Accepting request 692393 from home:jfehlig:branches:Virtualization

- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime
  for read-only connections and users
  CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch
  bsc#1131595
- spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch
  touches remote_protocol.x

- Update to libvirt 5.2.0
  - Many incremental improvements and bug fixes, see
    http://libvirt.org/news.html
  - Dropped patches:
    4ec3cf9a-apparmor-rules.patch,
    f38ef0fa-no-RDMA-check.patch,
    411cdaf8-apparmor-check-profile-name.patch,
    696239ba-qemu-fix-query-cpus-fast.patch,
    09eb1ae0-conf-add-xenbus-controller.patch,
    fb059757-libxl-add-xenbus-controller.patch,
    ec5a1191-libxl-support-max-grant-frames.patch,
    5a64c202-xenconfig-support-max-grant-frames.patch
  - Added patches:
    ff376c62-tests-fix-mocking-stat-lstat.patch,
    mprivozn-test-fix-proposal.patch

OBS-URL: https://build.opensuse.org/request/show/692393
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745
This commit is contained in:
James Fehlig 2019-04-08 22:27:41 +00:00 committed by Git OBS Bridge
parent 1038e4e3f8
commit da9af7a383
45 changed files with 1643 additions and 2457 deletions

View File

@ -18,10 +18,10 @@ them.
create mode 100644 src/conf/domain_stats.c
create mode 100644 src/conf/domain_stats.h
Index: libvirt-5.1.0/src/conf/domain_stats.c
Index: libvirt-5.2.0/src/conf/domain_stats.c
===================================================================
--- /dev/null
+++ libvirt-5.1.0/src/conf/domain_stats.c
+++ libvirt-5.2.0/src/conf/domain_stats.c
@@ -0,0 +1,139 @@
+/*
+ * domain_stats.c: domain stats extraction helpers
@ -162,10 +162,10 @@ Index: libvirt-5.1.0/src/conf/domain_stats.c
+}
+
+#undef STATS_ADD_NET_PARAM
Index: libvirt-5.1.0/src/conf/domain_stats.h
Index: libvirt-5.2.0/src/conf/domain_stats.h
===================================================================
--- /dev/null
+++ libvirt-5.1.0/src/conf/domain_stats.h
+++ libvirt-5.2.0/src/conf/domain_stats.h
@@ -0,0 +1,64 @@
+/*
+ * domain_stats.h: domain stats extraction helpers
@ -231,11 +231,11 @@ Index: libvirt-5.1.0/src/conf/domain_stats.h
+ int *maxparams);
+
+#endif /* __DOMAIN_STATS_H */
Index: libvirt-5.1.0/src/libvirt_private.syms
Index: libvirt-5.2.0/src/libvirt_private.syms
===================================================================
--- libvirt-5.1.0.orig/src/libvirt_private.syms
+++ libvirt-5.1.0/src/libvirt_private.syms
@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate;
--- libvirt-5.2.0.orig/src/libvirt_private.syms
+++ libvirt-5.2.0/src/libvirt_private.syms
@@ -671,6 +671,9 @@ virDomainConfNWFilterInstantiate;
virDomainConfNWFilterTeardown;
virDomainConfVMNWFilterTeardown;
@ -245,7 +245,7 @@ Index: libvirt-5.1.0/src/libvirt_private.syms
# conf/interface_conf.h
virInterfaceDefFormat;
@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage;
@@ -1583,6 +1586,7 @@ virCgroupGetMemoryUsage;
virCgroupGetMemSwapHardLimit;
virCgroupGetMemSwapUsage;
virCgroupGetPercpuStats;
@ -253,10 +253,10 @@ Index: libvirt-5.1.0/src/libvirt_private.syms
virCgroupHasController;
virCgroupHasEmptyTasks;
virCgroupKillPainfully;
Index: libvirt-5.1.0/src/qemu/qemu_driver.c
Index: libvirt-5.2.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c
+++ libvirt-5.2.0/src/qemu/qemu_driver.c
@@ -67,6 +67,7 @@
#include "virarptable.h"
#include "viruuid.h"
@ -265,7 +265,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
#include "domain_audit.h"
#include "node_device_conf.h"
#include "virpci.h"
@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
@@ -19941,21 +19942,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr
int *maxparams,
unsigned int privflags ATTRIBUTE_UNUSED)
{
@ -288,7 +288,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
}
@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
@@ -20145,37 +20132,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj
int *maxparams)
{
qemuDomainObjPrivatePtr priv = dom->privateData;
@ -327,7 +327,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
}
@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
@@ -20369,44 +20326,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr
return ret;
}
@ -372,7 +372,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
static int
qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
virDomainObjPtr dom,
@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
@@ -20414,68 +20333,9 @@ qemuDomainGetStatsInterface(virQEMUDrive
int *maxparams,
unsigned int privflags ATTRIBUTE_UNUSED)
{
@ -442,7 +442,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
#define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \
do { \
char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD
@@ -20708,10 +20568,10 @@ qemuDomainGetStatsBlockExportHeader(virD
{
int ret = -1;
@ -455,7 +455,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
if (src->id)
QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex",
src->id);
@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
@@ -20865,7 +20725,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
* after the iteration than it is to iterate twice; but we still
* want count listed first. */
count_index = record->nparams;
@ -464,7 +464,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
for (i = 0; i < dom->def->ndisks; i++) {
if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats,
@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
@@ -20890,8 +20750,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr
#undef QEMU_ADD_BLOCK_PARAM_ULL
@ -473,7 +473,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
#define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \
do { \
char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \
@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
@@ -20943,7 +20801,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver
if (niothreads == 0)
return 0;
@ -482,7 +482,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
for (i = 0; i < niothreads; i++) {
if (iothreads[i]->poll_valid) {
@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
@@ -20976,8 +20834,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver
#undef QEMU_ADD_IOTHREAD_PARAM_ULL
@ -491,10 +491,10 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c
static int
qemuDomainGetStatsPerfOneEvent(virPerfPtr perf,
virPerfEventType type,
Index: libvirt-5.1.0/src/util/vircgroup.c
Index: libvirt-5.2.0/src/util/vircgroup.c
===================================================================
--- libvirt-5.1.0.orig/src/util/vircgroup.c
+++ libvirt-5.1.0/src/util/vircgroup.c
--- libvirt-5.2.0.orig/src/util/vircgroup.c
+++ libvirt-5.2.0/src/util/vircgroup.c
@@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control
return ret;
}
@ -556,10 +556,10 @@ Index: libvirt-5.1.0/src/util/vircgroup.c
int
virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED,
bool create ATTRIBUTE_UNUSED,
Index: libvirt-5.1.0/src/util/vircgroup.h
Index: libvirt-5.2.0/src/util/vircgroup.h
===================================================================
--- libvirt-5.1.0.orig/src/util/vircgroup.h
+++ libvirt-5.1.0/src/util/vircgroup.h
--- libvirt-5.2.0.orig/src/util/vircgroup.h
+++ libvirt-5.2.0/src/util/vircgroup.h
@@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou
int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller);
@ -570,10 +570,10 @@ Index: libvirt-5.1.0/src/util/vircgroup.h
+ int *maxparams);
+
#endif /* LIBVIRT_VIRCGROUP_H */
Index: libvirt-5.1.0/src/conf/Makefile.inc.am
Index: libvirt-5.2.0/src/conf/Makefile.inc.am
===================================================================
--- libvirt-5.1.0.orig/src/conf/Makefile.inc.am
+++ libvirt-5.1.0/src/conf/Makefile.inc.am
--- libvirt-5.2.0.orig/src/conf/Makefile.inc.am
+++ libvirt-5.2.0/src/conf/Makefile.inc.am
@@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \
conf/domain_audit.h \
conf/domain_nwfilter.c \
@ -582,4 +582,4 @@ Index: libvirt-5.1.0/src/conf/Makefile.inc.am
+ conf/domain_stats.h \
conf/virsavecookie.c \
conf/virsavecookie.h \
conf/snapshot_conf.c \
conf/moment_conf.c \

View File

@ -19,11 +19,11 @@ reworking this patch and submitting it to upstream libvirt.
src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 91 insertions(+)
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
Index: libvirt-5.2.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.2.0/src/libxl/libxl_driver.c
@@ -5245,6 +5245,97 @@ libxlDomainMemoryStats(virDomainPtr dom,
#undef LIBXL_SET_MEMSTAT
@ -121,7 +121,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c
static int
libxlDomainGetJobInfo(virDomainPtr dom,
virDomainJobInfoPtr info)
@@ -6636,6 +6727,7 @@ static virHypervisorDriver libxlHypervis
@@ -6629,6 +6720,7 @@ static virHypervisorDriver libxlHypervis
#endif
.nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */
.nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */

View File

@ -9,10 +9,10 @@ them using the existing API.
src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 138 insertions(+)
Index: libvirt-5.1.0/src/lxc/lxc_driver.c
Index: libvirt-5.2.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
--- libvirt-5.2.0.orig/src/lxc/lxc_driver.c
+++ libvirt-5.2.0/src/lxc/lxc_driver.c
@@ -75,6 +75,7 @@
#include "viraccessapichecklxc.h"
#include "virhostdev.h"
@ -21,7 +21,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
@@ -5374,6 +5375,142 @@ lxcDomainHasManagedSaveImage(virDomainPt
return ret;
}
@ -164,7 +164,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c
/* Function Tables */
static virHypervisorDriver lxcHypervisorDriver = {
@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor
@@ -5469,6 +5606,7 @@ static virHypervisorDriver lxcHypervisor
.nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */
.nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */
.domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */

