Accepting request 681981 from home:jfehlig:branches:Virtualization

- Update to libvirt 5.1.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 11c8aca9-libxl-set-mem-after-balloon.patch, 70c2933d-apparmor-named-profiles.patch, a3ab6d42-apparmor-conv-libvirtd-named-profile.patch, b6440119-qemu-conf-sev.patch, a404ac34-qemu-cgroup-sev.patch, 6fd4c8f8-qemu-domain-sev.patch, 17f6a257-security-dac-sev.patch, a2d3dea9-qemu-caps-dac-override-sev.patch, 620d9dd5-qemu-no-dac-override-nonroot.patch - jsc#SLE-3887, jsc#SLE-4480, jsc#SLE-4577 OBS-URL: https://build.opensuse.org/request/show/681981 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=734
2019-03-06 02:00:59 +00:00 · 2019-03-06 02:00:59 +00:00 · 7fe9d077c7
commit 7fe9d077c7
parent 66085e7438
42 changed files with 258 additions and 761 deletions
--- a/0001-Extract-stats-functions-from-the-qemu-driver.patch
+++ b/0001-Extract-stats-functions-from-the-qemu-driver.patch
@ -18,10 +18,10 @@ them.
 create mode 100644 src/conf/domain_stats.c
 create mode 100644 src/conf/domain_stats.h
-Index: libvirt-5.0.0/src/conf/domain_stats.c
+Index: libvirt-5.1.0/src/conf/domain_stats.c
 ===================================================================
 --- /dev/null
-+++ libvirt-5.0.0/src/conf/domain_stats.c
+++ libvirt-5.1.0/src/conf/domain_stats.c
@@ -0,0 +1,139 @@
 +/*
 + * domain_stats.c: domain stats extraction helpers
@ -162,10 +162,10 @@ Index: libvirt-5.0.0/src/conf/domain_stats.c
 +}
 +
 +#undef STATS_ADD_NET_PARAM
-Index: libvirt-5.0.0/src/conf/domain_stats.h
+Index: libvirt-5.1.0/src/conf/domain_stats.h
 ===================================================================
 --- /dev/null
-+++ libvirt-5.0.0/src/conf/domain_stats.h
+++ libvirt-5.1.0/src/conf/domain_stats.h
@@ -0,0 +1,64 @@
 +/*
 + * domain_stats.h: domain stats extraction helpers
@ -231,11 +231,11 @@ Index: libvirt-5.0.0/src/conf/domain_stats.h
 +                               int *maxparams);
 +
 +#endif /* __DOMAIN_STATS_H */
-Index: libvirt-5.0.0/src/libvirt_private.syms
+Index: libvirt-5.1.0/src/libvirt_private.syms
 ===================================================================
--- libvirt-5.0.0.orig/src/libvirt_private.syms
+--- libvirt-5.1.0.orig/src/libvirt_private.syms
-+++ libvirt-5.0.0/src/libvirt_private.syms
+++ libvirt-5.1.0/src/libvirt_private.syms
-@@ -661,6 +661,9 @@ virDomainConfNWFilterInstantiate;
+@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate;
 virDomainConfNWFilterTeardown;
 virDomainConfVMNWFilterTeardown;
@ -245,7 +245,7 @@ Index: libvirt-5.0.0/src/libvirt_private.syms
 # conf/interface_conf.h
 virInterfaceDefFormat;
-@@ -1550,6 +1553,7 @@ virCgroupGetMemoryUsage;
+@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage;
 virCgroupGetMemSwapHardLimit;
 virCgroupGetMemSwapUsage;
 virCgroupGetPercpuStats;
@ -253,10 +253,10 @@ Index: libvirt-5.0.0/src/libvirt_private.syms
 virCgroupHasController;
 virCgroupHasEmptyTasks;
 virCgroupKillPainfully;
-Index: libvirt-5.0.0/src/qemu/qemu_driver.c
+Index: libvirt-5.1.0/src/qemu/qemu_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu_driver.c
+--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
-+++ libvirt-5.0.0/src/qemu/qemu_driver.c
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
@@ -67,6 +67,7 @@
 #include "virarptable.h"
 #include "viruuid.h"
@ -265,7 +265,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 #include "domain_audit.h"
 #include "node_device_conf.h"
 #include "virpci.h"
-@@ -19969,21 +19970,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
+@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
                         int *maxparams,
                         unsigned int privflags ATTRIBUTE_UNUSED)
 {
@ -288,7 +288,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 }
-@@ -20173,37 +20160,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
+@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
                             int *maxparams)
 {
     qemuDomainObjPrivatePtr priv = dom->privateData;
@ -327,7 +327,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 }
-@@ -20401,44 +20358,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
+@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
     return ret;
 }
@ -372,7 +372,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 static int
 qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
                             virDomainObjPtr dom,
-@@ -20446,68 +20365,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
+@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
                             int *maxparams,
                             unsigned int privflags ATTRIBUTE_UNUSED)
 {
@ -442,7 +442,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 #define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \
     do { \
         char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
-@@ -20740,10 +20600,10 @@ qemuDomainGetStatsBlockExportHeader(virD
+@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD
 {
     int ret = -1;
@ -455,7 +455,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
     if (src->id)
         QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex",
                                 src->id);
-@@ -20897,7 +20757,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
+@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
      * after the iteration than it is to iterate twice; but we still
      * want count listed first.  */
     count_index = record->nparams;
@ -464,7 +464,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
     for (i = 0; i < dom->def->ndisks; i++) {
         if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats,
-@@ -20922,8 +20782,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
+@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
 #undef QEMU_ADD_BLOCK_PARAM_ULL
@ -473,7 +473,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 #define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \
     do { \
         char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
-@@ -20975,7 +20833,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
+@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
     if (niothreads == 0)
         return 0;
@ -482,7 +482,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
     for (i = 0; i < niothreads; i++) {
         if (iothreads[i]->poll_valid) {
-@@ -21008,8 +20866,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
+@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
 #undef QEMU_ADD_IOTHREAD_PARAM_ULL
@ -491,11 +491,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c
 static int
 qemuDomainGetStatsPerfOneEvent(virPerfPtr perf,
                                virPerfEventType type,
-Index: libvirt-5.0.0/src/util/vircgroup.c
+Index: libvirt-5.1.0/src/util/vircgroup.c
 ===================================================================
--- libvirt-5.0.0.orig/src/util/vircgroup.c
+--- libvirt-5.1.0.orig/src/util/vircgroup.c
-+++ libvirt-5.0.0/src/util/vircgroup.c
+++ libvirt-5.1.0/src/util/vircgroup.c
-@@ -2796,6 +2796,44 @@ virCgroupControllerAvailable(int control
+@@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control
     return ret;
 }
@ -540,7 +540,7 @@ Index: libvirt-5.0.0/src/util/vircgroup.c
 #else /* !__linux__ */
 bool
-@@ -2805,6 +2843,15 @@ virCgroupAvailable(void)
+@@ -2809,6 +2847,15 @@ virCgroupAvailable(void)
 }
@ -556,10 +556,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.c
 int
 virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED,
                       bool create ATTRIBUTE_UNUSED,
-Index: libvirt-5.0.0/src/util/vircgroup.h
+Index: libvirt-5.1.0/src/util/vircgroup.h
 ===================================================================
--- libvirt-5.0.0.orig/src/util/vircgroup.h
+--- libvirt-5.1.0.orig/src/util/vircgroup.h
-+++ libvirt-5.0.0/src/util/vircgroup.h
+++ libvirt-5.1.0/src/util/vircgroup.h
@@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou
 int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller);
@ -570,10 +570,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.h
 +                         int *maxparams);
 +
 #endif /* LIBVIRT_VIRCGROUP_H */
-Index: libvirt-5.0.0/src/conf/Makefile.inc.am
+Index: libvirt-5.1.0/src/conf/Makefile.inc.am
 ===================================================================
--- libvirt-5.0.0.orig/src/conf/Makefile.inc.am
+--- libvirt-5.1.0.orig/src/conf/Makefile.inc.am
-+++ libvirt-5.0.0/src/conf/Makefile.inc.am
+++ libvirt-5.1.0/src/conf/Makefile.inc.am
@@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \
 	conf/domain_audit.h \
 	conf/domain_nwfilter.c \
--- a/0001-libxl-add-support-for-BlockResize-API.patch
+++ b/0001-libxl-add-support-for-BlockResize-API.patch
@ -19,10 +19,10 @@ reworking this patch and submitting it to upstream libvirt.
 src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
-Index: libvirt-5.0.0/src/libxl/libxl_driver.c
+Index: libvirt-5.1.0/src/libxl/libxl_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
-+++ libvirt-5.0.0/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
 #undef LIBXL_SET_MEMSTAT
--- a/0002-lxc-implement-connectGetAllDomainStats.patch
+++ b/0002-lxc-implement-connectGetAllDomainStats.patch
@ -9,10 +9,10 @@ them using the existing API.
