pool/libvirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 327805 from home:jfehlig:branches:Virtualization

Browse Source 
Add fixes from SLE12 SP1 to Factory libvirt package.

- Replace local libxl patches with upstream variants
  Dropped:
  0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch
  0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch
  0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch
  Added:
  44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch
  15120b8c-libxl-no-resume-on-suspend-fail.patch
  e80b84a7-libxl-acquire-job-on-migrate.patch
  bsc#936185
- Added another virt-aa-helper upstream patch
  52970dec-virt-aa-helper-improve-valid-path.patch
  lp#1483071
- Added upstream patch to fix libvirt-tck memory balloon test
  failure on Xen
  60acb38-revert-curmem-inactive-dom.patch

- Fix generated apparmor profile to allow access to ovmf and nvram.
  26c5fa3a-virt-aa-helper-missing-doc.patch
  2f01cfdf-virt-aa-helper-allow-ovmf.patch
  91fdcefa-virt-aa-helper-allow-nvram.patch
  d25a5e08-virt-aa-helper-simplify-restriction-logic.patch
  lp#1483071

OBS-URL: https://build.opensuse.org/request/show/327805
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=479
This commit is contained in:
James Fehlig 2015-08-28 20:30:35 +00:00 committed by Git OBS Bridge
parent f2f3308233
commit 8af0df1210
11 changed files with 404 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch → 15120b8c-libxl-no-resume-on-suspend-fail.patch
View File

@ -1,16 +1,14 @@
From 13d53b7763d3d93339cc33a19845bdd623524b81 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 16 Jul 2015 14:51:31 -0600
Subject: libxl: don't attempt to resume domain when suspend fails
commit 15120b8c61014a9263cb53314076da9a44e39621
Author: Jim Fehlig <jfehlig@suse.com>
Date: Wed Jul 15 17:29:15 2015 -0600
Failure of libxl_domain_suspend() does not leave the domain in
a suspended state, so no need to call libxl_domain_resume(),
which btw will fail with "domain not suspended".
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_migration.c | 14 --------------
1 file changed, 14 deletions(-)
libxl: don't attempt to resume domain when suspend fails
Failure of libxl_domain_suspend() does not leave the domain in
a suspended state, so no need to call libxl_domain_resume(),
which btw will fail with "domain not suspended".
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Index: libvirt-1.2.18/src/libxl/libxl_migration.c
===================================================================

28
26c5fa3a-virt-aa-helper-missing-doc.patch Normal file
View File

@ -0,0 +1,28 @@
From 26c5fa3a9bd37624ddd1509daf7d6a84268f089e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Fri, 21 Aug 2015 12:29:25 +0200
Subject: [PATCH 1/4] virt-aa-helper: document --probing and --dry-run
---
src/security/virt-aa-helper.c | 2 ++
1 file changed, 2 insertions(+)
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -107,12 +107,14 @@ vah_usage(void)
" Options:\n"
" -a | --add load profile\n"
" -c | --create create profile from template\n"
+ " -d | --dry-run dry run\n"
" -D | --delete unload and delete profile\n"
" -f | --add-file <file> add file to profile\n"
" -F | --append-file <file> append file to profile\n"
" -r | --replace reload profile\n"
" -R | --remove unload profile\n"
" -h | --help this help\n"
+ " -p | --probing [0|1] allow disk format probing\n"
" -u | --uuid <uuid> uuid (profile name)\n"
"\n"), progname);

30
2f01cfdf-virt-aa-helper-allow-ovmf.patch Normal file
View File

@ -0,0 +1,30 @@
From 2f01cfdf05448513d150ff1914d3444161c531b9 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Fri, 21 Aug 2015 10:52:52 +0200
Subject: [PATCH 3/4] virt-aa-helper: allow access to /usr/share/ovmf/
We forbid access to /usr/share/, but (at least on Debian-based systems)
the Open Virtual Machine Firmware files needed for booting UEFI virtual
machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add
that directory to the list of read only paths.
A similar patch was suggested by Jamie Strandboge <jamie@canonical.com>
on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071.
---
src/security/virt-aa-helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -572,7 +572,8 @@ valid_path(const char *path, const bool
"/boot/",
"/vmlinuz",
"/initrd",
- "/initrd.img"
+ "/initrd.img",
+ "/usr/share/ovmf/" /* for OVMF images */
};
/* override the above with these */
const char * const override[] = {

