Accepting request 542717 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/542717 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=240
2017-11-21 14:22:54 +00:00 · 2017-11-21 14:22:54 +00:00 · ddf6f32942
commit ddf6f32942
parent c916283269 119ff95911
4 changed files with 167 additions and 8 deletions
--- a/8056721c-qemu-null-storage-source.patch
+++ b/8056721c-qemu-null-storage-source.patch
@ -0,0 +1,115 @@
 commit 8056721cbb75a717604a1f7971440726d9d85045
 Author: Peter Krempa <pkrempa@redhat.com>
 Date:   Thu Nov 9 12:51:25 2017 +0100
    qemu: Tolerate storage source private data being NULL
    In some cases it does not make sense to pursue that the private data
    will be allocated (especially when we don't need to put anything in it).
    Ensure that the code works without it.
    This also fixes few crashes pointed out in
    https://bugzilla.redhat.com/show_bug.cgi?id=1510323
 Index: libvirt-3.9.0/src/qemu/qemu_command.c
 ===================================================================
 --- libvirt-3.9.0.orig/src/qemu/qemu_command.c
 +++ libvirt-3.9.0/src/qemu/qemu_command.c
@@ -1362,12 +1362,17 @@ qemuBuildDriveSourceStr(virDomainDiskDef
 {
     int actualType = virStorageSourceGetActualType(disk->src);
     qemuDomainStorageSourcePrivatePtr srcpriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
 -    qemuDomainSecretInfoPtr secinfo = srcpriv->secinfo;
 -    qemuDomainSecretInfoPtr encinfo = srcpriv->encinfo;
 +    qemuDomainSecretInfoPtr secinfo = NULL;
 +    qemuDomainSecretInfoPtr encinfo = NULL;
     virJSONValuePtr srcprops = NULL;
     char *source = NULL;
     int ret = -1;
 +    if (srcpriv) {
 +        secinfo = srcpriv->secinfo;
 +        encinfo = srcpriv->encinfo;
 +    }
 +
     if (qemuDiskSourceNeedsProps(disk->src) &&
         !(srcprops = qemuDiskSourceGetProps(disk->src)))
         goto cleanup;
@@ -2239,8 +2244,13 @@ qemuBuildDiskDriveCommandLine(virCommand
         bool driveBoot = false;
         virDomainDiskDefPtr disk = def->disks[i];
         qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
 -        qemuDomainSecretInfoPtr secinfo = srcPriv->secinfo;
 -        qemuDomainSecretInfoPtr encinfo = srcPriv->encinfo;
 +        qemuDomainSecretInfoPtr secinfo = NULL;
 +        qemuDomainSecretInfoPtr encinfo = NULL;
 +
 +        if (srcPriv) {
 +            secinfo = srcPriv->secinfo;
 +            encinfo = srcPriv->encinfo;
 +        }
         if (disk->info.bootIndex) {
             bootindex = disk->info.bootIndex;
 Index: libvirt-3.9.0/src/qemu/qemu_hotplug.c
 ===================================================================
 --- libvirt-3.9.0.orig/src/qemu/qemu_hotplug.c
 +++ libvirt-3.9.0/src/qemu/qemu_hotplug.c
@@ -259,6 +259,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
     qemuDomainObjPrivatePtr priv = vm->privateData;
     qemuDomainDiskPrivatePtr diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
     qemuDomainStorageSourcePrivatePtr srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
 +    qemuDomainSecretInfoPtr secinfo = NULL;
     const char *format = NULL;
     char *sourcestr = NULL;
@@ -268,6 +269,9 @@ qemuDomainChangeEjectableMedia(virQEMUDr
         goto cleanup;
     }
 +    if (srcPriv)
 +        secinfo = srcPriv->secinfo;
 +
     if (disk->device != VIR_DOMAIN_DISK_DEVICE_FLOPPY &&
         disk->device != VIR_DOMAIN_DISK_DEVICE_CDROM) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -300,7 +304,7 @@ qemuDomainChangeEjectableMedia(virQEMUDr
     }
     if (!virStorageSourceIsEmpty(newsrc)) {
 -        if (qemuGetDriveSourceString(newsrc, srcPriv->secinfo, &sourcestr) < 0)
 +        if (qemuGetDriveSourceString(newsrc, secinfo, &sourcestr) < 0)
             goto error;
         if (virStorageSourceGetActualType(newsrc) != VIR_STORAGE_TYPE_DIR) {
@@ -371,8 +375,8 @@ qemuDomainAttachDiskGeneric(virConnectPt
     virJSONValuePtr secobjProps = NULL;
     virJSONValuePtr encobjProps = NULL;
     qemuDomainStorageSourcePrivatePtr srcPriv;
 -    qemuDomainSecretInfoPtr secinfo;
 -    qemuDomainSecretInfoPtr encinfo;
 +    qemuDomainSecretInfoPtr secinfo = NULL;
 +    qemuDomainSecretInfoPtr encinfo = NULL;