 src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 138 insertions(+)
-Index: libvirt-5.0.0/src/lxc/lxc_driver.c
+Index: libvirt-5.1.0/src/lxc/lxc_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/lxc/lxc_driver.c
+--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
-+++ libvirt-5.0.0/src/lxc/lxc_driver.c
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
@@ -75,6 +75,7 @@
 #include "viraccessapichecklxc.h"
 #include "virhostdev.h"
@ -21,7 +21,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
 #define VIR_FROM_THIS VIR_FROM_LXC
-@@ -5408,6 +5409,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
+@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
     return ret;
 }
@ -164,7 +164,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
 /* Function Tables */
 static virHypervisorDriver lxcHypervisorDriver = {
-@@ -5503,6 +5640,7 @@ static virHypervisorDriver lxcHypervisor
+@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor
     .nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */
     .nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */
     .domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */
--- a/11c8aca9-libxl-set-mem-after-balloon.patch
+++ b/11c8aca9-libxl-set-mem-after-balloon.patch
@ -1,34 +0,0 @@
 commit 11c8aca938bff7f6b7fb9def732262f3ad9e91f9
 Author: Jim Fehlig <jfehlig@suse.com>
 Date:   Thu Jan 10 15:18:36 2019 -0700
    libxl: Set current memory value after successful balloon
    The libxl driver does not set the new memory value in the active domain def
    after a successful balloon. This results in the old memory value in
    <currentMemory>. E.g.
    virsh dumpxml test | grep currentMemory
      <currentMemory unit='KiB'>20971520</currentMemory>
    virsh setmem test 16777216 --live
    virsh dumpxml test | grep currentMemory
      <currentMemory unit='KiB'>20971520</currentMemory>
    Set the new memory value in active domain def after a successful call to
    libxl_set_memory_target().
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
    Reviewed-by: Ján Tomko <jtomko@redhat.com>
 Index: libvirt-5.0.0/src/libxl/libxl_driver.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
 +++ libvirt-5.0.0/src/libxl/libxl_driver.c
@@ -1676,6 +1676,7 @@ libxlDomainSetMemoryFlags(virDomainPtr d
                                  " with libxenlight"), vm->def->id);
                 goto endjob;
             }
 +            vm->def->mem.cur_balloon = newmem;
         }
         if (flags & VIR_DOMAIN_MEM_CONFIG) {
--- a/17f6a257-security-dac-sev.patch
+++ b/17f6a257-security-dac-sev.patch
@ -1,103 +0,0 @@
 commit 17f6a257f1ea484489277f4da38be914b246a30b
 Author: Erik Skultety <eskultet@redhat.com>
 Date:   Thu Jan 31 15:16:50 2019 +0100
    security: dac: Relabel /dev/sev in the namespace
    The default permissions (0600 root:root) are of no use to the qemu
    process so we need to change the owner to qemu iff running with
    namespaces.
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Index: libvirt-5.0.0/src/security/security_dac.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/security/security_dac.c
 +++ libvirt-5.0.0/src/security/security_dac.c
@@ -48,6 +48,7 @@
 VIR_LOG_INIT("security.security_dac");
 #define SECURITY_DAC_NAME "dac"
 +#define DEV_SEV "/dev/sev"
 typedef struct _virSecurityDACData virSecurityDACData;
 typedef virSecurityDACData *virSecurityDACDataPtr;
@@ -1690,6 +1691,16 @@ virSecurityDACRestoreMemoryLabel(virSecu
 static int
 +virSecurityDACRestoreSEVLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
 +                              virDomainDefPtr def ATTRIBUTE_UNUSED)
 +{
 +    /* we only label /dev/sev when running with namespaces, so we don't need to
 +     * restore anything */
 +    return 0;
 +}
 +
 +
 +static int
 virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
                               virDomainDefPtr def,
                               bool migrated,
@@ -1759,6 +1770,11 @@ virSecurityDACRestoreAllLabel(virSecurit
             rc = -1;
     }
 +    if (def->sev) {
 +        if (virSecurityDACRestoreSEVLabel(mgr, def) < 0)
 +            rc = -1;
 +    }
 +
     if (def->os.loader && def->os.loader->nvram &&
         virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0)
         rc = -1;
@@ -1833,6 +1849,36 @@ virSecurityDACSetMemoryLabel(virSecurity
 static int
 +virSecurityDACSetSEVLabel(virSecurityManagerPtr mgr,
 +                          virDomainDefPtr def)
 +{
 +    virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
 +    virSecurityLabelDefPtr seclabel;
 +    uid_t user;
 +    gid_t group;
 +
 +    /* Skip chowning /dev/sev if namespaces are disabled as we'd significantly
 +     * increase the chance of a DOS attack on SEV
 +     */
 +    if (!priv->mountNamespace)
 +        return 0;
 +
 +    seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
 +    if (seclabel && !seclabel->relabel)
 +        return 0;
 +
 +    if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
 +        return -1;
 +
 +    if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV,
 +                                   user, group, false) < 0)
 +        return -1;
 +
 +    return 0;
 +}
 +
 +
 +static int
 virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
                           virDomainDefPtr def,
                           const char *stdin_path ATTRIBUTE_UNUSED,
@@ -1902,6 +1948,11 @@ virSecurityDACSetAllLabel(virSecurityMan
             return -1;
     }
 +    if (def->sev) {
 +        if (virSecurityDACSetSEVLabel(mgr, def) < 0)
 +            return -1;
 +    }
 +
     if (virSecurityDACGetImageIds(secdef, priv, &user, &group))
         return -1;
--- a/620d9dd5-qemu-no-dac-override-nonroot.patch
+++ b/620d9dd5-qemu-no-dac-override-nonroot.patch
@ -1,25 +0,0 @@
 commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6
 Author: Peter Krempa <pkrempa@redhat.com>
 Date:   Mon Feb 4 16:24:15 2019 +0100
    qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
    It will not work. This breaks qemu capabilities probing as a user.
    Signed-off-by: Peter Krempa <pkrempa@redhat.com>
    Reviewed-by: Erik Skultety <eskultet@redhat.com>
 Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
 +++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
 #if WITH_CAPNG
     /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
      * them just for the purpose of probing */
 -    virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
 +    if (geteuid() == 0)
 +        virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
 #endif
     virCommandSetGID(cmd->cmd, cmd->runGid);
--- a/6fd4c8f8-qemu-domain-sev.patch
+++ b/6fd4c8f8-qemu-domain-sev.patch
@ -1,60 +0,0 @@
 commit 6fd4c8f8785a063112c8161a3a3f5ad3cb6647ea
 Author: Erik Skultety <eskultet@redhat.com>
 Date:   Tue Jan 22 13:46:16 2019 +0100
    qemu: domain: Add /dev/sev into the domain mount namespace selectively
    Instead of exposing /dev/sev to every domain, do it selectively.
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Index: libvirt-5.0.0/src/qemu/qemu_domain.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu_domain.c
 +++ libvirt-5.0.0/src/qemu/qemu_domain.c
@@ -116,6 +116,7 @@ VIR_ENUM_IMPL(qemuDomainNamespace, QEMU_
 #define DEVPREFIX "/dev/"
 #define DEV_VFIO "/dev/vfio/vfio"
 #define DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
 +#define DEV_SEV "/dev/sev"
 struct _qemuDomainLogContext {
@@ -12018,6 +12019,26 @@ qemuDomainSetupLoader(virQEMUDriverConfi
 }
 +static int
 +qemuDomainSetupLaunchSecurity(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED,
 +                              virDomainObjPtr vm,
 +                              const struct qemuDomainCreateDeviceData *data)
 +{
 +    virDomainSEVDefPtr sev = vm->def->sev;
 +
 +    if (!sev || sev->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV)
 +        return 0;
 +
 +    VIR_DEBUG("Setting up launch security");
 +
 +    if (qemuDomainCreateDevice(DEV_SEV, data, false) < 0)
 +        return -1;
 +
 +    VIR_DEBUG("Set up launch security");
 +    return 0;
 +}
 +
 +
 int
 qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
                          virSecurityManagerPtr mgr,
@@ -12089,6 +12110,9 @@ qemuDomainBuildNamespace(virQEMUDriverCo
     if (qemuDomainSetupLoader(cfg, vm, &data) < 0)
         goto cleanup;
 +    if (qemuDomainSetupLaunchSecurity(cfg, vm, &data) < 0)
 +        goto cleanup;
 +
     /* Save some mount points because we want to share them with the host */
     for (i = 0; i < ndevMountsPath; i++) {
         struct stat sb;
--- a/70c2933d-apparmor-named-profiles.patch
+++ b/70c2933d-apparmor-named-profiles.patch
@ -1,38 +0,0 @@
 commit 70c2933da24dc4b004118afe2f9acaeabc42c0ad
 Author: Jim Fehlig <jfehlig@suse.com>
 Date:   Fri Jan 11 17:26:03 2019 -0700
    apparmor: Add support for named profiles
    Upstream apparmor is switching to named profiles. In short,
    /usr/sbin/dnsmasq {
    becomes
    profile dnsmasq /usr/sbin/dnsmasq {
    Consequently, any profiles that reference profiles in a peer= condition
    need to be updated if the referenced profile switches to a named profile.