77
0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch → 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch
View File

@ -1,49 +1,50 @@
From 68ccc0077c7f5af07ccf6992192bfc924d0fdd83 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 16 Jul 2015 14:51:30 -0600
Subject: libxl: fix ref counting of libxlMigrationDstArgs
commit 44a54eb073d2ae52ebf1661ae73bb1f0f98599f9
Author: Jim Fehlig <jfehlig@suse.com>
Date: Wed Jul 15 16:35:50 2015 -0600
This patch fixes some flawed logic around ref counting the
libxlMigrationDstArgs object.
First, when adding sockets to the event loop with
virNetSocketAddIOCallback(), the generic virObjectFreeCallback()
was registered as a free function, with libxlMigrationDstArgs as
its parameter. A reference was also taken on
libxlMigrationDstArgs for each successful call to
virNetSocketAddIOCallback(). The rational behind this logic was
that the libxlMigrationDstArgs object had to out-live the socket
objects. But virNetSocketAddIOCallback() already takes a
reference on socket objects, ensuring their life until removed
from the event loop and unref'ed in virNetSocketEventFree(). We
only need to ensure libxlMigrationDstArgs lives until
libxlDoMigrateReceive() finishes, which can be done by simply
unref'ing libxlMigrationDstArgs at the end of
libxlDoMigrateReceive().
The second flaw was unref'ing the sockets in the failure path of
libxlMigrateReceive() and at the end of libxlDoMigrateReceive().
As mentioned above, the sockets are already unref'ed by
virNetSocketEventFree() when removed from the event loop.
Attempting to unref the socket a second time resulted in a
libvirtd crash since the socket was previously unref'ed and
disposed.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_migration.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
libxl: fix ref counting of libxlMigrationDstArgs
This patch fixes some flawed logic around ref counting the
libxlMigrationDstArgs object.
First, when adding sockets to the event loop with
virNetSocketAddIOCallback(), the generic virObjectFreeCallback()
was registered as a free function, with libxlMigrationDstArgs as
its parameter. A reference was also taken on
libxlMigrationDstArgs for each successful call to
virNetSocketAddIOCallback(). The rational behind this logic was
that the libxlMigrationDstArgs object had to out-live the socket
objects. But virNetSocketAddIOCallback() already takes a
reference on socket objects, ensuring their life until removed
from the event loop and unref'ed in virNetSocketEventFree(). We
only need to ensure libxlMigrationDstArgs lives until
libxlDoMigrateReceive() finishes, which can be done by simply
unref'ing libxlMigrationDstArgs at the end of
libxlDoMigrateReceive().
The second flaw was unref'ing the sockets in the failure path of
libxlMigrateReceive() and at the end of libxlDoMigrateReceive().
As mentioned above, the sockets are already unref'ed by
virNetSocketEventFree() when removed from the event loop.
Attempting to unref the socket a second time resulted in a
libvirtd crash since the socket was previously unref'ed and
disposed.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Index: libvirt-1.2.18/src/libxl/libxl_migration.c
===================================================================
--- libvirt-1.2.18.orig/src/libxl/libxl_migration.c
+++ libvirt-1.2.18/src/libxl/libxl_migration.c
@@ -112,11 +112,11 @@ libxlDoMigrateReceive(void *opaque)
virNetSocketUpdateIOCallback(socks[i], 0);
@@ -109,7 +109,6 @@ libxlDoMigrateReceive(void *opaque)
/* Remove all listen socks from event handler, and close them. */
for (i = 0; i < nsocks; i++) {
- virNetSocketUpdateIOCallback(socks[i], 0);
virNetSocketRemoveIOCallback(socks[i]);
virNetSocketClose(socks[i]);
- virObjectUnref(socks[i]);
socks[i] = NULL;
virObjectUnref(socks[i]);
@@ -117,6 +116,7 @@ libxlDoMigrateReceive(void *opaque)
}
args->nsocks = 0;
VIR_FORCE_CLOSE(recvfd);