View File

@ -1,201 +0,0 @@
commit 09eb1ae0ec7e592133eb98f4a0fe2f6daa5ba2d9
Author: Jim Fehlig <jfehlig@suse.com>
Date: Wed Mar 6 15:59:29 2019 -0700
conf: Add a new 'xenbus' controller type
xenbus is virtual controller (akin to virtio controllers) for Xen
paravirtual devices. Although all Xen VMs have a xenbus, it has
never been modeled in libvirt, or in Xen native VM config format
for that matter.
Recently there have been requests to support Xen's max_grant_frames
setting in libvirt. max_grant_frames is best modeled as an attribute
of xenbus. It describes the maximum IO buffer space (or DMA space)
available in xenbus for use by connected paravirtual devices. This
patch introduces a new xenbus controller type that includes a
maxGrantFrames attribute.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.1.0/docs/formatdomain.html.in
===================================================================
--- libvirt-5.1.0.orig/docs/formatdomain.html.in
+++ libvirt-5.1.0/docs/formatdomain.html.in
@@ -4108,6 +4108,7 @@
&lt;driver iothread='4'/&gt;
&lt;address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/&gt;
&lt;/controller&gt;
+ &lt;controller type='xenbus' maxGrantFrames='64'/&gt;
...
&lt;/devices&gt;
...</pre>
@@ -4155,6 +4156,11 @@
<dd><span class="since">Since 3.10.0</span> for the vbox driver, the
<code>ide</code> controller has an optional attribute
<code>model</code>, which is one of "piix3", "piix4" or "ich6".</dd>
+ <dt><code>xenbus</code></dt>
+ <dd><span class="since">Since 5.2.0</span>, the <code>xenbus</code>
+ controller has an optional attribute <code>maxGrantFrames</code>,
+ which specifies the maximum number of grant frames the controller
+ makes available for connected devices.</dd>
</dl>
<p>
Index: libvirt-5.1.0/docs/schemas/domaincommon.rng
===================================================================
--- libvirt-5.1.0.orig/docs/schemas/domaincommon.rng
+++ libvirt-5.1.0/docs/schemas/domaincommon.rng
@@ -2315,6 +2315,17 @@
</attribute>
</optional>
</group>
+ <!-- xenbus has an optional attribute "maxGrantFrames" -->
+ <group>
+ <attribute name="type">
+ <value>xenbus</value>
+ </attribute>
+ <optional>
+ <attribute name="maxGrantFrames">
+ <ref name="unsignedInt"/>
+ </attribute>
+ </optional>
+ </group>
</choice>
<optional>
<element name="driver">
Index: libvirt-5.1.0/src/conf/domain_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/conf/domain_conf.c
+++ libvirt-5.1.0/src/conf/domain_conf.c
@@ -347,6 +347,7 @@ VIR_ENUM_IMPL(virDomainController, VIR_D
"ccid",
"usb",
"pci",
+ "xenbus",
);
VIR_ENUM_IMPL(virDomainControllerModelPCI, VIR_DOMAIN_CONTROLLER_MODEL_PCI_LAST,
@@ -2041,6 +2042,9 @@ virDomainControllerDefNew(virDomainContr
def->opts.pciopts.targetIndex = -1;
def->opts.pciopts.numaNode = -1;
break;
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
+ def->opts.xenbusopts.maxGrantFrames = -1;
+ break;
case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
case VIR_DOMAIN_CONTROLLER_TYPE_SCSI:
@@ -10791,6 +10795,20 @@ virDomainControllerDefParseXML(virDomain
def->opts.pciopts.numaNode = numaNode;
}
break;
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: {
+ VIR_AUTOFREE(char *) gntframes = virXMLPropString(node, "maxGrantFrames");
+
+ if (gntframes) {
+ int r = virStrToLong_i(gntframes, NULL, 10,
+ &def->opts.xenbusopts.maxGrantFrames);
+ if (r != 0 || def->opts.xenbusopts.maxGrantFrames < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Invalid maxGrantFrames: %s"), gntframes);
+ goto error;
+ }
+ }
+ break;
+ }
default:
break;
@@ -24752,6 +24770,13 @@ virDomainControllerDefFormat(virBufferPt
}
break;
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
+ if (def->opts.xenbusopts.maxGrantFrames != -1) {
+ virBufferAsprintf(buf, " maxGrantFrames='%d'",
+ def->opts.xenbusopts.maxGrantFrames);
+ }
+ break;
+
default:
break;
}
Index: libvirt-5.1.0/src/conf/domain_conf.h
===================================================================
--- libvirt-5.1.0.orig/src/conf/domain_conf.h
+++ libvirt-5.1.0/src/conf/domain_conf.h
@@ -687,6 +687,7 @@ typedef enum {
VIR_DOMAIN_CONTROLLER_TYPE_CCID,
VIR_DOMAIN_CONTROLLER_TYPE_USB,
VIR_DOMAIN_CONTROLLER_TYPE_PCI,
+ VIR_DOMAIN_CONTROLLER_TYPE_XENBUS,
VIR_DOMAIN_CONTROLLER_TYPE_LAST
} virDomainControllerType;
@@ -819,6 +820,12 @@ struct _virDomainUSBControllerOpts {
int ports; /* -1 == undef */
};
+typedef struct _virDomainXenbusControllerOpts virDomainXenbusControllerOpts;
+typedef virDomainXenbusControllerOpts *virDomainXenbusControllerOptsPtr;
+struct _virDomainXenbusControllerOpts {
+ int maxGrantFrames; /* -1 == undef */
+};
+
/* Stores the virtual disk controller configuration */
struct _virDomainControllerDef {
int type;
@@ -833,6 +840,7 @@ struct _virDomainControllerDef {
virDomainVirtioSerialOpts vioserial;
virDomainPCIControllerOpts pciopts;
virDomainUSBControllerOpts usbopts;
+ virDomainXenbusControllerOpts xenbusopts;
} opts;
virDomainDeviceInfo info;
virDomainVirtioOptionsPtr virtio;
Index: libvirt-5.1.0/src/qemu/qemu_command.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_command.c
+++ libvirt-5.1.0/src/qemu/qemu_command.c
@@ -3024,6 +3024,7 @@ qemuBuildControllerDevStr(const virDomai
case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
case VIR_DOMAIN_CONTROLLER_TYPE_LAST:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unsupported controller type: %s"),
Index: libvirt-5.1.0/src/qemu/qemu_domain.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_domain.c
+++ libvirt-5.1.0/src/qemu/qemu_domain.c
@@ -5841,6 +5841,7 @@ qemuDomainDeviceDefValidateController(co
case VIR_DOMAIN_CONTROLLER_TYPE_VIRTIO_SERIAL:
case VIR_DOMAIN_CONTROLLER_TYPE_CCID:
case VIR_DOMAIN_CONTROLLER_TYPE_USB:
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
case VIR_DOMAIN_CONTROLLER_TYPE_LAST:
break;
}
@@ -6459,6 +6460,7 @@ qemuDomainControllerDefPostParse(virDoma
case VIR_DOMAIN_CONTROLLER_TYPE_CCID:
case VIR_DOMAIN_CONTROLLER_TYPE_IDE:
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
case VIR_DOMAIN_CONTROLLER_TYPE_LAST:
break;
}
Index: libvirt-5.1.0/src/qemu/qemu_domain_address.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_domain_address.c
+++ libvirt-5.1.0/src/qemu/qemu_domain_address.c
@@ -669,6 +669,7 @@ qemuDomainDeviceCalculatePCIConnectFlags
case VIR_DOMAIN_CONTROLLER_TYPE_FDC:
case VIR_DOMAIN_CONTROLLER_TYPE_CCID:
+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS:
case VIR_DOMAIN_CONTROLLER_TYPE_LAST:
/* should be 0 */
return pciFlags;

View File

@ -1,45 +0,0 @@
commit 411cdaf884f35b8dac2be17fcc24e052e11b7d60
Author: Jim Fehlig <jfehlig@suse.com>
Date: Fri Mar 1 14:34:17 2019 -0700
apparmor: Check libvirtd profile status by name
Commit a3ab6d42 changed the libvirtd profile to a named profile,
breaking the apparmor driver's ability to detect if the profile is
active. When the apparmor driver loads it checks the status of the
libvirtd profile using the full binary path, which fails since the
profile is now referenced by name. If the apparmor driver is
explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails
to load too.
Instead of only checking the profile status by full binary path,
also check by profile name. The full path check is retained in case
users have a customized libvirtd profile with full path.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Index: libvirt-5.1.0/src/security/security_apparmor.c
===================================================================
--- libvirt-5.1.0.orig/src/security/security_apparmor.c
+++ libvirt-5.1.0/src/security/security_apparmor.c
@@ -257,10 +257,16 @@ use_apparmor(void)
if (access(APPARMOR_PROFILES_PATH, R_OK) != 0)
goto cleanup;
+ /* First check profile status using full binary path. If that fails
+ * check using profile name.
+ */
rc = profile_status(libvirt_daemon, 1);
- /* Error or unconfined should all result in -1*/
- if (rc < 0)
- rc = -1;
+ if (rc < 0) {
+ rc = profile_status("libvirtd", 1);
+ /* Error or unconfined should all result in -1*/
+ if (rc < 0)
+ rc = -1;
+ }
cleanup:
VIR_FREE(libvirt_daemon);

