Accepting request 540061 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/540061
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=239
This commit is contained in:
Dominique Leuenberger 2017-11-10 13:38:29 +00:00 committed by Git OBS Bridge
commit c916283269
35 changed files with 311 additions and 339 deletions

View File

@ -1,67 +0,0 @@
commit 441d3eb6d1be940a67ce45a286602a967601b157
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Oct 5 17:54:28 2017 +0100
qemu: ensure TLS clients always verify the server certificate
The default_tls_x509_verify (and related) parameters in qemu.conf
control whether the QEMU TLS servers request & verify certificates
from clients. This works as a simple access control system for
servers by requiring the CA to issue certs to permitted clients.
This use of client certificates is disabled by default, since it
requires extra work to issue client certificates.
Unfortunately the code was using this configuration parameter when
setting up both TLS clients and servers in QEMU. The result was that
TLS clients for character devices and disk devices had verification
turned off, meaning they would ignore errors while validating the
server certificate.
This allows for trivial MITM attacks between client and server,
as any certificate returned by the attacker will be accepted by
the client.
This is assigned CVE-2017-1000256 / LSN-2017-0002
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Index: libvirt-3.8.0/src/qemu/qemu_command.c
===================================================================
--- libvirt-3.8.0.orig/src/qemu/qemu_command.c
+++ libvirt-3.8.0/src/qemu/qemu_command.c
@@ -721,7 +721,7 @@ qemuBuildTLSx509BackendProps(const char
if (virJSONValueObjectCreate(propsret,
"s:dir", path,
"s:endpoint", (isListen ? "server": "client"),
- "b:verify-peer", verifypeer,
+ "b:verify-peer", (isListen ? verifypeer : true),
NULL) < 0)
goto cleanup;
Index: libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
===================================================================
--- libvirt-3.8.0.orig/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
+++ libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args
@@ -26,7 +26,7 @@ server,nowait \
localport=1111 \
-device isa-serial,chardev=charserial0,id=serial0 \
-object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
-endpoint=client,verify-peer=no \
+endpoint=client,verify-peer=yes \
-chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
tls-creds=objcharserial1_tls0 \
-device isa-serial,chardev=charserial1,id=serial1 \
Index: libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
===================================================================
--- libvirt-3.8.0.orig/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
+++ libvirt-3.8.0/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
@@ -31,7 +31,7 @@ localport=1111 \
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\
-endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \
+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \
-chardev socket,id=charserial1,host=127.0.0.1,port=5555,\
tls-creds=objcharserial1_tls0 \
-device isa-serial,chardev=charserial1,id=serial1 \

View File

@ -0,0 +1,35 @@
commit 97853972e6e5a92b56e1ec0841aa27043ac1301b
Author: intrigeri <intrigeri+libvirt@boum.org>
Date: Sun Nov 5 15:29:58 2017 +0000
AppArmor: use fine-grained mount rules instead of a blanket catch-all one
This set of rules was proposed by Christian Boltz <apparmor@cboltz.de>
on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123.
Index: libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-3.9.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
@@ -30,7 +30,20 @@
# Needed for vfio
capability sys_resource,
- mount,
+ mount options=(rw,rslave) -> /,
+ mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
+
+ mount options=(rw, move) /dev/ -> /{var/,}run/libvirt/qemu/*.dev/,
+ mount options=(rw, move) /dev/hugepages/ -> /{var/,}run/libvirt/qemu/*.hugepages/,
+ mount options=(rw, move) /dev/mqueue/ -> /{var/,}run/libvirt/qemu/*.mqueue/,
+ mount options=(rw, move) /dev/pts/ -> /{var/,}run/libvirt/qemu/*.pts/,
+ mount options=(rw, move) /dev/shm/ -> /{var/,}run/libvirt/qemu/*.shm/,
+
+ mount options=(rw, move) /{var/,}run/libvirt/qemu/*.dev/ -> /dev/,
+ mount options=(rw, move) /{var/,}run/libvirt/qemu/*.hugepages/ -> /dev/hugepages/,
+ mount options=(rw, move) /{var/,}run/libvirt/qemu/*.mqueue/ -> /dev/mqueue/,
+ mount options=(rw, move) /{var/,}run/libvirt/qemu/*.pts/ -> /dev/pts/,
+ mount options=(rw, move) /{var/,}run/libvirt/qemu/*.shm/ -> /dev/shm/,
network inet stream,
network inet dgram,

View File

@ -1,7 +1,7 @@
Index: libvirt-3.8.0/examples/apparmor/libvirt-lxc
Index: libvirt-3.9.0/examples/apparmor/libvirt-lxc
===================================================================
--- libvirt-3.8.0.orig/examples/apparmor/libvirt-lxc
+++ libvirt-3.8.0/examples/apparmor/libvirt-lxc
--- libvirt-3.9.0.orig/examples/apparmor/libvirt-lxc
+++ libvirt-3.9.0/examples/apparmor/libvirt-lxc
@@ -2,39 +2,15 @@
#include <abstractions/base>

View File

@ -0,0 +1,49 @@
commit 141103378a74c68cbd775a306cdfd641119debbd
Author: intrigeri <intrigeri+libvirt@boum.org>
Date: Sun Nov 5 15:29:57 2017 +0000
AppArmor: add rules needed with additional mediation features brought by Linux 4.14.
Index: libvirt-3.9.0/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-3.9.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-3.9.0/examples/apparmor/libvirt-qemu
@@ -16,6 +16,10 @@
network inet stream,
network inet6 stream,
+ ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
+
+ signal (receive) peer=/usr/sbin/libvirtd,
+
/dev/net/tun rw,
/dev/kvm rw,
/dev/ptmx rw,
Index: libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-3.9.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
@@ -30,10 +30,13 @@
# Needed for vfio
capability sys_resource,
+ mount,
+
network inet stream,
network inet dgram,
network inet6 stream,
network inet6 dgram,
+ network netlink raw,
network packet dgram,
network packet raw,
@@ -42,6 +45,9 @@
ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*,
+ signal (send) peer=/usr/sbin/dnsmasq,
+ signal (read, send) peer=libvirt-*,
+
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
/ r,

