diff --git a/24f3c2f-virt-aa-helper-fix-caps.patch b/24f3c2f-virt-aa-helper-fix-caps.patch new file mode 100644 index 0000000..c293602 --- /dev/null +++ b/24f3c2f-virt-aa-helper-fix-caps.patch @@ -0,0 +1,104 @@ +From 24f3c2f7e0e196df5539616d03e039344768cd26 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Thu, 25 Jun 2015 16:08:42 +0200 +Subject: [PATCH 4/5] virt-aa-helper: add DomainGuest to mockup caps + +With commit 3f9868a virt-aa-helper stopped working due to missing +DomainGuest in the caps. + +The test with -c without arch also needs to be +removed since the new capabilities code uses the host arch when none is +provided. +--- + src/security/virt-aa-helper.c | 25 ++++++++++++++++++++++++- + tests/virt-aa-helper-test | 3 --- + 2 files changed, 24 insertions(+), 4 deletions(-) + +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 604fb93..4ce1e7a 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -73,6 +73,7 @@ typedef struct { + virDomainDefPtr def; /* VM definition */ + virCapsPtr caps; /* VM capabilities */ + virDomainXMLOptionPtr xmlopt; /* XML parser data */ ++ char *virtType; /* type of hypervisor (eg qemu, xen, lxc) */ + char *os; /* type of os (eg hvm, xen, exe) */ + virArch arch; /* machine architecture */ + char *newfile; /* newly added file */ +@@ -89,6 +90,7 @@ vahDeinit(vahControl * ctl) + virObjectUnref(ctl->caps); + virObjectUnref(ctl->xmlopt); + VIR_FREE(ctl->files); ++ VIR_FREE(ctl->virtType); + VIR_FREE(ctl->os); + VIR_FREE(ctl->newfile); + +@@ -641,6 +643,7 @@ verify_xpath_context(xmlXPathContextPtr ctxt) + + /* + * Parse the xml we received to fill in the following: ++ * ctl->virtType + * ctl->os + * ctl->arch + * +@@ -668,6 +671,11 @@ caps_mockup(vahControl * ctl, const char *xmlStr) + if (verify_xpath_context(ctxt) != 0) + goto cleanup; + ++ ctl->virtType = virXPathString("string(./@type)", ctxt); ++ if (!ctl->virtType) { ++ vah_error(ctl, 0, _("domain type is not defined")); ++ goto cleanup; ++ } + ctl->os = virXPathString("string(./os/type[1])", ctxt); + if (!ctl->os) { + vah_error(ctl, 0, _("os.type is not defined")); +@@ -694,7 +702,7 @@ caps_mockup(vahControl * ctl, const char *xmlStr) + static int + get_definition(vahControl * ctl, const char *xmlStr) + { +- int rc = -1, ostype; ++ int rc = -1, ostype, virtType; + virCapsGuestPtr guest; /* this is freed when caps is freed */ + + /* +@@ -730,6 +738,21 @@ get_definition(vahControl * ctl, const char *xmlStr) + goto exit; + } + ++ if ((virtType = virDomainVirtTypeFromString(ctl->virtType)) < 0) { ++ vah_error(ctl, 0, _("unknown virtualization type")); ++ goto exit; ++ } ++ ++ if (virCapabilitiesAddGuestDomain(guest, ++ virtType, ++ NULL, ++ NULL, ++ 0, ++ NULL) == NULL) { ++ vah_error(ctl, 0, _("could not allocate memory")); ++ goto exit; ++ } ++ + ctl->def = virDomainDefParseString(xmlStr, + ctl->caps, ctl->xmlopt, + VIR_DOMAIN_DEF_PARSE_INACTIVE); +diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test +index 96471ff..caf2f97 100755 +--- a/tests/virt-aa-helper-test ++++ b/tests/virt-aa-helper-test +@@ -194,9 +194,6 @@ testme "1" "-c with malformed xml" "-c -u $valid_uuid" "$test_xml" + sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,hvm,,g" "$template_xml" > "$test_xml" + testme "1" "-c with no os.type" "-c -u $valid_uuid" "$test_xml" + +-sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,hvm,hvm,g" "$template_xml" > "$test_xml" +-testme "1" "-c with no architecture" "-c -u $valid_uuid" "$test_xml" +- + sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,hvm,hvm_invalid,g" "$template_xml" > "$test_xml" + testme "1" "-c with invalid