Accepting request 561313 from home:cbosdonnat:branches:Virtualization

- Fix apparmor rules for virt-aa-helper (bsc#1074265)
  fix-virt-aa-helper-profile.patch
- Update upstreamed patches
  Removed patches:
  * daemon-close-crasher.patch
  * lxc-hostname.patch
  Added patches:
  * 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch
  * b475a91b-add-virStringFilterChars-string-utility.patch
  * faec1958-lxc-set-hostname-based-on-container-name.patch

OBS-URL: https://build.opensuse.org/request/show/561313
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=655
This commit is contained in:
Cédric Bosdonnat 2018-01-03 12:04:09 +00:00 committed by Git OBS Bridge
parent 21a15fa2f7
commit d3c3ef874c
7 changed files with 183 additions and 83 deletions

View File

@ -0,0 +1,45 @@
From 2089ab2112e763d6de5888e498afc4fbdc3376db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Wed, 20 Dec 2017 17:36:10 +0100
Subject: [PATCH] netserver: close clients before stopping all drivers
So far clients were closed when disposing the daemon, after the state
driver cleanup. This was leading to libvirtd crashing at shutdown due
to missing driver.
Moving the client close in virNetServerClose() fixes the problem.
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
src/rpc/virnetserver.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
index 2b76daab5..43f889e2a 100644
--- a/src/rpc/virnetserver.c
+++ b/src/rpc/virnetserver.c
@@ -774,10 +774,8 @@ void virNetServerDispose(void *obj)
virObjectUnref(srv->programs[i]);
VIR_FREE(srv->programs);
- for (i = 0; i < srv->nclients; i++) {
- virNetServerClientClose(srv->clients[i]);
+ for (i = 0; i < srv->nclients; i++)
virObjectUnref(srv->clients[i]);
- }
VIR_FREE(srv->clients);
VIR_FREE(srv->mdnsGroupName);
@@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv)
for (i = 0; i < srv->nservices; i++)
virNetServerServiceClose(srv->services[i]);
+ for (i = 0; i < srv->nclients; i++)
+ virNetServerClientClose(srv->clients[i]);
+
virObjectUnlock(srv);
}
--
2.15.1

View File

@ -1,8 +1,21 @@
From b475a91b7753281eb60b87f75b0055fe3c139276 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 18 Dec 2017 15:46:53 +0100
Subject: [PATCH 1/2] Add virStringFilterChars() string utility
Add a function to filter a string based on a list of valid characters.
---
src/libvirt_private.syms | 1 +
src/util/virstring.c | 24 ++++++++++++++++++++++++
src/util/virstring.h | 1 +
tests/virstringtest.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 72 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index de4ec4d44..43971db67 100644 index 18d0f2adf..6662c8dac 100644
--- a/src/libvirt_private.syms --- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms +++ b/src/libvirt_private.syms
@@ -2751,6 +2751,7 @@ virStrcpy; @@ -2755,6 +2755,7 @@ virStrcpy;
virStrdup; virStrdup;
virStringBufferIsPrintable; virStringBufferIsPrintable;
virStringEncodeBase64; virStringEncodeBase64;
@ -10,61 +23,8 @@ index de4ec4d44..43971db67 100644
virStringHasChars; virStringHasChars;
virStringHasControlChars; virStringHasControlChars;
virStringIsEmpty; virStringIsEmpty;
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b7216d6ee..246145fcd 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd,
return 0;
}
+static const char hostname_validchars[] =
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789-";
+
+static int lxcContainerSetHostname(virDomainDefPtr def)
+{
+ int ret = -1;
+ char *name = NULL;
+ char *hostname = NULL;
+
+ /* Filter the VM name to get a valid hostname */
+ if (VIR_STRDUP(name, def->name) < 0)
+ goto cleanup;
+
+ /* RFC 1123 allows 0-9 digits as a first character in hostname */
+ virStringFilterChars(name, hostname_validchars);
+ hostname = name;
+ if (strlen(name) > 0 && name[0] == '-')
+ hostname = name + 1;
+
+ if (sethostname(hostname, strlen(hostname)) < 0) {
+ virReportSystemError(errno, "%s", _("Failed to set hostname"));
+ goto cleanup;
+ }
+ ret = 0;
+
+ cleanup:
+ VIR_FREE(name);
+ return ret;
+}
/**
* lxcContainerChild:
@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data)
goto cleanup;
}
+ if (lxcContainerSetHostname(vmDef) < 0)
+ goto cleanup;
+
+
/* drop a set of root capabilities */
if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0)
goto cleanup;
diff --git a/src/util/virstring.c b/src/util/virstring.c diff --git a/src/util/virstring.c b/src/util/virstring.c
index b2ebce27f..b808aff2c 100644 index 0cb06bdc9..1c58df915 100644
--- a/src/util/virstring.c --- a/src/util/virstring.c
+++ b/src/util/virstring.c +++ b/src/util/virstring.c
@@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str) @@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str)
@ -174,3 +134,6 @@ index 320f7a398..e8518ede1 100644
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
} }
--
2.15.1

View File

@ -1,22 +0,0 @@
Index: libvirt-3.10.0/src/rpc/virnetserver.c
===================================================================
--- libvirt-3.10.0.orig/src/rpc/virnetserver.c
+++ libvirt-3.10.0/src/rpc/virnetserver.c
@@ -775,7 +775,6 @@ void virNetServerDispose(void *obj)
VIR_FREE(srv->programs);
for (i = 0; i < srv->nclients; i++) {
- virNetServerClientClose(srv->clients[i]);
virObjectUnref(srv->clients[i]);
}
VIR_FREE(srv->clients);
@@ -796,6 +795,9 @@ void virNetServerClose(virNetServerPtr s
for (i = 0; i < srv->nservices; i++)
virNetServerServiceClose(srv->services[i]);
+ for (i = 0; i < srv->nclients; i++)
+ virNetServerClientClose(srv->clients[i]);
+
virObjectUnlock(srv);
}