View File

@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu <cyliu@suse.com>
src/qemu/qemu_driver.c | 7 +++++++
1 file changed, 7 insertions(+)
Index: libvirt-3.8.0/src/qemu/qemu_driver.c
Index: libvirt-3.9.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/qemu/qemu_driver.c
+++ libvirt-3.8.0/src/qemu/qemu_driver.c
@@ -17046,6 +17046,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
--- libvirt-3.9.0.orig/src/qemu/qemu_driver.c
+++ libvirt-3.9.0/src/qemu/qemu_driver.c
@@ -17112,6 +17112,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
goto endjob;
}

View File

@ -1,60 +0,0 @@
commit c44b29aacb6a3f445ab06d61899a0308b9d6d0d3
Author: Jim Fehlig <jfehlig@suse.com>
Date: Fri Oct 6 14:20:36 2017 -0600
apparmor: add dnsmasq ptrace rule to libvirtd profile
Commit b482925c added ptrace rule for the apparmor profiles,
but one was missed in the libvirtd profile for dnsmasq. It was
overlooked since the test machine did not have an active libvirt
network requiring dnsmasq that was also set to autostart. With
one active and set to autostart, the following denial is observed
in audit.log when restarting libvirtd
type=AVC msg=audit(1507320136.306:298): apparmor="DENIED" \
operation="ptrace" profile="/usr/sbin/libvirtd" pid=5472 \
comm="libvirtd" requested_mask="trace" denied_mask="trace" \
peer="/usr/sbin/dnsmasq"
With an active network, I suspect a libvirtd restart causes access
to /proc/<dnsmasq-pid>/*, hence the resulting denial. As a nasty
side affect of the denial, libvirtd thinks it needs to spawn a
dnsmasq process even though one is already running for the network.
E.g. after two libvirtd restarts
dnsmasq 1683 0.0 0.0 51188 2612 ? S 12:03 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 1684 0.0 0.0 51160 576 ? S 12:03 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq 4706 0.0 0.0 51188 2572 ? S 13:54 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 4707 0.0 0.0 51160 572 ? S 13:54 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
dnsmasq 4791 0.0 0.0 51188 2580 ? S 13:56 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
root 4792 0.0 0.0 51160 572 ? S 13:56 0:00 \
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf \
--leasefile-ro --dhcp-script=/usr/lib64/libvirt/libvirt_leaseshelper
A simple fix is to add a ptrace rule for dnsmasq.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-By: Guido Günther <agx@sigxcpu.org>
Index: libvirt-3.8.0/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-3.8.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-3.8.0/examples/apparmor/usr.sbin.libvirtd
@@ -39,6 +39,7 @@
ptrace (trace) peer=unconfined,
ptrace (trace) peer=/usr/sbin/libvirtd,
+ ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*,
# Very lenient profile for libvirtd since we want to first focus on confining

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:73eba834089ed0ce74e3183a7f12cf0c6f7de08e9a700b5456c62fb124f903f9
size 14868712

View File

@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJZ1JrdAAoJEBVYiyZZa+pdmBcIAMQQTuvHXX0T4A5CJrgyj4c+
iiYyOubSk5v4QGrbIcVtEt4TF1CyYTB65EM5ZCuB47KeiVzbkSl+6a3AQshWmn2V
7rLjXwJpM64xNc+ErEN+JrXD2ADA0lSZ50J4Eq7bE5GLxVSOuRn4QicAs5kG7bSn
h+AE3iRg45ImmE7wLC9Blu0ecQrR5yi4ensdYegLzbAumhZqrlDhWGZ9KfS7UDlE
ZN+PQipLhzv9fbRaZzRFbn194SBZQbMEcwkdrgLiXZ91U7/KjvcnnFPrVNh/xe6x
P/07JdTRBh/mwSFjEtGaYDBU9+sy8My1lRZL16YRqRIYX3OIuuXZyMiJj8+oGgE=
=2t5y
-----END PGP SIGNATURE-----

3
libvirt-3.9.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:89fc63213291d329d537ea96e363fd609160da080322973bd1126d431ff63424
size 15010344

10
libvirt-3.9.0.tar.xz.asc Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJZ+1FGAAoJEBVYiyZZa+pdIt0H/j6P8c3DObAleafFE9BOev03
24GQzGP8/Fh5Yr8mRPITg1nhFQ7MQdznDh80zhhExC8iBIG8/Ne4yuM27R+yVEZ7
YEyxOCe0lwyGkzWe7jaRwBnr4iweYRI2wY+i49TJUxSGOD12j7eCAiv/OdsGCVVg
+FlfxqXNMy6c49i49NNoECS/rP8q854hEjT0WjFFtnYSs32AtfN31vKbLBbuMCQz
uaXYTtmtCbe+ugNkzkhfUZlJ8sn2LdJo4NrjRS0VVlooDM/QDaWKpnj+uf0GrZtr
oO872FrdsVRqw19HTJyu+SL6xbZoMGXGfqVfWCIuk5bRbVVPHfhbUPkySSbY5oA=
=1FsG
-----END PGP SIGNATURE-----

View File

@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML
From: <ro@suse.de>
Index: libvirt-3.8.0/src/cpu/cpu_map.xml
Index: libvirt-3.9.0/src/cpu/cpu_map.xml
===================================================================
--- libvirt-3.8.0.orig/src/cpu/cpu_map.xml
+++ libvirt-3.8.0/src/cpu/cpu_map.xml
--- libvirt-3.9.0.orig/src/cpu/cpu_map.xml
+++ libvirt-3.9.0/src/cpu/cpu_map.xml
@@ -1724,6 +1724,8 @@
<pvr value='0x004b0000' mask='0xffff0000'/>
<pvr value='0x004c0000' mask='0xffff0000'/>