     if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0)
         goto cleanup;
@@ -384,13 +388,16 @@ qemuDomainAttachDiskGeneric(virConnectPt
         goto error;
     srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
 -    secinfo = srcPriv->secinfo;
 +    if (srcPriv) {
 +        secinfo = srcPriv->secinfo;
 +        encinfo = srcPriv->encinfo;
 +    }
 +
     if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
         if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
             goto error;
     }
 -    encinfo = srcPriv->encinfo;
     if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
         goto error;
--- a/libvirt.changes
+++ b/libvirt.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Fri Nov 17 21:59:28 UTC 2017 - jfehlig@suse.com
 - apparmor: allow libvirtd to send signals to unconfined processes
  suse-apparmor-signal.patch
  boo#1065123
 -------------------------------------------------------------------
 Fri Nov 17 18:37:43 UTC 2017 - jfehlig@suse.com
 - qemu: Tolerate storage source private data being NULL
  8056721c-qemu-null-storage-source.patch
  bsc#1068752
 -------------------------------------------------------------------
 Wed Nov  8 21:10:34 UTC 2017 - jfehlig@suse.com
--- a/libvirt.spec
+++ b/libvirt.spec
@ -300,6 +300,7 @@ Source4:        libvirt-supportconfig
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
 Patch0:         8056721c-qemu-null-storage-source.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -322,14 +323,15 @@ Patch205:       suse-libvirtd-service-xen.patch
 Patch206:       suse-qemu-conf.patch
 Patch207:       suse-ovmf-paths.patch
 Patch208:       suse-apparmor-libnl-paths.patch
-Patch209:       support-managed-pci-xen-driver.patch
+Patch209:       suse-apparmor-signal.patch
-Patch210:       xen-sxpr-disk-type.patch
+Patch210:       support-managed-pci-xen-driver.patch
-Patch211:       libxl-support-block-script.patch
+Patch211:       xen-sxpr-disk-type.patch
-Patch212:       apparmor-no-mount.patch
+Patch212:       libxl-support-block-script.patch
-Patch213:       qemu-apparmor-screenshot.patch
+Patch213:       apparmor-no-mount.patch
-Patch214:       libvirt-suse-netcontrol.patch
+Patch214:       qemu-apparmor-screenshot.patch
-Patch215:       lxc-wait-after-eth-del.patch
+Patch215:       libvirt-suse-netcontrol.patch
-Patch216:       libxl-qemu-emulator-caps.patch
+Patch216:       lxc-wait-after-eth-del.patch
 Patch217:       libxl-qemu-emulator-caps.patch
 # SLES-Only patches
 %if ! 0%{?is_opensuse}
 Patch400:       virt-create-rootfs.patch
@ -876,6 +878,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %prep
 %setup -q
 %patch0 -p1
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
@ -903,6 +906,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch214 -p1
 %patch215 -p1
 %patch216 -p1
 %patch217 -p1
 %if ! 0%{?is_opensuse}
 %patch400 -p1
 %endif
--- a/suse-apparmor-signal.patch
+++ b/suse-apparmor-signal.patch
@ -0,0 +1,26 @@
 apparmor: allow libvirtd to send signals to unconfined processes
 When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0),
 qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing
 sending signals to unconfined processes. Without the rule, libvirtd
 is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the
 following denial in audit.log
 type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal"
 profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send"
 denied_mask="send" signal=term peer="unconfined"
 Index: libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
 ===================================================================
 --- libvirt-3.9.0.orig/examples/apparmor/usr.sbin.libvirtd
 +++ libvirt-3.9.0/examples/apparmor/usr.sbin.libvirtd
@@ -60,6 +60,9 @@
   signal (send) peer=/usr/sbin/dnsmasq,
   signal (read, send) peer=libvirt-*,
 +  # When confinement is not enforced (security_default_confined = 0), qemu
 +  # processes run unconfined, hence 'peer=unconfined'
 +  signal send set=(hup,kill,term) peer=unconfined,
   # Very lenient profile for libvirtd since we want to first focus on confining
   # the guests. Guests will have a very restricted profile.