View File

@ -1,33 +0,0 @@
commit 4ec3cf9a0fc3d76058ea363a6c35df19e67e6261
Author: Jim Fehlig <jfehlig@suse.com>
Date: Fri Mar 1 15:05:36 2019 -0700
apparmor: Add ptrace and signal rules for named profile
Commit a3ab6d42 changed the libvirtd profile to a named profile
but neglected to accommodate the change in the qemu profile
ptrace and signal rules. As a result, libvirtd is unable to
signal confined qemu processes and hence unable to shutdown
or destroy VMs.
Add ptrace and signal rules that reference the libvirtd profile
by name in addition to full binary path.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
@@ -16,8 +16,10 @@
network inet stream,
network inet6 stream,
+ ptrace (readby, tracedby) peer=libvirtd,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
+ signal (receive) peer=libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw,

View File

@ -1,170 +0,0 @@
commit 5a64c202ccdac82f5868e638e5619e2b48c0444b
Author: Jim Fehlig <jfehlig@suse.com>
Date: Fri Mar 8 11:51:57 2019 -0700
xenconfig: Add support for max_grant_frames
Add support in the domXML<->native config converter for
max_grant_frames. Include a test for the conversion.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.1.0/src/xenconfig/xen_xl.c
===================================================================
--- libvirt-5.1.0.orig/src/xenconfig/xen_xl.c
+++ libvirt-5.1.0/src/xenconfig/xen_xl.c
@@ -607,6 +607,34 @@ xenParseXLVnuma(virConfPtr conf,
}
#endif
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+static int
+xenParseXLGntLimits(virConfPtr conf, virDomainDefPtr def)
+{
+ unsigned long max_gntframes;
+ int ctlr_idx;
+ virDomainControllerDefPtr xenbus_ctlr;
+
+ if (xenConfigGetULong(conf, "max_grant_frames", &max_gntframes, 0) < 0)
+ return -1;
+
+ if (max_gntframes <= 0)
+ return 0;
+
+ ctlr_idx = virDomainControllerFindByType(def, VIR_DOMAIN_CONTROLLER_TYPE_XENBUS);
+ if (ctlr_idx == -1)
+ xenbus_ctlr = virDomainDefAddController(def, VIR_DOMAIN_CONTROLLER_TYPE_XENBUS, -1, -1);
+ else
+ xenbus_ctlr = def->controllers[ctlr_idx];
+
+ if (xenbus_ctlr == NULL)
+ return -1;
+
+ xenbus_ctlr->opts.xenbusopts.maxGrantFrames = max_gntframes;
+ return 0;
+}
+#endif
+
static int
xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr)
{
@@ -1165,6 +1193,11 @@ xenParseXL(virConfPtr conf,
goto cleanup;
#endif
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ if (xenParseXLGntLimits(conf, def) < 0)
+ goto cleanup;
+#endif
+
if (xenParseXLCPUID(conf, def) < 0)
goto cleanup;
@@ -1517,6 +1550,24 @@ xenFormatXLDomainVnuma(virConfPtr conf,
}
#endif
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+static int
+xenFormatXLGntLimits(virConfPtr conf, virDomainDefPtr def)
+{
+ size_t i;
+
+ for (i = 0; i < def->ncontrollers; i++) {
+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS &&
+ def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0) {
+ if (xenConfigSetInt(conf, "max_grant_frames",
+ def->controllers[i]->opts.xenbusopts.maxGrantFrames) < 0)
+ return -1;
+ }
+ }
+ return 0;
+}
+#endif
+
static char *
xenFormatXLDiskSrcNet(virStorageSourcePtr src)
{
@@ -2166,6 +2217,11 @@ xenFormatXL(virDomainDefPtr def, virConn
goto cleanup;
#endif
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ if (xenFormatXLGntLimits(conf, def) < 0)
+ goto cleanup;
+#endif
+
if (xenFormatXLDomainDisks(conf, def) < 0)
goto cleanup;
Index: libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.cfg
===================================================================
--- /dev/null
+++ libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.cfg
@@ -0,0 +1,13 @@
+name = "XenGuest1"
+uuid = "45b60f51-88a9-47a8-a3b3-5e66d71b2283"
+maxmem = 512
+memory = 512
+vcpus = 1
+localtime = 0
+on_poweroff = "preserve"
+on_reboot = "restart"
+on_crash = "preserve"
+vif = [ "mac=5a:36:0e:be:00:09" ]
+bootloader = "/usr/bin/pygrub"
+max_grant_frames = 64
+disk = [ "format=qcow2,vdev=xvda,access=rw,backendtype=qdisk,target=/var/lib/xen/images/debian/disk.qcow2" ]
Index: libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.xml
===================================================================
--- /dev/null
+++ libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.xml
@@ -0,0 +1,32 @@
+<domain type='xen'>
+ <name>XenGuest1</name>
+ <uuid>45b60f51-88a9-47a8-a3b3-5e66d71b2283</uuid>
+ <memory unit='KiB'>524288</memory>
+ <currentMemory unit='KiB'>524288</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <bootloader>/usr/bin/pygrub</bootloader>
+ <os>
+ <type arch='x86_64' machine='xenpv'>linux</type>
+ </os>
+ <clock offset='utc' adjustment='reset'/>
+ <on_poweroff>preserve</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>preserve</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='qcow2'/>
+ <source file='/var/lib/xen/images/debian/disk.qcow2'/>
+ <target dev='xvda' bus='xen'/>
+ </disk>
+ <controller type='xenbus' index='0' maxGrantFrames='64'/>
+ <interface type='ethernet'>
+ <mac address='5a:36:0e:be:00:09'/>
+ </interface>
+ <console type='pty'>
+ <target type='xen' port='0'/>
+ </console>
+ <input type='mouse' bus='xen'/>
+ <input type='keyboard' bus='xen'/>
+ <memballoon model='xen'/>
+ </devices>
+</domain>
Index: libvirt-5.1.0/tests/xlconfigtest.c
===================================================================
--- libvirt-5.1.0.orig/tests/xlconfigtest.c
+++ libvirt-5.1.0/tests/xlconfigtest.c
@@ -299,6 +299,10 @@ mymain(void)
DO_TEST_FORMAT("fullvirt-direct-kernel-boot-extra", false);
DO_TEST_FORMAT("fullvirt-direct-kernel-boot-bogus-extra", false);
#endif
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ DO_TEST("max-gntframes");
+#endif
+
DO_TEST("vif-typename");
DO_TEST("vif-multi-ip");
DO_TEST("usb");

View File

@ -1,38 +0,0 @@
commit 696239ba6f83c65ded476e87d3ba77b424e16fd1
Author: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Date: Fri Mar 1 11:29:51 2019 +0100
qemu: Fix query-cpus-fast target architecture detection
Since qemu 2.13 reports the target architecture in a property called
'target' additionally to the property 'arch', that has been used in
qemu 2.12 in the response data of 'query-cpus-fast'.
Libvirts monitor code prefers the 'target' property over 'arch'.
At least for s390(x), target is reported as 's390x' while arch is 's390'.
In a later step a comparison is performed against 's390' which fails for
qemu 2.13 and later.
In consequence the architecture specific data for s390 won't be extracted
from the returned data, leading to incorrect values being reported by
virsh domstats --vcpu.
Changing to check explicitly for 's390' and 's390x'.
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Reviewed-by: Bjoern Walk <bwalk@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Index: libvirt-5.1.0/src/qemu/qemu_monitor_json.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_monitor_json.c
+++ libvirt-5.1.0/src/qemu/qemu_monitor_json.c
@@ -1772,7 +1772,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONVal
goto cleanup;
/* process optional architecture-specific data */
- if (STREQ_NULLABLE(arch, "s390"))
+ if (STREQ_NULLABLE(arch, "s390") || STREQ_NULLABLE(arch, "s390x"))
qemuMonitorJSONExtractCPUS390Info(entry, cpus + i);
}

26
CVE-2019-3886-api.patch Normal file
View File

@ -0,0 +1,26 @@
commit 69f94df6afe2ea8e2034903d6423c783e0c535e8
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Wed Apr 3 15:00:49 2019 +0100
api: disallow virDomainGetHostname for read-only connections
The virDomainGetHostname API is fetching guest information and this may
involve use of an untrusted guest agent. As such its use must be
forbidden on a read-only connection to libvirt.
Fixes CVE-2019-3886
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.2.0/src/libvirt-domain.c
===================================================================
--- libvirt-5.2.0.orig/src/libvirt-domain.c
+++ libvirt-5.2.0/src/libvirt-domain.c
@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain
virCheckDomainReturn(domain, NULL);
conn = domain->conn;
+ virCheckReadOnlyGoto(domain->conn->flags, error);
+
if (conn->driver->domainGetHostname) {
char *ret;
ret = conn->driver->domainGetHostname(domain, flags);