View File

@ -1,7 +1,7 @@
Index: libvirt-3.8.0/configure.ac
Index: libvirt-3.9.0/configure.ac
===================================================================
--- libvirt-3.8.0.orig/configure.ac
+++ libvirt-3.8.0/configure.ac
--- libvirt-3.9.0.orig/configure.ac
+++ libvirt-3.9.0/configure.ac
@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
LIBVIRT_ARG_LIBXML
LIBVIRT_ARG_MACVTAP
@ -26,10 +26,10 @@ Index: libvirt-3.8.0/configure.ac
LIBVIRT_RESULT_NSS
LIBVIRT_RESULT_NUMACTL
LIBVIRT_RESULT_OPENWSMAN
Index: libvirt-3.8.0/src/Makefile.am
Index: libvirt-3.9.0/src/Makefile.am
===================================================================
--- libvirt-3.8.0.orig/src/Makefile.am
+++ libvirt-3.8.0/src/Makefile.am
--- libvirt-3.9.0.orig/src/Makefile.am
+++ libvirt-3.9.0/src/Makefile.am
@@ -1037,6 +1037,10 @@ if WITH_NETCF
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_netcf.c
@ -41,7 +41,7 @@ Index: libvirt-3.8.0/src/Makefile.am
if WITH_UDEV
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_udev.c
@@ -1649,6 +1653,10 @@ if WITH_NETCF
@@ -1657,6 +1661,10 @@ if WITH_NETCF
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
endif WITH_NETCF
@ -52,10 +52,10 @@ Index: libvirt-3.8.0/src/Makefile.am
if WITH_UDEV
libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)
Index: libvirt-3.8.0/tools/virsh.c
Index: libvirt-3.9.0/tools/virsh.c
===================================================================
--- libvirt-3.8.0.orig/tools/virsh.c
+++ libvirt-3.8.0/tools/virsh.c
--- libvirt-3.9.0.orig/tools/virsh.c
+++ libvirt-3.9.0/tools/virsh.c
@@ -576,6 +576,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
@ -65,10 +65,10 @@ Index: libvirt-3.8.0/tools/virsh.c
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-3.8.0/src/interface/interface_backend_netcf.c
Index: libvirt-3.9.0/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-3.8.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-3.8.0/src/interface/interface_backend_netcf.c
--- libvirt-3.9.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-3.9.0/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@
#include <config.h>
@ -152,10 +152,10 @@ Index: libvirt-3.8.0/src/interface/interface_backend_netcf.c
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
return -1;
if (virRegisterStateDriver(&interfaceStateDriver) < 0)
Index: libvirt-3.8.0/src/interface/interface_driver.c
Index: libvirt-3.9.0/src/interface/interface_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/interface/interface_driver.c
+++ libvirt-3.8.0/src/interface/interface_driver.c
--- libvirt-3.9.0.orig/src/interface/interface_driver.c
+++ libvirt-3.9.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
@ -173,10 +173,10 @@ Index: libvirt-3.8.0/src/interface/interface_driver.c
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-3.8.0/m4/virt-netcontrol.m4
Index: libvirt-3.9.0/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-3.8.0/m4/virt-netcontrol.m4
+++ libvirt-3.9.0/m4/virt-netcontrol.m4
@@ -0,0 +1,39 @@
+dnl The libnetcontrol library
+dnl

View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Wed Nov 8 21:10:34 UTC 2017 - jfehlig@suse.com
- apparmor: add rules for new mediation features
apparmor-rules-for-new-mediation-features.patch,
apparmor-fine-grained-mount-rules.patch
bsc#1066124, boo#1065123
- spec: unconditionally enable the wireshark dissector
-------------------------------------------------------------------
Wed Nov 8 11:04:04 UTC 2017 - cbosdonnat@suse.com
- Replace %{with_sle_build} by ! 0%{?is_opensuse}
bsc#940315
-------------------------------------------------------------------
Thu Nov 2 20:44:57 UTC 2017 - jfehlig@suse.com
- Update to libvirt 3.9.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
c44b29aa-apparmor-dnsmasq-ptrace.patch,
441d3eb6-qemu-tls-client-verify-server-cert.patch
-------------------------------------------------------------------
Mon Oct 16 22:02:16 UTC 2017 - jfehlig@suse.com
@ -312,7 +337,6 @@ Wed Mar 22 08:30:55 UTC 2017 - cbosdonnat@suse.com
5dd607059-add-virNetDevGetName.patch
754515b7d-add-virNetlinkDumpCommand.patch
d68cb4f55-extract-the-request-sending-code-from-virNetlin.patch
-------------------------------------------------------------------
Thu Mar 16 14:23:16 UTC 2017 - jfehlig@suse.com