hvm" "-c -u $valid_uuid" "$test_xml" + +-- +2.1.4 + diff --git a/45697fe5-libxl-support-dom0.patch b/45697fe5-libxl-support-dom0.patch new file mode 100644 index 0000000..2c77b5a --- /dev/null +++ b/45697fe5-libxl-support-dom0.patch @@ -0,0 +1,225 @@ +commit 45697fe545841af46c95c996439ed59ca3a7ef9d +Author: Jim Fehlig +Date: Mon Jun 22 11:36:59 2015 -0600 + + libxl: support dom0 + + In Xen, dom0 is really just another domain that supports ballooning, + adding/removing devices, changing vcpu configuration, etc. This patch + adds support to the libxl driver for managing dom0. Note that the + legacy xend driver has long supported managing dom0. + + Operations that are not supported on dom0 are filtered in libvirt + where a sensible error is reported. Errors from libxl are not + always helpful. E.g., attempting a save on dom0 results in + + 2015-06-23 15:25:05 MDT libxl: debug: libxl_dom.c:1570:libxl__toolstack_save: domain=0 toolstack data size=8 + 2015-06-23 15:25:05 MDT libxl: debug: libxl.c:979:do_libxl_domain_suspend: ao 0x7f7e68000b70: inprogress: poller=0x7f7e68000930, flags=i + 2015-06-23 15:25:05 MDT libxl-save-helper: debug: starting save: Success + 2015-06-23 15:25:05 MDT xc: detail: xc_domain_save_suse: starting save of domid 0 + 2015-06-23 15:25:05 MDT xc: error: Couldn't map live_shinfo (3 = No such process): Internal error + 2015-06-23 15:25:05 MDT xc: detail: Save exit of domid 0 with errno=3 + 2015-06-23 15:25:05 MDT libxl-save-helper: debug: complete r=1: No such process + 2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:1876:libxl__xc_domain_save_done: saving domain: domain did not respond to suspend request: No such process + 2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:2033:remus_teardown_done: Remus: failed to teardown device for guest with domid 0, rc -8 + + Signed-off-by: Jim Fehlig + +Index: libvirt-1.2.17/src/libxl/libxl_driver.c +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_driver.c ++++ libvirt-1.2.17/src/libxl/libxl_driver.c +@@ -79,6 +79,15 @@ VIR_LOG_INIT("libxl.libxl_driver"); + /* Number of Xen scheduler parameters */ + #define XEN_SCHED_CREDIT_NPARAM 2 + ++#define LIBXL_CHECK_DOM0_GOTO(name, label) \ ++ do { \ ++ if (STREQ_NULLABLE(name, "Domain-0")) { \ ++ virReportError(VIR_ERR_OPERATION_INVALID, "%s", \ ++ _("Domain-0 does not support requested operation")); \ ++ goto label; \ ++ } \ ++ } while (0) ++ + + static libxlDriverPrivatePtr libxl_driver; + +@@ -501,6 +510,63 @@ const struct libxl_event_hooks ev_hooks + }; + + static int ++libxlAddDom0(libxlDriverPrivatePtr driver) ++{ ++ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver); ++ virDomainDefPtr def = NULL; ++ virDomainObjPtr vm = NULL; ++ virDomainDefPtr oldDef = NULL; ++ libxl_dominfo d_info; ++ int ret = -1; ++ ++ libxl_dominfo_init(&d_info); ++ ++ /* Ensure we have a dom0 */ ++ if (libxl_domain_info(cfg->ctx, &d_info, 0) != 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ "%s", _("unable to get Domain-0 information from libxenlight")); ++ goto cleanup; ++ } ++ ++ if (!(def = virDomainDefNew())) ++ goto cleanup; ++ ++ def->id = 0; ++ def->virtType = VIR_DOMAIN_VIRT_XEN; ++ if (VIR_STRDUP(def->name, "Domain-0") < 0) ++ goto cleanup; ++ ++ def->os.type = VIR_DOMAIN_OSTYPE_XEN; ++ ++ if (virUUIDParse("00000000-0000-0000-0000-000000000000", def->uuid) < 0) ++ goto cleanup; ++ ++ if (!