View File

@ -0,0 +1,35 @@
commit 9737baf530d80eff19d46a5feb130d3064d47d64
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Wed Apr 3 15:00:50 2019 +0100
remote: enforce ACL write permission for getting guest time & hostname
Getting the guest time and hostname both require use of guest agent
commands. These must not be allowed for read-only users, so the
permissions check must validate "write" permission not "read".
Fixes CVE-2019-3886
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.2.0/src/remote/remote_protocol.x
===================================================================
--- libvirt-5.2.0.orig/src/remote/remote_protocol.x
+++ libvirt-5.2.0/src/remote/remote_protocol.x
@@ -5513,7 +5513,7 @@ enum remote_procedure {
/**
* @generate: both
- * @acl: domain:read
+ * @acl: domain:write
*/
REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
@@ -5908,7 +5908,7 @@ enum remote_procedure {
/**
* @generate: none
- * @acl: domain:read
+ * @acl: domain:write
*/
REMOTE_PROC_DOMAIN_GET_TIME = 337,

View File

@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu <cyliu@suse.com>
src/qemu/qemu_driver.c | 7 +++++++
1 file changed, 7 insertions(+)
Index: libvirt-5.1.0/src/qemu/qemu_driver.c
Index: libvirt-5.2.0/src/qemu/qemu_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c
+++ libvirt-5.1.0/src/qemu/qemu_driver.c
@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c
+++ libvirt-5.2.0/src/qemu/qemu_driver.c
@@ -17735,6 +17735,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
goto endjob;
}

View File

@ -1,184 +0,0 @@
commit ec5a11910d12f80e26f5d9905840c109e74939db
Author: Jim Fehlig <jfehlig@suse.com>
Date: Thu Mar 7 15:16:09 2019 -0700
libxl: Add support for max_grant_frames
Add support for setting max_grant_frames in libxl domain config
object and include a test to check that it is properly converted
from XML to libxl domain config.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
@@ -393,6 +393,15 @@ libxlMakeDomBuildInfo(virDomainDefPtr de
def->mem.cur_balloon = VIR_ROUND_UP(def->mem.cur_balloon, 1024);
b_info->max_memkb = virDomainDefGetMemoryInitial(def);
b_info->target_memkb = def->mem.cur_balloon;
+
+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ for (i = 0; i < def->ncontrollers; i++) {
+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS &&
+ def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0)
+ b_info->max_grant_frames = def->controllers[i]->opts.xenbusopts.maxGrantFrames;
+ }
+#endif
+
if (hvm || pvh) {
if (caps &&
def->cpu && def->cpu->mode == (VIR_CPU_MODE_HOST_PASSTHROUGH)) {
Index: libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.json
===================================================================
--- /dev/null
+++ libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.json
@@ -0,0 +1,90 @@
+{
+ "c_info": {
+ "type": "hvm",
+ "name": "test-hvm",
+ "uuid": "2147d599-9cc6-c0dc-92ab-4064b5446e9b"
+ },
+ "b_info": {
+ "max_vcpus": 4,
+ "avail_vcpus": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "max_memkb": 1048576,
+ "target_memkb": 1048576,
+ "video_memkb": 8192,
+ "shadow_memkb": 12288,
+ "max_grant_frames": 64,
+ "device_model_version": "qemu_xen",
+ "device_model": "/bin/true",
+ "sched_params": {
+
+ },
+ "type.hvm": {
+ "pae": "True",
+ "apic": "True",
+ "acpi": "True",
+ "vga": {
+ "kind": "cirrus"
+ },
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ },
+ "spice": {
+
+ },
+ "boot": "c",
+ "rdm": {
+
+ }
+ },
+ "arch_arm": {
+
+ }
+ },
+ "disks": [
+ {
+ "pdev_path": "/var/lib/xen/images/test-hvm.img",
+ "vdev": "hda",
+ "backend": "qdisk",
+ "format": "raw",
+ "removable": 1,
+ "readwrite": 1
+ }
+ ],
+ "nics": [
+ {
+ "devid": 0,
+ "mac": "00:16:3e:66:12:b4",
+ "bridge": "br0",
+ "script": "/etc/xen/scripts/vif-bridge",
+ "nictype": "vif_ioemu"
+ }
+ ],
+ "vfbs": [
+ {
+ "devid": -1,
+ "vnc": {
+ "enable": "True",
+ "listen": "0.0.0.0",
+ "findunused": "False"
+ },
+ "sdl": {
+ "enable": "False"
+ }
+ }
+ ],
+ "vkbs": [
+ {
+ "devid": -1
+ }
+ ],
+ "on_reboot": "restart"
+}
Index: libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.xml
===================================================================
--- /dev/null
+++ libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.xml
@@ -0,0 +1,37 @@
+<domain type='xen'>
+ <name>test-hvm</name>
+ <description>None</description>
+ <uuid>2147d599-9cc6-c0dc-92ab-4064b5446e9b</uuid>
+ <memory>1048576</memory>
+ <currentMemory>1048576</currentMemory>
+ <vcpu>4</vcpu>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <clock offset='utc'/>
+ <os>
+ <type>hvm</type>
+ <loader>/usr/lib/xen/boot/hvmloader</loader>
+ <boot dev='hd'/>
+ </os>
+ <features>
+ <apic/>
+ <acpi/>
+ <pae/>
+ </features>
+ <devices>
+ <emulator>/bin/true</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu'/>
+ <source file='/var/lib/xen/images/test-hvm.img'/>
+ <target dev='hda'/>
+ </disk>
+ <controller type='xenbus' maxGrantFrames='64'/>
+ <interface type='bridge'>
+ <source bridge='br0'/>
+ <mac address='00:16:3e:66:12:b4'/>
+ <script path='/etc/xen/scripts/vif-bridge'/>
+ </interface>
+ <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'/>
+ </devices>
+</domain>
Index: libvirt-5.1.0/tests/libxlxml2domconfigtest.c
===================================================================
--- libvirt-5.1.0.orig/tests/libxlxml2domconfigtest.c
+++ libvirt-5.1.0/tests/libxlxml2domconfigtest.c
@@ -217,6 +217,9 @@ mymain(void)
DO_TEST("fullvirt-cpuid-legacy-nest");
# endif
+# ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS
+ DO_TEST("max-gntframes-hvm");
+# endif
unlink("libxl-driver.log");

View File

@ -1,38 +0,0 @@
commit f38ef0fac0582ac0cbb749af9d3f8ba515a6084a
Author: Pavel Hrdina <phrdina@redhat.com>
Date: Thu Mar 7 17:52:55 2019 +0100
util: skip RDMA detection for non-PCI network devices
Only PCI devices have '/sys/class/net/<ifname>/device/resource' so we
need to skip this check for all other network devices.
Without this patch and RDMA enabled libvirt will not detect any network
device that doesn't have the path above which includes 'lo', 'virbr',
'tun', etc.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639258
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Index: libvirt-5.1.0/src/util/virnetdev.c
===================================================================
--- libvirt-5.1.0.orig/src/util/virnetdev.c
+++ libvirt-5.1.0/src/util/virnetdev.c
@@ -2914,8 +2914,14 @@ virNetDevRDMAFeature(const char *ifname,
if (virAsprintf(&eth_devpath, SYSFS_NET_DIR "%s/device/resource", ifname) < 0)
goto cleanup;
- if (!virFileExists(eth_devpath))
+
+ /* If /sys/class/net/<ifname>/device/resource doesn't exist it is not a PCI
+ * device and therefore it will not have RDMA. */
+ if (!virFileExists(eth_devpath)) {
+ ret = 0;
goto cleanup;
+ }
+
if (virFileReadAll(eth_devpath, RESOURCE_FILE_LEN, &eth_res_buf) < 0)
goto cleanup;

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:26f97a53d3172f07f8b63884d845ed71307c4675dc4e1b281c59d253e1e323ab
size 14893608

View File

@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJcfPYaAAoJEBVYiyZZa+pdr5QH/iyjpJYjAebt3UM8JO6b83gu
ybcvvYyQEWQGK7afPYXdhOhgCA99Wn7oJc/+IcUufFVhzOrcJyLRgb+M7FRgtOrt
BiUswGkYFOUIwBUDnT6Ynxtdl6ESAJJGhzXPFpUShyhxrHPh0Jr77sRJfgz93U/9
t1IZ133EVm+Eynqejb5BDponPc28/1CsI37UL7ogCCFKNN0QTGBjkkXfGlD3FAtk
zVYdl88e4MTW73d7EmK3I/zum0Wojp8HTD+RH69TjHt3ozoSFYvQHwlKxafNC6Mo
1hR7QbpSAO2cA27waINUbtRHnEabiNgv9MlrJ54kDiFoUlJWeH7frzR6uNIRHjc=
=13hI
-----END PGP SIGNATURE-----

3
libvirt-5.2.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e51cfb41afe629ce0d46fb93182a4f4ae0c151490db97c49f722756e1154e63f
size 14992888

10
libvirt-5.2.0.tar.xz.asc Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJcpGGWAAoJEBVYiyZZa+pd7PsH/1dyb1XN36aF9mugMQcB5h7g
IiC0zfP+4pjrckaxEqDnLICEk/fPz97RPR4Rb/RmDJAPCSyvYE+UdM1Bj6LBgGa0
3v/4pPIdkXTxL/My/FN9KloWtln85Z6XYYhHN8lfkTTflnWEpleiBk19M79etHOs
UyAUDezv2eIhZmerhZZSMNlU08ZGL5c9YKyKl9P3ZP5HrntQFHW+yhvEFpQxu449
RogZWidY2XWuUpjO79WrUrLiL4xSk4i+RUNydOB6rHK9aprSg0mscQfEimTjJR83
ThNf2xV26GyBeCkkOqcKbj34sroKMIbZC0QzMgO4ZEjfFF6jVUUq5CD9LTJ0AeI=
=dDMF
-----END PGP SIGNATURE-----