View File

@ -16,9 +16,6 @@
#
# The configuration of libvirt is modified slightly for SLE
%define with_sle_build %{?is_opensuse:0}%{!?is_opensuse:1}
# The hypervisor drivers that run in libvirtd
%define with_xen 0%{!?_without_xen:1}
%define with_qemu 0%{!?_without_qemu:1}
@ -43,13 +40,13 @@
# Optional bits on by default
%define with_sanlock 0%{!?_without_sanlock:1}
%define with_polkit_rules 1
%define with_wireshark 0%{!?_without_wireshark:1}
# A few optional bits off by default, we enable later
%define with_cgconfig 0%{!?_without_cgconfig:0}
%define with_numactl 0%{!?_without_numactl:0}
%define with_numad 0%{!?_without_numad:0}
%define with_firewalld 0%{!?_without_firewalld:0}
%define with_wireshark 0%{!?_without_wireshark:0}
%define with_libssh 0%{!?_without_libssh:0}
# Xen no longer contains xm/xend so disable building the legacy Xen driver
@ -64,7 +61,7 @@
%endif
# For SLE, further restrict Xen support to x86_64 only
%if %{with_sle_build}
%if ! 0%{?is_opensuse}
%ifarch %arm aarch64
%define with_xen 0
%define with_libxl 0
@ -90,7 +87,7 @@
%endif
# Disable hypervisor drivers not supported in SLE
%if %{with_sle_build}
%if ! 0%{?is_opensuse}
%define with_openvz 0
%define with_vbox 0
%define with_uml 0
@ -134,13 +131,6 @@
%endif
%endif
# libvirt commit 37397320 changed the configure check for wireshark to use
# pkgconfig. Currently only the Leap 42.2 and Factory wireshark-devel packages
# provide wireshark.pc. Disable the dissector for SLE and Leap <= 42.1
%if 0%{?sle_version} < 120200 && %{with_sle_build}
%define with_wireshark 0
%endif
# numad is used to manage the CPU and memory placement dynamically for
# qemu, lxc, and uml drivers
%if %{with_qemu} || %{with_lxc} || %{with_uml}
@ -170,7 +160,7 @@
Name: libvirt
Url: http://libvirt.org/
Version: 3.8.0
Version: 3.9.0
Release: 0
Summary: Library providing a simple virtualization API
License: LGPL-2.1+
@ -296,7 +286,7 @@ BuildRequires: systemtap-sdt-devel
BuildRequires: numad
%endif
%if %{with_wireshark}
BuildRequires: wireshark-devel >= 1.12.1
BuildRequires: wireshark-devel >= 2.1.0
%endif
%if %{with_libssh}
BuildRequires: libssh-devel >= 0.7.0
@ -310,11 +300,11 @@ Source4: libvirt-supportconfig
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: c44b29aa-apparmor-dnsmasq-ptrace.patch
Patch1: 441d3eb6-qemu-tls-client-verify-server-cert.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
Patch102: apparmor-rules-for-new-mediation-features.patch
Patch103: apparmor-fine-grained-mount-rules.patch
# Need to go upstream
Patch150: xen-pv-cdrom.patch
Patch151: blockcopy-check-dst-identical-device.patch
@ -341,7 +331,7 @@ Patch214: libvirt-suse-netcontrol.patch
Patch215: lxc-wait-after-eth-del.patch
Patch216: libxl-qemu-emulator-caps.patch
# SLES-Only patches
%if %{with_sle_build}
%if ! 0%{?is_opensuse}
Patch400: virt-create-rootfs.patch
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -886,10 +876,10 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1
@ -913,7 +903,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch214 -p1
%patch215 -p1
%patch216 -p1
%if %{with_sle_build}
%if ! 0%{?is_opensuse}
%patch400 -p1
%endif
@ -1112,7 +1102,7 @@ make %{?_smp_mflags} -C examples distclean
cp examples/lxcconvert/virt-lxc-convert %{buildroot}/%{_bindir}
rm -f %{buildroot}/%{_libdir}/*.la
%if %{with_wireshark}
rm -f %{buildroot}/%{_libdir}/wireshark/plugins/libvirt.la
rm -f %{buildroot}/%{_libdir}/wireshark/plugins/*/libvirt.la
%endif
rm -f %{buildroot}/%{_libdir}/*.a
rm -f %{buildroot}/%{_libdir}/%{name}/lock-driver/*.la
@ -1518,7 +1508,7 @@ fi
%dir %{_libdir}/%{name}/connection-driver
%{_libdir}/%{name}/connection-driver/libvirt_driver_lxc.so
%attr(0755, root, root) %{_bindir}/virt-lxc-convert
%if %{with_sle_build}
%if ! 0%{?is_opensuse}
%{_bindir}/virt-create-rootfs
%doc %{_mandir}/man1/virt-create-rootfs.1*
%endif
@ -1607,7 +1597,7 @@ fi
%{_sbindir}/rclibvirt-guests
%files libs -f %{name}.lang
%doc AUTHORS ChangeLog.gz NEWS README COPYING COPYING.LESSER TODO
%doc AUTHORS ChangeLog.gz NEWS README README.md COPYING COPYING.LESSER
%config(noreplace) %{_sysconfdir}/%{name}/libvirt.conf
%config(noreplace) %{_sysconfdir}/%{name}/libvirt-admin.conf
%{_libdir}/libvirt.so.*
@ -1701,7 +1691,7 @@ fi
%if %{with_wireshark}
%files -n wireshark-plugin-libvirt
%{_libdir}/wireshark/plugins/libvirt.so
%{_libdir}/wireshark/plugins/*/libvirt.so
%endif
%files nss

View File

@ -8,10 +8,10 @@ Date: Mon Jun 23 15:51:20 2014 -0600
option, but domainReset can be implemented in the libxl driver by
forcibly destroying the domain and starting it again.
Index: libvirt-3.8.0/src/libxl/libxl_driver.c
Index: libvirt-3.9.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_driver.c
+++ libvirt-3.8.0/src/libxl/libxl_driver.c
--- libvirt-3.9.0.orig/src/libxl/libxl_driver.c
+++ libvirt-3.9.0/src/libxl/libxl_driver.c
@@ -1381,6 +1381,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
}
@ -74,7 +74,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_driver.c
libxlDomainDestroyFlags(virDomainPtr dom,
unsigned int flags)
{
@@ -6503,6 +6558,7 @@ static virHypervisorDriver libxlHypervis
@@ -6497,6 +6552,7 @@ static virHypervisorDriver libxlHypervis
.domainShutdown = libxlDomainShutdown, /* 0.9.0 */
.domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */
.domainReboot = libxlDomainReboot, /* 0.9.0 */

View File

@ -8,10 +8,10 @@ as the default <emulator>, instead of the qemu-xen one.
See FATE#320638 for details.
Index: libvirt-3.8.0/src/libxl/libxl_capabilities.c
Index: libvirt-3.9.0/src/libxl/libxl_capabilities.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_capabilities.c
+++ libvirt-3.8.0/src/libxl/libxl_capabilities.c
--- libvirt-3.9.0.orig/src/libxl/libxl_capabilities.c
+++ libvirt-3.9.0/src/libxl/libxl_capabilities.c
@@ -38,6 +38,7 @@
#include "libxl_capabilities.h"
#include "cpu/cpu_x86.h"

View File

@ -3,11 +3,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
Index: libvirt-3.8.0/src/libxl/libxl_conf.c
Index: libvirt-3.9.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_conf.c
+++ libvirt-3.8.0/src/libxl/libxl_conf.c
@@ -646,6 +646,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
--- libvirt-3.9.0.orig/src/libxl/libxl_conf.c
+++ libvirt-3.9.0/src/libxl/libxl_conf.c
@@ -621,6 +621,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
@ -38,7 +38,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_conf.c
static char *
libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
const char *username,
@@ -894,6 +918,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -869,6 +893,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;

