Fix some relevant bugs found in SLE11 SP2

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=176
2011-11-28 22:00:45 +00:00 · 2011-11-28 22:00:45 +00:00 · a05f801ae3
commit a05f801ae3
parent 82f0de3595
4 changed files with 76 additions and 15 deletions
--- a/a495365d-sexpr-empty-str.patch
+++ b/a495365d-sexpr-empty-str.patch
@ -0,0 +1,46 @@
+commit a495365d09138bf0f07504cfe9b6ea2de858e18e
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Fri Nov 18 14:54:38 2011 -0700
+
+    Don't copy sexpr node value that is an empty string
+    
+    Xen4.1 initializes some unspecified sexpr config items to an empty
+    string, unlike previous Xen versions that would leave the item unset.
+    E.g. the kernel item for an HVM guest (non-direct kernel boot):
+    
+    Xen4.0 and earlier
+      ...
+      (image
+        (hvm
+          (kernel )
+      ...
+    
+    Xen4.1
+      ...
+      (image
+        (hvm
+          (kernel '')
+      ...
+    
+    The empty string for kernel causes some grief in subsequent parsing
+    where existence of specified kernel is checked, e.g.
+    
+      if (!def->os.kernel)
+      ...
+    
+    This patch solves the problem in sexpr_node_copy() by not copying
+    a node containing an empty string.
+
+Index: libvirt-0.9.7/src/util/sexpr.c
+===================================================================
+--- libvirt-0.9.7.orig/src/util/sexpr.c
+++ libvirt-0.9.7/src/util/sexpr.c
+@@ -519,7 +519,7 @@ int sexpr_node_copy(const struct sexpr *
+ {
+     const char *val = sexpr_node(sexpr, node);
+ 
+-    if (val) {
+    if (val && *val) {
+         *dst = strdup(val);
+         if (!(*dst))
+             return -1;
--- a/install-apparmor-profiles.patch
+++ b/install-apparmor-profiles.patch
@ -1,7 +1,7 @@
-Index: libvirt-0.9.4/examples/apparmor/Makefile.am
+Index: libvirt-0.9.7/examples/apparmor/Makefile.am
 ===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/Makefile.am
-+++ libvirt-0.9.4/examples/apparmor/Makefile.am
+--- libvirt-0.9.7.orig/examples/apparmor/Makefile.am
+++ libvirt-0.9.7/examples/apparmor/Makefile.am
@@ -1,8 +1,39 @@
 ## Copyright (C) 2005-2011 Red Hat, Inc.
 ## See COPYING.LIB for the License of this software
@ -47,10 +47,10 @@ Index: libvirt-0.9.4/examples/apparmor/Makefile.am
 +	rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
 +
 +endif
-Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+Index: libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 ===================================================================
 --- /dev/null
-+++ libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,40 @@
 +# Last Modified: Fri Aug 19 11:21:48 2011
 +#include <tunables/global>
@ -92,9 +92,9 @@ Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
 +  /var/lib/kvm/images/ r,
 +  /var/lib/kvm/images/** r,
 +}
-Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+Index: libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 ===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+--- libvirt-0.9.7.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 +++ /dev/null
@@ -1,38 +0,0 @@
 -# Last Modified: Mon Apr  5 15:10:27 2010
@ -135,9 +135,9 @@ Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper
 -  /var/lib/libvirt/images/ r,
 -  /var/lib/libvirt/images/** r,
 -}
-Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd
+Index: libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd
 ===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/usr.sbin.libvirtd
+--- libvirt-0.9.7.orig/examples/apparmor/usr.sbin.libvirtd
 +++ /dev/null
@@ -1,52 +0,0 @@
 -# Last Modified: Mon Apr  5 15:03:58 2010
@ -192,11 +192,11 @@ Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd
 -  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 -
 -}
-Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in
+Index: libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd.in
 ===================================================================
 --- /dev/null
-+++ libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in
-@@ -0,0 +1,52 @@
+++ libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd.in
+@@ -0,0 +1,54 @@
 +# Last Modified: Fri Aug 19 11:20:36 2011
 +#include <tunables/global>
 +@{LIBVIRT}="libvirt"
@ -244,15 +244,17 @@ Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in
 +  audit deny /sys/kernel/security/apparmor/.* rwxl,
 +  /sys/kernel/security/apparmor/profiles r,
 +  @libdir@/libvirt/* Pxr,
+  @libdir@/libvirt/libvirt_parthelper Ux,
+  @libdir@/libvirt/libvirt_iohelper Ux,
 +
 +  # allow changing to our UUID-based named profiles
 +  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 +
 +}
-Index: libvirt-0.9.4/examples/apparmor/libvirt-qemu
+Index: libvirt-0.9.7/examples/apparmor/libvirt-qemu
 ===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/libvirt-qemu
-+++ libvirt-0.9.4/examples/apparmor/libvirt-qemu
+--- libvirt-0.9.7.orig/examples/apparmor/libvirt-qemu
+++ libvirt-0.9.7/examples/apparmor/libvirt-qemu
@@ -52,6 +52,7 @@
   # access to firmware's etc
   /usr/share/kvm/** r,
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Nov 28 14:57:04 MST 2011 - jfehlig@suse.com
+
+- Handle empty strings in s-expression returned by xend
+  a495365d-sexpr-empty-str.patch
+  bnc#731344
+- Allow libvirtd to access libvirt_{io,part}helper when confined
+  by apparmor
+  Update install-apparmor-profiles.patch
+  bnc#730435
+
 -------------------------------------------------------------------
 Mon Nov 21 12:34:55 MST 2011 - jfehlig@suse.com

--- a/libvirt.spec
+++ b/libvirt.spec
@ -381,6 +381,7 @@ Source2:        libvirtd-relocation-server.fw
 Source99:       baselibs.conf
 # Upstream patches
 Patch0:         d47ab3fe-polkit0.patch
+Patch1:         a495365d-sexpr-empty-str.patch
 # Need to go upstream
 Patch100:       xen-name-for-devid.patch
 Patch101:       clone.patch
@ -505,6 +506,7 @@ Authors:
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 %patch100 -p1
 %patch101
 %patch102 -p1