View File

@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML
From: <ro@suse.de>
Index: libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
Index: libvirt-5.2.0/src/cpu_map/ppc64_POWER8.xml
===================================================================
--- libvirt-5.1.0.orig/src/cpu_map/ppc64_POWER8.xml
+++ libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml
--- libvirt-5.2.0.orig/src/cpu_map/ppc64_POWER8.xml
+++ libvirt-5.2.0/src/cpu_map/ppc64_POWER8.xml
@@ -4,5 +4,7 @@
<pvr value='0x004b0000' mask='0xffff0000'/>
<pvr value='0x004c0000' mask='0xffff0000'/>

View File

@ -1,7 +1,7 @@
Index: libvirt-5.1.0/configure.ac
Index: libvirt-5.2.0/configure.ac
===================================================================
--- libvirt-5.1.0.orig/configure.ac
+++ libvirt-5.1.0/configure.ac
--- libvirt-5.2.0.orig/configure.ac
+++ libvirt-5.2.0/configure.ac
@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
LIBVIRT_ARG_LIBXML
LIBVIRT_ARG_MACVTAP
@ -18,7 +18,7 @@ Index: libvirt-5.1.0/configure.ac
LIBVIRT_CHECK_NLS
LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_NWFILTER
@@ -1015,6 +1017,7 @@ LIBVIRT_RESULT_LIBXL
@@ -998,6 +1000,7 @@ LIBVIRT_RESULT_LIBXL
LIBVIRT_RESULT_LIBXML
LIBVIRT_RESULT_MACVTAP
LIBVIRT_RESULT_NETCF
@ -26,10 +26,10 @@ Index: libvirt-5.1.0/configure.ac
LIBVIRT_RESULT_NLS
LIBVIRT_RESULT_NSS
LIBVIRT_RESULT_NUMACTL
Index: libvirt-5.1.0/tools/virsh.c
Index: libvirt-5.2.0/tools/virsh.c
===================================================================
--- libvirt-5.1.0.orig/tools/virsh.c
+++ libvirt-5.1.0/tools/virsh.c
--- libvirt-5.2.0.orig/tools/virsh.c
+++ libvirt-5.2.0/tools/virsh.c
@@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
@ -39,10 +39,10 @@ Index: libvirt-5.1.0/tools/virsh.c
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c
Index: libvirt-5.2.0/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-5.1.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-5.1.0/src/interface/interface_backend_netcf.c
--- libvirt-5.2.0.orig/src/interface/interface_backend_netcf.c
+++ libvirt-5.2.0/src/interface/interface_backend_netcf.c
@@ -21,7 +21,12 @@
#include <config.h>
@ -126,10 +126,10 @@ Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c
if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0)
return -1;
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
Index: libvirt-5.1.0/src/interface/interface_driver.c
Index: libvirt-5.2.0/src/interface/interface_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/interface/interface_driver.c
+++ libvirt-5.1.0/src/interface/interface_driver.c
--- libvirt-5.2.0.orig/src/interface/interface_driver.c
+++ libvirt-5.2.0/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
@ -147,10 +147,10 @@ Index: libvirt-5.1.0/src/interface/interface_driver.c
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-5.1.0/m4/virt-netcontrol.m4
Index: libvirt-5.2.0/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-5.1.0/m4/virt-netcontrol.m4
+++ libvirt-5.2.0/m4/virt-netcontrol.m4
@@ -0,0 +1,39 @@
+dnl The libnetcontrol library
+dnl
@ -191,10 +191,10 @@ Index: libvirt-5.1.0/m4/virt-netcontrol.m4
+AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
+ LIBVIRT_RESULT_LIB([NETCONTROL])
+])
Index: libvirt-5.1.0/src/interface/Makefile.inc.am
Index: libvirt-5.2.0/src/interface/Makefile.inc.am
===================================================================
--- libvirt-5.1.0.orig/src/interface/Makefile.inc.am
+++ libvirt-5.1.0/src/interface/Makefile.inc.am
--- libvirt-5.2.0.orig/src/interface/Makefile.inc.am
+++ libvirt-5.2.0/src/interface/Makefile.inc.am
@@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \
$(NULL)

View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Fri Apr 5 19:58:10 UTC 2019 - James Fehlig <jfehlig@suse.com>
- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime
for read-only connections and users
CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch
bsc#1131595
- spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch
touches remote_protocol.x
-------------------------------------------------------------------
Wed Apr 3 18:08:00 UTC 2019 - Jim Fehlig <jfehlig@suse.com>
- Update to libvirt 5.2.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
4ec3cf9a-apparmor-rules.patch,
f38ef0fa-no-RDMA-check.patch,
411cdaf8-apparmor-check-profile-name.patch,
696239ba-qemu-fix-query-cpus-fast.patch,
09eb1ae0-conf-add-xenbus-controller.patch,
fb059757-libxl-add-xenbus-controller.patch,
ec5a1191-libxl-support-max-grant-frames.patch,
5a64c202-xenconfig-support-max-grant-frames.patch
- Added patches:
ff376c62-tests-fix-mocking-stat-lstat.patch,
mprivozn-test-fix-proposal.patch
-------------------------------------------------------------------
Thu Mar 21 21:40:06 UTC 2019 - James Fehlig <jfehlig@suse.com>

View File

@ -183,7 +183,7 @@
Name: libvirt
Url: http://libvirt.org/
Version: 5.1.0
Version: 5.2.0
Release: 0
Summary: Library providing a virtualization API
License: LGPL-2.1-or-later
@ -246,6 +246,8 @@ BuildRequires: readline-devel
# perl XPath is needed since we have a patch touching files that cause
# hvsupport.html to be regenerated
BuildRequires: perl(XML::XPath)
# rpcgen is needed since we have a patch touching remote_protocol.x
BuildRequires: rpcgen
# For pool-build probing for existing pools
BuildRequires: libblkid-devel >= 2.17
BuildRequires: libpciaccess0-devel >= 0.10.9
@ -285,6 +287,8 @@ BuildRequires: libiscsi-devel
BuildRequires: parted-devel
# For Multipath support
BuildRequires: device-mapper-devel
# For XFS reflink clone support
BuildRequires: xfsprogs-devel
%if %{with_storage_rbd}
BuildRequires: %{with_rbd_lib}
%endif
@ -333,17 +337,13 @@ Source6: libvirtd-relocation-server.xml
Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: 4ec3cf9a-apparmor-rules.patch
Patch1: f38ef0fa-no-RDMA-check.patch
Patch2: 411cdaf8-apparmor-check-profile-name.patch
Patch3: 696239ba-qemu-fix-query-cpus-fast.patch
Patch4: 09eb1ae0-conf-add-xenbus-controller.patch
Patch5: fb059757-libxl-add-xenbus-controller.patch
Patch6: ec5a1191-libxl-support-max-grant-frames.patch
Patch7: 5a64c202-xenconfig-support-max-grant-frames.patch
Patch0: ff376c62-tests-fix-mocking-stat-lstat.patch
Patch1: CVE-2019-3886-api.patch
Patch2: CVE-2019-3886-remote.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
Patch102: mprivozn-test-fix-proposal.patch
# Need to go upstream
Patch150: xen-pv-cdrom.patch
Patch151: blockcopy-check-dst-identical-device.patch
@ -877,13 +877,9 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1
@ -1231,19 +1227,32 @@ mv %{buildroot}/%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \
%check
cd tests
SKIP_TESTS=""
SKIP_C_TESTS=""
SKIP_SCRIPT_TESTS=""
# These tests don't current work in a mock build root
# virnetsockettest: needs unsupported linux-user syscalls
SKIP_TESTS="$SKIP_TESTS virnetsockettest"
SKIP_C_TESTS="$SKIP_TESTS virnetsockettest"
# virportallocatortest fails on aarch64 due to unsupported IPV6_V6ONLY flag
%ifarch aarch64
SKIP_TESTS="$SKIP_TESTS virportallocatortest"
SKIP_C_TESTS="$SKIP_TESTS virportallocatortest"
%endif
for i in $SKIP_TESTS
# Temporarily remove the snapshot tests until they stabilize
SKIP_SCRIPT_TESTS="$SKIP_SCRIPT_TESTS virsh-snapshot"
# Remove tests that dont work on 32-bit arch
#%ifarch %{ix86} armv7l
#SKIP_C_TESTS="$SKIP_C_TESTS qemufirmwaretest"
#%endif
for i in $SKIP_C_TESTS
do
rm -f $i
printf 'int main(void) { return 0; }' > $i.c
done
for i in $SKIP_SCRIPT_TESTS
do
rm -f $i
printf '#!/bin/sh\n exit 0\n' > $i
chmod +x $i
done
make %{?_smp_mflags}
if ! make %{?_smp_mflags} check VIR_TEST_DEBUG=1
@ -1640,6 +1649,7 @@ fi
%{_datadir}/%{name}/schemas/secret.rng
%{_datadir}/%{name}/schemas/storagecommon.rng
%{_datadir}/%{name}/schemas/storagepool.rng
%{_datadir}/%{name}/schemas/storagepoolcaps.rng
%{_datadir}/%{name}/schemas/storagevol.rng
%{_datadir}/%{name}/cpu_map/*.xml
%{_datadir}/%{name}/test-screenshot.png