85
52970dec-virt-aa-helper-improve-valid-path.patch Normal file
View File

@ -0,0 +1,85 @@
commit 52970dec5b4d0fd1a9baa593b46a33bd7eeaf6b8
Author: Michal Privoznik <mprivozn@redhat.com>
Date: Thu Aug 27 02:50:21 2015 +0200
virt-aa-helper: Improve valid_path
So, after some movement in virt-aa-helper, I've noticed the
virt-aa-helper-test failing. I've ran gdb (it took me a while to
realize how to do that) and this showed up immediately:
Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106 ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x0000555555561a13 in array_starts_with (str=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", arr=0x7fffffffd160, size=-1540438016) at security/virt-aa-helper.c:525
#2 0x0000555555561d49 in valid_path (path=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", readonly=false) at security/virt-aa-helper.c:617
#3 0x0000555555562506 in vah_add_path (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw", recursive=false) at security/virt-aa-helper.c:823
#4 0x0000555555562693 in vah_add_file (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw") at security/virt-aa-helper.c:854
#5 0x0000555555562918 in add_file_path (disk=0x5555557d4440, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", depth=0, opaque=0x7fffffffd3e0) at security/virt-aa-helper.c:931
#6 0x00007ffff78f18b1 in virDomainDiskDefForeachPath (disk=0x5555557d4440, ignoreOpenFailure=true, iter=0x5555555628a6 <add_file_path>, opaque=0x7fffffffd3e0) at conf/domain_conf.c:23286
#7 0x0000555555562b5f in get_files (ctl=0x7fffffffd670) at security/virt-aa-helper.c:982
#8 0x0000555555564100 in vahParseArgv (ctl=0x7fffffffd670, argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1277
#9 0x00005555555643d6 in main (argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1332
So I've taken look at valid_path() because it is obviously
calling array_starts_with() with malformed @size. And here's the
result: there are two variables to hold the size of three arrays
and their value is recalculated before each call of
array_starts_with(). What if we just use three variables,
initialize them and do not touch them afterwards?
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -546,9 +546,6 @@ array_starts_with(const char *str, const
static int
valid_path(const char *path, const bool readonly)
{
- int npaths;
- int nropaths;
-
const char * const restricted[] = {
"/bin/",
"/etc/",
@@ -581,6 +578,10 @@ valid_path(const char *path, const bool
"/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
};
+ const int nropaths = ARRAY_CARDINALITY(restricted);
+ const int nrwpaths = ARRAY_CARDINALITY(restricted_rw);
+ const int nopaths = ARRAY_CARDINALITY(override);
+
if (path == NULL) {
vah_error(NULL, 0, _("bad pathname"));
return -1;
@@ -600,21 +601,18 @@ valid_path(const char *path, const bool
vah_warning(_("path does not exist, skipping file type checks"));
/* overrides are always allowed */
- npaths = sizeof(override)/sizeof(*(override));
- if (array_starts_with(path, override, npaths) == 0)
+ if (array_starts_with(path, override, nopaths) == 0)
return 0;
/* allow read only paths upfront */
if (readonly) {
- nropaths = sizeof(restricted_rw)/sizeof(*(restricted_rw));
- if (array_starts_with(path, restricted_rw, nropaths) == 0)
+ if (array_starts_with(path, restricted_rw, nrwpaths) == 0)
return 0;
}
/* disallow RW acess to all paths in restricted and restriced_rw */
- npaths = sizeof(restricted)/sizeof(*(restricted));
- if ((array_starts_with(path, restricted, npaths) == 0
- || array_starts_with(path, restricted_rw, nropaths) == 0))
+ if ((array_starts_with(path, restricted, nropaths) == 0 ||
+ array_starts_with(path, restricted_rw, nrwpaths) == 0))
return 1;
return 0;