View File

@ -16,10 +16,10 @@ Signed-off-by: Jim Fehlig <jfehlig@suse.com>
tools/virsh.pod | 8 ++++++++
6 files changed, 125 insertions(+), 6 deletions(-)
Index: libvirt-3.8.0/include/libvirt/libvirt-domain.h
Index: libvirt-3.9.0/include/libvirt/libvirt-domain.h
===================================================================
--- libvirt-3.8.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-3.8.0/include/libvirt/libvirt-domain.h
--- libvirt-3.9.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-3.9.0/include/libvirt/libvirt-domain.h
@@ -1008,6 +1008,31 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment"
@ -52,11 +52,11 @@ Index: libvirt-3.8.0/include/libvirt/libvirt-domain.h
/* Domain migration. */
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
unsigned long flags, const char *dname,
Index: libvirt-3.8.0/src/libxl/libxl_driver.c
Index: libvirt-3.9.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_driver.c
+++ libvirt-3.8.0/src/libxl/libxl_driver.c
@@ -6105,6 +6105,9 @@ libxlDomainMigratePerform3Params(virDoma
--- libvirt-3.9.0.orig/src/libxl/libxl_driver.c
+++ libvirt-3.9.0/src/libxl/libxl_driver.c
@@ -6099,6 +6099,9 @@ libxlDomainMigratePerform3Params(virDoma
const char *dname = NULL;
const char *uri = NULL;
int ret = -1;
@ -66,7 +66,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_driver.c
#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
virReportUnsupportedError();
@@ -6121,6 +6124,18 @@ libxlDomainMigratePerform3Params(virDoma
@@ -6115,6 +6118,18 @@ libxlDomainMigratePerform3Params(virDoma
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_DEST_NAME,
&dname) < 0 ||
@ -85,7 +85,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_driver.c
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI,
&uri) < 0)
@@ -6135,11 +6150,11 @@ libxlDomainMigratePerform3Params(virDoma
@@ -6129,11 +6144,11 @@ libxlDomainMigratePerform3Params(virDoma
if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) {
if (libxlDomainMigrationPerformP2P(driver, vm, dom->conn, dom_xml,
@ -99,10 +99,10 @@ Index: libvirt-3.8.0/src/libxl/libxl_driver.c
goto cleanup;
}
Index: libvirt-3.8.0/src/libxl/libxl_migration.c
Index: libvirt-3.9.0/src/libxl/libxl_migration.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_migration.c
+++ libvirt-3.8.0/src/libxl/libxl_migration.c
--- libvirt-3.9.0.orig/src/libxl/libxl_migration.c
+++ libvirt-3.9.0/src/libxl/libxl_migration.c
@@ -359,18 +359,39 @@ libxlMigrateReceive(virNetSocketPtr sock
static int
libxlDoMigrateSend(libxlDriverPrivatePtr driver,
@ -263,10 +263,10 @@ Index: libvirt-3.8.0/src/libxl/libxl_migration.c
virObjectLock(vm);
cleanup:
Index: libvirt-3.8.0/src/libxl/libxl_migration.h
Index: libvirt-3.9.0/src/libxl/libxl_migration.h
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_migration.h
+++ libvirt-3.8.0/src/libxl/libxl_migration.h
--- libvirt-3.9.0.orig/src/libxl/libxl_migration.h
+++ libvirt-3.9.0/src/libxl/libxl_migration.h
@@ -39,6 +39,10 @@
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
@ -311,11 +311,11 @@ Index: libvirt-3.8.0/src/libxl/libxl_migration.h
virDomainPtr
libxlDomainMigrationFinish(virConnectPtr dconn,
Index: libvirt-3.8.0/tools/virsh-domain.c
Index: libvirt-3.9.0/tools/virsh-domain.c
===================================================================
--- libvirt-3.8.0.orig/tools/virsh-domain.c
+++ libvirt-3.8.0/tools/virsh-domain.c
@@ -10432,6 +10432,22 @@ static const vshCmdOptDef opts_migrate[]
--- libvirt-3.9.0.orig/tools/virsh-domain.c
+++ libvirt-3.9.0/tools/virsh-domain.c
@@ -10536,6 +10536,22 @@ static const vshCmdOptDef opts_migrate[]
.type = VSH_OT_BOOL,
.help = N_("use TLS for migration")
},
@ -338,7 +338,7 @@ Index: libvirt-3.8.0/tools/virsh-domain.c
{.name = NULL}
};
@@ -10455,6 +10471,7 @@ doMigrate(void *opaque)
@@ -10559,6 +10575,7 @@ doMigrate(void *opaque)
unsigned long long ullOpt = 0;
int rv;
virConnectPtr dconn = data->dconn;
@ -346,7 +346,7 @@ Index: libvirt-3.8.0/tools/virsh-domain.c
sigemptyset(&sigmask);
sigaddset(&sigmask, SIGINT);
@@ -10574,6 +10591,27 @@ doMigrate(void *opaque)
@@ -10678,6 +10695,27 @@ doMigrate(void *opaque)
goto save_error;
}
@ -374,11 +374,11 @@ Index: libvirt-3.8.0/tools/virsh-domain.c
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
goto out;
if (opt) {
Index: libvirt-3.8.0/tools/virsh.pod
Index: libvirt-3.9.0/tools/virsh.pod
===================================================================
--- libvirt-3.8.0.orig/tools/virsh.pod
+++ libvirt-3.8.0/tools/virsh.pod
@@ -1840,6 +1840,14 @@ Providing I<--tls> causes the migration
--- libvirt-3.9.0.orig/tools/virsh.pod
+++ libvirt-3.9.0/tools/virsh.pod
@@ -1849,6 +1849,14 @@ Providing I<--tls> causes the migration
the migration of the domain. Usage requires proper TLS setup for both source
and target.

View File

@ -7,11 +7,11 @@ and npiv.
For more details, see bsc#954872 and FATE#319810
Index: libvirt-3.8.0/src/libxl/libxl_conf.c
Index: libvirt-3.9.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-3.8.0.orig/src/libxl/libxl_conf.c
+++ libvirt-3.8.0/src/libxl/libxl_conf.c
@@ -646,6 +646,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
--- libvirt-3.9.0.orig/src/libxl/libxl_conf.c
+++ libvirt-3.9.0/src/libxl/libxl_conf.c
@@ -621,6 +621,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
@ -37,7 +37,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_conf.c
static void
libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
{
@@ -791,6 +810,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
@@ -766,6 +785,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
int
libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk)
{
@ -45,7 +45,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_conf.c
const char *driver = virDomainDiskGetDriver(l_disk);
int format = virDomainDiskGetFormat(l_disk);
int actual_type = virStorageSourceGetActualType(l_disk->src);
@@ -806,7 +826,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -781,7 +801,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0)
return -1;
} else {
@ -54,7 +54,7 @@ Index: libvirt-3.8.0/src/libxl/libxl_conf.c
return -1;
}
@@ -919,6 +939,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -894,6 +914,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;
libxlDiskSetCacheMode(x_disk, l_disk->cachemode);