View File

@ -8,11 +8,11 @@ Date: Mon Jun 23 15:51:20 2014 -0600
option, but domainReset can be implemented in the libxl driver by
forcibly destroying the domain and starting it again.
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
Index: libvirt-5.2.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -1350,6 +1350,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.2.0/src/libxl/libxl_driver.c
@@ -1343,6 +1343,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
}
static int
@ -74,7 +74,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c
libxlDomainDestroyFlags(virDomainPtr dom,
unsigned int flags)
{
@@ -6511,6 +6566,7 @@ static virHypervisorDriver libxlHypervis
@@ -6504,6 +6559,7 @@ static virHypervisorDriver libxlHypervis
.domainShutdown = libxlDomainShutdown, /* 0.9.0 */
.domainShutdownFlags = libxlDomainShutdownFlags, /* 0.9.10 */
.domainReboot = libxlDomainReboot, /* 0.9.0 */

View File

@ -3,11 +3,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
Index: libvirt-5.2.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
@@ -893,6 +893,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.2.0/src/libxl/libxl_conf.c
@@ -895,6 +895,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
@ -38,7 +38,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
static char *
libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
const char *username,
@@ -1141,6 +1165,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -1143,6 +1167,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;

View File

@ -16,13 +16,13 @@ Signed-off-by: Jim Fehlig <jfehlig@suse.com>
tools/virsh.pod | 8 ++++++++
6 files changed, 125 insertions(+), 6 deletions(-)
Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h
Index: libvirt-5.2.0/include/libvirt/libvirt-domain.h
===================================================================
--- libvirt-5.1.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-5.1.0/include/libvirt/libvirt-domain.h
@@ -1025,6 +1025,31 @@ typedef enum {
--- libvirt-5.2.0.orig/include/libvirt/libvirt-domain.h
+++ libvirt-5.2.0/include/libvirt/libvirt-domain.h
@@ -1039,6 +1039,31 @@ typedef enum {
*/
# define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment"
# define VIR_MIGRATE_PARAM_PARALLEL_CONNECTIONS "parallel.connections"
+/**
+ * VIR_MIGRATE_PARAM_SUSE_MAX_ITERS:
@ -52,11 +52,11 @@ Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h
/* Domain migration. */
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
unsigned long flags, const char *dname,
Index: libvirt-5.1.0/src/libxl/libxl_driver.c
Index: libvirt-5.2.0/src/libxl/libxl_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.1.0/src/libxl/libxl_driver.c
@@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma
--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c
+++ libvirt-5.2.0/src/libxl/libxl_driver.c
@@ -6111,6 +6111,9 @@ libxlDomainMigratePerform3Params(virDoma
const char *dname = NULL;
const char *uri = NULL;
int ret = -1;
@ -66,7 +66,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c
#ifdef LIBXL_HAVE_NO_SUSPEND_RESUME
virReportUnsupportedError();
@@ -6134,6 +6137,18 @@ libxlDomainMigratePerform3Params(virDoma
@@ -6127,6 +6130,18 @@ libxlDomainMigratePerform3Params(virDoma
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_DEST_NAME,
&dname) < 0 ||
@ -85,7 +85,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c
virTypedParamsGetString(params, nparams,
VIR_MIGRATE_PARAM_URI,
&uri) < 0)
@@ -6148,11 +6163,11 @@ libxlDomainMigratePerform3Params(virDoma
@@ -6141,11 +6156,11 @@ libxlDomainMigratePerform3Params(virDoma
if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) {
if (libxlDomainMigrationSrcPerformP2P(driver, vm, dom->conn, dom_xml,
@ -99,10 +99,10 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c
goto cleanup;
}
Index: libvirt-5.1.0/src/libxl/libxl_migration.c
Index: libvirt-5.2.0/src/libxl/libxl_migration.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_migration.c
+++ libvirt-5.1.0/src/libxl/libxl_migration.c
--- libvirt-5.2.0.orig/src/libxl/libxl_migration.c
+++ libvirt-5.2.0/src/libxl/libxl_migration.c
@@ -342,18 +342,39 @@ libxlMigrateDstReceive(virNetSocketPtr s
static int
libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver,
@ -264,10 +264,10 @@ Index: libvirt-5.1.0/src/libxl/libxl_migration.c
virObjectLock(vm);
if (ret < 0) {
Index: libvirt-5.1.0/src/libxl/libxl_migration.h
Index: libvirt-5.2.0/src/libxl/libxl_migration.h
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_migration.h
+++ libvirt-5.1.0/src/libxl/libxl_migration.h
--- libvirt-5.2.0.orig/src/libxl/libxl_migration.h
+++ libvirt-5.2.0/src/libxl/libxl_migration.h
@@ -36,6 +36,10 @@
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
@ -312,13 +312,13 @@ Index: libvirt-5.1.0/src/libxl/libxl_migration.h
virDomainPtr
libxlDomainMigrationDstFinish(virConnectPtr dconn,
Index: libvirt-5.1.0/tools/virsh-domain.c
Index: libvirt-5.2.0/tools/virsh-domain.c
===================================================================
--- libvirt-5.1.0.orig/tools/virsh-domain.c
+++ libvirt-5.1.0/tools/virsh-domain.c
@@ -10562,6 +10562,22 @@ static const vshCmdOptDef opts_migrate[]
--- libvirt-5.2.0.orig/tools/virsh-domain.c
+++ libvirt-5.2.0/tools/virsh-domain.c
@@ -10570,6 +10570,22 @@ static const vshCmdOptDef opts_migrate[]
.type = VSH_OT_INT,
.help = N_("post-copy migration bandwidth limit in MiB/s")
.help = N_("number of connections for parallel migration")
},
+ {.name = "max_iters",
+ .type = VSH_OT_INT,
@ -339,7 +339,7 @@ Index: libvirt-5.1.0/tools/virsh-domain.c
{.name = NULL}
};
@@ -10585,6 +10601,7 @@ doMigrate(void *opaque)
@@ -10593,6 +10609,7 @@ doMigrate(void *opaque)
unsigned long long ullOpt = 0;
int rv;
virConnectPtr dconn = data->dconn;
@ -347,7 +347,7 @@ Index: libvirt-5.1.0/tools/virsh-domain.c
sigemptyset(&sigmask);
sigaddset(&sigmask, SIGINT);
@@ -10704,6 +10721,27 @@ doMigrate(void *opaque)
@@ -10712,6 +10729,27 @@ doMigrate(void *opaque)
goto save_error;
}
@ -375,13 +375,13 @@ Index: libvirt-5.1.0/tools/virsh-domain.c
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
goto out;
if (opt) {
Index: libvirt-5.1.0/tools/virsh.pod
Index: libvirt-5.2.0/tools/virsh.pod
===================================================================
--- libvirt-5.1.0.orig/tools/virsh.pod
+++ libvirt-5.1.0/tools/virsh.pod
@@ -1998,6 +1998,14 @@ Providing I<--tls> causes the migration
the migration of the domain. Usage requires proper TLS setup for both source
and target.
--- libvirt-5.2.0.orig/tools/virsh.pod
+++ libvirt-5.2.0/tools/virsh.pod
@@ -2019,6 +2019,14 @@ I<--parallel-connections>. Parallel conn
network link between the source and the target and thus speeding up the
migration.
+SUSE-specific options for Xen: I<--max_iters> B<num> allows specifying the maximum
+number of iterations before final suspend. Default is 30. I<--max_factor> B<num>

View File

@ -7,11 +7,11 @@ and npiv.
For more details, see bsc#954872 and FATE#319810
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
Index: libvirt-5.2.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
@@ -893,6 +893,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.2.0/src/libxl/libxl_conf.c
@@ -895,6 +895,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
#endif
}
@ -37,7 +37,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
static void
libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
{
@@ -1038,6 +1057,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
@@ -1040,6 +1059,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
int
libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk)
{
@ -45,7 +45,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
const char *driver = virDomainDiskGetDriver(l_disk);
int format = virDomainDiskGetFormat(l_disk);
int actual_type = virStorageSourceGetActualType(l_disk->src);
@@ -1053,7 +1073,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -1055,7 +1075,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0)
return -1;
} else {
@ -54,7 +54,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
return -1;
}
@@ -1166,6 +1186,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
@@ -1168,6 +1188,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
return -1;
libxlDiskSetCacheMode(x_disk, l_disk->cachemode);

