required for sasl GSSAPI plugin
|
||||
/etc/gss/mech.d/ r,
|
||||
/etc/gss/mech.d/* r,
|
||||
|
@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
|
||||
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
|
||||
2 files changed, 35 insertions(+), 15 deletions(-)
|
||||
|
||||
Index: libvirt-5.0.0/src/xenconfig/xen_common.c
|
||||
Index: libvirt-5.1.0/src/xenconfig/xen_common.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/xenconfig/xen_common.c
|
||||
+++ libvirt-5.0.0/src/xenconfig/xen_common.c
|
||||
--- libvirt-5.1.0.orig/src/xenconfig/xen_common.c
|
||||
+++ libvirt-5.1.0/src/xenconfig/xen_common.c
|
||||
@@ -386,12 +386,19 @@ xenParsePCI(char *entry)
|
||||
int busID;
|
||||
int slotID;
|
||||
@ -64,10 +64,10 @@ Index: libvirt-5.0.0/src/xenconfig/xen_common.c
|
||||
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
|
||||
hostdev->source.subsys.u.pci.addr.domain = domainID;
|
||||
hostdev->source.subsys.u.pci.addr.bus = busID;
|
||||
Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -1053,6 +1053,7 @@ xenParseSxprPCI(virDomainDefPtr def,
|
||||
int busID;
|
||||
int slotID;
|
||||
@ -91,7 +91,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
|
||||
dev->source.subsys.u.pci.addr.domain = domainID;
|
||||
dev->source.subsys.u.pci.addr.bus = busID;
|
||||
@@ -1968,11 +1971,15 @@ static void
|
||||
@@ -1962,11 +1965,15 @@ static void
|
||||
xenFormatSxprPCI(virDomainHostdevDefPtr def,
|
||||
virBufferPtr buf)
|
||||
{
|
||||
@ -108,7 +108,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
}
|
||||
|
||||
|
||||
@@ -1991,12 +1998,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
|
||||
@@ -1985,12 +1992,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
|
||||
virBufferPtr buf,
|
||||
int detach)
|
||||
{
|
||||
@ -121,7 +121,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
virBufferAddLit(buf, "(pci ");
|
||||
xenFormatSxprPCI(def, buf);
|
||||
if (detach)
|
||||
@@ -2051,12 +2052,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
|
||||
@@ -2045,12 +2046,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
|
||||
for (i = 0; i < def->nhostdevs; i++) {
|
||||
if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
|
||||
def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
|
||||
|
@ -8,11 +8,11 @@ It was also noticed that the per-domain profiles need a libnl rule
|
||||
to squelch a denial when starting confined domains.
|
||||
|
||||
Found while investigating bsc#1058847
|
||||
Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
|
||||
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu
|
||||
+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu
|
||||
@@ -62,6 +62,7 @@
|
||||
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
|
||||
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
|
||||
@@ -63,6 +63,7 @@
|
||||
#/dev/fb* rw,
|
||||
|
||||
/etc/pulse/client.conf r,
|
||||
@ -20,10 +20,10 @@ Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
|
||||
@{HOME}/.pulse-cookie rwk,
|
||||
owner /root/.pulse-cookie rwk,
|
||||
owner /root/.pulse/ rw,
|
||||
Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
Index: libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
--- libvirt-5.1.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
@@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
|
||||
owner @{PROC}/[0-9]*/status r,
|
||||
@{PROC}/filesystems r,
|
||||
@ -31,5 +31,5 @@ Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
- /etc/libnl-3/classid r,
|
||||
+ /etc/libnl*/classid r,
|
||||
|
||||
# for hostdev
|
||||
/sys/devices/ r,
|
||||
# for gl enabled graphics
|
||||
/dev/dri/{,*} r,
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust libvirt-guests service to conform to SUSE standards
|
||||
|
||||
Index: libvirt-5.0.0/tools/libvirt-guests.init.in
|
||||
Index: libvirt-5.1.0/tools/libvirt-guests.init.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/libvirt-guests.init.in
|
||||
+++ libvirt-5.0.0/tools/libvirt-guests.init.in
|
||||
--- libvirt-5.1.0.orig/tools/libvirt-guests.init.in
|
||||
+++ libvirt-5.1.0/tools/libvirt-guests.init.in
|
||||
@@ -4,27 +4,27 @@
|
||||
# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
|
||||
#
|
||||
@ -46,10 +46,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.init.in
|
||||
+
|
||||
|
||||
exec @libexecdir@/libvirt-guests.sh "$@"
|
||||
Index: libvirt-5.0.0/tools/libvirt-guests.sh.in
|
||||
Index: libvirt-5.1.0/tools/libvirt-guests.sh.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/libvirt-guests.sh.in
|
||||
+++ libvirt-5.0.0/tools/libvirt-guests.sh.in
|
||||
--- libvirt-5.1.0.orig/tools/libvirt-guests.sh.in
|
||||
+++ libvirt-5.1.0/tools/libvirt-guests.sh.in
|
||||
@@ -16,14 +16,13 @@
|
||||
# License along with this library. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
@ -209,10 +209,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.sh.in
|
||||
esac
|
||||
-exit $RETVAL
|
||||
+rc_exit
|
||||
Index: libvirt-5.0.0/tools/libvirt-guests.sysconf
|
||||
Index: libvirt-5.1.0/tools/libvirt-guests.sysconf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/tools/libvirt-guests.sysconf
|
||||
+++ libvirt-5.0.0/tools/libvirt-guests.sysconf
|
||||
--- libvirt-5.1.0.orig/tools/libvirt-guests.sysconf
|
||||
+++ libvirt-5.1.0/tools/libvirt-guests.sysconf
|
||||
@@ -1,19 +1,29 @@
|
||||
+## Path: System/Virtualization/libvirt-guests
|
||||
+
|
||||
|
@ -3,10 +3,10 @@ Disable TLS by default
|
||||
On SUSE distros, the default is for libvirtd to listen only on the
|
||||
Unix Domain Socket. The libvirt client still provides remote access
|
||||
via a SSH tunnel.
