Accepting request 224371 from Virtualization

- Update to libvirt 1.2.2 - add LXC from native conversion tool - vbox: add support for v4.2.20+ and v4.3.4+ - CVE-2013-6456 (bnc#857490) - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 37564b47-xend-parse-response.patch, 4f20084-fix-apparmor-install-patch.patch - Add local disable-virCgroupGetPercpuStats-test.patch to disable failing virCgroupGetPercpuStats test in 'make check' - daemon-qemu: Require qemu instead of kvm to align with recent changes to the qemu package structure - spec: fix dependencies of daemon-config-network and daemon-config-nwfilter subpackages. Influenced by upstream commits cf76c4b3 and dca5ce4c - Remove libvirtd, virtlockd, and libvirt-guests init scripts when using systemd bnc#863540 - Fix the path to libvirtd AppArmor template profile OBS-URL: https://build.opensuse.org/request/show/224371 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=139
2014-03-04 12:45:14 +00:00 · 2014-03-04 12:45:14 +00:00 · 62a2a24d7c
commit 62a2a24d7c
parent 7412a46feb 5016413cf6
20 changed files with 395 additions and 521 deletions
--- a/37564b47-xend-parse-response.patch
+++ b/37564b47-xend-parse-response.patch
@ -1,39 +0,0 @@
-commit 37564b471da7e9080284149f8350241afd448515
-Author: Jim Fehlig <jfehlig@suse.com>
-Date:   Tue Jan 28 18:15:48 2014 -0700
-
-    xen: fix parsing xend http response
-    
-    Commit df36af58 broke parsing of http response from xend.  The prior
-    use of atoi() would happily parse e.g. a string containing "200 OK\r\n",
-    whereas virStrToLong_i() will fail when called with a NULL end_ptr.
-    Change the calls to virStrToLong_i() to provide a non-NULL end_ptr.
-
-Index: libvirt-1.2.1/src/xen/xend_internal.c
-===================================================================
--- libvirt-1.2.1.orig/src/xen/xend_internal.c
-+++ libvirt-1.2.1/src/xen/xend_internal.c
-@@ -282,6 +282,7 @@ xend_req(int fd, char **content)
-     size_t buffer_size = 4096;
-     int content_length = 0;
-     int retcode = 0;
-+    char *end_ptr;
- 
-     if (VIR_ALLOC_N(buffer, buffer_size) < 0)
-         return -1;
-@@ -291,13 +292,13 @@ xend_req(int fd, char **content)
-             break;
- 
-         if (istartswith(buffer, "Content-Length: ")) {
-            if (virStrToLong_i(buffer + 16, NULL, 10, &content_length) < 0) {
-+            if (virStrToLong_i(buffer + 16, &end_ptr, 10, &content_length) < 0) {
-                 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                                _("failed to parse Xend response content length"));
-                 return -1;
-             }
-         } else if (istartswith(buffer, "HTTP/1.1 ")) {
-            if (virStrToLong_i(buffer + 9, NULL, 10, &retcode) < 0) {
-+            if (virStrToLong_i(buffer + 9, &end_ptr, 10, &retcode) < 0) {
-                 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                                _("failed to parse Xend response return code"));
-                 return -1;
--- a/disable-virCgroupGetPercpuStats-test.patch
+++ b/disable-virCgroupGetPercpuStats-test.patch
@ -0,0 +1,91 @@
+Index: libvirt-1.2.2/tests/vircgrouptest.c
+===================================================================
+--- libvirt-1.2.2.orig/tests/vircgrouptest.c
+++ libvirt-1.2.2/tests/vircgrouptest.c
+@@ -33,7 +33,6 @@
+ # include "virlog.h"
+ # include "virfile.h"
+ # include "testutilslxc.h"
+-# include "nodeinfo.h"
+ 
+ # define VIR_FROM_THIS VIR_FROM_NONE
+ 
+@@ -531,68 +530,6 @@ static int testCgroupAvailable(const voi
+     return 0;
+ }
+ 
+-static int testCgroupGetPercpuStats(const void *args ATTRIBUTE_UNUSED)
+-{
+-    virCgroupPtr cgroup = NULL;
+-    size_t i;
+-    int rv, ret = -1;
+-    virTypedParameter params[2];
+-
+-    // TODO: mock nodeGetCPUCount() as well & check 2nd cpu, too
+-    unsigned long long expected[] = {
+-        1413142688153030ULL
+-    };
+-
+-    if ((rv = virCgroupNewPartition("/virtualmachines", true,
+-                                    (1 << VIR_CGROUP_CONTROLLER_CPU) |
+-                                    (1 << VIR_CGROUP_CONTROLLER_CPUACCT),
+-                                    &cgroup)) < 0) {
+-        fprintf(stderr, "Could not create /virtualmachines cgroup: %d\n", -rv);
+-        goto cleanup;
+-    }
+-
+-    if (nodeGetCPUCount() < 1) {
+-        fprintf(stderr, "Unexpected: nodeGetCPUCount() yields: %d\n", nodeGetCPUCount());
+-        goto cleanup;
+-    }
+-
+-    if ((rv = virCgroupGetPercpuStats(cgroup,
+-                                      params,
+-                                      2, 0, 1)) < 0) {
+-        fprintf(stderr, "Failed call to virCgroupGetPercpuStats for /virtualmachines cgroup: %d\n", -rv);
+-        goto cleanup;
+-    }
+-
+-    for (i = 0; i < ARRAY_CARDINALITY(expected); i++) {
+-        if (!STREQ(params[i].field, VIR_DOMAIN_CPU_STATS_CPUTIME)) {
+-            fprintf(stderr,
+-                    "Wrong parameter name value from virCgroupGetPercpuStats (is: %s)\n",
+-                    params[i].field);
+-            goto cleanup;
+-        }
+-
+-        if (params[i].type != VIR_TYPED_PARAM_ULLONG) {
+-            fprintf(stderr,
+-                    "Wrong parameter value type from virCgroupGetPercpuStats (is: %d)\n",
+-                    params[i].type);
+-            goto cleanup;
+-        }
+-
+-        if (params[i].value.ul != expected[i]) {
+-            fprintf(stderr,
+-                    "Wrong value from virCgroupGetMemoryUsage (expected %llu)\n",
+-                    params[i].value.ul);
+-            goto cleanup;
+-        }
+-    }
+-
+-    ret = 0;
+-
+-cleanup:
+-    virCgroupFree(&cgroup);
+-    return ret;
+-}
+-
+ static int testCgroupGetMemoryUsage(const void *args ATTRIBUTE_UNUSED)
+ {
+     virCgroupPtr cgroup = NULL;
+@@ -798,9 +735,6 @@ mymain(void)
+     if (virtTestRun("virCgroupGetMemoryUsage works", testCgroupGetMemoryUsage, NULL) < 0)
+         ret = -1;
+ 
+-    if (virtTestRun("virCgroupGetPercpuStats works", testCgroupGetPercpuStats, NULL) < 0)
+-        ret = -1;
+-
+     setenv("VIR_CGROUP_MOCK_MODE", "allinone", 1);
+     if (virtTestRun("New cgroup for self (allinone)", testCgroupNewForSelfAllInOne, NULL) < 0)
+         ret = -1;
--- a/fix-pci-attach-xen-driver.patch
+++ b/fix-pci-attach-xen-driver.patch
@ -8,10 +8,10 @@ uses the 'device_configure' RPC.
 This patch changes the xend driver to always call 'device_configure' for
 PCI devices to be consistent with the usage in the xen tools.