View File

@ -13,10 +13,10 @@ device with the same name that is being created.
src/lxc/lxc_process.c | 1 +
3 files changed, 4 insertions(+)
Index: libvirt-5.1.0/src/lxc/lxc_controller.c
Index: libvirt-5.2.0/src/lxc/lxc_controller.c
===================================================================
--- libvirt-5.1.0.orig/src/lxc/lxc_controller.c
+++ libvirt-5.1.0/src/lxc/lxc_controller.c
--- libvirt-5.2.0.orig/src/lxc/lxc_controller.c
+++ libvirt-5.2.0/src/lxc/lxc_controller.c
@@ -69,6 +69,7 @@
#include "rpc/virnetdaemon.h"
#include "virstring.h"
@ -33,10 +33,10 @@ Index: libvirt-5.1.0/src/lxc/lxc_controller.c
return ret;
}
Index: libvirt-5.1.0/src/lxc/lxc_driver.c
Index: libvirt-5.2.0/src/lxc/lxc_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c
+++ libvirt-5.1.0/src/lxc/lxc_driver.c
--- libvirt-5.2.0.orig/src/lxc/lxc_driver.c
+++ libvirt-5.2.0/src/lxc/lxc_driver.c
@@ -70,6 +70,7 @@
#include "virtime.h"
#include "virtypedparam.h"
@ -45,7 +45,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c
#include "virstring.h"
#include "viraccessapicheck.h"
#include "viraccessapichecklxc.h"
@@ -3930,6 +3931,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
@@ -3908,6 +3909,7 @@ lxcDomainAttachDeviceNetLive(virConnectP
case VIR_DOMAIN_NET_TYPE_NETWORK:
case VIR_DOMAIN_NET_TYPE_ETHERNET:
ignore_value(virNetDevVethDelete(veth));
@ -53,7 +53,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c
break;
case VIR_DOMAIN_NET_TYPE_DIRECT:
@@ -4373,6 +4375,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
@@ -4351,6 +4353,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb
virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
}
@ -61,10 +61,10 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c
break;
/* It'd be nice to support this, but with macvlan
Index: libvirt-5.1.0/src/lxc/lxc_process.c
Index: libvirt-5.2.0/src/lxc/lxc_process.c
===================================================================
--- libvirt-5.1.0.orig/src/lxc/lxc_process.c
+++ libvirt-5.1.0/src/lxc/lxc_process.c
--- libvirt-5.2.0.orig/src/lxc/lxc_process.c
+++ libvirt-5.2.0/src/lxc/lxc_process.c
@@ -51,6 +51,7 @@
#include "viratomic.h"
#include "virprocess.h"

View File

@ -0,0 +1,33 @@
Patch proposed by Michal on libvirt list
This patch fixes firmware test failures.
https://www.redhat.com/archives/libvir-list/2019-April/msg00156.html
Index: libvirt-5.2.0/src/qemu/qemu_firmware.c
===================================================================
--- libvirt-5.2.0.orig/src/qemu/qemu_firmware.c
+++ libvirt-5.2.0/src/qemu/qemu_firmware.c
@@ -924,8 +924,9 @@ qemuFirmwareBuildFileList(virHashTablePt
while ((rc = virDirRead(dirp, &ent, dir)) > 0) {
VIR_AUTOFREE(char *) filename = NULL;
VIR_AUTOFREE(char *) path = NULL;
+ struct stat sb;
- if (ent->d_type != DT_REG && ent->d_type != DT_LNK)
+ if (ent->d_type != DT_REG && ent->d_type != DT_LNK && ent->d_type != DT_UNKNOWN)
continue;
if (STRPREFIX(ent->d_name, "."))
@@ -937,6 +938,11 @@ qemuFirmwareBuildFileList(virHashTablePt
if (virAsprintf(&path, "%s/%s", dir, filename) < 0)
goto cleanup;
+ if (ent->d_type == DT_UNKNOWN &&
+ stat(path, &sb) >= 0 &&
+ ((sb.st_mode & S_IFMT) != S_IFREG && (sb.st_mode & S_IFMT) != S_IFLNK))
+ continue;
+
if (virHashUpdateEntry(files, filename, path) < 0)
goto cleanup;

View File

@ -17,11 +17,11 @@ Signed-off-by: Martin Wilck <mwilck@suse.com>
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
2 files changed, 8 insertions(+), 2 deletions(-)
Index: libvirt-5.1.0/src/network/bridge_driver.c
Index: libvirt-5.2.0/src/network/bridge_driver.c
===================================================================
--- libvirt-5.1.0.orig/src/network/bridge_driver.c
+++ libvirt-5.1.0/src/network/bridge_driver.c
@@ -1378,7 +1378,14 @@ networkDnsmasqConfContents(virNetworkObj
--- libvirt-5.2.0.orig/src/network/bridge_driver.c
+++ libvirt-5.2.0/src/network/bridge_driver.c
@@ -1365,7 +1365,14 @@ networkDnsmasqConfContents(virNetworkObj
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
if (ipdef->nranges || ipdef->nhosts) {
virBufferAddLit(&configbuf, "dhcp-no-override\n");
@ -37,10 +37,10 @@ Index: libvirt-5.1.0/src/network/bridge_driver.c
}
if (ipdef->tftproot) {
Index: libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
Index: libvirt-5.2.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
===================================================================
--- libvirt-5.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
--- libvirt-5.2.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ libvirt-5.2.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
interface=virbr1
dhcp-range=192.168.122.1,static

View File

@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64
See bnc#894956
Index: libvirt-5.1.0/src/util/virarch.c
Index: libvirt-5.2.0/src/util/virarch.c
===================================================================
--- libvirt-5.1.0.orig/src/util/virarch.c
+++ libvirt-5.1.0/src/util/virarch.c
--- libvirt-5.2.0.orig/src/util/virarch.c
+++ libvirt-5.2.0/src/util/virarch.c
@@ -172,6 +172,8 @@ virArch virArchFromHost(void)
arch = VIR_ARCH_I686;
} else if (STREQ(ut.machine, "amd64")) {

View File

@ -1,8 +1,8 @@
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
Index: libvirt-5.2.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
@@ -222,3 +222,6 @@
--- libvirt-5.2.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.2.0/src/security/apparmor/libvirt-qemu
@@ -227,3 +227,6 @@
# required for sasl GSSAPI plugin
/etc/gss/mech.d/ r,
/etc/gss/mech.d/* r,

View File

@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 15 deletions(-)
Index: libvirt-5.1.0/src/xenconfig/xen_common.c
Index: libvirt-5.2.0/src/xenconfig/xen_common.c
===================================================================
--- libvirt-5.1.0.orig/src/xenconfig/xen_common.c
+++ libvirt-5.1.0/src/xenconfig/xen_common.c
--- libvirt-5.2.0.orig/src/xenconfig/xen_common.c
+++ libvirt-5.2.0/src/xenconfig/xen_common.c
@@ -386,12 +386,19 @@ xenParsePCI(char *entry)
int busID;
int slotID;
@ -64,10 +64,10 @@ Index: libvirt-5.1.0/src/xenconfig/xen_common.c
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
hostdev->source.subsys.u.pci.addr.domain = domainID;
hostdev->source.subsys.u.pci.addr.bus = busID;
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c
@@ -1053,6 +1053,7 @@ xenParseSxprPCI(virDomainDefPtr def,
int busID;
int slotID;

View File

@ -8,10 +8,10 @@ It was also noticed that the per-domain profiles need a libnl rule
to squelch a denial when starting confined domains.
Found while investigating bsc#1058847
Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
Index: libvirt-5.2.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
--- libvirt-5.2.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.2.0/src/security/apparmor/libvirt-qemu
@@ -63,6 +63,7 @@
#/dev/fb* rw,
@ -20,10 +20,10 @@ Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
@{HOME}/.pulse-cookie rwk,
owner /root/.pulse-cookie rwk,
owner /root/.pulse/ rw,
Index: libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
Index: libvirt-5.2.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-5.1.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
--- libvirt-5.2.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-5.2.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
owner @{PROC}/[0-9]*/status r,
@{PROC}/filesystems r,

View File

@ -1,55 +1,9 @@
Adjust libvirt-guests service to conform to SUSE standards
Index: libvirt-5.1.0/tools/libvirt-guests.init.in
Index: libvirt-5.2.0/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-5.1.0.orig/tools/libvirt-guests.init.in
+++ libvirt-5.1.0/tools/libvirt-guests.init.in
@@ -4,27 +4,27 @@
# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
#
### BEGIN INIT INFO
-# Provides: libvirt-guests
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 2 6
-# Required-Start: libvirtd
-# Required-Stop: libvirtd
+# Provides: libvirt-guests
+# Required-Start: $network $remote_fs libvirtd
+# Required-Stop: $network $remote_fs libvirtd
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
# Should-Start:
# Should-Stop:
# Short-Description: suspend/resume libvirt guests on shutdown/boot
-# Description: This is a script for suspending active libvirt guests
-# on shutdown and resuming them on next boot
-# See https://libvirt.org
+# Description: This is a script for suspending active libvirt guests
+# on shutdown and resuming them on next boot
+# See https://libvirt.org
### END INIT INFO
# the following is chkconfig init header
#
-# libvirt-guests: suspend/resume libvirt guests on shutdown/boot
-#
-# chkconfig: 345 99 01
-# description: This is a script for suspending active libvirt guests \
-# on shutdown and resuming them on next boot \
-# See https://libvirt.org
+# libvirt-guests: suspend/resume libvirt guests on shutdown/boot
#
+# chkconfig: 345 99 01
+# description: This is a script for suspending active libvirt guests \
+# on shutdown and resuming them on next boot \
+# See https://libvirt.org
+
exec @libexecdir@/libvirt-guests.sh "$@"
Index: libvirt-5.1.0/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-5.1.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-5.1.0/tools/libvirt-guests.sh.in
--- libvirt-5.2.0.orig/tools/libvirt-guests.sh.in
+++ libvirt-5.2.0/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
@ -209,10 +163,10 @@ Index: libvirt-5.1.0/tools/libvirt-guests.sh.in
esac
-exit $RETVAL
+rc_exit
Index: libvirt-5.1.0/tools/libvirt-guests.sysconf
Index: libvirt-5.2.0/tools/libvirt-guests.sysconf
===================================================================
--- libvirt-5.1.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-5.1.0/tools/libvirt-guests.sysconf
--- libvirt-5.2.0.orig/tools/libvirt-guests.sysconf
+++ libvirt-5.2.0/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt-guests
+