|
||||
Index: libvirt-5.0.0/src/remote/libvirtd.conf
|
||||
Index: libvirt-5.1.0/src/remote/libvirtd.conf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/remote/libvirtd.conf
|
||||
+++ libvirt-5.0.0/src/remote/libvirtd.conf
|
||||
--- libvirt-5.1.0.orig/src/remote/libvirtd.conf
|
||||
+++ libvirt-5.1.0/src/remote/libvirtd.conf
|
||||
@@ -18,8 +18,8 @@
|
||||
# It is necessary to setup a CA and issue server certificates before
|
||||
# using this capability.
|
||||
@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/remote/libvirtd.conf
|
||||
|
||||
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
||||
# NB, must pass the --listen flag to the libvirtd process for this to
|
||||
Index: libvirt-5.0.0/src/remote/remote_daemon_config.c
|
||||
Index: libvirt-5.1.0/src/remote/remote_daemon_config.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/remote/remote_daemon_config.c
|
||||
+++ libvirt-5.0.0/src/remote/remote_daemon_config.c
|
||||
--- libvirt-5.1.0.orig/src/remote/remote_daemon_config.c
|
||||
+++ libvirt-5.1.0/src/remote/remote_daemon_config.c
|
||||
@@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT
|
||||
if (VIR_ALLOC(data) < 0)
|
||||
return NULL;
|
||||
@ -31,10 +31,10 @@ Index: libvirt-5.0.0/src/remote/remote_daemon_config.c
|
||||
data->listen_tcp = 0;
|
||||
|
||||
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
|
||||
Index: libvirt-5.0.0/src/remote/test_libvirtd.aug.in
|
||||
Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/remote/test_libvirtd.aug.in
|
||||
+++ libvirt-5.0.0/src/remote/test_libvirtd.aug.in
|
||||
--- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in
|
||||
+++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in
|
||||
@@ -2,7 +2,7 @@ module Test_libvirtd =
|
||||
::CONFIG::
|
||||
|
||||
|
@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based
|
||||
tools. If a user installs libvirt on their SUSE Xen host, then
|
||||
libvirt should be king and override xendomains. See bsc#1015348
|
||||
|
||||
Index: libvirt-5.0.0/src/remote/libvirtd.service.in
|
||||
Index: libvirt-5.1.0/src/remote/libvirtd.service.in
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/remote/libvirtd.service.in
|
||||
+++ libvirt-5.0.0/src/remote/libvirtd.service.in
|
||||
--- libvirt-5.1.0.orig/src/remote/libvirtd.service.in
|
||||
+++ libvirt-5.1.0/src/remote/libvirtd.service.in
|
||||
@@ -17,6 +17,8 @@ After=local-fs.target
|
||||
After=remote-fs.target
|
||||
After=systemd-logind.service
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust libvirtd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-5.0.0/src/remote/libvirtd.sysconf
|
||||
Index: libvirt-5.1.0/src/remote/libvirtd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/remote/libvirtd.sysconf
|
||||
+++ libvirt-5.0.0/src/remote/libvirtd.sysconf
|
||||
--- libvirt-5.1.0.orig/src/remote/libvirtd.sysconf
|
||||
+++ libvirt-5.1.0/src/remote/libvirtd.sysconf
|
||||
@@ -1,16 +1,25 @@
|
||||
+## Path: System/Virtualization/libvirt
|
||||
+
|
||||
|
@ -1,10 +1,10 @@
|
||||
Adjust paths of OVMF firmwares on SUSE distros
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu.conf
|
||||
Index: libvirt-5.1.0/src/qemu/qemu.conf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-5.0.0/src/qemu/qemu.conf