-Index: libvirt-1.2.1/src/xen/xend_internal.c
+Index: libvirt-1.2.2/src/xen/xend_internal.c
 ===================================================================
--- libvirt-1.2.1.orig/src/xen/xend_internal.c
-+++ libvirt-1.2.1/src/xen/xend_internal.c
+--- libvirt-1.2.2.orig/src/xen/xend_internal.c
+++ libvirt-1.2.2/src/xen/xend_internal.c
@@ -2217,6 +2217,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     char class[8], ref[80];
--- a/ia64-clone.patch
+++ b/ia64-clone.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/src/lxc/lxc_container.c
+Index: libvirt-1.2.2/src/lxc/lxc_container.c
 ===================================================================
--- libvirt-1.2.1.orig/src/lxc/lxc_container.c
-+++ libvirt-1.2.1/src/lxc/lxc_container.c
+--- libvirt-1.2.2.orig/src/lxc/lxc_container.c
+++ libvirt-1.2.2/src/lxc/lxc_container.c
@@ -162,12 +162,19 @@ int lxcContainerHasReboot(void)
     VIR_FREE(buf);
     cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF;
--- a/install-apparmor-profiles.patch
+++ b/install-apparmor-profiles.patch
@ -1,8 +1,8 @@
-Index: libvirt-1.2.1/examples/apparmor/Makefile.am
+Index: libvirt-1.2.2/examples/apparmor/Makefile.am
 ===================================================================
--- libvirt-1.2.1.orig/examples/apparmor/Makefile.am
-+++ libvirt-1.2.1/examples/apparmor/Makefile.am
-@@ -14,13 +14,32 @@
+--- libvirt-1.2.2.orig/examples/apparmor/Makefile.am
+++ libvirt-1.2.2/examples/apparmor/Makefile.am
+@@ -14,13 +14,25 @@
 ## License along with this library.  If not, see
 ## <http://www.gnu.org/licenses/>.
 
@ -13,18 +13,11 @@ Index: libvirt-1.2.1/examples/apparmor/Makefile.am
 -	usr.sbin.libvirtd
 +EXTRA_DIST=				        \
 +	TEMPLATE			        \
-+	libvirt-qemu.in				\
+	libvirt-qemu			        \
 +	usr.lib.libvirt.virt-aa-helper.in	\
 +	usr.sbin.libvirtd.in
 