    Apparmor commit 9ab45d81 switched dnsmasq to a named profile. ATM it is
    the only named profile switch that has affected libvirt. Add rules to the
    libvirtd profile to reference dnsmasq in peer= conditions by profile name.
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
 Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
 ===================================================================
 --- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
 +++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
@@ -52,9 +52,11 @@
   ptrace (read,trace) peer=unconfined,
   ptrace (read,trace) peer=/usr/sbin/libvirtd,
 +  ptrace (read,trace) peer=dnsmasq,
   ptrace (read,trace) peer=/usr/sbin/dnsmasq,
   ptrace (read,trace) peer=libvirt-*,
 +  signal (send) peer=dnsmasq,
   signal (send) peer=/usr/sbin/dnsmasq,
   signal (read, send) peer=libvirt-*,
   signal (send) set=("kill", "term") peer=unconfined,
--- a/a2d3dea9-qemu-caps-dac-override-sev.patch
+++ b/a2d3dea9-qemu-caps-dac-override-sev.patch
@ -1,112 +0,0 @@
 commit a2d3dea9d41dba313d9566120a8ec9d358567bd0
 Author: Erik Skultety <eskultet@redhat.com>
 Date:   Thu Jan 24 10:33:01 2019 +0100
    qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues
    This is mainly about /dev/sev and its default permissions 0600. Of
    course, rule of 'tinfoil' would be that we can't trust anything, but the
    probing code in QEMU is considered safe from security's perspective + we
    can't create an udev rule for this at the moment, because ioctls and
    file system permissions aren't cross-checked in kernel and therefore a
    user with read permissions could issue a 'privileged' operation on SEV
    which is currently only limited to root.
    https://bugzilla.redhat.com/show_bug.cgi?id=1665400
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
 +++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
@@ -53,6 +53,10 @@
 #include <stdarg.h>
 #include <sys/utsname.h>
 +#if WITH_CAPNG
 +# include <cap-ng.h>
 +#endif
 +
 #define VIR_FROM_THIS VIR_FROM_QEMU
 VIR_LOG_INIT("qemu.qemu_capabilities");
@@ -4521,6 +4525,13 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
                                     NULL);
     virCommandAddEnvPassCommon(cmd->cmd);
     virCommandClearCaps(cmd->cmd);
 +
 +#if WITH_CAPNG
 +    /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
 +     * them just for the purpose of probing */
 +    virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
 +#endif
 +
     virCommandSetGID(cmd->cmd, cmd->runGid);
     virCommandSetUID(cmd->cmd, cmd->runUid);
 Index: libvirt-5.0.0/src/util/virutil.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/util/virutil.c
 +++ libvirt-5.0.0/src/util/virutil.c
@@ -1502,8 +1502,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
 {
     size_t i;
     int capng_ret, ret = -1;
 -    bool need_setgid = false, need_setuid = false;
 +    bool need_setgid = false;
 +    bool need_setuid = false;
     bool need_setpcap = false;
 +    const char *capstr = NULL;
     /* First drop all caps (unless the requested uid is "unchanged" or
      * root and clearExistingCaps wasn't requested), then add back
@@ -1512,14 +1514,18 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
      */
     if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0))
 -       capng_clear(CAPNG_SELECT_BOTH);
 +        capng_clear(CAPNG_SELECT_BOTH);
     for (i = 0; i <= CAP_LAST_CAP; i++) {
 +        capstr = capng_capability_to_name(i);
 +
         if (capBits & (1ULL << i)) {
             capng_update(CAPNG_ADD,
                          CAPNG_EFFECTIVE|CAPNG_INHERITABLE|
                          CAPNG_PERMITTED|CAPNG_BOUNDING_SET,
                          i);
 +
 +            VIR_DEBUG("Added '%s' to child capabilities' set", capstr);
         }
     }
@@ -1579,6 +1585,27 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi
         goto cleanup;
     }
 +# ifdef PR_CAP_AMBIENT
 +    /* we couldn't do this in the loop earlier above, because the capabilities
 +     * were not applied yet, since in order to add a capability into the AMBIENT
 +     * set, it has to be present in both the PERMITTED and INHERITABLE sets
 +     * (capabilities(7))
 +     */
 +    for (i = 0; i <= CAP_LAST_CAP; i++) {
 +        capstr = capng_capability_to_name(i);
 +
 +        if (capBits & (1ULL << i)) {
 +            if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0) {
 +                virReportSystemError(errno,
 +                                     _("prctl failed to enable '%s' in the "
 +                                       "AMBIENT set"),
 +                                     capstr);
 +                goto cleanup;
 +            }
 +        }
 +    }
 +# endif
 +
     /* Set bounding set while we have CAP_SETPCAP.  Unfortunately we cannot
      * do this if we failed to get the capability above, so ignore the
      * return value.
--- a/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
+++ b/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
@ -1,38 +0,0 @@
 commit a3ab6d42d825499af44b8f19f9299e150d9687bc
 Author: Jim Fehlig <jfehlig@suse.com>
 Date:   Fri Jan 11 17:59:59 2019 -0700
    apparmor: convert libvirtd profile to a named profile
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
 Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
 ===================================================================
 --- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd
 +++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd
@@ -2,7 +2,7 @@
 #include <tunables/global>
 @{LIBVIRT}="libvirt"
 -/usr/sbin/libvirtd flags=(attach_disconnected) {
 +profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/dbus>
@@ -51,7 +51,7 @@
   unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
   ptrace (read,trace) peer=unconfined,
 -  ptrace (read,trace) peer=/usr/sbin/libvirtd,
 +  ptrace (read,trace) peer=@{profile_name},
   ptrace (read,trace) peer=dnsmasq,
   ptrace (read,trace) peer=/usr/sbin/dnsmasq,
   ptrace (read,trace) peer=libvirt-*,
@@ -123,6 +123,7 @@
    # For communication/control from libvirtd
    unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
    signal (receive) set=("term") peer=/usr/sbin/libvirtd,
 +   signal (receive) set=("term") peer=libvirtd,
    /dev/net/tun rw,
    /etc/qemu/** r,
--- a/a404ac34-qemu-cgroup-sev.patch
+++ b/a404ac34-qemu-cgroup-sev.patch
@ -1,50 +0,0 @@
 commit a404ac34768e975bd420d1eeac3811563da67e3f
 Author: Erik Skultety <eskultet@redhat.com>
 Date:   Mon Jan 21 14:50:11 2019 +0100
    qemu: cgroup: Expose /dev/sev/ only to domains that require SEV
    SEV has a limit on number of concurrent guests. From security POV we
    should only expose resources (any resources for that matter) to domains
    that truly need them.
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c
 +++ libvirt-5.0.0/src/qemu/qemu_cgroup.c
@@ -692,6 +692,22 @@ qemuTeardownChardevCgroup(virDomainObjPt
 static int
 +qemuSetupSEVCgroup(virDomainObjPtr vm)
 +{
 +    qemuDomainObjPrivatePtr priv = vm->privateData;
 +    int ret;
 +
 +    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES))
 +        return 0;
 +
 +    ret = virCgroupAllowDevicePath(priv->cgroup, "/dev/sev",
 +                                   VIR_CGROUP_DEVICE_RW, false);
 +    virDomainAuditCgroupPath(vm, priv->cgroup, "allow", "/dev/sev",
 +                             "rw", ret);
 +    return ret;
 +}
 +
 +static int
 qemuSetupDevicesCgroup(virDomainObjPtr vm)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -798,6 +814,9 @@ qemuSetupDevicesCgroup(virDomainObjPtr v
             goto cleanup;
     }
 +    if (vm->def->sev && qemuSetupSEVCgroup(vm) < 0)
 +        goto cleanup;
 +
     ret = 0;
  cleanup:
     virObjectUnref(cfg);
--- a/apparmor-no-mount.patch
+++ b/apparmor-no-mount.patch
@ -1,7 +1,7 @@
-Index: libvirt-5.0.0/src/security/apparmor/libvirt-lxc
+Index: libvirt-5.1.0/src/security/apparmor/libvirt-lxc
 ===================================================================
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-lxc
+--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-lxc
-+++ libvirt-5.0.0/src/security/apparmor/libvirt-lxc
+++ libvirt-5.1.0/src/security/apparmor/libvirt-lxc
@@ -2,39 +2,15 @@
   #include <abstractions/base>
--- a/b6440119-qemu-conf-sev.patch
+++ b/b6440119-qemu-conf-sev.patch
@ -1,64 +0,0 @@
 commit b6440119185a4e307654a8d26d6d551a2675bf82
 Author: Erik Skultety <eskultet@redhat.com>
 Date:   Mon Jan 21 14:48:02 2019 +0100
    qemu: conf: Remove /dev/sev from the default cgroup device acl list
    We should not give domains access to something they don't necessarily
    need by default. Remove it from the qemu driver docs too.