53
60acb38-revert-curmem-inactive-dom.patch Normal file
View File

@ -0,0 +1,53 @@
commit 60acb38abbee1636a9cddf8d296f700d115c8f77
Author: Jim Fehlig <jfehlig@suse.com>
Date: Mon Aug 10 12:49:55 2015 -0600
Revert "LXC: show used memory as 0 when domain is not active"
This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e,
which introduced a significant semantic change to the
virDomainGetInfo() API. Additionally, the change was only
made to 2 of the 15 virt drivers.
Conflicts:
src/qemu/qemu_driver.c
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Index: libvirt-1.2.18/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.2.18.orig/src/lxc/lxc_driver.c
+++ libvirt-1.2.18/src/lxc/lxc_driver.c
@@ -597,7 +597,7 @@ static int lxcDomainGetInfo(virDomainPtr
if (!virDomainObjIsActive(vm)) {
info->cpuTime = 0;
- info->memory = 0;
+ info->memory = vm->def->mem.cur_balloon;
} else {
if (virCgroupGetCpuacctUsage(priv->cgroup, &(info->cpuTime)) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED,
Index: libvirt-1.2.18/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.2.18.orig/src/qemu/qemu_driver.c
+++ libvirt-1.2.18/src/qemu/qemu_driver.c
@@ -2641,13 +2641,13 @@ qemuDomainGetInfo(virDomainPtr dom,
goto cleanup;
}
- if (virDomainObjIsActive(vm)) {
- if (VIR_ASSIGN_IS_OVERFLOW(info->memory, vm->def->mem.cur_balloon)) {
- virReportError(VIR_ERR_OVERFLOW, "%s",
- _("Current memory size too large"));
- goto cleanup;
- }
+ if (VIR_ASSIGN_IS_OVERFLOW(info->memory, vm->def->mem.cur_balloon)) {
+ virReportError(VIR_ERR_OVERFLOW, "%s",
+ _("Current memory size too large"));
+ goto cleanup;
+ }
+ if (virDomainObjIsActive(vm)) {
if (qemuGetProcessInfo(&(info->cpuTime), NULL, NULL, vm->pid, 0) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED, "%s",
_("cannot read cputime for domain"));

35
91fdcefa-virt-aa-helper-allow-nvram.patch Normal file
View File

@ -0,0 +1,35 @@
From 91fdcefa7f145c1c39acc8e9a44fbfbf11568e54 Mon Sep 17 00:00:00 2001
From: Peter Kieser <peter@kieser.ca>
Date: Thu, 20 Aug 2015 10:58:59 -0700
Subject: [PATCH 4/4] virt-aa-helper: add NVRAM store file for read/write
This is a cryptographically signed message in MIME format.
Some UEFI firmwares may want to use a non-volatile memory to store some
variables.
If AppArmor is enabled, and NVRAM store file is set currently
virt-aa-helper does
not add the NVRAM store file to the template. Add this file for
read/write when
this functionality is defined in domain XML.
Signed-off-by: Peter Kieser <peter@kieser.ca>
---
src/security/virt-aa-helper.c | 4 ++++
1 file changed, 4 insertions(+)
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -1057,6 +1057,10 @@ get_files(vahControl * ctl)
if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0)
goto cleanup;
+ if (ctl->def->os.loader && ctl->def->os.loader->nvram)
+ if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0)
+ goto cleanup;
+
for (i = 0; i < ctl->def->ngraphics; i++) {
if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
ctl->def->graphics[i]->data.vnc.socket &&

65
d25a5e08-virt-aa-helper-simplify-restriction-logic.patch Normal file
View File

@ -0,0 +1,65 @@
From d25a5e087ae10142d3d533ed193146736526b2ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Fri, 21 Aug 2015 10:49:15 +0200
Subject: [PATCH 2/4] virt-aa-helper: Simplify restriction logic
First check overrides, then read only files then restricted access
itself.
This allows us to mark files for read only access whose parents were
already restricted for read write.
Based on a proposal by Martin Kletzander
---
src/security/virt-aa-helper.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
Index: libvirt-1.2.18/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.18.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.18/src/security/virt-aa-helper.c
@@ -546,7 +546,9 @@ array_starts_with(const char *str, const
static int
valid_path(const char *path, const bool readonly)
{
- int npaths, opaths;
+ int npaths;
+ int nropaths;
+
const char * const restricted[] = {
"/bin/",
"/etc/",
@@ -596,18 +598,23 @@ valid_path(const char *path, const bool
if (!virFileExists(path))
vah_warning(_("path does not exist, skipping file type checks"));
- opaths = sizeof(override)/sizeof(*(override));
+ /* overrides are always allowed */
+ npaths = sizeof(override)/sizeof(*(override));
+ if (array_starts_with(path, override, npaths) == 0)
+ return 0;
+
+ /* allow read only paths upfront */
+ if (readonly) {
+ nropaths = sizeof(restricted_rw)/sizeof(*(restricted_rw));
+ if (array_starts_with(path, restricted_rw, nropaths) == 0)
+ return 0;
+ }
+ /* disallow RW acess to all paths in restricted and restriced_rw */
npaths = sizeof(restricted)/sizeof(*(restricted));
- if (array_starts_with(path, restricted, npaths) == 0 &&
- array_starts_with(path, override, opaths) != 0)
- return 1;
-
- npaths = sizeof(restricted_rw)/sizeof(*(restricted_rw));
- if (!readonly) {
- if (array_starts_with(path, restricted_rw, npaths) == 0)
- return 1;
- }
+ if ((array_starts_with(path, restricted, npaths) == 0
+ || array_starts_with(path, restricted_rw, nropaths) == 0))
+ return 1;
return 0;
}

