From 803f542a4bf9d04c3871892fe8df4bdf81f52e55f48500b1564a490ac4965d31 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 19 Jan 2018 19:16:17 +0000 Subject: [PATCH 1/3] Accepting request 567780 from home:jfehlig:branches:Virtualization - Update to libvirt 4.0.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 2d07f1f0-fix-storage-crash.patch, 69ed99c7-dom0-persistent.patch, 8599aedd-libvirt-guests-dom0-filter.patch, 0f33025a-virt-aa-helper-handle-more-disk-images.patch, b475a91b-add-virStringFilterChars-string-utility.patch, faec1958-lxc-set-hostname-based-on-container-name.patch, 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch, fix-virt-aa-helper-profile.patch, suse-apparmor-signal.patch - Patches added to fix upstream bugs: 72adaf2f-revert-qemu-monitor-error-report.patch, 71d56a39-nodedev-fix-parse-PCI-address.patch - CVE-2018-5748, CVE-2017-5715, bsc#1071651 OBS-URL: https://build.opensuse.org/request/show/567780 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=661 --- ...rt-aa-helper-handle-more-disk-images.patch | 98 ------------ ...-clients-before-stopping-all-drivers.patch | 45 ------ 2d07f1f0-fix-storage-crash.patch | 62 -------- 69ed99c7-dom0-persistent.patch | 21 --- 71d56a39-nodedev-fix-parse-PCI-address.patch | 96 ++++++++++++ ...f2f-revert-qemu-monitor-error-report.patch | 60 ++++++++ 8599aedd-libvirt-guests-dom0-filter.patch | 25 ---- apparmor-no-mount.patch | 6 +- ...-virStringFilterChars-string-utility.patch | 139 ------------------ blockcopy-check-dst-identical-device.patch | 8 +- ...set-hostname-based-on-container-name.patch | 69 --------- fix-virt-aa-helper-profile.patch | 28 ---- libvirt-3.10.0.tar.xz | 3 - libvirt-3.10.0.tar.xz.asc | 10 -- libvirt-4.0.0.tar.xz | 3 + libvirt-4.0.0.tar.xz.asc | 10 ++ libvirt-power8-models.patch | 8 +- libvirt-suse-netcontrol.patch | 40 ++--- libvirt.changes | 21 +++ libvirt.spec | 48 +++--- libxl-dom-reset.patch | 6 +- libxl-qemu-emulator-caps.patch | 6 +- libxl-set-cach-mode.patch | 10 +- libxl-set-migration-constraints.patch | 42 +++--- libxl-support-block-script.patch | 14 +- lxc-wait-after-eth-del.patch | 18 +-- ...e-dhcp-authoritative-on-static-netwo.patch | 12 +- ppc64le-canonical-name.patch | 6 +- qemu-apparmor-screenshot.patch | 14 +- support-managed-pci-xen-driver.patch | 12 +- suse-apparmor-libnl-paths.patch | 12 +- suse-apparmor-signal.patch | 26 ---- suse-libvirt-guests-service.patch | 18 +-- suse-libvirtd-disable-tls.patch | 18 +-- suse-libvirtd-service-xen.patch | 6 +- suse-libvirtd-sysconfig-settings.patch | 6 +- suse-ovmf-paths.patch | 12 +- suse-qemu-conf.patch | 6 +- suse-virtlockd-sysconfig-settings.patch | 6 +- suse-virtlogd-sysconfig-settings.patch | 6 +- xen-pv-cdrom.patch | 6 +- xen-sxpr-disk-type.patch | 6 +- 42 files changed, 365 insertions(+), 703 deletions(-) delete mode 100644 0f33025a-virt-aa-helper-handle-more-disk-images.patch delete mode 100644 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch delete mode 100644 2d07f1f0-fix-storage-crash.patch delete mode 100644 69ed99c7-dom0-persistent.patch create mode 100644 71d56a39-nodedev-fix-parse-PCI-address.patch create mode 100644 72adaf2f-revert-qemu-monitor-error-report.patch delete mode 100644 8599aedd-libvirt-guests-dom0-filter.patch delete mode 100644 b475a91b-add-virStringFilterChars-string-utility.patch delete mode 100644 faec1958-lxc-set-hostname-based-on-container-name.patch delete mode 100644 fix-virt-aa-helper-profile.patch delete mode 100644 libvirt-3.10.0.tar.xz delete mode 100644 libvirt-3.10.0.tar.xz.asc create mode 100644 libvirt-4.0.0.tar.xz create mode 100644 libvirt-4.0.0.tar.xz.asc delete mode 100644 suse-apparmor-signal.patch diff --git a/0f33025a-virt-aa-helper-handle-more-disk-images.patch b/0f33025a-virt-aa-helper-handle-more-disk-images.patch deleted file mode 100644 index 08d1a90..0000000 --- a/0f33025a-virt-aa-helper-handle-more-disk-images.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 0f33025a43788f7f3483dfac6ab0b9f79c0d7957 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 11 Dec 2017 11:09:31 +0100 -Subject: [PATCH] virt-aa-helper: handle more disk images - -virt-aa-helper needs read access to the disk image to resolve symlinks -and add the proper rules to the profile. Its profile whitelists a few -common paths, but users can place their images anywhere. - -This commit helps users allowing access to their images by adding their -own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper. - -This commit also adds rules to allow reading files named: - - *.raw as this is a rather common disk image extension - - /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox ---- - examples/Makefile.am | 24 ++++++++++++++++++++++-- - examples/apparmor/usr.lib.libvirt.virt-aa-helper | 5 +++++ - 2 files changed, 27 insertions(+), 2 deletions(-) - -diff --git a/examples/Makefile.am b/examples/Makefile.am -index ef2f79db3..7069d74e7 100644 ---- a/examples/Makefile.am -+++ b/examples/Makefile.am -@@ -67,6 +67,9 @@ admin_client_info_SOURCES = admin/client_info.c - admin_client_close_SOURCES = admin/client_close.c - admin_logging_SOURCES = admin/logging.c - -+INSTALL_DATA_LOCAL = -+UNINSTALL_LOCAL = -+ - if WITH_APPARMOR_PROFILES - apparmordir = $(sysconfdir)/apparmor.d/ - apparmor_DATA = \ -@@ -85,20 +88,37 @@ templates_DATA = \ - apparmor/TEMPLATE.qemu \ - apparmor/TEMPLATE.lxc \ - $(NULL) -+ -+APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local" -+install-apparmor-local: -+ $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)" -+ echo "# Site-specific additions and overrides for \ -+ 'usr.lib.libvirt.virt-aa-helper'" \ -+ >$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper -+ -+INSTALL_DATA_LOCAL += install-apparmor-local -+UNINSTALL_LOCAL += uninstall-apparmor-local - endif WITH_APPARMOR_PROFILES - - if WITH_NWFILTER - NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter" - --install-data-local: -+install-nwfilter-local: - $(MKDIR_P) "$(NWFILTER_DIR)" - for f in $(FILTERS); do \ - $(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \ - done - --uninstall-local:: -+uninstall-nwfilter-local:: - for f in $(FILTERS); do \ - rm -f "$(NWFILTER_DIR)/`basename $$f`"; \ - done - -test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR) -+ -+INSTALL_DATA_LOCAL += install-nwfilter-local -+UNINSTALL_LOCAL += uninstall-nwfilter-local - endif WITH_NWFILTER -+ -+install-data-local: $(INSTALL_DATA_LOCAL) -+ -+uninstall-local: $(UNINSTALL_LOCAL) -diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -index bd6181d00..9c822b644 100644 ---- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper -+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -@@ -50,11 +50,16 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, - /{media,mnt,opt,srv}/** r, -+ # For virt-sandbox -+ /run/libvirt/**/[sv]d[a-z] r - - /**.img r, -+ /**.raw r, - /**.qcow{,2} r, - /**.qed r, - /**.vmdk r, - /**.[iI][sS][oO] r, - /**/disk{,.*} r, -+ -+ #include - } --- -2.15.1 - diff --git a/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch b/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch deleted file mode 100644 index 74442ed..0000000 --- a/2089ab21-netserver-close-clients-before-stopping-all-drivers.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 2089ab2112e763d6de5888e498afc4fbdc3376db Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Wed, 20 Dec 2017 17:36:10 +0100 -Subject: [PATCH] netserver: close clients before stopping all drivers - -So far clients were closed when disposing the daemon, after the state -driver cleanup. This was leading to libvirtd crashing at shutdown due -to missing driver. - -Moving the client close in virNetServerClose() fixes the problem. - -Reviewed-by: Erik Skultety ---- - src/rpc/virnetserver.