View File

@ -0,0 +1,69 @@
From faec1958614bfcdb535b1bcc0ddac8cde4516e1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 18 Dec 2017 15:48:33 +0100
Subject: [PATCH 2/2] lxc: set a hostname based on the container name
Set a transient hostname on containers. The hostname is computed from
the container name, only keeping the valid characters [a-zA-Z0-9-] in it.
This filtering is based on RFC 1123 and allows a digit to start the
hostname.
---
src/lxc/lxc_container.c | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b7216d6ee..96fceaf1b 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd,
return 0;
}
+static const char hostname_validchars[] =
+ "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "0123456789-";
+
+static int lxcContainerSetHostname(virDomainDefPtr def)
+{
+ int ret = -1;
+ char *name = NULL;
+ char *hostname = NULL;
+
+ /* Filter the VM name to get a valid hostname */
+ if (VIR_STRDUP(name, def->name) < 0)
+ goto cleanup;
+
+ /* RFC 1123 allows 0-9 digits as a first character in hostname */
+ virStringFilterChars(name, hostname_validchars);
+ hostname = name;
+ if (strlen(name) > 0 && name[0] == '-')
+ hostname = name + 1;
+
+ if (sethostname(hostname, strlen(hostname)) < 0) {
+ virReportSystemError(errno, "%s", _("Failed to set hostname"));
+ goto cleanup;
+ }
+ ret = 0;
+
+ cleanup:
+ VIR_FREE(name);
+ return ret;
+}
/**
* lxcContainerChild:
@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data)
goto cleanup;
}
+ if (lxcContainerSetHostname(vmDef) < 0)
+ goto cleanup;
+
+
/* drop a set of root capabilities */
if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0)
goto cleanup;
--
2.15.1

View File

@ -0,0 +1,28 @@
From 29eed5ffb8776f4e4ecf6dc6b3ee7f320f679e7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Tue, 2 Jan 2018 09:54:46 +0100
Subject: [PATCH] apparmor: fix virt-aa-helper profile
Fix rule introduced by commit 0f33025a:
* to handle /var/run not being a symlink to /run
* to be properly parsed: missing comma at the end.
---
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index 9c822b644..105f09e43 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/var/lib/libvirt/images/** r,
/{media,mnt,opt,srv}/** r,
# For virt-sandbox
- /run/libvirt/**/[sv]d[a-z] r
+ /{,var/}run/libvirt/**/[sv]d[a-z] r,
/**.img r,
/**.raw r,
--
2.15.1

View File

@ -1,4 +1,17 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 3 10:46:26 UTC 2018 - cbosdonnat@suse.com
- Fix apparmor rules for virt-aa-helper (bsc#1074265)
fix-virt-aa-helper-profile.patch
- Update upstreamed patches
Removed patches:
* daemon-close-crasher.patch
* lxc-hostname.patch
Added patches:
* 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch
* b475a91b-add-virStringFilterChars-string-utility.patch
* faec1958-lxc-set-hostname-based-on-container-name.patch
-------------------------------------------------------------------
Wed Dec 20 16:58:50 UTC 2017 - cbosdonnat@suse.com Wed Dec 20 16:58:50 UTC 2017 - cbosdonnat@suse.com
- Close clients before drivers are cleaned up to avoid crash at - Close clients before drivers are cleaned up to avoid crash at

View File

@ -1,7 +1,7 @@
# #
# spec file for package libvirt # spec file for package libvirt
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -312,9 +312,13 @@ Patch0: 2d07f1f0-fix-storage-crash.patch
Patch1: 69ed99c7-dom0-persistent.patch Patch1: 69ed99c7-dom0-persistent.patch
Patch2: 8599aedd-libvirt-guests-dom0-filter.patch Patch2: 8599aedd-libvirt-guests-dom0-filter.patch
Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch
Patch4: b475a91b-add-virStringFilterChars-string-utility.patch
Patch5: faec1958-lxc-set-hostname-based-on-container-name.patch
Patch6: 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch
# Patches pending upstream review # Patches pending upstream review
Patch100: libxl-dom-reset.patch Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
Patch102: fix-virt-aa-helper-profile.patch
# Need to go upstream # Need to go upstream
Patch150: xen-pv-cdrom.patch Patch150: xen-pv-cdrom.patch
Patch151: blockcopy-check-dst-identical-device.patch Patch151: blockcopy-check-dst-identical-device.patch
@ -322,8 +326,6 @@ Patch152: libvirt-power8-models.patch
Patch153: ppc64le-canonical-name.patch Patch153: ppc64le-canonical-name.patch
Patch154: libxl-set-migration-constraints.patch Patch154: libxl-set-migration-constraints.patch
Patch155: libxl-set-cach-mode.patch Patch155: libxl-set-cach-mode.patch
Patch156: lxc-hostname.patch
Patch157: daemon-close-crasher.patch
# Our patches # Our patches
Patch200: suse-libvirtd-disable-tls.patch Patch200: suse-libvirtd-disable-tls.patch
Patch201: suse-libvirtd-sysconfig-settings.patch Patch201: suse-libvirtd-sysconfig-settings.patch
@ -893,16 +895,18 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%patch102 -p1
%patch150 -p1 %patch150 -p1
%patch151 -p1 %patch151 -p1
%patch152 -p1 %patch152 -p1
%patch153 -p1 %patch153 -p1
%patch154 -p1 %patch154 -p1
%patch155 -p1 %patch155 -p1
%patch156 -p1
%patch157 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
%patch202 -p1 %patch202 -p1