View File

@ -3,10 +3,10 @@ Disable TLS by default
On SUSE distros, the default is for libvirtd to listen only on the
Unix Domain Socket. The libvirt client still provides remote access
via a SSH tunnel.
Index: libvirt-5.1.0/src/remote/libvirtd.conf
Index: libvirt-5.2.0/src/remote/libvirtd.conf
===================================================================
--- libvirt-5.1.0.orig/src/remote/libvirtd.conf
+++ libvirt-5.1.0/src/remote/libvirtd.conf
--- libvirt-5.2.0.orig/src/remote/libvirtd.conf
+++ libvirt-5.2.0/src/remote/libvirtd.conf
@@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
@ -18,10 +18,10 @@ Index: libvirt-5.1.0/src/remote/libvirtd.conf
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-5.1.0/src/remote/remote_daemon_config.c
Index: libvirt-5.2.0/src/remote/remote_daemon_config.c
===================================================================
--- libvirt-5.1.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-5.1.0/src/remote/remote_daemon_config.c
--- libvirt-5.2.0.orig/src/remote/remote_daemon_config.c
+++ libvirt-5.2.0/src/remote/remote_daemon_config.c
@@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT
if (VIR_ALLOC(data) < 0)
return NULL;
@ -31,10 +31,10 @@ Index: libvirt-5.1.0/src/remote/remote_daemon_config.c
data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in
Index: libvirt-5.2.0/src/remote/test_libvirtd.aug.in
===================================================================
--- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in
--- libvirt-5.2.0.orig/src/remote/test_libvirtd.aug.in
+++ libvirt-5.2.0/src/remote/test_libvirtd.aug.in
@@ -2,7 +2,7 @@ module Test_libvirtd =
::CONFIG::

View File

@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based
tools. If a user installs libvirt on their SUSE Xen host, then
libvirt should be king and override xendomains. See bsc#1015348
Index: libvirt-5.1.0/src/remote/libvirtd.service.in
Index: libvirt-5.2.0/src/remote/libvirtd.service.in
===================================================================
--- libvirt-5.1.0.orig/src/remote/libvirtd.service.in
+++ libvirt-5.1.0/src/remote/libvirtd.service.in
--- libvirt-5.2.0.orig/src/remote/libvirtd.service.in
+++ libvirt-5.2.0/src/remote/libvirtd.service.in
@@ -17,6 +17,8 @@ After=local-fs.target
After=remote-fs.target
After=systemd-logind.service

View File

@ -1,9 +1,9 @@
Adjust libvirtd sysconfig file to conform to SUSE standards
Index: libvirt-5.1.0/src/remote/libvirtd.sysconf
Index: libvirt-5.2.0/src/remote/libvirtd.sysconf
===================================================================
--- libvirt-5.1.0.orig/src/remote/libvirtd.sysconf
+++ libvirt-5.1.0/src/remote/libvirtd.sysconf
--- libvirt-5.2.0.orig/src/remote/libvirtd.sysconf
+++ libvirt-5.2.0/src/remote/libvirtd.sysconf
@@ -1,16 +1,25 @@
+## Path: System/Virtualization/libvirt
+

View File

@ -6,10 +6,10 @@ autoballooning. This patch changes libvirt to also disable autoballooning
by default. It can only be enabled with the 'autoballoon' setting in
libxl.conf. See jsc#SLE-3059 for more details.
Index: libvirt-5.1.0/src/libxl/libxl.conf
Index: libvirt-5.2.0/src/libxl/libxl.conf
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl.conf
+++ libvirt-5.1.0/src/libxl/libxl.conf
--- libvirt-5.2.0.orig/src/libxl/libxl.conf
+++ libvirt-5.2.0/src/libxl/libxl.conf
@@ -4,12 +4,11 @@
# Enable autoballooning of domain0
@ -27,10 +27,10 @@ Index: libvirt-5.1.0/src/libxl/libxl.conf
# In order to prevent accidentally starting two domains that
Index: libvirt-5.1.0/src/libxl/libxl_conf.c
Index: libvirt-5.2.0/src/libxl/libxl_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.1.0/src/libxl/libxl_conf.c
--- libvirt-5.2.0.orig/src/libxl/libxl_conf.c
+++ libvirt-5.2.0/src/libxl/libxl_conf.c
@@ -22,7 +22,6 @@
#include <config.h>
@ -39,7 +39,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
#include <libxl.h>
#include <sys/types.h>
#include <sys/socket.h>
@@ -1760,14 +1759,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa
@@ -1762,14 +1761,12 @@ libxlMakeBuildInfoVfb(virPortAllocatorRa
/*
* Get domain0 autoballoon configuration. Honor user-specified
* setting in libxl.conf first. If not specified, autoballooning
@ -55,7 +55,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_conf.c
int res;
res = virConfGetValueBool(conf, "autoballoon", &cfg->autoballoon);
@@ -1776,21 +1773,8 @@ libxlGetAutoballoonConf(libxlDriverConfi
@@ -1778,21 +1775,8 @@ libxlGetAutoballoonConf(libxlDriverConfi
else if (res == 1)
return 0;

View File

@ -1,9 +1,9 @@
Adjust paths of OVMF firmwares on SUSE distros
Index: libvirt-5.1.0/src/qemu/qemu.conf
Index: libvirt-5.2.0/src/qemu/qemu.conf
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu.conf
+++ libvirt-5.1.0/src/qemu/qemu.conf
--- libvirt-5.2.0.orig/src/qemu/qemu.conf
+++ libvirt-5.2.0/src/qemu/qemu.conf
@@ -773,10 +773,9 @@ security_default_confined = 0
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
# follows this scheme.
@ -18,10 +18,10 @@ Index: libvirt-5.1.0/src/qemu/qemu.conf
#]
# The backend to use for handling stdout/stderr output from
Index: libvirt-5.1.0/src/qemu/qemu_conf.c
Index: libvirt-5.2.0/src/qemu/qemu_conf.c
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu_conf.c
+++ libvirt-5.1.0/src/qemu/qemu_conf.c
--- libvirt-5.2.0.orig/src/qemu/qemu_conf.c
+++ libvirt-5.2.0/src/qemu/qemu_conf.c
@@ -116,10 +116,9 @@ void qemuDomainCmdlineDefFree(qemuDomain
#ifndef DEFAULT_LOADER_NVRAM
@ -36,10 +36,10 @@ Index: libvirt-5.1.0/src/qemu/qemu_conf.c
#endif
Index: libvirt-5.1.0/src/security/virt-aa-helper.c
Index: libvirt-5.2.0/src/security/virt-aa-helper.c
===================================================================
--- libvirt-5.1.0.orig/src/security/virt-aa-helper.c
+++ libvirt-5.1.0/src/security/virt-aa-helper.c
--- libvirt-5.2.0.orig/src/security/virt-aa-helper.c
+++ libvirt-5.2.0/src/security/virt-aa-helper.c
@@ -506,7 +506,8 @@ valid_path(const char *path, const bool
"/usr/share/ovmf/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */

View File

@ -7,10 +7,10 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
etc.), but for now they are all lumped together in this
single patch.
Index: libvirt-5.1.0/src/qemu/qemu.conf
Index: libvirt-5.2.0/src/qemu/qemu.conf
===================================================================
--- libvirt-5.1.0.orig/src/qemu/qemu.conf
+++ libvirt-5.1.0/src/qemu/qemu.conf
--- libvirt-5.2.0.orig/src/qemu/qemu.conf
+++ libvirt-5.2.0/src/qemu/qemu.conf
@@ -420,11 +420,20 @@
# isolation, but it cannot appear in a list of drivers.
#

View File

@ -1,9 +1,9 @@
Adjust virtlockd sysconfig file to conform to SUSE standards
Index: libvirt-5.1.0/src/locking/virtlockd.sysconf
Index: libvirt-5.2.0/src/locking/virtlockd.sysconf
===================================================================
--- libvirt-5.1.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-5.1.0/src/locking/virtlockd.sysconf
--- libvirt-5.2.0.orig/src/locking/virtlockd.sysconf
+++ libvirt-5.2.0/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlockd
+

View File

@ -1,9 +1,9 @@
Adjust virtlogd sysconfig file to conform to SUSE standards
Index: libvirt-5.1.0/src/logging/virtlogd.sysconf
Index: libvirt-5.2.0/src/logging/virtlogd.sysconf
===================================================================
--- libvirt-5.1.0.orig/src/logging/virtlogd.sysconf
+++ libvirt-5.1.0/src/logging/virtlogd.sysconf
--- libvirt-5.2.0.orig/src/logging/virtlogd.sysconf
+++ libvirt-5.2.0/src/logging/virtlogd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlogd
+

View File

@ -1,7 +1,7 @@
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c
@@ -383,7 +383,7 @@ xenParseSxprVifRate(const char *rate, un
static int
xenParseSxprDisks(virDomainDefPtr def,

View File

@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c.
https://bugzilla.suse.com/show_bug.cgi?id=938228
Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c
Index: libvirt-5.2.0/src/xenconfig/xen_sxpr.c
===================================================================
--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c
--- libvirt-5.2.0.orig/src/xenconfig/xen_sxpr.c
+++ libvirt-5.2.0/src/xenconfig/xen_sxpr.c
@@ -497,10 +497,11 @@ xenParseSxprDisks(virDomainDefPtr def,
omnipotent, we can revisit this, perhaps stat()'ing
the src file in question */