    Signed-off-by: Erik Skultety <eskultet@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Index: libvirt-5.0.0/docs/drvqemu.html.in
 ===================================================================
 --- libvirt-5.0.0.orig/docs/drvqemu.html.in
 +++ libvirt-5.0.0/docs/drvqemu.html.in
@@ -396,8 +396,7 @@ chmod o+x /path/to/directory
 /dev/null, /dev/full, /dev/zero,
 /dev/random, /dev/urandom,
 /dev/ptmx, /dev/kvm, /dev/kqemu,
 -/dev/rtc, /dev/hpet, /dev/net/tun,
 -/dev/sev
 +/dev/rtc, /dev/hpet, /dev/net/tun
 </pre>
     <p>
 Index: libvirt-5.0.0/src/qemu/qemu.conf
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu.conf
 +++ libvirt-5.0.0/src/qemu/qemu.conf
@@ -484,7 +484,7 @@
 #    "/dev/null", "/dev/full", "/dev/zero",
 #    "/dev/random", "/dev/urandom",
 #    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
 -#    "/dev/rtc","/dev/hpet", "/dev/sev"
 +#    "/dev/rtc","/dev/hpet"
 #]
 #
 # RDMA migration requires the following extra files to be added to the list:
 Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c
 +++ libvirt-5.0.0/src/qemu/qemu_cgroup.c
@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = {
     "/dev/null", "/dev/full", "/dev/zero",
     "/dev/random", "/dev/urandom",
     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
 -    "/dev/rtc", "/dev/hpet", "/dev/sev",
 +    "/dev/rtc", "/dev/hpet",
     NULL,
 };
 #define DEVICE_PTY_MAJOR 136
 Index: libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
 ===================================================================
 --- libvirt-5.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in
 +++ libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in
@@ -62,7 +62,6 @@ module Test_libvirtd_qemu =
     { "8" = "/dev/kqemu" }
     { "9" = "/dev/rtc" }
     { "10" = "/dev/hpet" }
 -    { "11" = "/dev/sev" }
 }
 { "save_image_format" = "raw" }
 { "dump_image_format" = "raw" }
--- a/blockcopy-check-dst-identical-device.patch
+++ b/blockcopy-check-dst-identical-device.patch
@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu <cyliu@suse.com>
 src/qemu/qemu_driver.c | 7 +++++++
 1 file changed, 7 insertions(+)
-Index: libvirt-5.0.0/src/qemu/qemu_driver.c
+Index: libvirt-5.1.0/src/qemu/qemu_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu_driver.c
+--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
-+++ libvirt-5.0.0/src/qemu/qemu_driver.c
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
-@@ -17798,6 +17798,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
+@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
         goto endjob;
     }
--- a/libvirt-5.0.0.tar.xz
+++ b/libvirt-5.0.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:afa81dbbc90b5209575930a820a222ff371e5ece5c1d8ec8f46b53c52b73b2e7
 size 14832576
--- a/libvirt-5.0.0.tar.xz.asc
+++ b/libvirt-5.0.0.tar.xz.asc
@ -1,10 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEcBAABAgAGBQJcPjX/AAoJEBVYiyZZa+pdu0MH/3FuXogeJV1NbW+DPKxVnmxS
 2GDQou2auTZ8SRjCUfR+jLMyYRwrdf2m8+9n1HEeiT8iILwzj/9MjeJFD7+8Czye
 LxDJaDhaDc/pXeVVx94DVb6KrxS660PYHNbZH3fUMWzOD1oPVvpVwmNCiOO8BXHH
 laY7fDvH3C2Um3s4vDpMuRKXtvCW+dJuwLPn2OJgfUCmD9fLfvN889PS5NP3Rr5i
 b/YNYzyfn7Zg0vIe5t/a6uoPp7qeICWG40X+TMiIOz9EjFvQfwQqBNtxoHjZH2Kb
 fY/KCX6lAWftFxxw+hqnSArwcDs5t6Uuqk96gGs0K6xXqnJVFHGKR9N1ps1KIaA=
 =MwoM
 -----END PGP SIGNATURE-----
--- a/libvirt-5.1.0.tar.xz
+++ b/libvirt-5.1.0.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:26f97a53d3172f07f8b63884d845ed71307c4675dc4e1b281c59d253e1e323ab
 size 14893608
--- a/libvirt-5.1.0.tar.xz.asc
+++ b/libvirt-5.1.0.tar.xz.asc
@ -0,0 +1,10 @@
 -----BEGIN PGP SIGNATURE-----
 iQEcBAABAgAGBQJcfPYaAAoJEBVYiyZZa+pdr5QH/iyjpJYjAebt3UM8JO6b83gu
 ybcvvYyQEWQGK7afPYXdhOhgCA99Wn7oJc/+IcUufFVhzOrcJyLRgb+M7FRgtOrt
 BiUswGkYFOUIwBUDnT6Ynxtdl6ESAJJGhzXPFpUShyhxrHPh0Jr77sRJfgz93U/9
 t1IZ133EVm+Eynqejb5BDponPc28/1CsI37UL7ogCCFKNN0QTGBjkkXfGlD3FAtk
 zVYdl88e4MTW73d7EmK3I/zum0Wojp8HTD+RH69TjHt3ozoSFYvQHwlKxafNC6Mo
 1hR7QbpSAO2cA27waINUbtRHnEabiNgv9MlrJ54kDiFoUlJWeH7frzR6uNIRHjc=
 =13hI
 -----END PGP SIGNATURE-----
--- a/libvirt-power8-models.patch
+++ b/libvirt-power8-models.patch
@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML
 From: <ro@suse.de>
-Index: libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml
+Index: libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
 ===================================================================
--- libvirt-5.0.0.orig/src/cpu_map/ppc64_POWER8.xml
+--- libvirt-5.1.0.orig/src/cpu_map/ppc64_POWER8.xml
-+++ libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml
+++ libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
@@ -4,5 +4,7 @@
     <pvr value='0x004b0000' mask='0xffff0000'/>
     <pvr value='0x004c0000' mask='0xffff0000'/>
--- a/libvirt-suse-netcontrol.patch
+++ b/libvirt-suse-netcontrol.patch
@ -1,8 +1,8 @@
-Index: libvirt-5.0.0/configure.ac
+Index: libvirt-5.1.0/configure.ac
 ===================================================================
--- libvirt-5.0.0.orig/configure.ac
+--- libvirt-5.1.0.orig/configure.ac
-+++ libvirt-5.0.0/configure.ac
+++ libvirt-5.1.0/configure.ac
-@@ -255,6 +255,7 @@ LIBVIRT_ARG_LIBSSH
+@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
 LIBVIRT_ARG_LIBXML
 LIBVIRT_ARG_MACVTAP
 LIBVIRT_ARG_NETCF
@ -10,7 +10,7 @@ Index: libvirt-5.0.0/configure.ac
 LIBVIRT_ARG_NLS
 LIBVIRT_ARG_NSS
 LIBVIRT_ARG_NUMACTL
-@@ -298,6 +299,7 @@ LIBVIRT_CHECK_LIBSSH
+@@ -300,6 +301,7 @@ LIBVIRT_CHECK_LIBSSH
 LIBVIRT_CHECK_LIBXML
 LIBVIRT_CHECK_MACVTAP
 LIBVIRT_CHECK_NETCF
@ -18,7 +18,7 @@ Index: libvirt-5.0.0/configure.ac
 LIBVIRT_CHECK_NLS
 LIBVIRT_CHECK_NUMACTL
 LIBVIRT_CHECK_NWFILTER
-@@ -1012,6 +1014,7 @@ LIBVIRT_RESULT_LIBXL
+@@ -1015,6 +1017,7 @@ LIBVIRT_RESULT_LIBXL
 LIBVIRT_RESULT_LIBXML
 LIBVIRT_RESULT_MACVTAP
 LIBVIRT_RESULT_NETCF
@ -26,10 +26,10 @@ Index: libvirt-5.0.0/configure.ac
 LIBVIRT_RESULT_NLS
 LIBVIRT_RESULT_NSS
 LIBVIRT_RESULT_NUMACTL
-Index: libvirt-5.0.0/tools/virsh.c
+Index: libvirt-5.1.0/tools/virsh.c
 ===================================================================
--- libvirt-5.0.0.orig/tools/virsh.c
+--- libvirt-5.1.0.orig/tools/virsh.c
-+++ libvirt-5.0.0/tools/virsh.c
+++ libvirt-5.1.0/tools/virsh.c
@@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
     vshPrint(ctl, " Interface");
 # if defined(WITH_NETCF)
@ -39,10 +39,10 @@ Index: libvirt-5.0.0/tools/virsh.c
 # elif defined(WITH_UDEV)
     vshPrint(ctl, " udev");
 # endif
-Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c
+Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c
 ===================================================================
--- libvirt-5.0.0.orig/src/interface/interface_backend_netcf.c
+--- libvirt-5.1.0.orig/src/interface/interface_backend_netcf.c