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c -index 2b76daab5..43f889e2a 100644 ---- a/src/rpc/virnetserver.c -+++ b/src/rpc/virnetserver.c -@@ -774,10 +774,8 @@ void virNetServerDispose(void *obj) - virObjectUnref(srv->programs[i]); - VIR_FREE(srv->programs); - -- for (i = 0; i < srv->nclients; i++) { -- virNetServerClientClose(srv->clients[i]); -+ for (i = 0; i < srv->nclients; i++) - virObjectUnref(srv->clients[i]); -- } - VIR_FREE(srv->clients); - - VIR_FREE(srv->mdnsGroupName); -@@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv) - for (i = 0; i < srv->nservices; i++) - virNetServerServiceClose(srv->services[i]); - -+ for (i = 0; i < srv->nclients; i++) -+ virNetServerClientClose(srv->clients[i]); -+ - virObjectUnlock(srv); - } - --- -2.15.1 - diff --git a/2d07f1f0-fix-storage-crash.patch b/2d07f1f0-fix-storage-crash.patch deleted file mode 100644 index ecbda6e..0000000 --- a/2d07f1f0-fix-storage-crash.patch +++ /dev/null @@ -1,62 +0,0 @@ -commit 2d07f1f0ebd44b0348daa61afa0de34f3f838c22 -Author: Peter Krempa -Date: Wed Dec 6 16:20:07 2017 +0100 - - storage: Don't dereference driver object if virStorageSource is not initialized - - virStorageFileReportBrokenChain uses data from the driver private data - pointer to print the user and group. This would lead to a crash in call - paths where we did not initialize the storage backend as recently added - in commit 24e47ee2b93 to qemuDomainDetermineDiskChain. - - Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1522682 - -Index: libvirt-3.10.0/src/storage/storage_source.c -=================================================================== ---- libvirt-3.10.0.orig/src/storage/storage_source.c -+++ libvirt-3.10.0/src/storage/storage_source.c -@@ -419,19 +419,33 @@ virStorageFileReportBrokenChain(int errc - virStorageSourcePtr src, - virStorageSourcePtr parent) - { -- unsigned int access_user = src->drv->uid; -- unsigned int access_group = src->drv->gid; - -- if (src == parent) { -- virReportSystemError(errcode, -- _("Cannot access storage file '%s' " -- "(as uid:%u, gid:%u)"), -- src->path, access_user, access_group); -+ if (src->drv) { -+ unsigned int access_user = src->drv->uid; -+ unsigned int access_group = src->drv->gid; -+ -+ if (src == parent) { -+ virReportSystemError(errcode, -+ _("Cannot access storage file '%s' " -+ "(as uid:%u, gid:%u)"), -+ src->path, access_user, access_group); -+ } else { -+ virReportSystemError(errcode, -+ _("Cannot access backing file '%s' " -+ "of storage file '%s' (as uid:%u, gid:%u)"), -+ src->path, parent->path, access_user, access_group); -+ } - } else { -- virReportSystemError(errcode, -- _("Cannot access backing file '%s' " -- "of storage file '%s' (as uid:%u, gid:%u)"), -- src->path, parent->path, access_user, access_group); -+ if (src == parent) { -+ virReportSystemError(errcode, -+ _("Cannot access storage file '%s'"), -+ src->path); -+ } else { -+ virReportSystemError(errcode, -+ _("Cannot access backing file '%s' " -+ "of storage file '%s'"), -+ src->path, parent->path); -+ } - } - } - diff --git a/69ed99c7-dom0-persistent.patch b/69ed99c7-dom0-persistent.patch deleted file mode 100644 index af75a07..0000000 --- a/69ed99c7-dom0-persistent.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit 69ed99c78696d7ac405ce9e193a4a312fd9945d7 -Author: Jim Fehlig -Date: Wed Dec 13 14:20:37 2017 -0700 - - libxl: mark domain0 as persistent - - A Xen domain0 is better described as a persistent domain. Mark it - as such during intialization. - -Index: libvirt-3.10.0/src/libxl/libxl_driver.c -=================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_driver.c -+++ libvirt-3.10.0/src/libxl/libxl_driver.c -@@ -609,6 +609,7 @@ libxlAddDom0(libxlDriverPrivatePtr drive - - def = NULL; - -+ vm->persistent = 1; - virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED); - if (virDomainDefSetVcpusMax(vm->def, d_info.vcpu_max_id + 1, driver->xmlopt)) - goto cleanup; diff --git a/71d56a39-nodedev-fix-parse-PCI-address.patch b/71d56a39-nodedev-fix-parse-PCI-address.patch new file mode 100644 index 0000000..0fcd6b7 --- /dev/null +++ b/71d56a39-nodedev-fix-parse-PCI-address.patch @@ -0,0 +1,96 @@ +commit 71d56a397925a1bd55d3aee30afdbdcd1a14f9a8 +Author: Jim Fehlig +Date: Fri Jan 5 17:10:47 2018 -0700 + + nodedev: Fix failing to parse PCI address for non-PCI network devices + + Commit 8708ca01c added virNetDevSwitchdevFeature() to check if a network + device has Switchdev capabilities. virNetDevSwitchdevFeature() attempts + to retrieve the PCI device associated with the network device, ignoring + non-PCI devices. It does so via the following call chain + + virNetDevSwitchdevFeature()->virNetDevGetPCIDevice()-> + virPCIGetDeviceAddressFromSysfsLink() + + For non-PCI network devices (qeth, Xen vif, etc), + virPCIGetDeviceAddressFromSysfsLink() will report an error when + virPCIDeviceAddressParse() fails. virPCIDeviceAddressParse() also + logs an error. After commit 8708ca01c there are now two errors reported + for each non-PCI network device even though the errors are harmless. + + To avoid the errors, introduce virNetDevIsPCIDevice() and use it in + virNetDevGetPCIDevice() before attempting to retrieve the associated + PCI device. virNetDevIsPCIDevice() uses the 'subsystem' property of the + device to determine if it is PCI. See the sysfs rules in kernel + documentation for more details + + https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html + +Index: libvirt-4.0.0/src/util/virnetdev.c +=================================================================== +--- libvirt-4.0.0.orig/src/util/virnetdev.c ++++ libvirt-4.0.0/src/util/virnetdev.c +@@ -22,6 +22,7 @@ + + #include + ++#include "dirname.h" + #include "virnetdev.h" + #include "virnetlink.h" + #include "virmacaddr.h" +@@ -1147,6 +1148,45 @@ virNetDevSysfsDeviceFile(char **pf_sysfs + return 0; + } + ++/** ++ * Determine if the device path specified in devpath is a PCI Device ++ * by resolving the 'subsystem'-link in devpath and looking for ++ * 'pci' in the last component. For more information see the rules ++ * for accessing sysfs in the kernel docs ++ * ++ * https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html ++ * ++ * Returns true if devpath's susbsystem is pci, false otherwise. ++ */ ++static bool ++virNetDevIsPCIDevice(const char *devpath) ++{ ++ char *subsys_link = NULL; ++ char *abs_path = NULL; ++ char *subsys = NULL; ++ bool ret = false; ++ ++ if (virAsprintf(&subsys_link, "%s/subsystem", devpath) < 0) ++ return false; ++ ++ if (!virFileExists(subsys_link)) ++ goto cleanup; ++ ++ if (virFileResolveLink(subsys_link, &abs_path) < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ _("Unable to resolve device subsystem symlink %s"), ++ subsys_link); ++ goto cleanup; ++ } ++ ++ subsys = last_component(abs_path); ++ ret = STRPREFIX(subsys, "pci"); ++ ++ cleanup: ++ VIR_FREE(subsys_link); ++ VIR_FREE(abs_path); ++ return ret; ++} + + static virPCIDevicePtr + virNetDevGetPCIDevice(const char *devName) +@@ -1158,6 +1198,9 @@ virNetDevGetPCIDevice(const char *devNam + if (virNetDevSysfsFile(&vfSysfsDevicePath, devName, "device") < 0) + goto cleanup; + ++ if (!virNetDevIsPCIDevice(vfSysfsDevicePath)) ++ goto cleanup; ++ + vfPCIAddr = virPCIGetDeviceAddressFromSysfsLink(vfSysfsDevicePath); + if (!vfPCIAddr) + goto cleanup; diff --git a/72adaf2f-revert-qemu-monitor-error-report.patch b/72adaf2f-revert-qemu-monitor-error-report.patch new file mode 100644 index 0000000..b85707c --- /dev/null +++ b/72adaf2f-revert-qemu-monitor-error-report.patch @@ -0,0 +1,60 @@ +commit 72adaf2f10509c3682f2c65ffad4176e00e5a2fb +Author: Michal Privoznik +Date: Fri Jan 19 13:53:57 2018 +0100 + + Revert "qemu: monitor: do not report error on shutdown" + + https://bugzilla.redhat.com/show_bug.cgi?id=1536461 + + This reverts commit aeda1b8c56dc58b0a413acc61bbea938b40499e1. + + Problem is that we need mon->lastError to be set because it's + used all over the place. Also, there's nothing wrong with + reporting error if one occurred. I mean, if there's a thread + executing an API and which currently is talking on monitor it + definitely wants the error reported. + + Signed-off-by: Michal Privoznik + +Index: libvirt-4.0.0/src/qemu/qemu_monitor.c +=================================================================== +--- libvirt-4.0.0.orig/src/qemu/qemu_monitor.c ++++ libvirt-4.0.0/src/qemu/qemu_monitor.c +@@ -78,7 +78,6 @@ struct _qemuMonitor { + * < 0: an error occurred during the registration of @fd */ + int watch; + int hasSendFD; +- int willhangup; + + virDomainObjPtr vm; + +@@ -716,10 +715,8 @@ qemuMonitorIO(int watch, int fd, int eve + if (events & VIR_EVENT_HANDLE_HANGUP) { + hangup = true; + if (!error) { +- if (!mon->willhangup) { +- virReportError(VIR_ERR_INTERNAL_ERROR, "%s", +- _("End of file from qemu monitor")); +- } ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", ++ _("End of file from qemu monitor")); + eof = true; + events &= ~VIR_EVENT_HANDLE_HANGUP; + } +@@ -758,7 +755,7 @@ qemuMonitorIO(int watch, int fd, int eve + if (mon->lastError.code != VIR_ERR_OK) { + /* Already have an error, so clear any new error */ + virResetLastError(); +- } else if (!mon->willhangup) { ++ } else { + virErrorPtr err = virGetLastError(); + if (!err) + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", +@@ -1352,7 +1349,6 @@ qemuMonitorEmitShutdown(qemuMonitorPtr m + { + int ret = -1; + VIR_DEBUG("mon=%p guest=%u", mon, guest); +- mon->willhangup = 1; + + QEMU_MONITOR_CALLBACK(mon, ret, domainShutdown, mon->vm, guest); + return ret; diff --git a/8599aedd-libvirt-guests-dom0-filter.patch b/8599aedd-libvirt-guests-dom0-filter.patch deleted file mode 100644 index 67273a2..0000000 --- a/8599aedd-libvirt-guests-dom0-filter.