From ac30e132c5620446e59ef9f0c430ff426141f65f58c290d36bdcf3772d2240b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Mon, 9 Nov 2015 23:51:50 +0000 Subject: [PATCH] Accepting request 343283 from home:cbosdonnat:branches:Virtualization - Don't package virt-login-shell anymore as shipping it as non-setuid doesn't make sense. bsc#837609 add-with-login-shell.patch OBS-URL: https://build.opensuse.org/request/show/343283 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=499 --- add-with-login-shell.patch | 82 ++++++++++++++++++++++++++++++++++++++ libvirt.changes | 7 ++++ libvirt.spec | 28 ++----------- 3 files changed, 92 insertions(+), 25 deletions(-) create mode 100644 add-with-login-shell.patch diff --git a/add-with-login-shell.patch b/add-with-login-shell.patch new file mode 100644 index 0000000..8a9d82a --- /dev/null +++ b/add-with-login-shell.patch @@ -0,0 +1,82 @@ +From 5f42064688d5e2c81b623ef20c243c77f2094193 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Mon, 9 Nov 2015 15:36:40 -0700 +Subject: [PATCH] Allow building lxc without virt-login-shell + +Add a configure option to disable virt-login-shell build even if lxc is +enabled. +--- + configure.ac | 14 ++++++++++++++ + tools/Makefile.am | 12 ++++++------ + 2 files changed, 20 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 75e95b7..d054ba6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1074,6 +1074,19 @@ if test "$with_lxc" = "yes" ; then + fi + AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"]) + ++AC_ARG_WITH([login_shell], ++ [AS_HELP_STRING([--with-login-shell], ++ [build virt-login-shell @<:@default=yes@:>@])]) ++m4_divert_text([DEFAULTS], [with_login_shell=yes]) ++ ++if test "$with_lxc" != "yes" ; then ++ with_login_shell="no" ++fi ++if test "$with_login_shell" ; then ++ AC_DEFINE_UNQUOTED([WITH_LOGIN_SHELL], 1, [whether virt-login-shell is built]) ++fi ++AM_CONDITIONAL([WITH_LOGIN_SHELL], [test "$with_login_shell" = "yes"]) ++ + dnl + dnl Checks for the Parallels driver + dnl +@@ -2974,6 +2987,7 @@ AC_MSG_NOTICE([ Init script: $with_init_script]) + AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files]) + AC_MSG_NOTICE([ Default Editor: $DEFAULT_EDITOR]) + AC_MSG_NOTICE([ Loader/NVRAM: $with_loader_nvram]) ++AC_MSG_NOTICE([ virt-login-shell: $with_login_shell]) + AC_MSG_NOTICE([]) + AC_MSG_NOTICE([Developer Tools]) + AC_MSG_NOTICE([]) +diff --git a/tools/Makefile.am b/tools/Makefile.am +index d5638d9..d005035 100644 +--- a/tools/Makefile.am ++++ b/tools/Makefile.am +@@ -71,12 +71,12 @@ sbin_SCRIPTS = virt-sanlock-cleanup + DISTCLEANFILES += virt-sanlock-cleanup + endif WITH_SANLOCK + +-if WITH_LXC ++if WITH_LOGIN_SHELL + conf_DATA += virt-login-shell.conf + bin_PROGRAMS += virt-login-shell +-else ! WITH_LXC ++else ! WITH_LOGIN_SHELL + EXTRA_DIST += virt-login-shell.conf +-endif ! WITH_LXC ++endif ! WITH_LOGIN_SHELL + + + dist_man1_MANS = \ +@@ -84,11 +84,11 @@ dist_man1_MANS = \ + virt-pki-validate.1 \ + virt-xml-validate.1 \ + virsh.1 +-if WITH_LXC ++if WITH_LOGIN_SHELL + dist_man1_MANS += virt-login-shell.1 +-else ! WITH_LXC ++else ! WITH_LOGIN_SHELL + EXTRA_DIST += virt-login-shell.1 +-endif ! WITH_LXC ++endif ! WITH_LOGIN_SHELL + if WITH_SANLOCK + dist_man8_MANS = virt-sanlock-cleanup.8 + endif WITH_SANLOCK +-- +2.1.4 + diff --git a/libvirt.changes b/libvirt.changes index 6d1f34e..4530762 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Nov 9 23:20:22 UTC 2015 - cbosdonnat@suse.com + +- Don't package virt-login-shell anymore as shipping it as + non-setuid doesn't make sense. bsc#837609 + add-with-login-shell.patch + ------------------------------------------------------------------- Wed Nov 4 20:05:21 UTC 2015 - normand@linux.vnet.ibm.com diff --git a/libvirt.spec b/libvirt.spec index ac67cad..4bee6e6 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -455,6 +455,7 @@ Source99: baselibs.conf # Upstream patches Patch0: 703ec1b7-qemu-bridge-helper-fix.patch # Patches pending upstream review +Patch100: add-with-login-shell.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -954,19 +955,6 @@ Requires: augeas Includes the Sanlock lock manager plugin for the QEMU driver %endif -%if %{with_lxc} - -%package login-shell -Summary: Login shell for connecting users to an LXC container -Group: Development/Libraries/C and C++ -Requires: %{name}-client = %{version}-%{release} - -%description login-shell -Provides the set-uid virt-login-shell binary that is used to -connect a user to an LXC container when they login, by switching -namespaces. -%endif - %if %{with_wireshark} %package -n wireshark-plugin-libvirt @@ -982,6 +970,7 @@ Wireshark dissector plugin for better analysis of libvirt RPC traffic. %prep %setup -q %patch0 -p1 +%patch100 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -1207,6 +1196,7 @@ export CFLAGS="$RPM_OPT_FLAGS" --libexecdir=%{_libdir}/%{name} \ --with-qemu-user=%{qemu_user} \ --with-qemu-group=%{qemu_group} \ + --without-login-shell \ %{init_scripts} \ ac_cv_path_MODPROBE=/sbin/modprobe \ ac_cv_path_UDEVADM=/sbin/udevadm \ @@ -1885,18 +1875,6 @@ fi %attr(0755, root, root) %{_libdir}/%{name}/libvirt_sanlock_helper %endif -%if %{with_lxc} - -%files login-shell -%defattr(-, root, root) -%config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf -%doc %{_mandir}/man1/virt-login-shell.1* -# setuid binary that needs security audit - bnc#837609 -# In the meantime, don't install setuid -#%attr(4755, root, root) %{_bindir}/virt-login-shell -%{_bindir}/virt-login-shell -%endif - %if %{with_wireshark} %files -n wireshark-plugin-libvirt