 if WITH_APPARMOR_PROFILES
-+
-+libvirt-qemu: libvirt-qemu.in
-+	sed                                     \
-+	    -e 's![@]libdir[@]!$(libdir)!g'     \
-+	    < $< > $@-t
-+	mv $@-t $@
-+
 +usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in
 +	sed                                     \
 +	    -e 's![@]libdir[@]!$(libdir)!g'     \
@ -40,12 +33,12 @@ Index: libvirt-1.2.1/examples/apparmor/Makefile.am
 apparmordir = $(sysconfdir)/apparmor.d/
 apparmor_DATA = \
 	usr.lib.libvirt.virt-aa-helper \
-Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+Index: libvirt-1.2.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 ===================================================================
 --- /dev/null
-+++ libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
-@@ -0,0 +1,41 @@
-+# Last Modified: Fri Aug 19 11:21:48 2011
+++ libvirt-1.2.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+@@ -0,0 +1,48 @@
+# Last Modified: Mon Apr  5 15:10:27 2010
 +#include <tunables/global>
 +
 +@libdir@/libvirt/virt-aa-helper {
@ -58,8 +51,9 @@ Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 +  # needed for when disk is on a network filesystem
 +  network inet,
 +
-+  @{PROC}/[0-9]** r,
 +  deny @{PROC}/[0-9]*/mounts r,
+  @{PROC}/[0-9]*/net/psched r,
+  owner @{PROC}/[0-9]*/status r,
 +  @{PROC}/filesystems r,
 +
 +  # for hostdev
@ -83,14 +77,91 @@ Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 +  @{HOME}/** r,
 +  /var/lib/libvirt/images/ r,
 +  /var/lib/libvirt/images/** r,
-+  /var/lib/kvm/images/ r,
-+  /var/lib/kvm/images/** r,
+  /{media,mnt,opt,srv}/** r,
+
+  /**.img r,
+  /**.qcow{,2} r,
+  /**.qed r,
+  /**.vmdk r,
+  /**.[iI][sS][oO] r,
+  /**/disk{,.*} r,
 +}
-Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+Index: libvirt-1.2.2/examples/apparmor/usr.sbin.libvirtd.in
 ===================================================================
--- libvirt-1.2.1.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+--- /dev/null
+++ libvirt-1.2.2/examples/apparmor/usr.sbin.libvirtd.in
+@@ -0,0 +1,66 @@
+# Last Modified: Mon Apr  5 15:03:58 2010
+#include <tunables/global>
+@{LIBVIRT}="libvirt"
+
+/usr/sbin/libvirtd {
+  #include <abstractions/base>
+  #include <abstractions/dbus>
+
+  capability kill,
+  capability net_admin,
+  capability net_raw,
+  capability setgid,
+  capability sys_admin,
+  capability sys_module,
+  capability sys_ptrace,
+  capability sys_pacct,
+  capability sys_nice,
+  capability sys_chroot,
+  capability setuid,
+  capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability chown,
+  capability setpcap,
+  capability mknod,
+  capability fsetid,
+  capability audit_write,
+  capability ipc_lock,
+
+  network inet stream,
+  network inet dgram,
+  network inet6 stream,
+  network inet6 dgram,
+  network packet dgram,
+
+  # Very lenient profile for libvirtd since we want to first focus on confining
+  # the guests. Guests will have a very restricted profile.
+  / r,
+  /** rwmkl,
+
+  /bin/* PUx,
+  /sbin/* PUx,
+  /usr/bin/* PUx,
+  /usr/sbin/* PUx,
+  /lib/udev/scsi_id PUx,
+  /usr/lib/xen/bin/* Ux,
+  /usr/lib64/xen/bin/* Ux,
+  /usr/lib/polkit-1/polkit-agent-helper Px,
+
+  # force the use of virt-aa-helper
+  audit deny /sbin/apparmor_parser rwxl,
+  audit deny /etc/apparmor.d/libvirt/** wxl,
+  audit deny /sys/kernel/security/apparmor/features rwxl,
+  audit deny /sys/kernel/security/apparmor/matching rwxl,
+  audit deny /sys/kernel/security/apparmor/.* rwxl,
+  /sys/kernel/security/apparmor/profiles r,
+  @libdir@/libvirt/* PUxr,
+  /etc/libvirt/hooks/** rmix,
+  /etc/xen/scripts/** rmix,
+  @libdir@/libvirt/libvirt_parthelper Ux,
+  @libdir@/libvirt/libvirt_iohelper Ux,
+
+  # allow changing to our UUID-based named profiles
+  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+
+}
+Index: libvirt-1.2.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+===================================================================
+--- libvirt-1.2.2.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 +++ /dev/null
-@@ -1,38 +0,0 @@
+@@ -1,48 +0,0 @@
 -# Last Modified: Mon Apr  5 15:10:27 2010
 -#include <tunables/global>
 -
@ -105,6 +176,8 @@ Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 -  network inet,
 -
 -  deny @{PROC}/[0-9]*/mounts r,
+-  @{PROC}/[0-9]*/net/psched r,
+-  owner @{PROC}/[0-9]*/status r,
 -  @{PROC}/filesystems r,
 -
 -  # for hostdev
@ -128,18 +201,27 @@ Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 -  @{HOME}/** r,
 -  /var/lib/libvirt/images/ r,
 -  /var/lib/libvirt/images/** r,
+-  /{media,mnt,opt,srv}/** r,
+-
+-  /**.img r,
+-  /**.qcow{,2} r,
+-  /**.qed r,
+-  /**.vmdk r,
+-  /**.[iI][sS][oO] r,
+-  /**/disk{,.*} r,
 -}
-Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd
+Index: libvirt-1.2.2/examples/apparmor/usr.sbin.libvirtd
 ===================================================================
--- libvirt-1.2.1.orig/examples/apparmor/usr.sbin.libvirtd
+--- libvirt-1.2.2.orig/examples/apparmor/usr.sbin.libvirtd
 +++ /dev/null
-@@ -1,52 +0,0 @@
+@@ -1,60 +0,0 @@
 -# Last Modified: Mon Apr  5 15:03:58 2010
 -#include <tunables/global>
 -@{LIBVIRT}="libvirt"
 -
 -/usr/sbin/libvirtd {
 -  #include <abstractions/base>
+-  #include <abstractions/dbus>
 -
 -  capability kill,
 -  capability net_admin,
@ -158,20 +240,25 @@ Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd
 -  capability setpcap,
 -  capability mknod,
 -  capability fsetid,
+-  capability audit_write,
 -
 -  network inet stream,
 -  network inet dgram,
 -  network inet6 stream,
 -  network inet6 dgram,
+-  network packet dgram,
 -
 -  # Very lenient profile for libvirtd since we want to first focus on confining
 -  # the guests. Guests will have a very restricted profile.
+-  / r,
 -  /** rwmkl,
 -
-  /bin/* Ux,
-  /sbin/* Ux,
-  /usr/bin/* Ux,
-  /usr/sbin/* Ux,
+-  /bin/* PUx,
+-  /sbin/* PUx,
+-  /usr/bin/* PUx,
+-  /usr/sbin/* PUx,
+-  /lib/udev/scsi_id PUx,
+-  /usr/lib/xen-common/bin/xen-toolstack PUx,
 -
 -  # force the use of virt-aa-helper
 -  audit deny /sbin/apparmor_parser rwxl,
@ -181,346 +268,10 @@ Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd
 -  audit deny /sys/kernel/security/apparmor/.* rwxl,
 -  /sys/kernel/security/apparmor/profiles r,
 -  /usr/lib/libvirt/* PUxr,
+-  /etc/libvirt/hooks/** rmix,
+-  /etc/xen/scripts/** rmix,
 -
 -  # allow changing to our UUID-based named profiles
 -  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 -
 -}
-Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in
-===================================================================
--- /dev/null
-+++ libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in
-@@ -0,0 +1,62 @@
-+# Last Modified: Fri Aug 19 11:20:36 2011
-+#include <tunables/global>
-+@{LIBVIRT}="libvirt"
-+
-+/usr/sbin/libvirtd {
-+  #include <abstractions/base>
-+
-+  capability kill,
-+  capability net_admin,
-+  capability net_raw,
-+  capability setgid,
-+  capability sys_admin,
-+  capability sys_module,
-+  capability sys_ptrace,
-+  capability sys_pacct,
-+  capability sys_nice,
-+  capability sys_chroot,
-+  capability setuid,
-+  capability dac_override,
-+  capability dac_read_search,
-+  capability fowner,
-+  capability chown,
-+  capability setpcap,
-+  capability mknod,
-+  capability fsetid,
-+  capability ipc_lock,
-+
-+  network inet stream,
-+  network inet dgram,
-+  network inet6 stream,
-+  network inet6 dgram,
-+  network packet dgram,
-+
-+  # Very lenient profile for libvirtd since we want to first focus on confining
-+  # the guests. Guests will have a very restricted profile.
-+  /** rwmkl,
-+
-+  /bin/* Ux,
-+  /sbin/* Ux,
-+  /usr/bin/* Ux,
-+  /usr/sbin/* Ux,
-+  /usr/lib/xen/bin/* Ux,
-+  /usr/lib64/xen/bin/* Ux,
-+  /usr/lib/PolicyKit/polkit-read-auth-helper Px,
-+
-+  # force the use of virt-aa-helper
-+  audit deny /sbin/apparmor_parser rwxl,
-+  audit deny /etc/apparmor.d/libvirt/** wxl,
-+  audit deny /sys/kernel/security/apparmor/features rwxl,
-+  audit deny /sys/kernel/security/apparmor/matching rwxl,
-+  audit deny /sys/kernel/security/apparmor/.* rwxl,
-+  /sys/kernel/security/apparmor/profiles r,
-+  /etc/libvirt/hooks/* rix,
-+  /etc/xen/scripts/* rix,
-+  @libdir@/libvirt/* Pxr,
-+  @libdir@/libvirt/libvirt_parthelper Ux,
-+  @libdir@/libvirt/libvirt_iohelper Ux,
-+
-+  # allow changing to our UUID-based named profiles
-+  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