|
||||
@@ -767,10 +767,9 @@ security_default_confined = 0
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-5.1.0/src/qemu/qemu.conf
|
||||
@@ -773,10 +773,9 @@ security_default_confined = 0
|
||||
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
|
||||
# follows this scheme.
|
||||
#nvram = [
|
||||
@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf
|
||||
#]
|
||||
|
||||
# The backend to use for handling stdout/stderr output from
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_conf.c
|
||||
Index: libvirt-5.1.0/src/qemu/qemu_conf.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_conf.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_conf.c
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu_conf.c
|
||||
+++ libvirt-5.1.0/src/qemu/qemu_conf.c
|
||||
@@ -116,10 +116,9 @@ void qemuDomainCmdlineDefFree(qemuDomain
|
||||
|
||||
#ifndef DEFAULT_LOADER_NVRAM
|
||||
@ -36,11 +36,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_conf.c
|
||||
#endif
|
||||
|
||||
|
||||
Index: libvirt-5.0.0/src/security/virt-aa-helper.c
|
||||
Index: libvirt-5.1.0/src/security/virt-aa-helper.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/security/virt-aa-helper.c
|
||||
+++ libvirt-5.0.0/src/security/virt-aa-helper.c
|
||||
@@ -507,7 +507,8 @@ valid_path(const char *path, const bool
|
||||
--- libvirt-5.1.0.orig/src/security/virt-aa-helper.c
|
||||
+++ libvirt-5.1.0/src/security/virt-aa-helper.c
|
||||
@@ -506,7 +506,8 @@ valid_path(const char *path, const bool
|
||||
"/usr/share/ovmf/", /* for OVMF images */
|
||||
"/usr/share/AAVMF/", /* for AAVMF images */
|
||||
"/usr/share/qemu-efi/", /* for AAVMF images */
|
||||
|
@ -7,11 +7,11 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
|
||||
etc.), but for now they are all lumped together in this
|
||||
single patch.
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu.conf
|
||||
Index: libvirt-5.1.0/src/qemu/qemu.conf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-5.0.0/src/qemu/qemu.conf
|
||||
@@ -414,11 +414,20 @@
|
||||
--- libvirt-5.1.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-5.1.0/src/qemu/qemu.conf
|
||||
@@ -420,11 +420,20 @@
|
||||
# isolation, but it cannot appear in a list of drivers.
|
||||
#
|
||||
#security_driver = "selinux"
|
||||
@ -34,7 +34,7 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf
|
||||
|
||||
# If set to non-zero, then attempts to create unconfined
|
||||
# guests will be blocked. Defaults to 0.
|
||||
@@ -649,11 +658,22 @@
|
||||
@@ -655,11 +664,22 @@
|
||||
#relaxed_acs_check = 1
|
||||
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust virtlockd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-5.0.0/src/locking/virtlockd.sysconf
|
||||
Index: libvirt-5.1.0/src/locking/virtlockd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/locking/virtlockd.sysconf
|
||||
+++ libvirt-5.0.0/src/locking/virtlockd.sysconf
|
||||
--- libvirt-5.1.0.orig/src/locking/virtlockd.sysconf
|
||||
+++ libvirt-5.1.0/src/locking/virtlockd.sysconf
|
||||
@@ -1,3 +1,7 @@
|
||||
+## Path: System/Virtualization/virtlockd
|
||||
+
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust virtlogd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-5.0.0/src/logging/virtlogd.sysconf
|
||||
Index: libvirt-5.1.0/src/logging/virtlogd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/logging/virtlogd.sysconf
|
||||
+++ libvirt-5.0.0/src/logging/virtlogd.sysconf
|
||||
--- libvirt-5.1.0.orig/src/logging/virtlogd.sysconf
|
||||
+++ libvirt-5.1.0/src/logging/virtlogd.sysconf
|
||||
@@ -1,3 +1,7 @@
|
||||
+## Path: System/Virtualization/virtlogd
|
||||
+
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -383,7 +383,7 @@ xenParseSxprVifRate(const char *rate, un
|
||||
static int
|
||||
xenParseSxprDisks(virDomainDefPtr def,
|
||||
|
@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c.
|
||||
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=938228
|
||||
|
||||
Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -497,10 +497,11 @@ xenParseSxprDisks(virDomainDefPtr def,
|
||||
omnipotent, we can revisit this, perhaps stat()'ing
|
||||
the src file in question */
|
||||
|
Loading…
Reference in New Issue
Block a user