View File

@ -13,10 +13,10 @@ device with the same name that is being created.
src/lxc/lxc_process.c | 1 +
3 files changed, 4 insertions(+)
Index: libvirt-3.8.0/src/lxc/lxc_controller.c
Index: libvirt-3.9.0/src/lxc/lxc_controller.c
===================================================================
--- libvirt-3.8.0.orig/src/lxc/lxc_controller.c
+++ libvirt-3.8.0/src/lxc/lxc_controller.c
--- libvirt-3.9.0.orig/src/lxc/lxc_controller.c
+++ libvirt-3.9.0/src/lxc/lxc_controller.c
@@ -73,6 +73,7 @@
#include "rpc/virnetdaemon.h"
#include "virstring.h"
@ -33,10 +33,10 @@ Index: libvirt-3.8.0/src/lxc/lxc_controller.c
return ret;
}
Index: libvirt-3.8.0/src/lxc/lxc_driver.c
Index: libvirt-3.9.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/lxc/lxc_driver.c
+++ libvirt-3.8.0/src/lxc/lxc_driver.c
--- libvirt-3.9.0.orig/src/lxc/lxc_driver.c
+++ libvirt-3.9.0/src/lxc/lxc_driver.c
@@ -76,6 +76,7 @@
#include "virtime.h"
#include "virtypedparam.h"
@ -45,7 +45,7 @@ Index: libvirt-3.8.0/src/lxc/lxc_driver.c
#include "virstring.h"
#include "viraccessapicheck.h"
#include "viraccessapichecklxc.h"
@@ -4021,6 +4022,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
@@ -4006,6 +4007,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
case VIR_DOMAIN_NET_TYPE_NETWORK:
case VIR_DOMAIN_NET_TYPE_ETHERNET:
ignore_value(virNetDevVethDelete(veth));
@ -53,7 +53,7 @@ Index: libvirt-3.8.0/src/lxc/lxc_driver.c
break;
case VIR_DOMAIN_NET_TYPE_DIRECT:
@@ -4455,6 +4457,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
@@ -4440,6 +4442,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
@ -61,10 +61,10 @@ Index: libvirt-3.8.0/src/lxc/lxc_driver.c
break;
/* It'd be nice to support this, but with macvlan
Index: libvirt-3.8.0/src/lxc/lxc_process.c
Index: libvirt-3.9.0/src/lxc/lxc_process.c
===================================================================
--- libvirt-3.8.0.orig/src/lxc/lxc_process.c
+++ libvirt-3.8.0/src/lxc/lxc_process.c
--- libvirt-3.9.0.orig/src/lxc/lxc_process.c
+++ libvirt-3.9.0/src/lxc/lxc_process.c
@@ -52,6 +52,7 @@
#include "viratomic.h"
#include "virprocess.h"

View File

@ -17,10 +17,10 @@ Signed-off-by: Martin Wilck <mwilck@suse.com>
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
2 files changed, 8 insertions(+), 2 deletions(-)
Index: libvirt-3.8.0/src/network/bridge_driver.c
Index: libvirt-3.9.0/src/network/bridge_driver.c
===================================================================
--- libvirt-3.8.0.orig/src/network/bridge_driver.c
+++ libvirt-3.8.0/src/network/bridge_driver.c
--- libvirt-3.9.0.orig/src/network/bridge_driver.c
+++ libvirt-3.9.0/src/network/bridge_driver.c
@@ -1393,7 +1393,14 @@ networkDnsmasqConfContents(virNetworkObj
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
if (ipdef->nranges || ipdef->nhosts) {
@ -37,10 +37,10 @@ Index: libvirt-3.8.0/src/network/bridge_driver.c
}
if (ipdef->tftproot) {
Index: libvirt-3.8.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
Index: libvirt-3.9.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
===================================================================
--- libvirt-3.8.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-3.8.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
--- libvirt-3.9.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-3.9.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
interface=virbr1
dhcp-range=192.168.122.1,static

View File

@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64
See bnc#894956
Index: libvirt-3.8.0/src/util/virarch.c
Index: libvirt-3.9.0/src/util/virarch.c
===================================================================
--- libvirt-3.8.0.orig/src/util/virarch.c
+++ libvirt-3.8.0/src/util/virarch.c
--- libvirt-3.9.0.orig/src/util/virarch.c
+++ libvirt-3.9.0/src/util/virarch.c
@@ -169,6 +169,8 @@ virArch virArchFromHost(void)
arch = VIR_ARCH_I686;
} else if (STREQ(ut.machine, "amd64")) {

View File

@ -1,8 +1,8 @@
Index: libvirt-3.8.0/examples/apparmor/libvirt-qemu
Index: libvirt-3.9.0/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-3.8.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-3.8.0/examples/apparmor/libvirt-qemu
@@ -176,3 +176,6 @@
--- libvirt-3.9.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-3.9.0/examples/apparmor/libvirt-qemu
@@ -184,3 +184,6 @@
/sys/devices/system/node/ r,
/sys/devices/system/node/node[0-9]*/meminfo r,
/sys/module/vhost/parameters/max_mem_regions r,

View File

@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 15 deletions(-)
Index: libvirt-3.8.0/src/xenconfig/xen_common.c
Index: libvirt-3.9.0/src/xenconfig/xen_common.c
===================================================================
--- libvirt-3.8.0.orig/src/xenconfig/xen_common.c
+++ libvirt-3.8.0/src/xenconfig/xen_common.c
--- libvirt-3.9.0.orig/src/xenconfig/xen_common.c
+++ libvirt-3.9.0/src/xenconfig/xen_common.c
@@ -394,6 +394,8 @@ xenParsePCI(virConfPtr conf, virDomainDe
{
virConfValuePtr list = virConfGetValue(conf, "pci");
@ -66,11 +66,11 @@ Index: libvirt-3.8.0/src/xenconfig/xen_common.c
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
hostdev->source.subsys.u.pci.addr.domain = domainID;
hostdev->source.subsys.u.pci.addr.bus = busID;
Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
Index: libvirt-3.9.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-3.8.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.8.0/src/xenconfig/xen_sxpr.c
@@ -1062,6 +1062,7 @@ xenParseSxprPCI(virDomainDefPtr def,
--- libvirt-3.9.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.9.0/src/xenconfig/xen_sxpr.c
@@ -1057,6 +1057,7 @@ xenParseSxprPCI(virDomainDefPtr def,
int busID;
int slotID;
int funcID;
@ -78,7 +78,7 @@ Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
node = cur->u.s.car;
if (!sexpr_lookup(node, "dev"))
@@ -1109,11 +1110,13 @@ xenParseSxprPCI(virDomainDefPtr def,
@@ -1104,11 +1105,13 @@ xenParseSxprPCI(virDomainDefPtr def,
goto error;
}
@ -93,7 +93,7 @@ Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
dev->source.subsys.u.pci.addr.domain = domainID;
dev->source.subsys.u.pci.addr.bus = busID;
@@ -1977,11 +1980,15 @@ static void
@@ -1972,11 +1975,15 @@ static void
xenFormatSxprPCI(virDomainHostdevDefPtr def,
virBufferPtr buf)
{
@ -110,7 +110,7 @@ Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
}
@@ -2000,12 +2007,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
@@ -1995,12 +2002,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
virBufferPtr buf,
int detach)
{
@ -123,7 +123,7 @@ Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
virBufferAddLit(buf, "(pci ");
xenFormatSxprPCI(def, buf);
if (detach)
@@ -2060,12 +2061,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
@@ -2055,12 +2056,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
for (i = 0; i < def->nhostdevs; i++) {
if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {

View File

@ -8,10 +8,10 @@ It was also noticed that the per-domain profiles need a libnl rule
to squelch a denial when starting confined domains.
Found while investigating bsc#1058847
Index: libvirt-3.8.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
Index: libvirt-3.9.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-3.8.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-3.8.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
--- libvirt-3.9.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-3.9.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -16,7 +16,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
owner @{PROC}/[0-9]*/status r,
@{PROC}/filesystems r,
@ -21,11 +21,11 @@ Index: libvirt-3.8.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
# for hostdev
/sys/devices/ r,
Index: libvirt-3.8.0/examples/apparmor/libvirt-qemu
Index: libvirt-3.9.0/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-3.8.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-3.8.0/examples/apparmor/libvirt-qemu
@@ -50,6 +50,7 @@
--- libvirt-3.9.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-3.9.0/examples/apparmor/libvirt-qemu
@@ -58,6 +58,7 @@
#/dev/fb* rw,
/etc/pulse/client.conf r,

View File

@ -1,9 +1,9 @@
Adjust libvirt-guests service to conform to SUSE standards
Index: libvirt-3.8.0/tools/libvirt-guests.init.in
Index: libvirt-3.9.0/tools/libvirt-guests.init.in
===================================================================
--- libvirt-3.8.0.orig/tools/libvirt-guests.init.in
+++ libvirt-3.8.0/tools/libvirt-guests.init.in
--- libvirt-3.9.0.orig/tools/libvirt-guests.init.in
+++ libvirt-3.9.0/tools/libvirt-guests.init.in
@@ -4,27 +4,27 @@
# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
#
@ -23,32 +23,33 @@ Index: libvirt-3.8.0/tools/libvirt-guests.init.in
# Short-Description: suspend/resume libvirt guests on shutdown/boot
-# Description: This is a script for suspending active libvirt guests
-# on shutdown and resuming them on next boot
-# See http://libvirt.org
-# See https://libvirt.org
+# Description: This is a script for suspending active libvirt guests
+# on shutdown and resuming them on next boot
+# See http://libvirt.org
+# See https://libvirt.org
### END INIT INFO
# the following is chkconfig init header
#
-# libvirt-guests: suspend/resume libvirt guests on shutdown/boot
+# libvirt-guests: suspend/resume libvirt guests on shutdown/boot
#
-#
-# chkconfig: 345 99 01
-# description: This is a script for suspending active libvirt guests \
-# on shutdown and resuming them on next boot \
-# See http://libvirt.org
-# See https://libvirt.org
+# libvirt-guests: suspend/resume libvirt guests on shutdown/boot
#
+# chkconfig: 345 99 01
+# description: This is a script for suspending active libvirt guests \
+# on shutdown and resuming them on next boot \
+# See http://libvirt.org
#
+# See https://libvirt.org
+
exec @libexecdir@/libvirt-guests.sh "$@"
Index: libvirt-3.8.0/tools/libvirt-guests.sh.in
Index: libvirt-3.9.0/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-3.8.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-3.8.0/tools/libvirt-guests.sh.in
--- libvirt-3.9.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-3.9.0/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
@ -208,10 +209,10 @@ Index: libvirt-3.8.0/tools/libvirt-guests.sh.in
esac
-exit $RETVAL
+rc_exit
Index: libvirt-3.8.0/tools/libvirt-guests.sysconf
Index: libvirt-3.9.0/tools/libvirt-guests.sysconf
===================================================================
--- libvirt-3.8.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-3.8.0/tools/libvirt-guests.sysconf
--- libvirt-3.9.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-3.9.0/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt-guests
+

View File

@ -3,10 +3,10 @@ Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Index: libvirt-3.8.0/daemon/libvirtd.conf
Index: libvirt-3.9.0/daemon/libvirtd.conf
===================================================================
--- libvirt-3.8.0.orig/daemon/libvirtd.conf
+++ libvirt-3.8.0/daemon/libvirtd.conf
--- libvirt-3.9.0.orig/daemon/libvirtd.conf
+++ libvirt-3.9.0/daemon/libvirtd.conf
@@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
@ -18,10 +18,10 @@ Index: libvirt-3.8.0/daemon/libvirtd.conf
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-3.8.0/daemon/libvirtd-config.c
Index: libvirt-3.9.0/daemon/libvirtd-config.c
===================================================================
--- libvirt-3.8.0.orig/daemon/libvirtd-config.c
+++ libvirt-3.8.0/daemon/libvirtd-config.c
--- libvirt-3.9.0.orig/daemon/libvirtd-config.c
+++ libvirt-3.9.0/daemon/libvirtd-config.c
@@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT
if (VIR_ALLOC(data) < 0)
return NULL;
@ -31,10 +31,10 @@ Index: libvirt-3.8.0/daemon/libvirtd-config.c
data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
Index: libvirt-3.8.0/daemon/test_libvirtd.aug.in
Index: libvirt-3.9.0/daemon/test_libvirtd.aug.in
===================================================================
--- libvirt-3.8.0.orig/daemon/test_libvirtd.aug.in
+++ libvirt-3.8.0/daemon/test_libvirtd.aug.in
--- libvirt-3.9.0.orig/daemon/test_libvirtd.aug.in
+++ libvirt-3.9.0/daemon/test_libvirtd.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd =
::CONFIG::