-+
-+}
-Index: libvirt-1.2.1/examples/apparmor/libvirt-qemu
-===================================================================
--- libvirt-1.2.1.orig/examples/apparmor/libvirt-qemu
-+++ /dev/null
-@@ -1,129 +0,0 @@
-# Last Modified: Fri Mar 9 14:43:22 2012
-
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-
-  # required for reading disk images
-  capability dac_override,
-  capability dac_read_search,
-  capability chown,
-
-  network inet stream,
-  network inet6 stream,
-
-  /dev/net/tun rw,
-  /dev/kvm rw,
-  /dev/ptmx rw,
-  /dev/kqemu rw,
-  @{PROC}/*/status r,
-
-  # For hostdev access. The actual devices will be added dynamically
-  /sys/bus/usb/devices/ r,
-  /sys/devices/*/*/usb[0-9]*/** r,
-
-  # WARNING: this gives the guest direct access to host hardware and specific
-  # portions of shared memory. This is required for sound using ALSA with kvm,
-  # but may constitute a security risk. If your environment does not require
-  # the use of sound in your VMs, feel free to comment out or prepend 'deny' to
-  # the rules for files in /dev.
-  /{dev,run}/shm r,
-  /{dev,run}/shmpulse-shm* r,
-  /{dev,run}/shmpulse-shm* rwk,
-  /dev/snd/* rw,
-  capability ipc_lock,
-  # 'kill' is not required for sound and is a security risk. Do not enable
-  # unless you absolutely need it.
-  deny capability kill,
-
-  # Uncomment the following if you need access to /dev/fb*
-  #/dev/fb* rw,
-
-  /etc/pulse/client.conf r,
-  @{HOME}/.pulse-cookie rwk,
-  owner /root/.pulse-cookie rwk,
-  owner /root/.pulse/ rw,
-  owner /root/.pulse/* rw,
-  /usr/share/alsa/** r,
-  owner /tmp/pulse-*/ rw,
-  owner /tmp/pulse-*/* rw,
-  /var/lib/dbus/machine-id r,
-
-  # access to firmware's etc
-  /usr/share/kvm/** r,
-  /usr/share/qemu/** r,
-  /usr/share/bochs/** r,
-  /usr/share/openbios/** r,
-  /usr/share/openhackware/** r,
-  /usr/share/proll/** r,
-  /usr/share/vgabios/** r,
-  /usr/share/seabios/** r,
-
-  # access PKI infrastructure
-  /etc/pki/libvirt-vnc/** r,
-
-  # the various binaries
-  /usr/bin/kvm rmix,
-  /usr/bin/qemu rmix,
-  /usr/bin/qemu-system-arm rmix,
-  /usr/bin/qemu-system-cris rmix,
-  /usr/bin/qemu-system-i386 rmix,
-  /usr/bin/qemu-system-m68k rmix,
-  /usr/bin/qemu-system-microblaze rmix,
-  /usr/bin/qemu-system-microblazeel rmix,
-  /usr/bin/qemu-system-mips rmix,
-  /usr/bin/qemu-system-mips64 rmix,
-  /usr/bin/qemu-system-mips64el rmix,
-  /usr/bin/qemu-system-mipsel rmix,
-  /usr/bin/qemu-system-ppc rmix,
-  /usr/bin/qemu-system-ppc64 rmix,
-  /usr/bin/qemu-system-ppcemb rmix,
-  /usr/bin/qemu-system-sh4 rmix,
-  /usr/bin/qemu-system-sh4eb rmix,
-  /usr/bin/qemu-system-sparc rmix,
-  /usr/bin/qemu-system-sparc64 rmix,
-  /usr/bin/qemu-system-x86_64 rmix,
-  /usr/bin/qemu-alpha rmix,
-  /usr/bin/qemu-arm rmix,
-  /usr/bin/qemu-armeb rmix,
-  /usr/bin/qemu-cris rmix,
-  /usr/bin/qemu-i386 rmix,
-  /usr/bin/qemu-m68k rmix,
-  /usr/bin/qemu-microblaze rmix,
-  /usr/bin/qemu-microblazeel rmix,
-  /usr/bin/qemu-mips rmix,
-  /usr/bin/qemu-mipsel rmix,
-  /usr/bin/qemu-ppc rmix,
-  /usr/bin/qemu-ppc64 rmix,
-  /usr/bin/qemu-ppc64abi32 rmix,
-  /usr/bin/qemu-sh4 rmix,
-  /usr/bin/qemu-sh4eb rmix,
-  /usr/bin/qemu-sparc rmix,
-  /usr/bin/qemu-sparc64 rmix,
-  /usr/bin/qemu-sparc32plus rmix,
-  /usr/bin/qemu-sparc64 rmix,
-  /usr/bin/qemu-x86_64 rmix,
-
-  # for save and resume
-  /bin/dash rmix,
-  /bin/dd rmix,
-  /bin/cat rmix,
-
-  /usr/libexec/qemu-bridge-helper Cx,
-  # child profile for bridge helper process
-  profile /usr/libexec/qemu-bridge-helper {
-   #include <abstractions/base>
-
-   capability setuid,
-   capability setgid,
-   capability setpcap,
-   capability net_admin,
-
-   network inet stream,
-
-   /dev/net/tun rw,
-   /etc/qemu/** r,
-   owner @{PROC}/*/status r,
-
-   /usr/libexec/qemu-bridge-helper rmix,
-  }
-Index: libvirt-1.2.1/examples/apparmor/libvirt-qemu.in
-===================================================================
--- /dev/null
-+++ libvirt-1.2.1/examples/apparmor/libvirt-qemu.in
-@@ -0,0 +1,132 @@
-+# Last Modified: Fri Mar 9 14:43:22 2012
-+
-+  #include <abstractions/base>
-+  #include <abstractions/consoles>
-+  #include <abstractions/nameservice>
-+
-+  # required for reading disk images
-+  capability dac_override,
-+  capability dac_read_search,
-+  capability chown,
-+  capability setgid,
-+
-+  network inet stream,
-+  network inet6 stream,
-+
-+  /dev/net/tun rw,
-+  /dev/kvm rw,
-+  /dev/ptmx rw,
-+  /dev/kqemu rw,
-+  @{PROC}/*/status r,
-+
-+  # For hostdev access. The actual devices will be added dynamically
-+  /sys/bus/usb/devices/ r,
-+  /sys/devices/*/*/usb[0-9]*/** r,
-+
-+  # WARNING: this gives the guest direct access to host hardware and specific
-+  # portions of shared memory. This is required for sound using ALSA with kvm,
-+  # but may constitute a security risk. If your environment does not require
-+  # the use of sound in your VMs, feel free to comment out or prepend 'deny' to
-+  # the rules for files in /dev.
-+  /{dev,run}/shm r,
-+  /{dev,run}/shmpulse-shm* r,
-+  /{dev,run}/shmpulse-shm* rwk,
-+  /dev/snd/* rw,
-+  capability ipc_lock,
-+  # 'kill' is not required for sound and is a security risk. Do not enable
-+  # unless you absolutely need it.
-+  deny capability kill,
-+
-+  # Uncomment the following if you need access to /dev/fb*
-+  #/dev/fb* rw,
-+
-+  /etc/pulse/client.conf r,
-+  @{HOME}/.pulse-cookie rwk,
-+  owner /root/.pulse-cookie rwk,
-+  owner /root/.pulse/ rw,
-+  owner /root/.pulse/* rw,
-+  /usr/share/alsa/** r,
-+  owner /tmp/pulse-*/ rw,
-+  owner /tmp/pulse-*/* rw,
-+  /var/lib/dbus/machine-id r,
-+
-+  # access to firmware's etc
-+  /usr/share/kvm/** r,
-+  /usr/share/qemu/** r,
-+  /usr/share/qemu-kvm/** r,
-+  /usr/share/bochs/** r,
-+  /usr/share/openbios/** r,
-+  /usr/share/openhackware/** r,
-+  /usr/share/proll/** r,
-+  /usr/share/vgabios/** r,
-+  /usr/share/seabios/** r,
-+
-+  # access PKI infrastructure
-+  /etc/pki/libvirt-vnc/** r,
-+
-+  # the various binaries
-+  /usr/bin/kvm rmix,
-+  /usr/bin/qemu rmix,
-+  /usr/bin/qemu-kvm rmix,
-+  /usr/bin/qemu-system-arm rmix,
-+  /usr/bin/qemu-system-cris rmix,
-+  /usr/bin/qemu-system-i386 rmix,
-+  /usr/bin/qemu-system-m68k rmix,
-+  /usr/bin/qemu-system-microblaze rmix,
-+  /usr/bin/qemu-system-microblazeel rmix,
-+  /usr/bin/qemu-system-mips rmix,
-+  /usr/bin/qemu-system-mips64 rmix,
-+  /usr/bin/qemu-system-mips64el rmix,
-+  /usr/bin/qemu-system-mipsel rmix,
-+  /usr/bin/qemu-system-ppc rmix,
-+  /usr/bin/qemu-system-ppc64 rmix,
-+  /usr/bin/qemu-system-ppcemb rmix,
-+  /usr/bin/qemu-system-sh4 rmix,
-+  /usr/bin/qemu-system-sh4eb rmix,
-+  /usr/bin/qemu-system-sparc rmix,
-+  /usr/bin/qemu-system-sparc64 rmix,
-+  /usr/bin/qemu-system-x86_64 rmix,
-+  /usr/bin/qemu-alpha rmix,
-+  /usr/bin/qemu-arm rmix,
-+  /usr/bin/qemu-armeb rmix,
-+  /usr/bin/qemu-cris rmix,
-+  /usr/bin/qemu-i386 rmix,
-+  /usr/bin/qemu-m68k rmix,
-+  /usr/bin/qemu-microblaze rmix,
-+  /usr/bin/qemu-microblazeel rmix,
-+  /usr/bin/qemu-mips rmix,
-+  /usr/bin/qemu-mipsel rmix,
-+  /usr/bin/qemu-ppc rmix,
-+  /usr/bin/qemu-ppc64 rmix,
-+  /usr/bin/qemu-ppc64abi32 rmix,
-+  /usr/bin/qemu-sh4 rmix,
-+  /usr/bin/qemu-sh4eb rmix,
-+  /usr/bin/qemu-sparc rmix,
-+  /usr/bin/qemu-sparc64 rmix,
-+  /usr/bin/qemu-sparc32plus rmix,
-+  /usr/bin/qemu-sparc64 rmix,
-+  /usr/bin/qemu-x86_64 rmix,
-+
-+  # for save and resume
-+  /bin/dash rmix,
-+  /bin/dd rmix,
-+  /bin/cat rmix,
-+
-+  @libdir@/qemu-bridge-helper Cx,
-+  # child profile for bridge helper process
-+  profile @libdir@/qemu-bridge-helper {
-+   #include <abstractions/base>
-+
-+   capability setuid,
-+   capability setgid,
-+   capability setpcap,
-+   capability net_admin,
-+
-+   network inet stream,
-+
-+   /dev/net/tun rw,
-+   /etc/qemu/** r,
-+   owner @{PROC}/*/status r,
-+
-+   @libdir@/qemu-bridge-helper rmix,
-+  }
--- a/libvirt-1.2.1.tar.bz2
+++ b/libvirt-1.2.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8234f08f12d77e5172f9f8430e9a5bb3370266bc46c9b7f5cad85c3ef2c6293b
-size 19585562
--- a/libvirt-1.2.2.tar.bz2
+++ b/libvirt-1.2.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:237074ec79c2de75c79c05dfaa074543ae5fd75261e7e1f9fc4b8a424bf96692
+size 20497389
--- a/libvirt-guests-init-script.patch
+++ b/libvirt-guests-init-script.patch
@ -1,9 +1,9 @@
 Adjust libvirt-guests init files to conform to SUSE standards