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 8599aedd434a2843dca7fae37bd397f07a584c1a -Author: Jim Fehlig -Date: Fri Dec 15 15:28:49 2017 -0700 - - Improve filtering of Xen domain0 in libvirt-guests - - The list_guests function in libvirt-guests uses 'grep -v' to filter - Xen domain0 from a list of guests. If domain0 is the only item in - the list, 'grep -v' returns 1, causing the 'stop' operation to fail - when action is 'suspend'. Improve the filtering by using sed to remove - domain0 from the list of guests. - -Index: libvirt-3.10.0/tools/libvirt-guests.sh.in -=================================================================== ---- libvirt-3.10.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-3.10.0/tools/libvirt-guests.sh.in -@@ -121,7 +121,7 @@ list_guests() { - return 1 - fi - -- echo "$list" | grep -v 00000000-0000-0000-0000-000000000000 -+ echo "$list" | sed "/00000000-0000-0000-0000-000000000000/d" - } - - # guest_name URI UUID diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch index e8726a2..4941e8d 100644 --- a/apparmor-no-mount.patch +++ b/apparmor-no-mount.patch @@ -1,7 +1,7 @@ -Index: libvirt-3.10.0/examples/apparmor/libvirt-lxc +Index: libvirt-4.0.0/examples/apparmor/libvirt-lxc =================================================================== ---- libvirt-3.10.0.orig/examples/apparmor/libvirt-lxc -+++ libvirt-3.10.0/examples/apparmor/libvirt-lxc +--- libvirt-4.0.0.orig/examples/apparmor/libvirt-lxc ++++ libvirt-4.0.0/examples/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include diff --git a/b475a91b-add-virStringFilterChars-string-utility.patch b/b475a91b-add-virStringFilterChars-string-utility.patch deleted file mode 100644 index e1999ca..0000000 --- a/b475a91b-add-virStringFilterChars-string-utility.patch +++ /dev/null @@ -1,139 +0,0 @@ -From b475a91b7753281eb60b87f75b0055fe3c139276 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 18 Dec 2017 15:46:53 +0100 -Subject: [PATCH 1/2] Add virStringFilterChars() string utility - -Add a function to filter a string based on a list of valid characters. ---- - src/libvirt_private.syms | 1 + - src/util/virstring.c | 24 ++++++++++++++++++++++++ - src/util/virstring.h | 1 + - tests/virstringtest.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 72 insertions(+) - -diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms -index 18d0f2adf..6662c8dac 100644 ---- a/src/libvirt_private.syms -+++ b/src/libvirt_private.syms -@@ -2755,6 +2755,7 @@ virStrcpy; - virStrdup; - virStringBufferIsPrintable; - virStringEncodeBase64; -+virStringFilterChars; - virStringHasChars; - virStringHasControlChars; - virStringIsEmpty; -diff --git a/src/util/virstring.c b/src/util/virstring.c -index 0cb06bdc9..1c58df915 100644 ---- a/src/util/virstring.c -+++ b/src/util/virstring.c -@@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str) - str[j] = '\0'; - } - -+/** -+ * virStringFilterChars: -+ * @str: the string to strip -+ * @valid: the valid characters for the string -+ * -+ * Modify the string in-place to remove the characters that aren't -+ * in the list of valid ones. -+ */ -+void -+virStringFilterChars(char *str, const char *valid) -+{ -+ size_t len, i, j; -+ -+ if (!str) -+ return; -+ -+ len = strlen(str); -+ for (i = 0, j = 0; i < len; i++) { -+ if (strchr(valid, str[i])) -+ str[j++] = str[i]; -+ } -+ str[j] = '\0'; -+} -+ - /** - * virStringToUpper: - * @str: string to capitalize -diff --git a/src/util/virstring.h b/src/util/virstring.h -index b19abaf9f..8af054bce 100644 ---- a/src/util/virstring.h -+++ b/src/util/virstring.h -@@ -293,6 +293,7 @@ bool virStringHasChars(const char *str, - const char *chars); - bool virStringHasControlChars(const char *str); - void virStringStripControlChars(char *str); -+void virStringFilterChars(char *str, const char *valid); - - bool virStringIsPrintable(const char *str); - bool virStringBufferIsPrintable(const uint8_t *buf, size_t buflen); -diff --git a/tests/virstringtest.c b/tests/virstringtest.c -index 320f7a398..e8518ede1 100644 ---- a/tests/virstringtest.c -+++ b/tests/virstringtest.c -@@ -767,6 +767,36 @@ static int testStripControlChars(const void *args) - return ret; - } - -+struct testFilterData { -+ const char *string; -+ const char *valid; -+ const char *result; -+}; -+ -+static int testFilterChars(const void *args) -+{ -+ const struct testFilterData *data = args; -+ int ret = -1; -+ char *res = NULL; -+ -+ if (VIR_STRDUP(res, data->string) < 0) -+ goto cleanup; -+ -+ virStringFilterChars(res, data->valid); -+ -+ if (STRNEQ_NULLABLE(res, data->result)) { -+ fprintf(stderr, "Returned '%s', expected '%s'\n", -+ NULLSTR(res), NULLSTR(data->result)); -+ goto cleanup; -+ } -+ -+ ret = 0; -+ -+ cleanup: -+ VIR_FREE(res); -+ return ret; -+} -+ - static int - mymain(void) - { -@@ -1085,6 +1115,22 @@ mymain(void) - TEST_STRIP_CONTROL_CHARS("\x01H\x02" "E\x03L\x04L\x05O", "HELLO"); - TEST_STRIP_CONTROL_CHARS("\x01\x02\x03\x04HELL\x05O", "HELLO"); - TEST_STRIP_CONTROL_CHARS("\nhello \x01\x07hello\t", "\nhello hello\t"); -+ -+#define TEST_FILTER_CHARS(str, filter, res) \ -+ do { \ -+ struct testFilterData filterData = { \ -+ .string = str, \ -+ .valid = filter, \ -+ .result = res, \ -+ }; \ -+ if (virTestRun("Filter chars from " #str, \ -+ testFilterChars, &filterData) < 0) \ -+ ret = -1; \ -+ } while (0) -+ -+ TEST_FILTER_CHARS(NULL, NULL, NULL); -+ TEST_FILTER_CHARS("hello 123 hello", "helo", "hellohello"); -+ - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; - } - --- -2.15.1 - diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index 0b50732..25900d3 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-3.10.0/src/qemu/qemu_driver.c +Index: libvirt-4.0.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/qemu/qemu_driver.c -+++ libvirt-3.10.0/src/qemu/qemu_driver.c -@@ -17145,6 +17145,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-4.0.0.orig/src/qemu/qemu_driver.c ++++ libvirt-4.0.0/src/qemu/qemu_driver.c +@@ -17159,6 +17159,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt goto endjob; } diff --git a/faec1958-lxc-set-hostname-based-on-container-name.patch b/faec1958-lxc-set-hostname-based-on-container-name.patch deleted file mode 100644 index cefc477..0000000 --- a/faec1958-lxc-set-hostname-based-on-container-name.patch +++ /dev/null @@ -1,69 +0,0 @@ -From faec1958614bfcdb535b1bcc0ddac8cde4516e1a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 18 Dec 2017 15:48:33 +0100 -Subject: [PATCH 2/2] lxc: set a hostname based on the container name - -Set a transient hostname on containers. The hostname is computed from -the container name, only keeping the valid characters [a-zA-Z0-9-] in it. -This filtering is based on RFC 1123 and allows a digit to start the -hostname. ---- - src/lxc/lxc_container.c | 35 +++++++++++++++++++++++++++++++++++ - 1 file changed, 35 insertions(+) - -diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c -index b7216d6ee..96fceaf1b 100644 ---- a/src/lxc/lxc_container.c -+++ b/src/lxc/lxc_container.c -@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd, - return 0; - } - -+static const char hostname_validchars[] = -+ "abcdefghijklmnopqrstuvwxyz" -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ" -+ "0123456789-"; -+ -+static int lxcContainerSetHostname(virDomainDefPtr def) -+{ -+ int ret = -1; -+ char *name = NULL; -+ char *hostname = NULL; -+ -+ /* Filter the VM name to get a valid hostname */ -+ if (VIR_STRDUP(name, def->name) < 0) -+ goto cleanup; -+ -+ /* RFC 1123 allows 0-9 digits as a first character in hostname */ -+ virStringFilterChars(name, hostname_validchars); -+ hostname = name; -+ if (strlen(name) > 0 && name[0] == '-') -+ hostname = name + 1; -+ -+ if (sethostname(hostname, strlen(hostname)) < 0) { -+ virReportSystemError(errno, "%s", _("Failed to set hostname")); -+ goto cleanup; -+ } -+ ret = 0; -+ -+ cleanup: -+ VIR_FREE(name); -+ return ret; -+} - - /** - * lxcContainerChild: -@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data) - goto cleanup; - } - -+ if (lxcContainerSetHostname(vmDef) < 0) -+ goto cleanup; -+ -+ - /* drop a set of root capabilities */ - if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0) - goto cleanup; --- -2.15.1 - diff --git a/fix-virt-aa-helper-profile.patch b/fix-virt-aa-helper-profile.patch deleted file mode 100644 index 949baee..0000000 --- a/fix-virt-aa-helper-profile.