-+++ libvirt-5.0.0/src/interface/interface_backend_netcf.c
+++ libvirt-5.1.0/src/interface/interface_backend_netcf.c
@@ -21,7 +21,12 @@
 #include <config.h>
@ -126,10 +126,10 @@ Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c
     if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
         return -1;
     if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
-Index: libvirt-5.0.0/src/interface/interface_driver.c
+Index: libvirt-5.1.0/src/interface/interface_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/interface/interface_driver.c
+--- libvirt-5.1.0.orig/src/interface/interface_driver.c
-+++ libvirt-5.0.0/src/interface/interface_driver.c
+++ libvirt-5.1.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
     if (netcfIfaceRegister() == 0)
         return 0;
@ -147,10 +147,10 @@ Index: libvirt-5.0.0/src/interface/interface_driver.c
     if (udevIfaceRegister() == 0)
         return 0;
 #endif /* WITH_UDEV */
-Index: libvirt-5.0.0/m4/virt-netcontrol.m4
+Index: libvirt-5.1.0/m4/virt-netcontrol.m4
 ===================================================================
 --- /dev/null
-+++ libvirt-5.0.0/m4/virt-netcontrol.m4
+++ libvirt-5.1.0/m4/virt-netcontrol.m4
@@ -0,0 +1,39 @@
 +dnl The libnetcontrol library
 +dnl
@ -191,10 +191,10 @@ Index: libvirt-5.0.0/m4/virt-netcontrol.m4
 +AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
 +  LIBVIRT_RESULT_LIB([NETCONTROL])
 +])
-Index: libvirt-5.0.0/src/interface/Makefile.inc.am
+Index: libvirt-5.1.0/src/interface/Makefile.inc.am
 ===================================================================
--- libvirt-5.0.0.orig/src/interface/Makefile.inc.am
+--- libvirt-5.1.0.orig/src/interface/Makefile.inc.am
-+++ libvirt-5.0.0/src/interface/Makefile.inc.am
+++ libvirt-5.1.0/src/interface/Makefile.inc.am
@@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \
 	$(NULL)
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Mon Mar  4 18:52:57 UTC 2019 - James Fehlig <jfehlig@suse.com>
 - Update to libvirt 5.1.0
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    11c8aca9-libxl-set-mem-after-balloon.patch,
    70c2933d-apparmor-named-profiles.patch,
    a3ab6d42-apparmor-conv-libvirtd-named-profile.patch,
    b6440119-qemu-conf-sev.patch,
    a404ac34-qemu-cgroup-sev.patch,
    6fd4c8f8-qemu-domain-sev.patch,
    17f6a257-security-dac-sev.patch,
    a2d3dea9-qemu-caps-dac-override-sev.patch,
    620d9dd5-qemu-no-dac-override-nonroot.patch
  - jsc#SLE-3887, jsc#SLE-4480, jsc#SLE-4577
 -------------------------------------------------------------------
 Wed Feb 27 19:01:22 UTC 2019 - jfehlig@suse.com
--- a/libvirt.spec
+++ b/libvirt.spec
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
@ -51,6 +51,7 @@
 %define with_numactl       0%{!?_without_numactl:0}
 %define with_numad         0%{!?_without_numad:0}
 %define with_firewalld     0%{!?_without_firewalld:0}
 %define with_firewalld_zone 0%{!?_without_firewalld_zone:0}
 %define with_libssh        0%{!?_without_libssh:0}
 %define with_bash_completion 0%{!?_without_bash_completion:0}
@ -177,12 +178,12 @@
 %endif
 %if %{with_wireshark}
-    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)
+    %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan
 %endif
 Name:           libvirt
 Url:            http://libvirt.org/
-Version:        5.0.0
+Version:        5.1.0
 Release:        0
 Summary:        Library providing a virtualization API
 License:        LGPL-2.1-or-later
@ -313,7 +314,7 @@ BuildRequires:  systemtap-sdt-devel
 BuildRequires:  numad
 %endif
 %if %{with_wireshark}
-BuildRequires:  wireshark-devel >= 2.1.0
+BuildRequires:  wireshark-devel >= 2.4.0
 %endif
 %if %{with_libssh}
 BuildRequires:  libssh-devel >= 0.7.0
@ -332,15 +333,6 @@ Source6:        libvirtd-relocation-server.xml
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
 Patch0:         11c8aca9-libxl-set-mem-after-balloon.patch
 Patch1:         70c2933d-apparmor-named-profiles.patch
 Patch2:         a3ab6d42-apparmor-conv-libvirtd-named-profile.patch
 Patch3:         b6440119-qemu-conf-sev.patch
 Patch4:         a404ac34-qemu-cgroup-sev.patch
 Patch5:         6fd4c8f8-qemu-domain-sev.patch
 Patch6:         17f6a257-security-dac-sev.patch
 Patch7:         a2d3dea9-qemu-caps-dac-override-sev.patch
 Patch8:         620d9dd5-qemu-no-dac-override-nonroot.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -859,7 +851,7 @@ Includes the Sanlock lock manager plugin for the QEMU driver
 Summary:        Wireshark plugin for libvirt RPC protocol
 Group:          Productivity/Networking/Diagnostic
 Requires:       %{name}-libs = %{version}-%{release}
-Requires:       wireshark
+Requires:       wireshark >= 2.4.0
 %description -n wireshark-plugin-libvirt
 Wireshark dissector plugin for better analysis of libvirt RPC traffic.
@ -874,15 +866,6 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1
@ -1006,6 +989,11 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %else
    %define arg_firewalld --without-firewalld
 %endif
 %if %{with_firewalld_zone}
    %define arg_firewalld_zone --with-firewalld-zone
 %else
    %define arg_firewalld_zone --without-firewalld-zone
 %endif
 %if %{with_wireshark}
    %define arg_wireshark --with-wireshark-dissector
 %else
@ -1082,6 +1070,7 @@ export PYTHON=%{_bindir}/python3
           --with-dtrace \
           --with-driver-modules \
           %{?arg_firewalld} \
           %{?arg_firewalld_zone} \
           %{?arg_wireshark} \
           --with-nss-plugin \
           --libexecdir=%{_libdir}/%{name} \
@ -1287,6 +1276,16 @@ if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ;
    done
 fi
 %post daemon-driver-network
 %if %{with_firewalld_zone}
    %firewalld_reload
 %endif
 %postun daemon-driver-network
 %if %{with_firewalld_zone}
    %firewalld_reload
 %endif
 %post daemon-config-network
 # Install the default network if one doesn't exist
 if test $1 -eq 1 && test ! -f %{_sysconfdir}/%{name}/qemu/networks/default.xml ; then
@ -1433,6 +1432,9 @@ fi
 %attr(0755, root, root) %{_libdir}/%{name}/libvirt_leaseshelper
 %dir %{_libdir}/%{name}/connection-driver
 %{_libdir}/%{name}/connection-driver/libvirt_driver_network.so
 %if %{with_firewalld_zone}
 %{_prefix}/lib/firewalld/zones/libvirt.xml
 %endif
 %files daemon-driver-nodedev
 %dir %{_libdir}/%{name}/connection-driver
@ -1697,6 +1699,7 @@ fi
 %if %{with_wireshark}
 %files -n wireshark-plugin-libvirt
 %dir %{wireshark_plugindir}/
 %{wireshark_plugindir}/libvirt.so
 %endif
--- a/libxl-dom-reset.patch
+++ b/libxl-dom-reset.patch
@ -8,10 +8,10 @@ Date:   Mon Jun 23 15:51:20 2014 -0600
    option, but domainReset can be implemented in the libxl driver by
    forcibly destroying the domain and starting it again.