-Index: libvirt-1.2.1/tools/libvirt-guests.init.in
+Index: libvirt-1.2.2/tools/libvirt-guests.init.in
 ===================================================================
--- libvirt-1.2.1.orig/tools/libvirt-guests.init.in
-+++ libvirt-1.2.1/tools/libvirt-guests.init.in
+--- libvirt-1.2.2.orig/tools/libvirt-guests.init.in
+++ libvirt-1.2.2/tools/libvirt-guests.init.in
@@ -3,15 +3,15 @@
 # the following is the LSB init header
 #
@ -28,10 +28,10 @@ Index: libvirt-1.2.1/tools/libvirt-guests.init.in
 ### END INIT INFO
 
 # the following is chkconfig init header
-Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
+Index: libvirt-1.2.2/tools/libvirt-guests.sh.in
 ===================================================================
--- libvirt-1.2.1.orig/tools/libvirt-guests.sh.in
-+++ libvirt-1.2.1/tools/libvirt-guests.sh.in
+--- libvirt-1.2.2.orig/tools/libvirt-guests.sh.in
+++ libvirt-1.2.2/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
@ -50,7 +50,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
 # Source gettext library.
 # Make sure this file is recognized as having translations: _("dummy")
 . "@bindir@"/gettext.sh
-@@ -42,9 +41,11 @@ test -f "$sysconfdir"/sysconfig/libvirt-
+@@ -44,9 +43,11 @@ test -f "$sysconfdir"/sysconfig/libvirt-
     . "$sysconfdir"/sysconfig/libvirt-guests
 
 LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests
@ -65,7 +65,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
 
 # retval COMMAND ARGUMENTS...
 # run command with arguments and convert non-zero return value to 1 and set
-@@ -52,7 +53,7 @@ RETVAL=0
+@@ -54,7 +55,7 @@ RETVAL=0
 retval() {
     "$@"
     if [ $? -ne 0 ]; then
@ -74,7 +74,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
         return 1
     else
         return 0
-@@ -81,6 +82,25 @@ run_virsh_c() {
+@@ -83,6 +84,25 @@ run_virsh_c() {
     ( export LC_ALL=C; run_virsh "$@" )
 }
 
@ -100,7 +100,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
 # test_connect URI
 # check if URI is reachable
 test_connect()
-@@ -107,7 +127,7 @@ list_guests() {
+@@ -114,7 +134,7 @@ list_guests() {
 
     list=$(run_virsh_c "$uri" list --uuid $persistent)
     if [ $? -ne 0 ]; then
@ -109,7 +109,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
         return 1
     fi
 
-@@ -133,7 +153,7 @@ guest_is_on() {
+@@ -140,7 +160,7 @@ guest_is_on() {
     guest_running=false
     id=$(run_virsh "$uri" domid "$uuid")
     if [ $? -ne 0 ]; then
@ -118,7 +118,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
         return 1
     fi
 
-@@ -181,6 +201,12 @@ start() {
+@@ -188,6 +208,12 @@ start() {
 
         test_connect "$uri" || continue
 
@ -131,7 +131,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
         eval_gettext "Resuming guests on \$uri URI..."; echo
         for guest in $list; do
             name=$(guest_name "$uri" "$guest")
-@@ -394,7 +420,7 @@ shutdown_guests_parallel()
+@@ -401,7 +427,7 @@ shutdown_guests_parallel()
             timeout=$(($timeout - 1))
             if [ $timeout -le 0 ]; then
                 eval_gettext "Timeout expired while shutting down domains"; echo
@ -140,7 +140,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
                 return
             fi
         else
-@@ -422,7 +448,7 @@ stop() {
+@@ -429,7 +455,7 @@ stop() {
         if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then
             gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0"
             echo
@ -149,7 +149,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
             return
         fi
     fi
-@@ -470,14 +496,14 @@ stop() {
+@@ -477,14 +503,14 @@ stop() {
                 if [ $? -ne 0 ]; then
                     eval_gettext "Failed to list persistent guests on \$uri"
                     echo
@ -166,7 +166,7 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
                 set +f
                 return
             fi
-@@ -536,14 +562,13 @@ gueststatus() {
+@@ -543,14 +569,13 @@ gueststatus() {
 rh_status() {
     if [ -f "$LISTFILE" ]; then
         gettext "stopped, with saved guests"; echo
@ -183,16 +183,16 @@ Index: libvirt-1.2.1/tools/libvirt-guests.sh.in
         fi
     fi
 }
-@@ -588,4 +613,4 @@ case "$1" in
+@@ -595,4 +620,4 @@ case "$1" in
         usage
         ;;
 esac
 -exit $RETVAL
 +rc_exit
-Index: libvirt-1.2.1/tools/libvirt-guests.sysconf
+Index: libvirt-1.2.2/tools/libvirt-guests.sysconf
 ===================================================================
--- libvirt-1.2.1.orig/tools/libvirt-guests.sysconf
-+++ libvirt-1.2.1/tools/libvirt-guests.sysconf
+--- libvirt-1.2.2.orig/tools/libvirt-guests.sysconf
+++ libvirt-1.2.2/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
 +## Path: System/Virtualization/libvirt-guests
 +
--- a/libvirt-suse-netcontrol.patch
+++ b/libvirt-suse-netcontrol.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/configure.ac
+Index: libvirt-1.2.2/configure.ac
 ===================================================================
--- libvirt-1.2.1.orig/configure.ac
-+++ libvirt-1.2.1/configure.ac
+--- libvirt-1.2.2.orig/configure.ac
+++ libvirt-1.2.2/configure.ac
@@ -231,6 +231,7 @@ LIBVIRT_CHECK_FUSE
 LIBVIRT_CHECK_GLUSTER
 LIBVIRT_CHECK_HAL
@ -10,7 +10,7 @@ Index: libvirt-1.2.1/configure.ac
 LIBVIRT_CHECK_NUMACTL
 LIBVIRT_CHECK_OPENWSMAN
 LIBVIRT_CHECK_PCIACCESS
-@@ -2337,11 +2338,12 @@ if test "$with_libvirtd" = "no" ; then
+@@ -2368,11 +2369,12 @@ if test "$with_libvirtd" = "no" ; then
   with_interface=no
 fi
 
@ -26,7 +26,7 @@ Index: libvirt-1.2.1/configure.ac
 esac
 
 if test "$with_interface" = "yes" ; then
-@@ -2656,6 +2658,7 @@ LIBVIRT_RESULT_FUSE
+@@ -2766,6 +2768,7 @@ LIBVIRT_RESULT_FUSE
 LIBVIRT_RESULT_GLUSTER
 LIBVIRT_RESULT_HAL
 LIBVIRT_RESULT_NETCF
@ -34,11 +34,11 @@ Index: libvirt-1.2.1/configure.ac
 LIBVIRT_RESULT_NUMACTL
 LIBVIRT_RESULT_OPENWSMAN
 LIBVIRT_RESULT_PCIACCESS
-Index: libvirt-1.2.1/src/Makefile.am
+Index: libvirt-1.2.2/src/Makefile.am
 ===================================================================
--- libvirt-1.2.1.orig/src/Makefile.am
-+++ libvirt-1.2.1/src/Makefile.am
-@@ -790,6 +790,10 @@ if WITH_NETCF
+--- libvirt-1.2.2.orig/src/Makefile.am
+++ libvirt-1.2.2/src/Makefile.am
+@@ -801,6 +801,10 @@ if WITH_NETCF
 INTERFACE_DRIVER_SOURCES +=					\
 		interface/interface_backend_netcf.c
 endif WITH_NETCF
@ -49,7 +49,7 @@ Index: libvirt-1.2.1/src/Makefile.am
 if WITH_UDEV
 INTERFACE_DRIVER_SOURCES +=					\
 		interface/interface_backend_udev.c
-@@ -1355,10 +1359,15 @@ if WITH_NETCF
+@@ -1386,10 +1390,15 @@ if WITH_NETCF
 libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
 libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
 else ! WITH_NETCF
@ -65,11 +65,11 @@ Index: libvirt-1.2.1/src/Makefile.am
 endif ! WITH_NETCF
 if WITH_DRIVER_MODULES
 libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
-Index: libvirt-1.2.1/tools/virsh.c
+Index: libvirt-1.2.2/tools/virsh.c
 ===================================================================
--- libvirt-1.2.1.orig/tools/virsh.c
-+++ libvirt-1.2.1/tools/virsh.c
-@@ -3029,6 +3029,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
+--- libvirt-1.2.2.orig/tools/virsh.c
+++ libvirt-1.2.2/tools/virsh.c
+@@ -3209,6 +3209,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
     vshPrint(ctl, " Interface");
 # if defined(WITH_NETCF)
     vshPrint(ctl, " netcf");
@ -78,10 +78,10 @@ Index: libvirt-1.2.1/tools/virsh.c
 # elif defined(WITH_UDEV)
     vshPrint(ctl, " udev");
 # endif
-Index: libvirt-1.2.1/src/interface/interface_backend_netcf.c
+Index: libvirt-1.2.2/src/interface/interface_backend_netcf.c
 ===================================================================
--- libvirt-1.2.1.orig/src/interface/interface_backend_netcf.c
-+++ libvirt-1.2.1/src/interface/interface_backend_netcf.c
+--- libvirt-1.2.2.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.2.2/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@
 