24
0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch → e80b84a7-libxl-acquire-job-on-migrate.patch
View File

@ -1,17 +1,15 @@
From 710088061fb3caaf3d56888b05ad2d331a740d07 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 16 Jul 2015 14:51:32 -0600
Subject: libxl: acquire a job when receiving a migrating domain
commit e80b84a74324cd535ec7232c4e1653805af2103a
Author: Jim Fehlig <jfehlig@suse.com>
Date: Thu Jul 16 12:24:32 2015 -0600
Commit f86ae403 moved acquiring a job from libxlDomainStart()
to its callers. One spot missed was in libxlDoMigrateReceive().
Acquire a job in libxlDoMigrateReceive() before calling
libxlDomainStart().
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/libxl/libxl_migration.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
libxl: acquire a job when receiving a migrating domain
Commit f86ae403 moved acquiring a job from libxlDomainStart()
to its callers. One spot missed was in libxlDoMigrateReceive().
Acquire a job in libxlDoMigrateReceive() before calling
libxlDomainStart().
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Index: libvirt-1.2.18/src/libxl/libxl_migration.c
===================================================================

30
libvirt.changes
View File

@ -1,3 +1,33 @@
-------------------------------------------------------------------
Fri Aug 28 17:41:30 UTC 2015 - jfehlig@suse.com
- Replace local libxl patches with upstream variants
Dropped:
0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch
0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch
0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch
Added:
44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch
15120b8c-libxl-no-resume-on-suspend-fail.patch
e80b84a7-libxl-acquire-job-on-migrate.patch
bsc#936185
- Added another virt-aa-helper upstream patch
52970dec-virt-aa-helper-improve-valid-path.patch
lp#1483071
- Added upstream patch to fix libvirt-tck memory balloon test
failure on Xen
60acb38-revert-curmem-inactive-dom.patch
-------------------------------------------------------------------
Wed Aug 26 14:38:40 UTC 2015 - cbosdonnat@suse.com
- Fix generated apparmor profile to allow access to ovmf and nvram.
26c5fa3a-virt-aa-helper-missing-doc.patch
2f01cfdf-virt-aa-helper-allow-ovmf.patch
91fdcefa-virt-aa-helper-allow-nvram.patch
d25a5e08-virt-aa-helper-simplify-restriction-logic.patch
lp#1483071
-------------------------------------------------------------------
Mon Aug 24 16:18:10 UTC 2015 - jfehlig@suse.com

24
libvirt.spec
View File

@ -447,10 +447,16 @@ Source4: libvirtd-relocation-server.fw
Source99: baselibs.conf
# Upstream patches
Patch0: 269d39af-storage-allocation-fix.patch
Patch1: 26c5fa3a-virt-aa-helper-missing-doc.patch
Patch2: d25a5e08-virt-aa-helper-simplify-restriction-logic.patch
Patch3: 2f01cfdf-virt-aa-helper-allow-ovmf.patch
Patch4: 91fdcefa-virt-aa-helper-allow-nvram.patch
Patch5: 52970dec-virt-aa-helper-improve-valid-path.patch
Patch6: 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch
Patch7: 15120b8c-libxl-no-resume-on-suspend-fail.patch
Patch8: e80b84a7-libxl-acquire-job-on-migrate.patch
Patch9: 60acb38-revert-curmem-inactive-dom.patch
# Patches pending upstream review
Patch100: 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch
Patch101: 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch
Patch102: 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch
# Need to go upstream
Patch150: xen-pv-cdrom.patch
Patch151: blockcopy-check-dst-identical-device.patch
@ -981,9 +987,15 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
%prep
%setup -q
%patch0 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1