-Index: libvirt-5.0.0/src/libxl/libxl_driver.c
+Index: libvirt-5.1.0/src/libxl/libxl_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
-+++ libvirt-5.0.0/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -1350,6 +1350,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
 }
--- a/libxl-set-cach-mode.patch
+++ b/libxl-set-cach-mode.patch
@ -3,10 +3,10 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
 src/libxl/libxl_conf.c |   25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
-Index: libvirt-5.0.0/src/libxl/libxl_conf.c
+Index: libvirt-5.1.0/src/libxl/libxl_conf.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_conf.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
-+++ libvirt-5.0.0/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
@@ -884,6 +884,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
 #endif
 }
--- a/libxl-set-migration-constraints.patch
+++ b/libxl-set-migration-constraints.patch
@ -16,11 +16,11 @@ Signed-off-by: Jim Fehlig <jfehlig@suse.com>
 tools/virsh.pod                  |    8 ++++++++
 6 files changed, 125 insertions(+), 6 deletions(-)
-Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h
+Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h
 ===================================================================
--- libvirt-5.0.0.orig/include/libvirt/libvirt-domain.h
+--- libvirt-5.1.0.orig/include/libvirt/libvirt-domain.h
-+++ libvirt-5.0.0/include/libvirt/libvirt-domain.h
+++ libvirt-5.1.0/include/libvirt/libvirt-domain.h
-@@ -1016,6 +1016,31 @@ typedef enum {
+@@ -1025,6 +1025,31 @@ typedef enum {
  */
 # define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT  "auto_converge.increment"
@ -52,10 +52,10 @@ Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h
 /* Domain migration. */
 virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
                                unsigned long flags, const char *dname,
-Index: libvirt-5.0.0/src/libxl/libxl_driver.c
+Index: libvirt-5.1.0/src/libxl/libxl_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_driver.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
-+++ libvirt-5.0.0/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma
     const char *dname = NULL;
     const char *uri = NULL;
@ -99,10 +99,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c
             goto cleanup;
     }
-Index: libvirt-5.0.0/src/libxl/libxl_migration.c
+Index: libvirt-5.1.0/src/libxl/libxl_migration.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_migration.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_migration.c
-+++ libvirt-5.0.0/src/libxl/libxl_migration.c
+++ libvirt-5.1.0/src/libxl/libxl_migration.c
@@ -342,18 +342,39 @@ libxlMigrateDstReceive(virNetSocketPtr s
 static int
 libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver,
@ -264,10 +264,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.c
     virObjectLock(vm);
     if (ret < 0) {
-Index: libvirt-5.0.0/src/libxl/libxl_migration.h
+Index: libvirt-5.1.0/src/libxl/libxl_migration.h
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_migration.h
+--- libvirt-5.1.0.orig/src/libxl/libxl_migration.h
-+++ libvirt-5.0.0/src/libxl/libxl_migration.h
+++ libvirt-5.1.0/src/libxl/libxl_migration.h
@@ -36,6 +36,10 @@
     VIR_MIGRATE_PARAM_URI,              VIR_TYPED_PARAM_STRING, \
     VIR_MIGRATE_PARAM_DEST_NAME,        VIR_TYPED_PARAM_STRING, \
@ -312,13 +312,13 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.h
 virDomainPtr
 libxlDomainMigrationDstFinish(virConnectPtr dconn,
-Index: libvirt-5.0.0/tools/virsh-domain.c
+Index: libvirt-5.1.0/tools/virsh-domain.c
 ===================================================================
--- libvirt-5.0.0.orig/tools/virsh-domain.c
+--- libvirt-5.1.0.orig/tools/virsh-domain.c
-+++ libvirt-5.0.0/tools/virsh-domain.c
+++ libvirt-5.1.0/tools/virsh-domain.c
-@@ -10558,6 +10558,22 @@ static const vshCmdOptDef opts_migrate[]
+@@ -10562,6 +10562,22 @@ static const vshCmdOptDef opts_migrate[]
-      .type = VSH_OT_BOOL,
+      .type = VSH_OT_INT,
-      .help = N_("use TLS for migration")
+      .help = N_("post-copy migration bandwidth limit in MiB/s")
     },
 +    {.name = "max_iters",
 +     .type = VSH_OT_INT,
@ -339,7 +339,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
     {.name = NULL}
 };
-@@ -10581,6 +10597,7 @@ doMigrate(void *opaque)
+@@ -10585,6 +10601,7 @@ doMigrate(void *opaque)
     unsigned long long ullOpt = 0;
     int rv;
     virConnectPtr dconn = data->dconn;
@ -347,7 +347,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
     sigemptyset(&sigmask);
     sigaddset(&sigmask, SIGINT);
-@@ -10700,6 +10717,27 @@ doMigrate(void *opaque)
+@@ -10704,6 +10721,27 @@ doMigrate(void *opaque)
             goto save_error;
     }
@ -375,11 +375,11 @@ Index: libvirt-5.0.0/tools/virsh-domain.c
     if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
         goto out;
     if (opt) {
-Index: libvirt-5.0.0/tools/virsh.pod
+Index: libvirt-5.1.0/tools/virsh.pod
 ===================================================================
--- libvirt-5.0.0.orig/tools/virsh.pod
+--- libvirt-5.1.0.orig/tools/virsh.pod
-+++ libvirt-5.0.0/tools/virsh.pod
+++ libvirt-5.1.0/tools/virsh.pod
-@@ -1994,6 +1994,14 @@ Providing I<--tls> causes the migration
+@@ -1998,6 +1998,14 @@ Providing I<--tls> causes the migration
 the migration of the domain. Usage requires proper TLS setup for both source
 and target.
--- a/libxl-support-block-script.patch
+++ b/libxl-support-block-script.patch
@ -7,10 +7,10 @@ and npiv.
 For more details, see bsc#954872 and FATE#319810
-Index: libvirt-5.0.0/src/libxl/libxl_conf.c
+Index: libvirt-5.1.0/src/libxl/libxl_conf.c
 ===================================================================
--- libvirt-5.0.0.orig/src/libxl/libxl_conf.c
+--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
-+++ libvirt-5.0.0/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
@@ -884,6 +884,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
 #endif
 }
--- a/lxc-wait-after-eth-del.patch
+++ b/lxc-wait-after-eth-del.patch
@ -13,10 +13,10 @@ device with the same name that is being created.
 src/lxc/lxc_process.c    | 1 +
 3 files changed, 4 insertions(+)
-Index: libvirt-5.0.0/src/lxc/lxc_controller.c
+Index: libvirt-5.1.0/src/lxc/lxc_controller.c
 ===================================================================
--- libvirt-5.0.0.orig/src/lxc/lxc_controller.c
+--- libvirt-5.1.0.orig/src/lxc/lxc_controller.c
-+++ libvirt-5.0.0/src/lxc/lxc_controller.c
+++ libvirt-5.1.0/src/lxc/lxc_controller.c
@@ -69,6 +69,7 @@
 #include "rpc/virnetdaemon.h"
 #include "virstring.h"
@ -25,7 +25,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c
 #define VIR_FROM_THIS VIR_FROM_LXC
-@@ -2016,6 +2017,7 @@ static int virLXCControllerDeleteInterfa
+@@ -2017,6 +2018,7 @@ static int virLXCControllerDeleteInterfa
         if (virNetDevVethDelete(ctrl->veths[i]) < 0)
             ret = -1;
     }
@ -33,10 +33,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c
     return ret;
 }
-Index: libvirt-5.0.0/src/lxc/lxc_driver.c
+Index: libvirt-5.1.0/src/lxc/lxc_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/lxc/lxc_driver.c
+--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
-+++ libvirt-5.0.0/src/lxc/lxc_driver.c
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
@@ -70,6 +70,7 @@
 #include "virtime.h"
 #include "virtypedparam.h"
@ -45,7 +45,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
 #include "virstring.h"
 #include "viraccessapicheck.h"
 #include "viraccessapichecklxc.h"
-@@ -3942,6 +3943,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
+@@ -3930,6 +3931,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
         case VIR_DOMAIN_NET_TYPE_NETWORK:
         case VIR_DOMAIN_NET_TYPE_ETHERNET:
             ignore_value(virNetDevVethDelete(veth));
@ -53,7 +53,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
             break;
         case VIR_DOMAIN_NET_TYPE_DIRECT:
-@@ -4385,6 +4387,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
+@@ -4373,6 +4375,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
             virDomainAuditNet(vm, detach, NULL, "detach", false);
             goto cleanup;
         }
@ -61,10 +61,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c
         break;
         /* It'd be nice to support this, but with macvlan
-Index: libvirt-5.0.0/src/lxc/lxc_process.c
+Index: libvirt-5.1.0/src/lxc/lxc_process.c
 ===================================================================
--- libvirt-5.0.0.orig/src/lxc/lxc_process.c
+--- libvirt-5.1.0.orig/src/lxc/lxc_process.c
-+++ libvirt-5.0.0/src/lxc/lxc_process.c
+++ libvirt-5.1.0/src/lxc/lxc_process.c
@@ -51,6 +51,7 @@
 #include "viratomic.h"
 #include "virprocess.h"
@ -73,7 +73,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_process.c
 #include "netdev_bandwidth_conf.h"