 #include <config.h>
@ -165,10 +165,10 @@ Index: libvirt-1.2.1/src/interface/interface_backend_netcf.c
     return 0;
 }
 
-Index: libvirt-1.2.1/src/interface/interface_driver.c
+Index: libvirt-1.2.2/src/interface/interface_driver.c
 ===================================================================
--- libvirt-1.2.1.orig/src/interface/interface_driver.c
-+++ libvirt-1.2.1/src/interface/interface_driver.c
+--- libvirt-1.2.2.orig/src/interface/interface_driver.c
+++ libvirt-1.2.2/src/interface/interface_driver.c
@@ -28,8 +28,15 @@ interfaceRegister(void) {
     if (netcfIfaceRegister() == 0)
         return 0;
@ -186,10 +186,10 @@ Index: libvirt-1.2.1/src/interface/interface_driver.c
     if (udevIfaceRegister() == 0)
         return 0;
 #endif /* WITH_UDEV */
-Index: libvirt-1.2.1/m4/virt-netcontrol.m4
+Index: libvirt-1.2.2/m4/virt-netcontrol.m4
 ===================================================================
 --- /dev/null
-+++ libvirt-1.2.1/m4/virt-netcontrol.m4
+++ libvirt-1.2.2/m4/virt-netcontrol.m4
@@ -0,0 +1,35 @@
 +dnl The libnetcontrol library
 +dnl
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Sun Mar  2 20:32:21 MST 2014 - jfehlig@suse.com
+
+- Update to libvirt 1.2.2
+  - add LXC from native conversion tool
+  - vbox: add support for v4.2.20+ and v4.3.4+
+  - CVE-2013-6456 (bnc#857490)
+  - Many incremental improvements and bug fixes, see
+    http://libvirt.org/news.html
+  - Drop upstream patches: 37564b47-xend-parse-response.patch,
+    4f20084-fix-apparmor-install-patch.patch
+  - Add local disable-virCgroupGetPercpuStats-test.patch to disable
+    failing virCgroupGetPercpuStats test in 'make check'
+
+-------------------------------------------------------------------
+Mon Feb 24 16:40:31 MST 2014 - jfehlig@suse.com
+
+- daemon-qemu: Require qemu instead of kvm to align with
+  recent changes to the qemu package structure
+
+-------------------------------------------------------------------
+Fri Feb 14 14:51:52 MST 2014 - jfehlig@suse.com
+
+- spec: fix dependencies of daemon-config-network and
+  daemon-config-nwfilter subpackages.  Influenced by upstream
+  commits cf76c4b3 and dca5ce4c 
+
+-------------------------------------------------------------------
+Fri Feb 14 14:37:42 MST 2014 - jfehlig@suse.com
+
+- Remove libvirtd, virtlockd, and libvirt-guests init scripts when
+  using systemd
+  bnc#863540  
+
+-------------------------------------------------------------------
+Wed Feb 12 15:58:18 UTC 2014 - cbosdonnat@suse.com
+
+- Fix the path to libvirtd AppArmor template profile
+
 -------------------------------------------------------------------
 Wed Jan 29 14:50:27 MST 2014 - jfehlig@suse.com

--- a/libvirt.spec
+++ b/libvirt.spec
@ -90,6 +90,7 @@
 %define with_numad         0%{!?_without_numad:0}
 %define with_firewalld     0%{!?_without_firewalld:0}
 %define with_libssh2       0%{!?_without_libssh2:0}
+%define with_systemd_daemon 0%{!?_without_systemd_daemon:0}

 # Non-server/HV driver defaults which are always enabled
 %define with_sasl          0%{!?_without_sasl:1}
@ -144,6 +145,7 @@
 # Support systemd on 12.1 and later
 %if 0%{?suse_version} >= 1210
 %define with_systemd       0%{!?_without_systemd:1}
+%define with_systemd_daemon 1
 %endif

 # libcapng is used to manage capabilities in 11.3 or newer.
@ -233,7 +235,7 @@

 Name:           libvirt
 Url:            http://libvirt.org/
-Version:        1.2.1
+Version:        1.2.2
 Release:        0
 Summary:        Library providing a simple virtualization API
 License:        LGPL-2.1+
@ -286,9 +288,14 @@ BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gettext-tools
 BuildRequires:  libtool
+# Needed for virkmodtest in 'make check'
+BuildRequires:  modutils
 %if %{with_systemd}
 BuildRequires:  systemd
 %endif
+%if %{with_systemd_daemon}
+BuildRequires:  systemd-devel
+%endif
 %if %{with_xen} || %{with_libxl}
 BuildRequires:  xen-devel
 %endif
@ -421,7 +428,6 @@ Source1:        libvirtd.init
 Source2:        libvirtd-relocation-server.fw
 Source99:       baselibs.conf
 # Upstream patches
-Patch0:         37564b47-xend-parse-response.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       ia64-clone.patch
@ -436,6 +442,8 @@ Patch204:       suse-qemu-conf.patch
 Patch205:       fix-pci-attach-xen-driver.patch
 Patch206:       support-managed-pci-xen-driver.patch
 Patch207:       systemd-service-xen.patch
+# Disable failing virCgroupGetPercpuStats unit test
+Patch208:       disable-virCgroupGetPercpuStats-test.patch
 %if %{with_apparmor}
 Patch250:       install-apparmor-profiles.patch
 %endif
@ -518,11 +526,15 @@ of recent versions of Linux. Requires a hypervisor specific sub-RPM
 for specific drivers.

 %if %{with_network}
+
 %package daemon-config-network
 Summary:        Default configuration files for the libvirtd daemon
 Group:          Development/Libraries/C and C++

 Requires:       libvirt-daemon = %{version}-%{release}
+%if %{with_driver_modules}
+Requires:       libvirt-daemon-driver-network = %{version}-%{release}
+%endif

 %description daemon-config-network
 Default configuration files for setting up NAT based networking
@ -535,6 +547,9 @@ Summary:        Network filter configuration files for the libvirtd
 Group:          Development/Libraries/C and C++

 Requires:       libvirt-daemon = %{version}-%{release}
+%if %{with_driver_modules}
+Requires:       libvirt-daemon-driver-nwfilter = %{version}-%{release}
+%endif

 %description daemon-config-nwfilter
 Network filter configuration files for the libvirt daemon, used for
@ -755,7 +770,7 @@ Requires:       libvirt-daemon-driver-qemu = %{version}-%{release}
 Requires:       libvirt-daemon-driver-secret = %{version}-%{release}
 Requires:       libvirt-daemon-driver-storage = %{version}-%{release}
 %endif
-Requires:       kvm
+Requires:       qemu

 %description daemon-qemu
 Server side daemon and driver required to manage the virtualization
@ -929,7 +944,6 @@ namespaces.