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 29eed5ffb8776f4e4ecf6dc6b3ee7f320f679e7e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Tue, 2 Jan 2018 09:54:46 +0100 -Subject: [PATCH] apparmor: fix virt-aa-helper profile - -Fix rule introduced by commit 0f33025a: - * to handle /var/run not being a symlink to /run - * to be properly parsed: missing comma at the end. ---- - examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -index 9c822b644..105f09e43 100644 ---- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper -+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper -@@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { - /var/lib/libvirt/images/** r, - /{media,mnt,opt,srv}/** r, - # For virt-sandbox -- /run/libvirt/**/[sv]d[a-z] r -+ /{,var/}run/libvirt/**/[sv]d[a-z] r, - - /**.img r, - /**.raw r, --- -2.15.1 - diff --git a/libvirt-3.10.0.tar.xz b/libvirt-3.10.0.tar.xz deleted file mode 100644 index 966a0fa..0000000 --- a/libvirt-3.10.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dff109cae2cc915b3ed5ba7e460502b85eb9a5058cda4f356d7bb7b1e3196b0e -size 14952220 diff --git a/libvirt-3.10.0.tar.xz.asc b/libvirt-3.10.0.tar.xz.asc deleted file mode 100644 index ee05b6f..0000000 --- a/libvirt-3.10.0.tar.xz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABAgAGBQJaJYL/AAoJEBVYiyZZa+pdRmsH/i9aAZCXqz0GiIlPV55Y5Rdl -fGbP2i5o2SSs1u8lcGlC6GtC/WJAInxSMOjxxnjJgcwGVkEW/J5juvEOzZtsCCc2 -lFYIZqWTXgp/PpLr92I8Wz1UkMjy5wabKG6PcZGt7kxaFcAUb5P4ODZe+CH9NyD3 -UJHg0R7j6t81z43f9yzXOpEPATHfTCXg0TNUeqg0q7oJU3mmdZI8qxznMX+88xO+ -tUcZGDKADDtxEVDjTWPU1SZjHGEeZ2cIMJA5nsfuEFeghU1iV4QzMgnd/84fKWIh -7tsUCF93dismVE5xwVNUvTWwmHc4shj7tSj93117GH25SPwvr/GyDEYPEp9CMEE= -=gYo3 ------END PGP SIGNATURE----- diff --git a/libvirt-4.0.0.tar.xz b/libvirt-4.0.0.tar.xz new file mode 100644 index 0000000..51269ea --- /dev/null +++ b/libvirt-4.0.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e9e8ca1a696b70bca572f367e35807a9800a59aec5158b95fe7f4802a5fadfc8 +size 15002248 diff --git a/libvirt-4.0.0.tar.xz.asc b/libvirt-4.0.0.tar.xz.asc new file mode 100644 index 0000000..7923496 --- /dev/null +++ b/libvirt-4.0.0.tar.xz.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- + +iQEcBAABAgAGBQJaYc40AAoJEBVYiyZZa+pdapkIAJsN77Xyts8WupSGAjNx7BE+ +aWlLfUnXc3TmtvXaqIYP0Vyc0AtWbiDaLAuIxdOXBM7ehABfka4xLevC4+t+cN8P +tMpT+oGnI+PhIAt1u6UAPjNwFvzV91/hwPEeA2Mhcc1+Mgzh/dU6VtbMl0iupgic +tUJOP0r3FN2woh8y5CZUwpCMTIDZ4FlOrqC1iyZfmhAE5nyqM+bO/tArRDZwK4TE +G1oLtioaN0ESY7zY7Vf4fpD9tufyyVfKjDvoMTKSmgzyLTzU3NpPi0NjE1Iw5TqP +m8jlmxvTHati6U6GLVerfZTMOKVfR6WzyWrUPnGkE65xfh9+Eyo66XMtgb04lMo= +=NAMU +-----END PGP SIGNATURE----- diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index 94d0310..896cd53 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -2,11 +2,11 @@ Add POWER8 v2.0 and v2.1 to cpu map XML From: -Index: libvirt-3.10.0/src/cpu/cpu_map.xml +Index: libvirt-4.0.0/src/cpu/cpu_map.xml =================================================================== ---- libvirt-3.10.0.orig/src/cpu/cpu_map.xml -+++ libvirt-3.10.0/src/cpu/cpu_map.xml -@@ -1724,6 +1724,8 @@ +--- libvirt-4.0.0.orig/src/cpu/cpu_map.xml ++++ libvirt-4.0.0/src/cpu/cpu_map.xml +@@ -2346,6 +2346,8 @@ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index e99d175..b556834 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,8 +1,8 @@ -Index: libvirt-3.10.0/configure.ac +Index: libvirt-4.0.0/configure.ac =================================================================== ---- libvirt-3.10.0.orig/configure.ac -+++ libvirt-3.10.0/configure.ac -@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH +--- libvirt-4.0.0.orig/configure.ac ++++ libvirt-4.0.0/configure.ac +@@ -257,6 +257,7 @@ LIBVIRT_ARG_LIBSSH LIBVIRT_ARG_LIBXML LIBVIRT_ARG_MACVTAP LIBVIRT_ARG_NETCF @@ -10,7 +10,7 @@ Index: libvirt-3.10.0/configure.ac LIBVIRT_ARG_NSS LIBVIRT_ARG_NUMACTL LIBVIRT_ARG_OPENWSMAN -@@ -296,6 +297,7 @@ LIBVIRT_CHECK_LIBSSH +@@ -298,6 +299,7 @@ LIBVIRT_CHECK_LIBSSH LIBVIRT_CHECK_LIBXML LIBVIRT_CHECK_MACVTAP LIBVIRT_CHECK_NETCF @@ -18,7 +18,7 @@ Index: libvirt-3.10.0/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_NWFILTER LIBVIRT_CHECK_OPENWSMAN -@@ -993,6 +995,7 @@ LIBVIRT_RESULT_LIBXL +@@ -996,6 +998,7 @@ LIBVIRT_RESULT_LIBXL LIBVIRT_RESULT_LIBXML LIBVIRT_RESULT_MACVTAP LIBVIRT_RESULT_NETCF @@ -26,10 +26,10 @@ Index: libvirt-3.10.0/configure.ac LIBVIRT_RESULT_NSS LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN -Index: libvirt-3.10.0/src/Makefile.am +Index: libvirt-4.0.0/src/Makefile.am =================================================================== ---- libvirt-3.10.0.orig/src/Makefile.am -+++ libvirt-3.10.0/src/Makefile.am +--- libvirt-4.0.0.orig/src/Makefile.am ++++ libvirt-4.0.0/src/Makefile.am @@ -1038,6 +1038,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c @@ -52,10 +52,10 @@ Index: libvirt-3.10.0/src/Makefile.am if WITH_UDEV libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS) libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) -Index: libvirt-3.10.0/tools/virsh.c +Index: libvirt-4.0.0/tools/virsh.c =================================================================== ---- libvirt-3.10.0.orig/tools/virsh.c -+++ libvirt-3.10.0/tools/virsh.c +--- libvirt-4.0.0.orig/tools/virsh.c ++++ libvirt-4.0.0/tools/virsh.c @@ -578,6 +578,8 @@ virshShowVersion(vshControl *ctl ATTRIBU vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -65,10 +65,10 @@ Index: libvirt-3.10.0/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-3.10.0/src/interface/interface_backend_netcf.c +Index: libvirt-4.0.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-3.10.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-3.10.0/src/interface/interface_backend_netcf.c +--- libvirt-4.0.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-4.0.0/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -152,10 +152,10 @@ Index: libvirt-3.10.0/src/interface/interface_backend_netcf.c if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) return -1; if (virRegisterStateDriver(&interfaceStateDriver) < 0) -Index: libvirt-3.10.0/src/interface/interface_driver.c +Index: libvirt-4.0.0/src/interface/interface_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/interface/interface_driver.c -+++ libvirt-3.10.0/src/interface/interface_driver.c +--- libvirt-4.0.0.orig/src/interface/interface_driver.c ++++ libvirt-4.0.0/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -173,10 +173,10 @@ Index: libvirt-3.10.0/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-3.10.0/m4/virt-netcontrol.m4 +Index: libvirt-4.0.0/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-3.10.0/m4/virt-netcontrol.m4 ++++ libvirt-4.0.0/m4/virt-netcontrol.m4 @@ -0,0 +1,39 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 2ceaad9..9471411 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Fri Jan 19 16:31:53 UTC 2018 - jfehlig@suse.com + +- Update to libvirt 4.0.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + 2d07f1f0-fix-storage-crash.patch, + 69ed99c7-dom0-persistent.patch, + 8599aedd-libvirt-guests-dom0-filter.patch, + 0f33025a-virt-aa-helper-handle-more-disk-images.patch, + b475a91b-add-virStringFilterChars-string-utility.patch, + faec1958-lxc-set-hostname-based-on-container-name.patch, + 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch, + fix-virt-aa-helper-profile.patch, + suse-apparmor-signal.patch + - Patches added to fix upstream bugs: + 72adaf2f-revert-qemu-monitor-error-report.patch, + 71d56a39-nodedev-fix-parse-PCI-address.patch + - CVE-2018-5748, CVE-2017-5715, bsc#1071651 + ------------------------------------------------------------------- Thu Jan 11 16:52:43 UTC 2018 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index eae8efd..58a9333 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -53,6 +53,7 @@ %define with_numad 0%{!?_without_numad:0} %define with_firewalld 0%{!?_without_firewalld:0} %define with_libssh 0%{!?_without_libssh:0} +%define with_bash_completion 0%{!?_without_bash_completion:0} # Xen no longer contains xm/xend so disable building the legacy Xen driver %define with_xen 0 @@ -110,6 +111,11 @@ %define with_firewalld 1 %endif +# TODO: On what distros can we support bash-completion? +# SLE12 builds seem fine, but configure fails to detect +# completion support on openSUSE distros. +%define with_bash_completion 0%{!?