View File

@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based
tools. If a user installs libvirt on their SUSE Xen host, then
libvirt should be king and override xendomains. See bsc#1015348
Index: libvirt-3.8.0/daemon/libvirtd.service.in
Index: libvirt-3.9.0/daemon/libvirtd.service.in
===================================================================
--- libvirt-3.8.0.orig/daemon/libvirtd.service.in
+++ libvirt-3.8.0/daemon/libvirtd.service.in
--- libvirt-3.9.0.orig/daemon/libvirtd.service.in
+++ libvirt-3.9.0/daemon/libvirtd.service.in
@@ -14,6 +14,8 @@ After=iscsid.service
After=apparmor.service
After=local-fs.target
@ -18,5 +18,5 @@ Index: libvirt-3.8.0/daemon/libvirtd.service.in
+After=xencommons.service
+Conflicts=xendomains.service
Documentation=man:libvirtd(8)
Documentation=http://libvirt.org
Documentation=https://libvirt.org

View File

@ -1,9 +1,9 @@
Adjust libvirtd sysconfig file to conform to SUSE standards
Index: libvirt-3.8.0/daemon/libvirtd.sysconf
Index: libvirt-3.9.0/daemon/libvirtd.sysconf
===================================================================
--- libvirt-3.8.0.orig/daemon/libvirtd.sysconf
+++ libvirt-3.8.0/daemon/libvirtd.sysconf
--- libvirt-3.9.0.orig/daemon/libvirtd.sysconf
+++ libvirt-3.9.0/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@
+## Path: System/Virtualization/libvirt
+

View File

@ -1,10 +1,10 @@
Adjust paths of OVMF firmwares on SUSE distros
Index: libvirt-3.8.0/src/qemu/qemu.conf
Index: libvirt-3.9.0/src/qemu/qemu.conf
===================================================================
--- libvirt-3.8.0.orig/src/qemu/qemu.conf
+++ libvirt-3.8.0/src/qemu/qemu.conf
@@ -737,10 +737,9 @@ security_default_confined = 0
--- libvirt-3.9.0.orig/src/qemu/qemu.conf
+++ libvirt-3.9.0/src/qemu/qemu.conf
@@ -743,10 +743,9 @@ security_default_confined = 0
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
# follows this scheme.
#nvram = [
@ -18,10 +18,10 @@ Index: libvirt-3.8.0/src/qemu/qemu.conf
#]
# The backend to use for handling stdout/stderr output from
Index: libvirt-3.8.0/src/qemu/qemu_conf.c
Index: libvirt-3.9.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-3.8.0.orig/src/qemu/qemu_conf.c
+++ libvirt-3.8.0/src/qemu/qemu_conf.c
--- libvirt-3.9.0.orig/src/qemu/qemu_conf.c
+++ libvirt-3.9.0/src/qemu/qemu_conf.c
@@ -127,10 +127,9 @@ void qemuDomainCmdlineDefFree(qemuDomain
#ifndef DEFAULT_LOADER_NVRAM

View File

@ -7,11 +7,11 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.
Index: libvirt-3.8.0/src/qemu/qemu.conf
Index: libvirt-3.9.0/src/qemu/qemu.conf
===================================================================
--- libvirt-3.8.0.orig/src/qemu/qemu.conf
+++ libvirt-3.8.0/src/qemu/qemu.conf
@@ -374,11 +374,20 @@
--- libvirt-3.9.0.orig/src/qemu/qemu.conf
+++ libvirt-3.9.0/src/qemu/qemu.conf
@@ -380,11 +380,20 @@
# isolation, but it cannot appear in a list of drivers.
#
#security_driver = "selinux"
@ -34,7 +34,7 @@ Index: libvirt-3.8.0/src/qemu/qemu.conf
# If set to non-zero, then attempts to create unconfined
# guests will be blocked. Defaults to 0.
@@ -622,11 +631,22 @@
@@ -628,11 +637,22 @@
#allow_disk_format_probing = 1

View File

@ -1,9 +1,9 @@
Adjust virtlockd sysconfig file to conform to SUSE standards
Index: libvirt-3.8.0/src/locking/virtlockd.sysconf
Index: libvirt-3.9.0/src/locking/virtlockd.sysconf
===================================================================
--- libvirt-3.8.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-3.8.0/src/locking/virtlockd.sysconf
--- libvirt-3.9.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-3.9.0/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlockd
+

View File

@ -1,9 +1,9 @@
Adjust virtlogd sysconfig file to conform to SUSE standards
Index: libvirt-3.8.0/src/logging/virtlogd.sysconf
Index: libvirt-3.9.0/src/logging/virtlogd.sysconf
===================================================================
--- libvirt-3.8.0.orig/src/logging/virtlogd.sysconf
+++ libvirt-3.8.0/src/logging/virtlogd.sysconf
--- libvirt-3.9.0.orig/src/logging/virtlogd.sysconf
+++ libvirt-3.9.0/src/logging/virtlogd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlogd
+

View File

@ -1,8 +1,8 @@
Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
Index: libvirt-3.9.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-3.8.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.8.0/src/xenconfig/xen_sxpr.c
@@ -392,7 +392,7 @@ xenParseSxprVifRate(const char *rate, un
--- libvirt-3.9.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.9.0/src/xenconfig/xen_sxpr.c
@@ -387,7 +387,7 @@ xenParseSxprVifRate(const char *rate, un
static int
xenParseSxprDisks(virDomainDefPtr def,
const struct sexpr *root,
@ -11,7 +11,7 @@ Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
{
const struct sexpr *cur, *node;
virDomainDiskDefPtr disk = NULL;
@@ -442,7 +442,6 @@ xenParseSxprDisks(virDomainDefPtr def,
@@ -437,7 +437,6 @@ xenParseSxprDisks(virDomainDefPtr def,
/* There is a case without the uname to the CD-ROM device */
offset = strchr(dst, ':');
if (!offset ||

View File

@ -6,11 +6,11 @@ and 'file'. This was implicitly done prior to commit 9673418c.
https://bugzilla.suse.com/show_bug.cgi?id=938228
Index: libvirt-3.8.0/src/xenconfig/xen_sxpr.c
Index: libvirt-3.9.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-3.8.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.8.0/src/xenconfig/xen_sxpr.c
@@ -506,10 +506,11 @@ xenParseSxprDisks(virDomainDefPtr def,
--- libvirt-3.9.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-3.9.0/src/xenconfig/xen_sxpr.c
@@ -501,10 +501,11 @@ xenParseSxprDisks(virDomainDefPtr def,
omnipotent, we can revisit this, perhaps stat()'ing
the src file in question */
virDomainDiskSetType(disk, VIR_STORAGE_TYPE_FILE);