 %prep
 %setup -q
-%patch0 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
@ -942,6 +956,7 @@ namespaces.
 %patch205 -p1
 %patch206 -p1
 %patch207 -p1
+%patch208 -p1
 %if %{with_apparmor}
 %patch250 -p1
 %endif
@ -1089,6 +1104,9 @@ namespaces.
 %if %{with_firewalld}
 %define _with_firewalld --with-firewalld
 %endif
+%if ! %{with_systemd_daemon}
+%define _without_systemd_daemon --without-systemd-daemon
+%endif

 %if %{with_selinux}
 %define with_selinux_mount --with-selinux-mount="/sys/fs/selinux"
@ -1143,6 +1161,7 @@ export CFLAGS="$RPM_OPT_FLAGS"
           %{?_without_dtrace} \
           %{?_without_driver_modules} \
           %{?_with_firewalld} \
+           %{?_without_systemd_daemon} \
           --libexecdir=%{_libdir}/%{name} \
           --with-qemu-user=%{qemu_user} \
           --with-qemu-group=%{qemu_group} \
@ -1256,22 +1275,32 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates
 %if %{with_libvirtd}
 # Currently using our own libvirtd init script
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirtd
+%if ! %{with_systemd}
 install %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/init.d/libvirtd
 ln -s /etc/init.d/libvirtd $RPM_BUILD_ROOT%{_sbindir}/rclibvirtd
+%endif
 mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.libvirtd
 rm -f $RPM_BUILD_ROOT/usr/lib/sysctl.d/libvirtd.conf
 # For other services, use the in-tree scripts
+%if %{with_systemd}
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlockd
+%else
 mv $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/virtlockd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/virtlockd
 ln -s /etc/init.d/virtlockd $RPM_BUILD_ROOT%{_sbindir}/rcvirtlockd
+%endif
 mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/virtlockd $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.virtlockd
 #install firewall definitions format is described here:
 #/usr/share/SuSEfirewall2/services/TEMPLATE
 mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir}
 install -m 644 %{S:2} $RPM_BUILD_ROOT/%{_fwdefdir}/libvirtd-relocation-server
 %endif
+%if %{with_systemd}
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests
+%else
 mv $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests $RPM_BUILD_ROOT%{_sysconfdir}/init.d/libvirt-guests
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 ln -s %{_sysconfdir}/init.d/libvirt-guests $RPM_BUILD_ROOT%{_sbindir}/rclibvirt-guests
+%endif
 mv $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirt-guests $RPM_BUILD_ROOT%{_localstatedir}/adm/fillup-templates/sysconfig.libvirt-guests
 %fdupes -s $RPM_BUILD_ROOT

@ -1315,32 +1344,31 @@ fi
 %service_add_post libvirtd.service
 %service_add_post virtlockd.service virtlockd.socket
 %endif
-%if 0%{?sles_version}
-%{fillup_and_insserv -y -n libvirtd libvirtd}
-%else # ! sles
 %{fillup_only -n libvirtd}
-%endif
 %{fillup_only -n virtlockd}

 %preun daemon
 %if %{with_systemd}
 %service_del_preun libvirtd.service
 %service_del_preun virtlockd.service virtlockd.socket
-%endif
+%else
 %stop_on_removal libvirtd
 %stop_on_removal virtlockd
+%endif

 %postun daemon
 /sbin/ldconfig
 %if %{with_systemd}
 %service_del_postun libvirtd.service
 %service_del_postun virtlockd.service virtlockd.socket
-%endif
+%else
 %restart_on_update libvirtd
 %restart_on_update virtlockd
+%endif
 %insserv_cleanup

 %if %{with_network}
+
 %post daemon-config-network
 # Install the default network if one doesn't exist
 if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then
@ -1362,8 +1390,9 @@ fi
 %preun client
 %if %{with_systemd}
 %service_del_preun libvirt-guests.service
-%endif
+%else
 %stop_on_removal libvirt-guests
+%endif
 if [ $1 = 0 ]; then
    rm -f /var/lib/libvirt/libvirt-guests
 fi
@ -1388,15 +1417,16 @@ fi
 %dir %{_libdir}/%{name}
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/
 %{_localstatedir}/adm/fillup-templates/sysconfig.libvirtd
-%config /etc/init.d/libvirtd
-%{_sbindir}/rclibvirtd
 %{_localstatedir}/adm/fillup-templates/sysconfig.virtlockd
-%config /etc/init.d/virtlockd
-%{_sbindir}/rcvirtlockd
 %if %{with_systemd}
 %{_unitdir}/libvirtd.service
 %{_unitdir}/virtlockd.service
 %{_unitdir}/virtlockd.socket
+%else
+%config /etc/init.d/libvirtd
+%{_sbindir}/rclibvirtd
+%config /etc/init.d/virtlockd
+%{_sbindir}/rcvirtlockd
 %endif
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
@ -1435,11 +1465,11 @@ fi
 %if %{with_apparmor}
 %dir %{_sysconfdir}/apparmor.d
 %dir %{_sysconfdir}/apparmor.d/abstractions
-%dir %{_sysconfdir}/apparmor.d/libvirtd
+%dir %{_sysconfdir}/apparmor.d/libvirt
 %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.libvirtd
 %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.libvirt.virt-aa-helper
 %config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/libvirt-qemu
-%config(noreplace) %{_sysconfdir}/apparmor.d/libvirtd/TEMPLATE
+%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE
 %{_libdir}/%{name}/virt-aa-helper
 %endif
 %config %{_fwdefdir}/libvirtd-relocation-server
@ -1490,6 +1520,7 @@ fi
 %endif # ! %{with_driver_modules}

 %if %{with_network}
+
 %files daemon-config-network
 %defattr(-, root, root)
 %doc %{_docdir}/%{name}/libvirt-daemon-config-network.README
@ -1683,10 +1714,11 @@ fi
 %{_libdir}/lib*.so.*
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt-guests.sh
 %{_localstatedir}/adm/fillup-templates/sysconfig.libvirt-guests
-%config /etc/init.d/libvirt-guests
-%{_sbindir}/rclibvirt-guests
 %if %{with_systemd}
 %{_unitdir}/libvirt-guests.service
+%else
+%config /etc/init.d/libvirt-guests
+%{_sbindir}/rclibvirt-guests
 %endif

 %dir %{_datadir}/libvirt/
--- a/libvirtd-defaults.patch
+++ b/libvirtd-defaults.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/daemon/libvirtd.conf
+Index: libvirt-1.2.2/daemon/libvirtd.conf
 ===================================================================
--- libvirt-1.2.1.orig/daemon/libvirtd.conf
-+++ libvirt-1.2.1/daemon/libvirtd.conf
+--- libvirt-1.2.2.orig/daemon/libvirtd.conf
+++ libvirt-1.2.2/daemon/libvirtd.conf
@@ -18,8 +18,8 @@
 # It is necessary to setup a CA and issue server certificates before
 # using this capability.
@ -13,10 +13,10 @@ Index: libvirt-1.2.1/daemon/libvirtd.conf
 
 # Listen for unencrypted TCP connections on the public TCP/IP port.
 # NB, must pass the --listen flag to the libvirtd process for this to
-Index: libvirt-1.2.1/daemon/libvirtd-config.c
+Index: libvirt-1.2.2/daemon/libvirtd-config.c
 ===================================================================
--- libvirt-1.2.1.orig/daemon/libvirtd-config.c
-+++ libvirt-1.2.1/daemon/libvirtd-config.c
+--- libvirt-1.2.2.orig/daemon/libvirtd-config.c
+++ libvirt-1.2.2/daemon/libvirtd-config.c
@@ -222,7 +222,7 @@ daemonConfigNew(bool privileged ATTRIBUT
     if (VIR_ALLOC(data) < 0)
         return NULL;
--- a/libvirtd-init-script.patch
+++ b/libvirtd-init-script.patch
@ -1,9 +1,9 @@
 Adjust libvirtd sysconfig file to conform to SUSE standards