_without_bash_completion:0} + # rbd enablement is a bit tricky. For x86_64 %ifarch x86_64 # enable on anything newer than 1320, or SLE12 family newer than 120100 @@ -165,7 +171,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 3.10.0 +Version: 4.0.0 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -218,6 +224,9 @@ BuildRequires: xen-devel # For managing ACLs BuildRequires: libacl-devel %endif +%if %{with_bash_completion} +BuildRequires: bash-completion >= 2.0 +%endif BuildRequires: fdupes BuildRequires: libattr-devel BuildRequires: libgcrypt-devel @@ -309,17 +318,11 @@ Source5: suse-qemu-domain-hook.py Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches -Patch0: 2d07f1f0-fix-storage-crash.patch -Patch1: 69ed99c7-dom0-persistent.patch -Patch2: 8599aedd-libvirt-guests-dom0-filter.patch -Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch -Patch4: b475a91b-add-virStringFilterChars-string-utility.patch -Patch5: faec1958-lxc-set-hostname-based-on-container-name.patch -Patch6: 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch +Patch0: 72adaf2f-revert-qemu-monitor-error-report.patch +Patch1: 71d56a39-nodedev-fix-parse-PCI-address.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch -Patch102: fix-virt-aa-helper-profile.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -337,15 +340,14 @@ Patch205: suse-libvirtd-service-xen.patch Patch206: suse-qemu-conf.patch Patch207: suse-ovmf-paths.patch Patch208: suse-apparmor-libnl-paths.patch -Patch209: suse-apparmor-signal.patch -Patch210: support-managed-pci-xen-driver.patch -Patch211: xen-sxpr-disk-type.patch -Patch212: libxl-support-block-script.patch -Patch213: apparmor-no-mount.patch -Patch214: qemu-apparmor-screenshot.patch -Patch215: libvirt-suse-netcontrol.patch -Patch216: lxc-wait-after-eth-del.patch -Patch217: libxl-qemu-emulator-caps.patch +Patch209: support-managed-pci-xen-driver.patch +Patch210: xen-sxpr-disk-type.patch +Patch211: libxl-support-block-script.patch +Patch212: apparmor-no-mount.patch +Patch213: qemu-apparmor-screenshot.patch +Patch214: libvirt-suse-netcontrol.patch +Patch215: lxc-wait-after-eth-del.patch +Patch216: libxl-qemu-emulator-caps.patch # SLES-Only patches %if ! 0%{?is_opensuse} Patch400: virt-create-rootfs.patch @@ -903,14 +905,8 @@ libvirt plugin for NSS for translating domain names into IP addresses. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 %patch100 -p1 %patch101 -p1 -%patch102 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -934,7 +930,6 @@ libvirt plugin for NSS for translating domain names into IP addresses. %patch214 -p1 %patch215 -p1 %patch216 -p1 -%patch217 -p1 %if ! 0%{?is_opensuse} %patch400 -p1 %endif @@ -1390,6 +1385,9 @@ fi %{_datadir}/systemtap/tapset/libvirt_probes*.stp %{_datadir}/systemtap/tapset/libvirt_qemu_probes*.stp %{_datadir}/systemtap/tapset/libvirt_functions.stp +%if %{with_bash_completion} +%{_datadir}/bash-completion/completions/vsh +%endif %dir %{_localstatedir}/lib/libvirt/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/ diff --git a/libxl-dom-reset.patch b/libxl-dom-reset.patch index b83e6e8..06794c9 100644 --- a/libxl-dom-reset.patch +++ b/libxl-dom-reset.patch @@ -8,10 +8,10 @@ Date: Mon Jun 23 15:51:20 2014 -0600 option, but domainReset can be implemented in the libxl driver by forcibly destroying the domain and starting it again. -Index: libvirt-3.10.0/src/libxl/libxl_driver.c +Index: libvirt-4.0.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_driver.c -+++ libvirt-3.10.0/src/libxl/libxl_driver.c +--- libvirt-4.0.0.orig/src/libxl/libxl_driver.c ++++ libvirt-4.0.0/src/libxl/libxl_driver.c @@ -1382,6 +1382,61 @@ libxlDomainReboot(virDomainPtr dom, unsi } diff --git a/libxl-qemu-emulator-caps.patch b/libxl-qemu-emulator-caps.patch index 7be363f..3ec0b19 100644 --- a/libxl-qemu-emulator-caps.patch +++ b/libxl-qemu-emulator-caps.patch @@ -8,10 +8,10 @@ as the default , instead of the qemu-xen one. See FATE#320638 for details. -Index: libvirt-3.10.0/src/libxl/libxl_capabilities.c +Index: libvirt-4.0.0/src/libxl/libxl_capabilities.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_capabilities.c -+++ libvirt-3.10.0/src/libxl/libxl_capabilities.c +--- libvirt-4.0.0.orig/src/libxl/libxl_capabilities.c ++++ libvirt-4.0.0/src/libxl/libxl_capabilities.c @@ -38,6 +38,7 @@ #include "libxl_capabilities.h" #include "cpu/cpu_x86.h" diff --git a/libxl-set-cach-mode.patch b/libxl-set-cach-mode.patch index 728d1c4..cb49f71 100644 --- a/libxl-set-cach-mode.patch +++ b/libxl-set-cach-mode.patch @@ -3,11 +3,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425 src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) -Index: libvirt-3.10.0/src/libxl/libxl_conf.c +Index: libvirt-4.0.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_conf.c -+++ libvirt-3.10.0/src/libxl/libxl_conf.c -@@ -735,6 +735,30 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-4.0.0.orig/src/libxl/libxl_conf.c ++++ libvirt-4.0.0/src/libxl/libxl_conf.c +@@ -736,6 +736,30 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -38,7 +38,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c static char * libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src, const char *username, -@@ -983,6 +1007,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -984,6 +1008,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0; if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; diff --git a/libxl-set-migration-constraints.patch b/libxl-set-migration-constraints.patch index 36a2456..a571ccc 100644 --- a/libxl-set-migration-constraints.patch +++ b/libxl-set-migration-constraints.patch @@ -16,10 +16,10 @@ Signed-off-by: Jim Fehlig tools/virsh.pod | 8 ++++++++ 6 files changed, 125 insertions(+), 6 deletions(-) -Index: libvirt-3.10.0/include/libvirt/libvirt-domain.h +Index: libvirt-4.0.0/include/libvirt/libvirt-domain.h =================================================================== ---- libvirt-3.10.0.orig/include/libvirt/libvirt-domain.h -+++ libvirt-3.10.0/include/libvirt/libvirt-domain.h +--- libvirt-4.0.0.orig/include/libvirt/libvirt-domain.h ++++ libvirt-4.0.0/include/libvirt/libvirt-domain.h @@ -1008,6 +1008,31 @@ typedef enum { */ # define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment" @@ -52,10 +52,10 @@ Index: libvirt-3.10.0/include/libvirt/libvirt-domain.h /* Domain migration. */ virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn, unsigned long flags, const char *dname, -Index: libvirt-3.10.0/src/libxl/libxl_driver.c +Index: libvirt-4.0.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_driver.c -+++ libvirt-3.10.0/src/libxl/libxl_driver.c +--- libvirt-4.0.0.orig/src/libxl/libxl_driver.c ++++ libvirt-4.0.0/src/libxl/libxl_driver.c @@ -6100,6 +6100,9 @@ libxlDomainMigratePerform3Params(virDoma const char *dname = NULL; const char *uri = NULL; @@ -99,10 +99,10 @@ Index: libvirt-3.10.0/src/libxl/libxl_driver.c goto cleanup; } -Index: libvirt-3.10.0/src/libxl/libxl_migration.c +Index: libvirt-4.0.0/src/libxl/libxl_migration.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_migration.c -+++ libvirt-3.10.0/src/libxl/libxl_migration.c +--- libvirt-4.0.0.orig/src/libxl/libxl_migration.c ++++ libvirt-4.0.0/src/libxl/libxl_migration.c @@ -359,18 +359,39 @@ libxlMigrateReceive(virNetSocketPtr sock static int libxlDoMigrateSend(libxlDriverPrivatePtr driver, @@ -263,10 +263,10 @@ Index: libvirt-3.10.0/src/libxl/libxl_migration.c virObjectLock(vm); cleanup: -Index: libvirt-3.10.0/src/libxl/libxl_migration.h +Index: libvirt-4.0.0/src/libxl/libxl_migration.h =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_migration.h -+++ libvirt-3.10.0/src/libxl/libxl_migration.h +--- libvirt-4.0.0.orig/src/libxl/libxl_migration.h ++++ libvirt-4.0.0/src/libxl/libxl_migration.h @@ -39,6 +39,10 @@ VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \ VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \ @@ -311,11 +311,11 @@ Index: libvirt-3.10.0/src/libxl/libxl_migration.h virDomainPtr libxlDomainMigrationFinish(virConnectPtr dconn, -Index: libvirt-3.10.0/tools/virsh-domain.c +Index: libvirt-4.0.0/tools/virsh-domain.c =================================================================== ---- libvirt-3.10.0.orig/tools/virsh-domain.c -+++ libvirt-3.10.0/tools/virsh-domain.c -@@ -10536,6 +10536,22 @@ static const vshCmdOptDef opts_migrate[] +--- libvirt-4.0.0.orig/tools/virsh-domain.c ++++ libvirt-4.0.0/tools/virsh-domain.c +@@ -10540,6 +10540,22 @@ static const vshCmdOptDef opts_migrate[] .type = VSH_OT_BOOL, .help = N_("use TLS for migration") }, @@ -338,7 +338,7 @@ Index: libvirt-3.10.0/tools/virsh-domain.c {.name = NULL} }; -@@ -10559,6 +10575,7 @@ doMigrate(void *opaque) +@@ -10563,6 +10579,7 @@ doMigrate(void *opaque) unsigned long long ullOpt = 0; int rv; virConnectPtr dconn = data->dconn; @@ -346,7 +346,7 @@ Index: libvirt-3.10.0/tools/virsh-domain.c sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); -@@ -10678,6 +10695,27 @@ doMigrate(void *opaque) +@@ -10682,6 +10699,27 @@ doMigrate(void *opaque) goto save_error; } @@ -374,10 +374,10 @@ Index: libvirt-3.10.0/tools/virsh-domain.c if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0) goto out; if (opt) { -Index: libvirt-3.10.0/tools/virsh.pod +Index: libvirt-4.0.0/tools/virsh.pod =================================================================== ---- libvirt-3.10.0.orig/tools/virsh.pod -+++ libvirt-3.10.0/tools/virsh.pod +--- libvirt-4.0.0.orig/tools/virsh.pod ++++ libvirt-4.0.0/tools/virsh.pod @@ -1849,6 +1849,14 @@ Providing I<--tls> causes the migration the migration of the domain. Usage requires proper TLS setup for both source and target. diff --git a/libxl-support-block-script.patch b/libxl-support-block-script.patch index e58b782..738cb18 100644 --- a/libxl-support-block-script.patch +++ b/libxl-support-block-script.patch @@ -7,11 +7,11 @@ and npiv. For more details, see bsc#954872 and FATE#319810 -Index: libvirt-3.10.0/src/libxl/libxl_conf.c +Index: libvirt-4.0.