 #define VIR_FROM_THIS VIR_FROM_LXC
-@@ -215,6 +216,7 @@ static void virLXCProcessCleanup(virLXCD
+@@ -226,6 +227,7 @@ static void virLXCProcessCleanup(virLXCD
         }
         virDomainNetReleaseActualDevice(vm->def, iface);
     }
--- a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch
+++ b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -17,11 +17,11 @@ Signed-off-by: Martin Wilck <mwilck@suse.com>
 tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
 2 files changed, 8 insertions(+), 2 deletions(-)
-Index: libvirt-5.0.0/src/network/bridge_driver.c
+Index: libvirt-5.1.0/src/network/bridge_driver.c
 ===================================================================
--- libvirt-5.0.0.orig/src/network/bridge_driver.c
+--- libvirt-5.1.0.orig/src/network/bridge_driver.c
-+++ libvirt-5.0.0/src/network/bridge_driver.c
+++ libvirt-5.1.0/src/network/bridge_driver.c
-@@ -1456,7 +1456,14 @@ networkDnsmasqConfContents(virNetworkObj
+@@ -1378,7 +1378,14 @@ networkDnsmasqConfContents(virNetworkObj
         if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
             if (ipdef->nranges || ipdef->nhosts) {
                 virBufferAddLit(&configbuf, "dhcp-no-override\n");
@ -37,10 +37,10 @@ Index: libvirt-5.0.0/src/network/bridge_driver.c
             }
             if (ipdef->tftproot) {
-Index: libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
+Index: libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
 ===================================================================
--- libvirt-5.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+--- libvirt-5.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
-+++ libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
 interface=virbr1
 dhcp-range=192.168.122.1,static
--- a/ppc64le-canonical-name.patch
+++ b/ppc64le-canonical-name.patch
@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64
 See bnc#894956
-Index: libvirt-5.0.0/src/util/virarch.c
+Index: libvirt-5.1.0/src/util/virarch.c
 ===================================================================
--- libvirt-5.0.0.orig/src/util/virarch.c
+--- libvirt-5.1.0.orig/src/util/virarch.c
-+++ libvirt-5.0.0/src/util/virarch.c
+++ libvirt-5.1.0/src/util/virarch.c
@@ -172,6 +172,8 @@ virArch virArchFromHost(void)
         arch = VIR_ARCH_I686;
     } else if (STREQ(ut.machine, "amd64")) {
--- a/qemu-apparmor-screenshot.patch
+++ b/qemu-apparmor-screenshot.patch
@ -1,8 +1,8 @@
-Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
+Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
 ===================================================================
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu
+--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
-+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
-@@ -221,3 +221,6 @@
+@@ -220,3 +220,6 @@
   # required for sasl GSSAPI plugin
   /etc/gss/mech.d/ r,
   /etc/gss/mech.d/* r,
--- a/support-managed-pci-xen-driver.patch
+++ b/support-managed-pci-xen-driver.patch
@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
 src/xenxs/xen_xm.c   |   28 +++++++++++++++++++++++++++-
 2 files changed, 35 insertions(+), 15 deletions(-)
-Index: libvirt-5.0.0/src/xenconfig/xen_common.c
+Index: libvirt-5.1.0/src/xenconfig/xen_common.c
 ===================================================================
--- libvirt-5.0.0.orig/src/xenconfig/xen_common.c
+--- libvirt-5.1.0.orig/src/xenconfig/xen_common.c
-+++ libvirt-5.0.0/src/xenconfig/xen_common.c
+++ libvirt-5.1.0/src/xenconfig/xen_common.c
@@ -386,12 +386,19 @@ xenParsePCI(char *entry)
     int busID;
     int slotID;
@ -64,10 +64,10 @@ Index: libvirt-5.0.0/src/xenconfig/xen_common.c
     hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
     hostdev->source.subsys.u.pci.addr.domain = domainID;
     hostdev->source.subsys.u.pci.addr.bus = busID;
-Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
 ===================================================================
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
+--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
-+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
@@ -1053,6 +1053,7 @@ xenParseSxprPCI(virDomainDefPtr def,
         int busID;
         int slotID;
@ -91,7 +91,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
         dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
         dev->source.subsys.u.pci.addr.domain = domainID;
         dev->source.subsys.u.pci.addr.bus = busID;
-@@ -1968,11 +1971,15 @@ static void
+@@ -1962,11 +1965,15 @@ static void
 xenFormatSxprPCI(virDomainHostdevDefPtr def,
                  virBufferPtr buf)
 {
@ -108,7 +108,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
 }
-@@ -1991,12 +1998,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
+@@ -1985,12 +1992,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
                     virBufferPtr buf,
                     int detach)
 {
@ -121,7 +121,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
     virBufferAddLit(buf, "(pci ");
     xenFormatSxprPCI(def, buf);
     if (detach)
-@@ -2051,12 +2052,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
+@@ -2045,12 +2046,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
     for (i = 0; i < def->nhostdevs; i++) {
         if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
             def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
--- a/suse-apparmor-libnl-paths.patch
+++ b/suse-apparmor-libnl-paths.patch
@ -8,11 +8,11 @@ It was also noticed that the per-domain profiles need a libnl rule
 to squelch a denial when starting confined domains.
 Found while investigating bsc#1058847
-Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
+Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
 ===================================================================
--- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu
+--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
-+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
-@@ -62,6 +62,7 @@
+@@ -61,6 +61,7 @@
   #/dev/fb* rw,
   /etc/pulse/client.conf r,
@ -20,10 +20,10 @@ Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu
   @{HOME}/.pulse-cookie rwk,
   owner /root/.pulse-cookie rwk,
   owner /root/.pulse/ rw,
-Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+Index: libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
 ===================================================================
--- libvirt-5.0.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+--- libvirt-5.1.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
   owner @{PROC}/[0-9]*/status r,
   @{PROC}/filesystems r,
@ -31,5 +31,5 @@ Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
 -  /etc/libnl-3/classid r,
 +  /etc/libnl*/classid r,
-   # for hostdev
+   # for gl enabled graphics
-   /sys/devices/ r,
+   /dev/dri/{,*} r,
--- a/suse-libvirt-guests-service.patch
+++ b/suse-libvirt-guests-service.patch
@ -1,9 +1,9 @@
 Adjust libvirt-guests service to conform to SUSE standards
-Index: libvirt-5.0.0/tools/libvirt-guests.init.in
+Index: libvirt-5.1.0/tools/libvirt-guests.init.in
 ===================================================================
--- libvirt-5.0.0.orig/tools/libvirt-guests.init.in
+--- libvirt-5.1.0.orig/tools/libvirt-guests.init.in
-+++ libvirt-5.0.0/tools/libvirt-guests.init.in
+++ libvirt-5.1.0/tools/libvirt-guests.init.in
@@ -4,27 +4,27 @@
 # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
 #
@ -46,10 +46,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.init.in
 +
 exec @libexecdir@/libvirt-guests.sh "$@"
-Index: libvirt-5.0.0/tools/libvirt-guests.sh.in
+Index: libvirt-5.1.0/tools/libvirt-guests.sh.in
 ===================================================================
--- libvirt-5.0.0.orig/tools/libvirt-guests.sh.in
+--- libvirt-5.1.0.orig/tools/libvirt-guests.sh.in
-+++ libvirt-5.0.0/tools/libvirt-guests.sh.in
+++ libvirt-5.1.0/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
 # License along with this library.  If not, see
 # <http://www.gnu.org/licenses/>.
@ -209,10 +209,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.sh.in
 esac
 -exit $RETVAL
 +rc_exit
-Index: libvirt-5.0.0/tools/libvirt-guests.sysconf
+Index: libvirt-5.1.0/tools/libvirt-guests.sysconf
 ===================================================================
--- libvirt-5.0.0.orig/tools/libvirt-guests.sysconf
+--- libvirt-5.1.0.orig/tools/libvirt-guests.sysconf
-+++ libvirt-5.0.0/tools/libvirt-guests.sysconf
+++ libvirt-5.1.0/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
 +## Path: System/Virtualization/libvirt-guests
 +
--- a/suse-libvirtd-disable-tls.patch
+++ b/suse-libvirtd-disable-tls.patch
@ -3,10 +3,10 @@ Disable TLS by default
 On SUSE distros, the default is for libvirtd to listen only on the
 Unix Domain Socket. The libvirt client still provides remote access
 via a SSH tunnel.