-Index: libvirt-1.2.1/daemon/libvirtd.sysconf
+Index: libvirt-1.2.2/daemon/libvirtd.sysconf
 ===================================================================
--- libvirt-1.2.1.orig/daemon/libvirtd.sysconf
-+++ libvirt-1.2.1/daemon/libvirtd.sysconf
+--- libvirt-1.2.2.orig/daemon/libvirtd.sysconf
+++ libvirt-1.2.2/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@
 +## Path: System/Virtualization/libvirt
 +
--- a/libxl-hvm-vnc.patch
+++ b/libxl-hvm-vnc.patch
@ -1,8 +1,8 @@
-Index: libvirt-1.2.1/src/libxl/libxl_conf.c
+Index: libvirt-1.2.2/src/libxl/libxl_conf.c
 ===================================================================
--- libvirt-1.2.1.orig/src/libxl/libxl_conf.c
-+++ libvirt-1.2.1/src/libxl/libxl_conf.c
-@@ -561,6 +561,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de
+--- libvirt-1.2.2.orig/src/libxl/libxl_conf.c
+++ libvirt-1.2.2/src/libxl/libxl_conf.c
+@@ -565,6 +565,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de
 }
 
 static int
@ -33,7 +33,7 @@ Index: libvirt-1.2.1/src/libxl/libxl_conf.c
 libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config)
 {
     virDomainDefPtr def = vm->def;
-@@ -1189,6 +1213,9 @@ libxlBuildDomainConfig(libxlDriverPrivat
+@@ -1195,6 +1219,9 @@ libxlBuildDomainConfig(libxlDriverPrivat
     if (libxlMakeVfbList(driver, def, d_config) < 0)
         return -1;
 
--- a/support-managed-pci-xen-driver.patch
+++ b/support-managed-pci-xen-driver.patch
@ -8,11 +8,11 @@ Subject: [PATCH] support managed pci devices in xen driver
 src/xenxs/xen_xm.c   |   28 +++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 15 deletions(-)

-Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
+Index: libvirt-1.2.2/src/xenxs/xen_sxpr.c
 ===================================================================
--- libvirt-1.2.1.orig/src/xenxs/xen_sxpr.c
-+++ libvirt-1.2.1/src/xenxs/xen_sxpr.c
-@@ -996,6 +996,7 @@ xenParseSxprPCI(virDomainDefPtr def,
+--- libvirt-1.2.2.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.2.2/src/xenxs/xen_sxpr.c
+@@ -998,6 +998,7 @@ xenParseSxprPCI(virDomainDefPtr def,
         int busID;
         int slotID;
         int funcID;
@ -20,7 +20,7 @@ Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
 
         node = cur->u.s.car;
         if (!sexpr_lookup(node, "dev"))
-@@ -1043,11 +1044,13 @@ xenParseSxprPCI(virDomainDefPtr def,
+@@ -1045,11 +1046,13 @@ xenParseSxprPCI(virDomainDefPtr def,
             goto error;
         }
 
@ -35,7 +35,7 @@ Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
         dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
         dev->source.subsys.u.pci.addr.domain = domainID;
         dev->source.subsys.u.pci.addr.bus = busID;
-@@ -1991,11 +1994,15 @@ static void
+@@ -1993,11 +1996,15 @@ static void
 xenFormatSxprPCI(virDomainHostdevDefPtr def,
                  virBufferPtr buf)
 {
@ -52,7 +52,7 @@ Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
 }
 
 
-@@ -2014,12 +2021,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
+@@ -2016,12 +2023,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
                     virBufferPtr buf,
                     int detach)
 {
@ -65,7 +65,7 @@ Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
     virBufferAddLit(buf, "(pci ");
     xenFormatSxprPCI(def, buf);
     if (detach)
-@@ -2074,12 +2075,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
+@@ -2076,12 +2077,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
     for (i = 0; i < def->nhostdevs; i++) {
         if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
             def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
@ -78,10 +78,10 @@ Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
             xenFormatSxprPCI(def->hostdevs[i], buf);
         }
     }
-Index: libvirt-1.2.1/src/xenxs/xen_xm.c
+Index: libvirt-1.2.2/src/xenxs/xen_xm.c
 ===================================================================
--- libvirt-1.2.1.orig/src/xenxs/xen_xm.c
-+++ libvirt-1.2.1/src/xenxs/xen_xm.c
+--- libvirt-1.2.2.orig/src/xenxs/xen_xm.c
+++ libvirt-1.2.2/src/xenxs/xen_xm.c
@@ -802,6 +802,8 @@ xenParseXM(virConfPtr conf, int xendConf
             int busID;
             int slotID;
--- a/suse-qemu-conf.patch
+++ b/suse-qemu-conf.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/src/qemu/qemu.conf
+Index: libvirt-1.2.2/src/qemu/qemu.conf
 ===================================================================
--- libvirt-1.2.1.orig/src/qemu/qemu.conf
-+++ libvirt-1.2.1/src/qemu/qemu.conf
+--- libvirt-1.2.2.orig/src/qemu/qemu.conf
+++ libvirt-1.2.2/src/qemu/qemu.conf
@@ -200,7 +200,16 @@
 # a special value; security_driver can be set to that value in
 # isolation, but it cannot appear in a list of drivers.
--- a/systemd-service-xen.patch
+++ b/systemd-service-xen.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/daemon/libvirtd.service.in
+Index: libvirt-1.2.2/daemon/libvirtd.service.in
 ===================================================================
--- libvirt-1.2.1.orig/daemon/libvirtd.service.in
-+++ libvirt-1.2.1/daemon/libvirtd.service.in
+--- libvirt-1.2.2.orig/daemon/libvirtd.service.in
+++ libvirt-1.2.2/daemon/libvirtd.service.in
@@ -9,6 +9,8 @@ Before=libvirt-guests.service
 After=network.target
 After=dbus.service
--- a/virtlockd-init-script.patch
+++ b/virtlockd-init-script.patch
@ -1,9 +1,9 @@
 Adjust virtlockd init files to conform to SUSE standards

-Index: libvirt-1.2.1/src/locking/virtlockd.sysconf
+Index: libvirt-1.2.2/src/locking/virtlockd.sysconf
 ===================================================================
--- libvirt-1.2.1.orig/src/locking/virtlockd.sysconf
-+++ libvirt-1.2.1/src/locking/virtlockd.sysconf
+--- libvirt-1.2.2.orig/src/locking/virtlockd.sysconf
+++ libvirt-1.2.2/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
 +## Path: System/Virtualization/virtlockd
 +
@ -12,10 +12,10 @@ Index: libvirt-1.2.1/src/locking/virtlockd.sysconf
 #
 # Pass extra arguments to virtlockd
 #VIRTLOCKD_ARGS=
-Index: libvirt-1.2.1/src/locking/virtlockd.init.in
+Index: libvirt-1.2.2/src/locking/virtlockd.init.in
 ===================================================================
--- libvirt-1.2.1.orig/src/locking/virtlockd.init.in
-+++ libvirt-1.2.1/src/locking/virtlockd.init.in
+--- libvirt-1.2.2.orig/src/locking/virtlockd.init.in
+++ libvirt-1.2.2/src/locking/virtlockd.init.in
@@ -4,12 +4,14 @@
 # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV
 #
--- a/xen-name-for-devid.patch
+++ b/xen-name-for-devid.patch
@ -14,10 +14,10 @@
    is inactive.  We obviously can't search xenstore when the domain is
    inactive.

-Index: libvirt-1.2.1/src/xen/xend_internal.c
+Index: libvirt-1.2.2/src/xen/xend_internal.c
 ===================================================================
--- libvirt-1.2.1.orig/src/xen/xend_internal.c
-+++ libvirt-1.2.1/src/xen/xend_internal.c
+--- libvirt-1.2.2.orig/src/xen/xend_internal.c
+++ libvirt-1.2.2/src/xen/xend_internal.c
@@ -70,7 +70,7 @@
 #define XEND_RCV_BUF_MAX_LEN (256 * 1024)
 
--- a/xen-pv-cdrom.patch
+++ b/xen-pv-cdrom.patch
@ -1,7 +1,7 @@
-Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c
+Index: libvirt-1.2.2/src/xenxs/xen_sxpr.c
 ===================================================================
--- libvirt-1.2.1.orig/src/xenxs/xen_sxpr.c
-+++ libvirt-1.2.1/src/xenxs/xen_sxpr.c
+--- libvirt-1.2.2.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.2.2/src/xenxs/xen_sxpr.c
@@ -330,7 +330,7 @@ error:
 static int
 xenParseSxprDisks(virDomainDefPtr def,