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-3.10.0.orig/src/libxl/libxl_conf.c -+++ libvirt-3.10.0/src/libxl/libxl_conf.c -@@ -735,6 +735,25 @@ libxlDiskSetDiscard(libxl_device_disk *x +--- libvirt-4.0.0.orig/src/libxl/libxl_conf.c ++++ libvirt-4.0.0/src/libxl/libxl_conf.c +@@ -736,6 +736,25 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } @@ -37,7 +37,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c static void libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode) { -@@ -880,6 +899,7 @@ libxlMakeNetworkDiskSrc(virStorageSource +@@ -881,6 +900,7 @@ libxlMakeNetworkDiskSrc(virStorageSource int libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk) { @@ -45,7 +45,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c const char *driver = virDomainDiskGetDriver(l_disk); int format = virDomainDiskGetFormat(l_disk); int actual_type = virStorageSourceGetActualType(l_disk->src); -@@ -895,7 +915,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -896,7 +916,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0) return -1; } else { @@ -54,7 +54,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c return -1; } -@@ -1008,6 +1028,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk +@@ -1009,6 +1029,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0) return -1; libxlDiskSetCacheMode(x_disk, l_disk->cachemode); diff --git a/lxc-wait-after-eth-del.patch b/lxc-wait-after-eth-del.patch index 06e0004..df3b7bd 100644 --- a/lxc-wait-after-eth-del.patch +++ b/lxc-wait-after-eth-del.patch @@ -13,10 +13,10 @@ device with the same name that is being created. src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -Index: libvirt-3.10.0/src/lxc/lxc_controller.c +Index: libvirt-4.0.0/src/lxc/lxc_controller.c =================================================================== ---- libvirt-3.10.0.orig/src/lxc/lxc_controller.c -+++ libvirt-3.10.0/src/lxc/lxc_controller.c +--- libvirt-4.0.0.orig/src/lxc/lxc_controller.c ++++ libvirt-4.0.0/src/lxc/lxc_controller.c @@ -73,6 +73,7 @@ #include "rpc/virnetdaemon.h" #include "virstring.h" @@ -33,10 +33,10 @@ Index: libvirt-3.10.0/src/lxc/lxc_controller.c return ret; } -Index: libvirt-3.10.0/src/lxc/lxc_driver.c +Index: libvirt-4.0.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/lxc/lxc_driver.c -+++ libvirt-3.10.0/src/lxc/lxc_driver.c +--- libvirt-4.0.0.orig/src/lxc/lxc_driver.c ++++ libvirt-4.0.0/src/lxc/lxc_driver.c @@ -76,6 +76,7 @@ #include "virtime.h" #include "virtypedparam.h" @@ -61,10 +61,10 @@ Index: libvirt-3.10.0/src/lxc/lxc_driver.c break; /* It'd be nice to support this, but with macvlan -Index: libvirt-3.10.0/src/lxc/lxc_process.c +Index: libvirt-4.0.0/src/lxc/lxc_process.c =================================================================== ---- libvirt-3.10.0.orig/src/lxc/lxc_process.c -+++ libvirt-3.10.0/src/lxc/lxc_process.c +--- libvirt-4.0.0.orig/src/lxc/lxc_process.c ++++ libvirt-4.0.0/src/lxc/lxc_process.c @@ -52,6 +52,7 @@ #include "viratomic.h" #include "virprocess.h" diff --git a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch index 6488e53..7a1e394 100644 --- a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch +++ b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -17,10 +17,10 @@ Signed-off-by: Martin Wilck tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) -Index: libvirt-3.10.0/src/network/bridge_driver.c +Index: libvirt-4.0.0/src/network/bridge_driver.c =================================================================== ---- libvirt-3.10.0.orig/src/network/bridge_driver.c -+++ libvirt-3.10.0/src/network/bridge_driver.c +--- libvirt-4.0.0.orig/src/network/bridge_driver.c ++++ libvirt-4.0.0/src/network/bridge_driver.c @@ -1393,7 +1393,14 @@ networkDnsmasqConfContents(virNetworkObj if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) { if (ipdef->nranges || ipdef->nhosts) { @@ -37,10 +37,10 @@ Index: libvirt-3.10.0/src/network/bridge_driver.c } if (ipdef->tftproot) { -Index: libvirt-3.10.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +Index: libvirt-4.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf =================================================================== ---- libvirt-3.10.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf -+++ libvirt-3.10.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +--- libvirt-4.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf ++++ libvirt-4.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf @@ -10,7 +10,6 @@ bind-dynamic interface=virbr1 dhcp-range=192.168.122.1,static diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index 1f1e893..026d24d 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-3.10.0/src/util/virarch.c +Index: libvirt-4.0.0/src/util/virarch.c =================================================================== ---- libvirt-3.10.0.orig/src/util/virarch.c -+++ libvirt-3.10.0/src/util/virarch.c +--- libvirt-4.0.0.orig/src/util/virarch.c ++++ libvirt-4.0.0/src/util/virarch.c @@ -169,6 +169,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index d72ffa2..d8fbfa1 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,11 +1,11 @@ -Index: libvirt-3.10.0/examples/apparmor/libvirt-qemu +Index: libvirt-4.0.0/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-3.10.0.orig/examples/apparmor/libvirt-qemu -+++ libvirt-3.10.0/examples/apparmor/libvirt-qemu -@@ -191,3 +191,6 @@ - /sys/devices/system/node/ r, - /sys/devices/system/node/node[0-9]*/meminfo r, - /sys/module/vhost/parameters/max_mem_regions r, +--- libvirt-4.0.0.orig/examples/apparmor/libvirt-qemu ++++ libvirt-4.0.0/examples/apparmor/libvirt-qemu +@@ -193,3 +193,6 @@ + # silence refusals to open lttng files (see LP: #1432644) + deny /dev/shm/lttng-ust-wait-* r, + deny /run/shm/lttng-ust-wait-* r, + + # Temporary screendump rule -- See bsc#904426 + /var/cache/libvirt/qemu/qemu.screendump.* rw, diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index bee1032..ea24917 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-3.10.0/src/xenconfig/xen_common.c +Index: libvirt-4.0.0/src/xenconfig/xen_common.c =================================================================== ---- libvirt-3.10.0.orig/src/xenconfig/xen_common.c -+++ libvirt-3.10.0/src/xenconfig/xen_common.c +--- libvirt-4.0.0.orig/src/xenconfig/xen_common.c ++++ libvirt-4.0.0/src/xenconfig/xen_common.c @@ -394,6 +394,8 @@ xenParsePCI(virConfPtr conf, virDomainDe { virConfValuePtr list = virConfGetValue(conf, "pci"); @@ -66,10 +66,10 @@ Index: libvirt-3.10.0/src/xenconfig/xen_common.c hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c +Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c +--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c @@ -1057,6 +1057,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; diff --git a/suse-apparmor-libnl-paths.patch b/suse-apparmor-libnl-paths.patch index f67bb2b..734b1c2 100644 --- a/suse-apparmor-libnl-paths.patch +++ b/suse-apparmor-libnl-paths.patch @@ -8,10 +8,10 @@ It was also noticed that the per-domain profiles need a libnl rule to squelch a denial when starting confined domains. Found while investigating bsc#1058847 -Index: libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-4.0.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-3.10.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper -+++ libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-4.0.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper ++++ libvirt-4.0.