-Index: libvirt-5.0.0/src/remote/libvirtd.conf
+Index: libvirt-5.1.0/src/remote/libvirtd.conf
 ===================================================================
--- libvirt-5.0.0.orig/src/remote/libvirtd.conf
+--- libvirt-5.1.0.orig/src/remote/libvirtd.conf
-+++ libvirt-5.0.0/src/remote/libvirtd.conf
+++ libvirt-5.1.0/src/remote/libvirtd.conf
@@ -18,8 +18,8 @@
 # It is necessary to setup a CA and issue server certificates before
 # using this capability.
@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/remote/libvirtd.conf
 # Listen for unencrypted TCP connections on the public TCP/IP port.
 # NB, must pass the --listen flag to the libvirtd process for this to
-Index: libvirt-5.0.0/src/remote/remote_daemon_config.c
+Index: libvirt-5.1.0/src/remote/remote_daemon_config.c
 ===================================================================
--- libvirt-5.0.0.orig/src/remote/remote_daemon_config.c
+--- libvirt-5.1.0.orig/src/remote/remote_daemon_config.c
-+++ libvirt-5.0.0/src/remote/remote_daemon_config.c
+++ libvirt-5.1.0/src/remote/remote_daemon_config.c
@@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT
     if (VIR_ALLOC(data) < 0)
         return NULL;
@ -31,10 +31,10 @@ Index: libvirt-5.0.0/src/remote/remote_daemon_config.c
     data->listen_tcp = 0;
     if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
-Index: libvirt-5.0.0/src/remote/test_libvirtd.aug.in
+Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in
 ===================================================================
--- libvirt-5.0.0.orig/src/remote/test_libvirtd.aug.in
+--- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in
-+++ libvirt-5.0.0/src/remote/test_libvirtd.aug.in
+++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd =
    ::CONFIG::
--- a/suse-libvirtd-service-xen.patch
+++ b/suse-libvirtd-service-xen.patch
@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based
 tools. If a user installs libvirt on their SUSE Xen host, then
 libvirt should be king and override xendomains. See bsc#1015348
-Index: libvirt-5.0.0/src/remote/libvirtd.service.in
+Index: libvirt-5.1.0/src/remote/libvirtd.service.in
 ===================================================================
--- libvirt-5.0.0.orig/src/remote/libvirtd.service.in
+--- libvirt-5.1.0.orig/src/remote/libvirtd.service.in
-+++ libvirt-5.0.0/src/remote/libvirtd.service.in
+++ libvirt-5.1.0/src/remote/libvirtd.service.in
@@ -17,6 +17,8 @@ After=local-fs.target
 After=remote-fs.target
 After=systemd-logind.service
--- a/suse-libvirtd-sysconfig-settings.patch
+++ b/suse-libvirtd-sysconfig-settings.patch
@ -1,9 +1,9 @@
 Adjust libvirtd sysconfig file to conform to SUSE standards
-Index: libvirt-5.0.0/src/remote/libvirtd.sysconf
+Index: libvirt-5.1.0/src/remote/libvirtd.sysconf
 ===================================================================
--- libvirt-5.0.0.orig/src/remote/libvirtd.sysconf
+--- libvirt-5.1.0.orig/src/remote/libvirtd.sysconf
-+++ libvirt-5.0.0/src/remote/libvirtd.sysconf
+++ libvirt-5.1.0/src/remote/libvirtd.sysconf
@@ -1,16 +1,25 @@
 +## Path: System/Virtualization/libvirt
 +
--- a/suse-ovmf-paths.patch
+++ b/suse-ovmf-paths.patch
@ -1,10 +1,10 @@
 Adjust paths of OVMF firmwares on SUSE distros
-Index: libvirt-5.0.0/src/qemu/qemu.conf
+Index: libvirt-5.1.0/src/qemu/qemu.conf
 ===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
+--- libvirt-5.1.0.orig/src/qemu/qemu.conf
-+++ libvirt-5.0.0/src/qemu/qemu.conf
+++ libvirt-5.1.0/src/qemu/qemu.conf
-@@ -767,10 +767,9 @@ security_default_confined = 0
+@@ -773,10 +773,9 @@ security_default_confined = 0
 # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
 # follows this scheme.
 #nvram = [
@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf
 #]
 # The backend to use for handling stdout/stderr output from
-Index: libvirt-5.0.0/src/qemu/qemu_conf.c
+Index: libvirt-5.1.0/src/qemu/qemu_conf.c
 ===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu_conf.c
+--- libvirt-5.1.0.orig/src/qemu/qemu_conf.c
-+++ libvirt-5.0.0/src/qemu/qemu_conf.c
+++ libvirt-5.1.0/src/qemu/qemu_conf.c
@@ -116,10 +116,9 @@ void qemuDomainCmdlineDefFree(qemuDomain
 #ifndef DEFAULT_LOADER_NVRAM
@ -36,11 +36,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_conf.c
 #endif
-Index: libvirt-5.0.0/src/security/virt-aa-helper.c
+Index: libvirt-5.1.0/src/security/virt-aa-helper.c
 ===================================================================
--- libvirt-5.0.0.orig/src/security/virt-aa-helper.c
+--- libvirt-5.1.0.orig/src/security/virt-aa-helper.c
-+++ libvirt-5.0.0/src/security/virt-aa-helper.c
+++ libvirt-5.1.0/src/security/virt-aa-helper.c
-@@ -507,7 +507,8 @@ valid_path(const char *path, const bool
+@@ -506,7 +506,8 @@ valid_path(const char *path, const bool
         "/usr/share/ovmf/",              /* for OVMF images */
         "/usr/share/AAVMF/",             /* for AAVMF images */
         "/usr/share/qemu-efi/",          /* for AAVMF images */
--- a/suse-qemu-conf.patch
+++ b/suse-qemu-conf.patch
@ -7,11 +7,11 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
 etc.), but for now they are all lumped together in this
 single patch.
-Index: libvirt-5.0.0/src/qemu/qemu.conf
+Index: libvirt-5.1.0/src/qemu/qemu.conf
 ===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu.conf
+--- libvirt-5.1.0.orig/src/qemu/qemu.conf
-+++ libvirt-5.0.0/src/qemu/qemu.conf
+++ libvirt-5.1.0/src/qemu/qemu.conf
-@@ -414,11 +414,20 @@
+@@ -420,11 +420,20 @@
 # isolation, but it cannot appear in a list of drivers.
 #
 #security_driver = "selinux"
@ -34,7 +34,7 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf
 # If set to non-zero, then attempts to create unconfined
 # guests will be blocked. Defaults to 0.
-@@ -649,11 +658,22 @@
+@@ -655,11 +664,22 @@
 #relaxed_acs_check = 1
--- a/suse-virtlockd-sysconfig-settings.patch
+++ b/suse-virtlockd-sysconfig-settings.patch
@ -1,9 +1,9 @@
 Adjust virtlockd sysconfig file to conform to SUSE standards
-Index: libvirt-5.0.0/src/locking/virtlockd.sysconf
+Index: libvirt-5.1.0/src/locking/virtlockd.sysconf
 ===================================================================
--- libvirt-5.0.0.orig/src/locking/virtlockd.sysconf
+--- libvirt-5.1.0.orig/src/locking/virtlockd.sysconf
-+++ libvirt-5.0.0/src/locking/virtlockd.sysconf
+++ libvirt-5.1.0/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
 +## Path: System/Virtualization/virtlockd
 +
--- a/suse-virtlogd-sysconfig-settings.patch
+++ b/suse-virtlogd-sysconfig-settings.patch
@ -1,9 +1,9 @@
 Adjust virtlogd sysconfig file to conform to SUSE standards
-Index: libvirt-5.0.0/src/logging/virtlogd.sysconf
+Index: libvirt-5.1.0/src/logging/virtlogd.sysconf
 ===================================================================
--- libvirt-5.0.0.orig/src/logging/virtlogd.sysconf
+--- libvirt-5.1.0.orig/src/logging/virtlogd.sysconf
-+++ libvirt-5.0.0/src/logging/virtlogd.sysconf
+++ libvirt-5.1.0/src/logging/virtlogd.sysconf
@@ -1,3 +1,7 @@
 +## Path: System/Virtualization/virtlogd
 +
--- a/xen-pv-cdrom.patch
+++ b/xen-pv-cdrom.patch
@ -1,7 +1,7 @@
-Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
 ===================================================================
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
+--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
-+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
@@ -383,7 +383,7 @@ xenParseSxprVifRate(const char *rate, un
 static int
 xenParseSxprDisks(virDomainDefPtr def,
--- a/xen-sxpr-disk-type.patch
+++ b/xen-sxpr-disk-type.patch
@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c.
 https://bugzilla.suse.com/show_bug.cgi?id=938228
-Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
 ===================================================================
--- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c
+--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
-+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
@@ -497,10 +497,11 @@ xenParseSxprDisks(virDomainDefPtr def,
                        omnipotent, we can revisit this, perhaps stat()'ing
                        the src file in question */