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/ owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, @@ -21,10 +21,10 @@ Index: libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper # for hostdev /sys/devices/ r, -Index: libvirt-3.10.0/examples/apparmor/libvirt-qemu +Index: libvirt-4.0.0/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-3.10.0.orig/examples/apparmor/libvirt-qemu -+++ libvirt-3.10.0/examples/apparmor/libvirt-qemu +--- libvirt-4.0.0.orig/examples/apparmor/libvirt-qemu ++++ libvirt-4.0.0/examples/apparmor/libvirt-qemu @@ -62,6 +62,7 @@ #/dev/fb* rw, diff --git a/suse-apparmor-signal.patch b/suse-apparmor-signal.patch deleted file mode 100644 index b627b6a..0000000 --- a/suse-apparmor-signal.patch +++ /dev/null @@ -1,26 +0,0 @@ -apparmor: allow libvirtd to send signals to unconfined processes - -When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0), -qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing -sending signals to unconfined processes. Without the rule, libvirtd -is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the -following denial in audit.log - -type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal" -profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send" -denied_mask="send" signal=term peer="unconfined" - -Index: libvirt-3.10.0/examples/apparmor/usr.sbin.libvirtd -=================================================================== ---- libvirt-3.10.0.orig/examples/apparmor/usr.sbin.libvirtd -+++ libvirt-3.10.0/examples/apparmor/usr.sbin.libvirtd -@@ -60,6 +60,9 @@ - - signal (send) peer=/usr/sbin/dnsmasq, - signal (read, send) peer=libvirt-*, -+ # When confinement is not enforced (security_default_confined = 0), qemu -+ # processes run unconfined, hence 'peer=unconfined' -+ signal send set=(hup,kill,term) peer=unconfined, - - # Very lenient profile for libvirtd since we want to first focus on confining - # the guests. Guests will have a very restricted profile. diff --git a/suse-libvirt-guests-service.patch b/suse-libvirt-guests-service.patch index 9f3820f..8da4dd8 100644 --- a/suse-libvirt-guests-service.patch +++ b/suse-libvirt-guests-service.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests service to conform to SUSE standards -Index: libvirt-3.10.0/tools/libvirt-guests.init.in +Index: libvirt-4.0.0/tools/libvirt-guests.init.in =================================================================== ---- libvirt-3.10.0.orig/tools/libvirt-guests.init.in -+++ libvirt-3.10.0/tools/libvirt-guests.init.in +--- libvirt-4.0.0.orig/tools/libvirt-guests.init.in ++++ libvirt-4.0.0/tools/libvirt-guests.init.in @@ -4,27 +4,27 @@ # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html # @@ -46,10 +46,10 @@ Index: libvirt-3.10.0/tools/libvirt-guests.init.in + exec @libexecdir@/libvirt-guests.sh "$@" -Index: libvirt-3.10.0/tools/libvirt-guests.sh.in +Index: libvirt-4.0.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-3.10.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-3.10.0/tools/libvirt-guests.sh.in +--- libvirt-4.0.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-4.0.0/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -209,10 +209,10 @@ Index: libvirt-3.10.0/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-3.10.0/tools/libvirt-guests.sysconf +Index: libvirt-4.0.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-3.10.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-3.10.0/tools/libvirt-guests.sysconf +--- libvirt-4.0.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-4.0.0/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/suse-libvirtd-disable-tls.patch b/suse-libvirtd-disable-tls.patch index 3d9ed14..d2da51c 100644 --- a/suse-libvirtd-disable-tls.patch +++ b/suse-libvirtd-disable-tls.patch @@ -3,10 +3,10 @@ Disable TLS by default On SUSE distros, the default is for libvirtd to listen only on the Unix Domain Socket. The libvirt client still provides remote access via a SSH tunnel. -Index: libvirt-3.10.0/daemon/libvirtd.conf +Index: libvirt-4.0.0/daemon/libvirtd.conf =================================================================== ---- libvirt-3.10.0.orig/daemon/libvirtd.conf -+++ libvirt-3.10.0/daemon/libvirtd.conf +--- libvirt-4.0.0.orig/daemon/libvirtd.conf ++++ libvirt-4.0.0/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -18,10 +18,10 @@ Index: libvirt-3.10.0/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-3.10.0/daemon/libvirtd-config.c +Index: libvirt-4.0.0/daemon/libvirtd-config.c =================================================================== ---- libvirt-3.10.0.orig/daemon/libvirtd-config.c -+++ libvirt-3.10.0/daemon/libvirtd-config.c +--- libvirt-4.0.0.orig/daemon/libvirtd-config.c ++++ libvirt-4.0.0/daemon/libvirtd-config.c @@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -31,10 +31,10 @@ Index: libvirt-3.10.0/daemon/libvirtd-config.c data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-3.10.0/daemon/test_libvirtd.aug.in +Index: libvirt-4.0.0/daemon/test_libvirtd.aug.in =================================================================== ---- libvirt-3.10.0.orig/daemon/test_libvirtd.aug.in -+++ libvirt-3.10.0/daemon/test_libvirtd.aug.in +--- libvirt-4.0.0.orig/daemon/test_libvirtd.aug.in ++++ libvirt-4.0.0/daemon/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: diff --git a/suse-libvirtd-service-xen.patch b/suse-libvirtd-service-xen.patch index 46017f9..6cffc66 100644 --- a/suse-libvirtd-service-xen.patch +++ b/suse-libvirtd-service-xen.patch @@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based tools. If a user installs libvirt on their SUSE Xen host, then libvirt should be king and override xendomains. See bsc#1015348 -Index: libvirt-3.10.0/daemon/libvirtd.service.in +Index: libvirt-4.0.0/daemon/libvirtd.service.in =================================================================== ---- libvirt-3.10.0.orig/daemon/libvirtd.service.in -+++ libvirt-3.10.0/daemon/libvirtd.service.in +--- libvirt-4.0.0.orig/daemon/libvirtd.service.in ++++ libvirt-4.0.0/daemon/libvirtd.service.in @@ -14,6 +14,8 @@ After=iscsid.service After=apparmor.service After=local-fs.target diff --git a/suse-libvirtd-sysconfig-settings.patch b/suse-libvirtd-sysconfig-settings.patch index 8d0f906..fbb0495 100644 --- a/suse-libvirtd-sysconfig-settings.patch +++ b/suse-libvirtd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-3.10.0/daemon/libvirtd.sysconf +Index: libvirt-4.0.0/daemon/libvirtd.sysconf =================================================================== ---- libvirt-3.10.0.orig/daemon/libvirtd.sysconf -+++ libvirt-3.10.0/daemon/libvirtd.sysconf +--- libvirt-4.0.0.orig/daemon/libvirtd.sysconf ++++ libvirt-4.0.0/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/suse-ovmf-paths.patch b/suse-ovmf-paths.patch index 7737e3d..3973762 100644 --- a/suse-ovmf-paths.patch +++ b/suse-ovmf-paths.patch @@ -1,9 +1,9 @@ Adjust paths of OVMF firmwares on SUSE distros -Index: libvirt-3.10.0/src/qemu/qemu.conf +Index: libvirt-4.0.0/src/qemu/qemu.conf =================================================================== ---- libvirt-3.10.0.orig/src/qemu/qemu.conf -+++ libvirt-3.10.0/src/qemu/qemu.conf +--- libvirt-4.0.0.orig/src/qemu/qemu.conf ++++ libvirt-4.0.0/src/qemu/qemu.conf @@ -743,10 +743,9 @@ security_default_confined = 0 # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default # follows this scheme. @@ -18,10 +18,10 @@ Index: libvirt-3.10.0/src/qemu/qemu.conf #] # The backend to use for handling stdout/stderr output from -Index: libvirt-3.10.0/src/qemu/qemu_conf.c +Index: libvirt-4.0.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-3.10.0.orig/src/qemu/qemu_conf.c -+++ libvirt-3.10.0/src/qemu/qemu_conf.c +--- libvirt-4.0.0.orig/src/qemu/qemu_conf.c ++++ libvirt-4.0.0/src/qemu/qemu_conf.c @@ -127,10 +127,9 @@ void qemuDomainCmdlineDefFree(qemuDomain #ifndef DEFAULT_LOADER_NVRAM diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 5e21dbe..3441f8b 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -7,10 +7,10 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch, etc.), but for now they are all lumped together in this single patch. -Index: libvirt-3.10.0/src/qemu/qemu.conf +Index: libvirt-4.0.0/src/qemu/qemu.conf =================================================================== ---- libvirt-3.10.0.orig/src/qemu/qemu.conf -+++ libvirt-3.10.0/src/qemu/qemu.conf +--- libvirt-4.0.0.orig/src/qemu/qemu.conf ++++ libvirt-4.0.0/src/qemu/qemu.conf @@ -380,11 +380,20 @@ # isolation, but it cannot appear in a list of drivers. # diff --git a/suse-virtlockd-sysconfig-settings.patch b/suse-virtlockd-sysconfig-settings.patch index 351a4d2..bcd6ae6 100644 --- a/suse-virtlockd-sysconfig-settings.patch +++ b/suse-virtlockd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlockd sysconfig file to conform to SUSE standards -Index: libvirt-3.10.0/src/locking/virtlockd.sysconf +Index: libvirt-4.0.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-3.10.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-3.10.0/src/locking/virtlockd.sysconf +--- libvirt-4.0.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-4.0.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + diff --git a/suse-virtlogd-sysconfig-settings.patch b/suse-virtlogd-sysconfig-settings.patch index 6f0fd5e..29de615 100644 --- a/suse-virtlogd-sysconfig-settings.patch +++ b/suse-virtlogd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlogd sysconfig file to conform to SUSE standards -Index: libvirt-3.10.0/src/logging/virtlogd.sysconf +Index: libvirt-4.0.0/src/logging/virtlogd.sysconf =================================================================== ---- libvirt-3.10.0.orig/src/logging/virtlogd.sysconf -+++ libvirt-3.10.0/src/logging/virtlogd.sysconf +--- libvirt-4.0.0.orig/src/logging/virtlogd.sysconf ++++ libvirt-4.0.0/src/logging/virtlogd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlogd + diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index 02cf2ff..b2ab06a 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c +Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c +--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c @@ -387,7 +387,7 @@ xenParseSxprVifRate(const char *rate, un static int xenParseSxprDisks(virDomainDefPtr def, diff --git a/xen-sxpr-disk-type.patch b/xen-sxpr-disk-type.patch index fd116b7..2409c46 100644 --- a/xen-sxpr-disk-type.patch +++ b/xen-sxpr-disk-type.patch @@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c. https://bugzilla.suse.com/show_bug.cgi?id=938228 -Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c +Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c +--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c @@ -501,10 +501,11 @@ xenParseSxprDisks(virDomainDefPtr def, omnipotent, we can revisit this, perhaps stat()'ing the src file in question */ From 1fb915174299a23fae93e62a7fef893d7eff7ff02599dc2f2fcf92d90615abd2 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 19 Jan 2018 19:36:00 +0000 Subject: [PATCH 2/3] add bug 1076500 to last changelog entry OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=662 --- libvirt.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.changes b/libvirt.changes index 9471411..fa10850 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -17,7 +17,7 @@ Fri Jan 19 16:31:53 UTC 2018 - jfehlig@suse.com - Patches added to fix upstream bugs: 72adaf2f-revert-qemu-monitor-error-report.patch, 71d56a39-nodedev-fix-parse-PCI-address.patch - - CVE-2018-5748, CVE-2017-5715, bsc#1071651 + - CVE-2018-5748, CVE-2017-5715, bsc#1071651, bsc#1076500 ------------------------------------------------------------------- Thu Jan 11 16:52:43 UTC 2018 - jfehlig@suse.com From 14ffab8d40f702bdb9565fb6850c201ffc7a05bdb28ff1aadb4f2c05cb90faf3 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 22 Jan 2018 20:41:06 +0000 Subject: [PATCH 3/3] Accepting request 568385 from home:jfehlig:branches:Virtualization Inadvertently removed suse-apparmor-signal.patch. Add it back. OBS-URL: https://build.opensuse.org/request/show/568385 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=663 --- libvirt.changes | 1 - libvirt.spec | 18 ++++++++++-------- suse-apparmor-signal.patch | 25 +++++++++++++++++++++++++ virt-create-rootfs.patch | 18 +++++++++--------- 4 files changed, 44 insertions(+), 18 deletions(-) create mode 100644 suse-apparmor-signal.patch diff --git a/libvirt.changes b/libvirt.changes index fa10850..df45de9 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -13,7 +13,6 @@ Fri Jan 19 16:31:53 UTC 2018 - jfehlig@suse.com faec1958-lxc-set-hostname-based-on-container-name.patch, 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch, fix-virt-aa-helper-profile.patch, - suse-apparmor-signal.patch - Patches added to fix upstream bugs: 72adaf2f-revert-qemu-monitor-error-report.patch, 71d56a39-nodedev-fix-parse-PCI-address.patch diff --git a/libvirt.spec b/libvirt.spec index 58a9333..5c74b8f 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -340,14 +340,15 @@ Patch205: suse-libvirtd-service-xen.patch Patch206: suse-qemu-conf.patch Patch207: suse-ovmf-paths.patch Patch208: suse-apparmor-libnl-paths.patch -Patch209: support-managed-pci-xen-driver.patch -Patch210: xen-sxpr-disk-type.patch -Patch211: libxl-support-block-script.patch -Patch212: apparmor-no-mount.patch -Patch213: qemu-apparmor-screenshot.patch -Patch214: libvirt-suse-netcontrol.patch -Patch215: lxc-wait-after-eth-del.patch -Patch216: libxl-qemu-emulator-caps.patch +Patch209: suse-apparmor-signal.patch +Patch210: support-managed-pci-xen-driver.patch +Patch211: xen-sxpr-disk-type.patch +Patch212: libxl-support-block-script.patch +Patch213: apparmor-no-mount.patch +Patch214: qemu-apparmor-screenshot.patch +Patch215: libvirt-suse-netcontrol.patch +Patch216: lxc-wait-after-eth-del.patch +Patch217: libxl-qemu-emulator-caps.patch # SLES-Only patches %if ! 0%{?is_opensuse} Patch400: virt-create-rootfs.patch @@ -930,6 +931,7 @@ libvirt plugin for NSS for translating domain names into IP addresses. %patch214 -p1 %patch215 -p1 %patch216 -p1 +%patch217 -p1 %if ! 0%{?is_opensuse} %patch400 -p1 %endif diff --git a/suse-apparmor-signal.patch b/suse-apparmor-signal.patch new file mode 100644 index 0000000..1b91a2e --- /dev/null +++ b/suse-apparmor-signal.patch @@ -0,0 +1,25 @@ +apparmor: allow libvirtd to send signals to unconfined processes + +When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0), +qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing +sending signals to unconfined processes. Without the rule, libvirtd +is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the +following denial in audit.log + +type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal" +profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send" +denied_mask="send" signal=term peer="unconfined" + +Index: libvirt-4.0.0/examples/apparmor/usr.sbin.libvirtd +=================================================================== +--- libvirt-4.0.0.orig/examples/apparmor/usr.sbin.libvirtd ++++ libvirt-4.0.0/examples/apparmor/usr.sbin.libvirtd +@@ -63,7 +63,7 @@ + + signal (send) peer=/usr/sbin/dnsmasq, + signal (read, send) peer=libvirt-*, +- signal (send) set=("kill") peer=unconfined, ++ signal (send) set=("kill", "term", "hup") peer=unconfined, + + # Very lenient profile for libvirtd since we want to first focus on confining + # the guests. Guests will have a very restricted profile. diff --git a/virt-create-rootfs.patch b/virt-create-rootfs.patch index 6a48de6..bff37a3 100644 --- a/virt-create-rootfs.patch +++ b/virt-create-rootfs.patch @@ -1,7 +1,7 @@ -Index: libvirt-3.10.0/tools/Makefile.am +Index: libvirt-4.0.0/tools/Makefile.am =================================================================== ---- libvirt-3.10.0.orig/tools/Makefile.am -+++ libvirt-3.10.0/tools/Makefile.am +--- libvirt-4.0.0.orig/tools/Makefile.am ++++ libvirt-4.0.0/tools/Makefile.am @@ -52,6 +52,7 @@ PODFILES = \ virt-sanlock-cleanup.pod \ virt-xml-validate.pod \ @@ -10,7 +10,7 @@ Index: libvirt-3.10.0/tools/Makefile.am $(NULL) MANINFILES = \ -@@ -85,7 +86,7 @@ MAINTAINERCLEANFILES = +@@ -86,7 +87,7 @@ MAINTAINERCLEANFILES = confdir = $(sysconfdir)/libvirt conf_DATA = @@ -19,7 +19,7 @@ Index: libvirt-3.10.0/tools/Makefile.am bin_PROGRAMS = virsh virt-admin libexec_SCRIPTS = libvirt-guests.sh man1_MANS = \ -@@ -111,6 +112,8 @@ bin_PROGRAMS += virt-host-validate +@@ -112,6 +113,8 @@ bin_PROGRAMS += virt-host-validate man1_MANS += virt-host-validate.1 endif WITH_HOST_VALIDATE @@ -28,10 +28,10 @@ Index: libvirt-3.10.0/tools/Makefile.am virt-xml-validate: virt-xml-validate.in Makefile $(AM_V_GEN)sed -e 's|[@]schemadir@|$(pkgdatadir)/schemas|g' \ -e 's|[@]VERSION@|$(VERSION)|g' \ -Index: libvirt-3.10.0/tools/virt-create-rootfs +Index: libvirt-4.0.0/tools/virt-create-rootfs =================================================================== --- /dev/null -+++ libvirt-3.10.0/tools/virt-create-rootfs ++++ libvirt-4.0.0/tools/virt-create-rootfs @@ -0,0 +1,214 @@ +#!/bin/sh +set -e @@ -247,10 +247,10 @@ Index: libvirt-3.10.0/tools/virt-create-rootfs + echo "pts/0" >> "$ROOT/etc/securetty" + chroot "$ROOT" /usr/bin/passwd +fi -Index: libvirt-3.10.0/tools/virt-create-rootfs.pod +Index: libvirt-4.0.0/tools/virt-create-rootfs.pod =================================================================== --- /dev/null -+++ libvirt-3.10.0/tools/virt-create-rootfs.pod ++++ libvirt-4.0.0/tools/virt-create-rootfs.pod @@ -0,0 +1,77 @@ +=head1 NAME +