(vm = virDomainObjListAdd(driver->domains, def, ++ driver->xmlopt, ++ 0, ++ &oldDef))) ++ goto cleanup; ++ ++ def = NULL; ++ ++ vm->def->vcpus = d_info.vcpu_online; ++ vm->def->maxvcpus = d_info.vcpu_max_id + 1; ++ vm->def->mem.cur_balloon = d_info.current_memkb; ++ vm->def->mem.max_balloon = d_info.max_memkb; ++ ++ ret = 0; ++ ++ cleanup: ++ libxl_dominfo_dispose(&d_info); ++ virDomainDefFree(def); ++ virDomainDefFree(oldDef); ++ if (vm) ++ virObjectUnlock(vm); ++ virObjectUnref(cfg); ++ return ret; ++} ++ ++static int + libxlStateInitialize(bool privileged, + virStateInhibitCallback callback ATTRIBUTE_UNUSED, + void *opaque ATTRIBUTE_UNUSED) +@@ -616,6 +682,10 @@ libxlStateInitialize(bool privileged, + if (!(libxl_driver->xmlopt = libxlCreateXMLConf())) + goto error; + ++ /* Add Domain-0 */ ++ if (libxlAddDom0(libxl_driver) < 0) ++ goto error; ++ + /* Load running domains first. */ + if (virDomainObjListLoadAllConfigs(libxl_driver->domains, + cfg->stateDir, +@@ -1030,6 +1100,8 @@ libxlDomainSuspend(virDomainPtr dom) + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -1086,6 +1158,8 @@ libxlDomainResume(virDomainPtr dom) + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -1147,6 +1221,8 @@ libxlDomainShutdownFlags(virDomainPtr do + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + +@@ -1212,6 +1288,8 @@ libxlDomainReboot(virDomainPtr dom, unsi + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainRebootEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + +@@ -1254,6 +1332,8 @@ libxlDomainDestroyFlags(virDomainPtr dom + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -1656,6 +1736,8 @@ libxlDomainSaveFlags(virDomainPtr dom, c + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainSaveFlagsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -1782,6 +1864,8 @@ libxlDomainCoreDump(virDomainPtr dom, co + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainCoreDumpEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -1877,6 +1961,8 @@ libxlDomainManagedSave(virDomainPtr dom, + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainManagedSaveEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -4000,6 +4086,8 @@ libxlDomainSetAutostart(virDomainPtr dom + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -4294,6 +4382,8 @@ libxlDomainOpenConsole(virDomainPtr dom, + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + ++ LIBXL_CHECK_DOM0_GOTO(vm->def->name, cleanup); ++ + if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +@@ -4817,6 +4907,12 @@ libxlDomainMigrateBegin3Params(virDomain + if (!(vm = libxlDomObjFromDomain(domain))) + return NULL; + ++ if (STREQ_NULLABLE(vm->def->name, "Domain-0")) { ++ virReportError(VIR_ERR_OPERATION_INVALID, "%s", ++ _("Domain-0 cannot be migrated")); ++ return NULL; ++ } ++ + if (virDomainMigrateBegin3ParamsEnsureACL(domain->conn, vm->def) < 0) { + virObjectUnlock(vm); + return NULL; diff --git a/4ffb21c8-libxl-dom0-state-fix.patch b/4ffb21c8-libxl-dom0-state-fix.patch new file mode 100644 index 0000000..26429ef --- /dev/null +++ b/4ffb21c8-libxl-dom0-state-fix.patch @@ -0,0 +1,26 @@ +commit 4ffb21c89a6b9ae2b4bfd2999c24b01433e360a9 +Author: Jim Fehlig +Date: Thu Jul 9 15:16:18 2015 -0600 + + libxl: set dom0 state to running + + Commit 45697fe5 added dom0 to driver->domains, but missed + setting its state to 'running' + + $ virsh list + Id Name State + ---------------------------------------------------- + 0 Domain-0 shut off + +Index: libvirt-1.2.17/src/libxl/libxl_driver.c +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_driver.c ++++ libvirt-1.2.17/src/libxl/libxl_driver.c +@@ -549,6 +549,7 @@ libxlAddDom0(libxlDriverPrivatePtr drive + + def = NULL; + ++ virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED); + vm->def->vcpus = d_info.vcpu_online; + vm->def->maxvcpus = d_info.vcpu_max_id + 1; + vm->def->mem.cur_balloon = d_info.current_memkb; diff --git a/61dab0f-virt-aa-helper-renaming.patch b/61dab0f-virt-aa-helper-renaming.patch new file mode 100644 index 0000000..5015952 --- /dev/null +++ b/61dab0f-virt-aa-helper-renaming.patch @@ -0,0 +1,64 @@ +From 61dab0f74ef79d034542bb77921e69fbbab3cf41 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Thu, 25 Jun 2015 13:01:40 +0200 +Subject: [PATCH 3/5] virt-aa-helper: rename ctl->hvm to ctl->os + +ctl->hvm contains os.type string value, change the name to reflect it. +--- + src/security/virt-aa-helper.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index f8a9cf2..604fb93 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -73,7 +73,7 @@ typedef struct { + virDomainDefPtr def; /* VM definition */ + virCapsPtr caps; /* VM capabilities */ + virDomainXMLOptionPtr xmlopt; /* XML parser data */ +- char *hvm; /* type of hypervisor (eg hvm, xen) */ ++ char *os; /* type of os (eg hvm, xen, exe) */ + virArch arch; /* machine architecture */ + char *newfile; /* newly added file */ + bool append; /* append to .files instead of rewrite */ +@@ -89,7 +89,7 @@ vahDeinit(vahControl * ctl) + virObjectUnref(ctl->caps); + virObjectUnref(ctl->xmlopt); + VIR_FREE(ctl->files); +- VIR_FREE(ctl->hvm); ++ VIR_FREE(ctl->os); + VIR_FREE(ctl->newfile); + + return 0; +@@ -641,7 +641,7 @@ verify_xpath_context(xmlXPathContextPtr ctxt) + + /* + * Parse the xml we received to fill in the following: +- * ctl->hvm ++ * ctl->os + * ctl->arch + * + * These are suitable for setting up a virCapsPtr +@@ -668,8 +668,8 @@ caps_mockup(vahControl * ctl, const char *xmlStr) + if (verify_xpath_context(ctxt) != 0) + goto cleanup; + +- ctl->hvm = virXPathString("string(./os/type[1])", ctxt); +- if (!ctl->hvm) { ++ ctl->os = virXPathString("string(./os/type[1])", ctxt); ++ if (!ctl->os) { + vah_error(ctl, 0, _("os.type is not defined")); + goto cleanup; + } +@@ -714,7 +714,7 @@ get_definition(vahControl * ctl, const char *xmlStr) + goto exit; + } + +- if ((ostype = virDomainOSTypeFromString(ctl->hvm)) < 0) { ++ if ((ostype = virDomainOSTypeFromString(ctl->os)) < 0) { + vah_error(ctl, 0, _("unknown OS type")); + goto exit; + } +-- +2.1.4 + diff --git a/a55a5e7-virt-aa-helper-log.patch b/a55a5e7-virt-aa-helper-log.patch new file mode 100644 index 0000000..eb6cd46 --- /dev/null +++ b/a55a5e7-virt-aa-helper-log.patch @@ -0,0 +1,53 @@ +From a55a5e7cfed57223820478da89422756121fb37c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Thu, 25 Jun 2015 10:36:52 +0200 +Subject: [PATCH 2/5] Get more libvirt errors from virt-aa-helper + +Initializing libvirt log in virt-aa-helper and getting it to output +libvirt log to stderr. This will help debugging problems happening in +libvirt functions called from within virt-aa-helper +--- + src/security/security_apparmor.c | 4 ++++ + src/security/virt-aa-helper.c | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c +index 4134a17..16b8f87 100644 +--- a/src/security/security_apparmor.c ++++ b/src/security/security_apparmor.c +@@ -196,6 +196,10 @@ load_profile(virSecurityManagerPtr mgr, + } + } + ++ virCommandAddEnvFormat(cmd, ++ "LIBVIRT_LOG_OUTPUTS=%d:stderr", ++ virLogGetDefaultPriority()); ++ + virCommandSetInputBuffer(cmd, xml); + rc = virCommandRun(cmd, NULL); + +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 18454c8..f8a9cf2 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -41,6 +41,7 @@ + #include "virbuffer.h" + #include "viralloc.h" + #include "vircommand.h" ++#include "virlog.h" + + #include "security_driver.h" + #include "security_apparmor.h" +@@ -1272,6 +1273,9 @@ main(int argc, char **argv) + exit(EXIT_FAILURE); + } + ++ /* Initialize the log system */ ++ virLogSetFromEnv(); ++ + /* clear the environment */ + environ = NULL; + if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0) +-- +2.1.4 + diff --git a/e44bcae-virt-aa-helper-trailing-slash.patch b/e44bcae-virt-aa-helper-trailing-slash.patch new file mode 100644 index 0000000..a555551 --- /dev/null +++ b/e44bcae-virt-aa-helper-trailing-slash.patch @@ -0,0 +1,28 @@ +From e44bcae9f014946d66fad1164080a4e251197f19 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Wed, 24 Jun 2015 09:56:04 +0200 +Subject: [PATCH 1/5] virt-aa-helper: fix rules for paths with trailing slash + +Rules generated for a path like '/' were having '//' which isn't +correct for apparmor. Make virt-aa-helper smarter to avoid these. +--- + src/security/virt-aa-helper.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 4440552..18454c8 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -795,6 +795,9 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi + goto cleanup; + } + ++ if (tmp[strlen(tmp) - 1] == '/') ++ tmp[strlen(tmp) - 1] = '\0'; ++ + virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "", perms); + if (readonly) { + virBufferAddLit(buf, " # don't audit writes to readonly files\n"); +-- +2.1.4 + diff --git a/e9c27344-libxl-fix-virDomainObj-state.patch b/e9c27344-libxl-fix-virDomainObj-state.patch new file mode 100644 index 0000000..5bc7572 --- /dev/null +++ b/e9c27344-libxl-fix-virDomainObj-state.patch @@ -0,0 +1,232 @@ +commit e9c2734441af0065c69fc1317965a6dd6c7f14e3 +Author: Jim Fehlig +Date: Tue Jul 7 12:29:24 2015 -0600 + + libxl: rework setting the state of virDomainObj + + Set the state of virDomainObj in the functions that + actually change the domain state, instead of the generic + libxlDomainCleanup function. This approach gives functions + calling libxlDomainCleanup more flexibility wrt when and + how they change virDomainObj state via virDomainObjSetState. + + The prior approach of calling virDomainObjSetState in + libxlDomainCleanup resulted in the following incorrect + coding pattern in the various functions that change + domain state + + libxlDomain + call libxl function to do state transition + emit lifecycle event + libxlDomainCleanup + virDomainObjSetState + + Once simple manifestation of this bug is seeing a domain + running in virt-manager after selecting the shutdown button, + even after the domain has long shutdown. + +Index: libvirt-1.2.17/src/libxl/libxl_domain.c +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_domain.c ++++ libvirt-1.2.17/src/libxl/libxl_domain.c +@@ -397,7 +397,6 @@ libxlDomainShutdownThread(void *opaque) + libxlDriverPrivatePtr driver = shutdown_info->driver; + virObjectEventPtr dom_event = NULL; + libxl_shutdown_reason xl_reason = ev->u.domain_shutdown.shutdown_reason; +- virDomainShutoffReason reason = VIR_DOMAIN_SHUTOFF_SHUTDOWN; + libxlDriverConfigPtr cfg; + + cfg = libxlDriverConfigGet(driver); +@@ -406,12 +405,14 @@ libxlDomainShutdownThread(void *opaque) + goto cleanup; + + if (xl_reason == LIBXL_SHUTDOWN_REASON_POWEROFF) { ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_SHUTDOWN); ++ + dom_event = virDomainEventLifecycleNewFromObj(vm, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN); + switch ((virDomainLifecycleAction) vm->def->onPoweroff) { + case VIR_DOMAIN_LIFECYCLE_DESTROY: +- reason = VIR_DOMAIN_SHUTOFF_SHUTDOWN; + goto destroy; + case VIR_DOMAIN_LIFECYCLE_RESTART: + case VIR_DOMAIN_LIFECYCLE_RESTART_RENAME: +@@ -421,12 +422,14 @@ libxlDomainShutdownThread(void *opaque) + goto endjob; + } + } else if (xl_reason == LIBXL_SHUTDOWN_REASON_CRASH) { ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_CRASHED); ++ + dom_event = virDomainEventLifecycleNewFromObj(vm, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_CRASHED); + switch ((virDomainLifecycleCrashAction) vm->def->onCrash) { + case VIR_DOMAIN_LIFECYCLE_CRASH_DESTROY: +- reason = VIR_DOMAIN_SHUTOFF_CRASHED; + goto destroy; + case VIR_DOMAIN_LIFECYCLE_CRASH_RESTART: + case VIR_DOMAIN_LIFECYCLE_CRASH_RESTART_RENAME: +@@ -442,12 +445,14 @@ libxlDomainShutdownThread(void *opaque) + goto restart; + } + } else if (xl_reason == LIBXL_SHUTDOWN_REASON_REBOOT) { ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_SHUTDOWN); ++ + dom_event = virDomainEventLifecycleNewFromObj(vm, + VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN); + switch ((virDomainLifecycleAction) vm->def->onReboot) { + case VIR_DOMAIN_LIFECYCLE_DESTROY: +- reason = VIR_DOMAIN_SHUTOFF_SHUTDOWN; + goto destroy; + case VIR_DOMAIN_LIFECYCLE_RESTART: + case VIR_DOMAIN_LIFECYCLE_RESTART_RENAME: +@@ -467,7 +472,7 @@ libxlDomainShutdownThread(void *opaque) + dom_event = NULL; + } + libxlDomainDestroyInternal(driver, vm); +- libxlDomainCleanup(driver, vm, reason); ++ libxlDomainCleanup(driver, vm); + if (!vm->persistent) + virDomainObjListRemove(driver->domains, vm); + +@@ -479,7 +484,7 @@ libxlDomainShutdownThread(void *opaque) + dom_event = NULL; + } + libxlDomainDestroyInternal(driver, vm); +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN); ++ libxlDomainCleanup(driver, vm); + if (libxlDomainStart(driver, vm, false, -1) < 0) { + virErrorPtr err = virGetLastError(); + VIR_ERROR(_("Failed to restart VM '%s': %s"), +@@ -685,8 +690,7 @@ libxlDomainDestroyInternal(libxlDriverPr + */ + void + libxlDomainCleanup(libxlDriverPrivatePtr driver, +- virDomainObjPtr vm, +- virDomainShutoffReason reason) ++ virDomainObjPtr vm) + { + libxlDomainObjPrivatePtr priv = vm->privateData; + libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver); +@@ -709,9 +713,6 @@ libxlDomainCleanup(libxlDriverPrivatePtr + priv->deathW = NULL; + } + +- if (vm->persistent) +- virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, reason); +- + if (virAtomicIntDecAndTest(&driver->nactive) && driver->inhibitCallback) + driver->inhibitCallback(false, driver->inhibitOpaque); + +Index: libvirt-1.2.17/src/libxl/libxl_domain.h +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_domain.h ++++ libvirt-1.2.17/src/libxl/libxl_domain.h +@@ -110,8 +110,7 @@ libxlDomainDestroyInternal(libxlDriverPr + + void + libxlDomainCleanup(libxlDriverPrivatePtr driver, +- virDomainObjPtr vm, +- virDomainShutoffReason reason); ++ virDomainObjPtr vm); + + /* + * Note: Xen 4.3 removed the const from the event handler signature. +Index: libvirt-1.2.17/src/libxl/libxl_driver.c +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_driver.c ++++ libvirt-1.2.17/src/libxl/libxl_driver.c +@@ -392,7 +392,7 @@ libxlReconnectDomain(virDomainObjPtr vm, + return 0; + + out: +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_UNKNOWN); ++ libxlDomainCleanup(driver, vm); + if (!vm->persistent) + virDomainObjListRemoveLocked(driver->domains, vm); + else +@@ -1346,16 +1346,19 @@ libxlDomainDestroyFlags(virDomainPtr dom + goto endjob; + } + +- event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, +- VIR_DOMAIN_EVENT_STOPPED_DESTROYED); +- + if (libxlDomainDestroyInternal(driver, vm) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to destroy domain '%d'"), vm->def->id); + goto endjob; + } + +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED); ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_DESTROYED); ++ ++ event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, ++ VIR_DOMAIN_EVENT_STOPPED_DESTROYED); ++ ++ libxlDomainCleanup(driver, vm); + if (!vm->persistent) + virDomainObjListRemove(driver->domains, vm); + +@@ -1689,6 +1692,9 @@ libxlDoDomainSave(libxlDriverPrivatePtr + goto cleanup; + } + ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_SAVED); ++ + event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_SAVED); + +@@ -1698,7 +1704,7 @@ libxlDoDomainSave(libxlDriverPrivatePtr + goto cleanup; + } + +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_SAVED); ++ libxlDomainCleanup(driver, vm); + vm->hasManagedSave = true; + ret = 0; + +@@ -1909,7 +1915,9 @@ libxlDomainCoreDump(virDomainPtr dom, co + goto unpause; + } + +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_CRASHED); ++ libxlDomainCleanup(driver, vm); ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_CRASHED); + event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_CRASHED); + if (!vm->persistent) +Index: libvirt-1.2.17/src/libxl/libxl_migration.c +=================================================================== +--- libvirt-1.2.17.orig/src/libxl/libxl_migration.c ++++ libvirt-1.2.17/src/libxl/libxl_migration.c +@@ -585,7 +585,9 @@ libxlDomainMigrationFinish(virConnectPtr + cleanup: + if (dom == NULL) { + libxlDomainDestroyInternal(driver, vm); +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED); ++ libxlDomainCleanup(driver, vm); ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_FAILED); + event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_FAILED); + if (!vm->persistent) +@@ -624,7 +626,9 @@ libxlDomainMigrationConfirm(libxlDriverP + } + + libxlDomainDestroyInternal(driver, vm); +- libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_MIGRATED); ++ libxlDomainCleanup(driver, vm); ++ virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, ++ VIR_DOMAIN_SHUTOFF_MIGRATED); + event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, + VIR_DOMAIN_EVENT_STOPPED_MIGRATED); + diff --git a/libvirt.changes b/libvirt.changes index 773298b..90fff80 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Fri Jul 10 18:35:27 UTC 2015 - jfehlig@suse.com + +- libxl: set dom0 state to running + 4ffb21c8-libxl-dom0-state-fix.patch + bsc#937316 +- libxl: support management of dom0 + 45697fe5-libxl-support-dom0.patch + bsc#937316 +- libxl: libxl: fix setting state of virDomainObj + e9c27344-libxl-fix-virDomainObj-state.patch + bsc#934937 + +------------------------------------------------------------------- +Fri Jul 10 13:29:51 UTC 2015 - cbosdonnat@suse.com + +- Fixed virt-aa-helper bugs preventing virt-sandbox to work. + 24f3c2f-virt-aa-helper-fix-caps.patch + 61dab0f-virt-aa-helper-renaming.patch + a55a5e7-virt-aa-helper-log.patch + e44bcae-virt-aa-helper-trailing-slash.patch + bsc#936841 +- Fixed crasher due to uninitialized values + qemu-nbd-cleanup-fix.patch bsc#936841 + ------------------------------------------------------------------- Thu Jul 2 11:23:15 MDT 2015 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index b456fb7..d42404d 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -446,6 +446,13 @@ Source3: libvirtd.init Source4: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches +Patch0: e44bcae-virt-aa-helper-trailing-slash.patch +Patch1: a55a5e7-virt-aa-helper-log.patch +Patch2: 61dab0f-virt-aa-helper-renaming.patch +Patch3: 24f3c2f-virt-aa-helper-fix-caps.patch +Patch4: 45697fe5-libxl-support-dom0.patch +Patch5: e9c27344-libxl-fix-virDomainObj-state.patch +Patch6: 4ffb21c8-libxl-dom0-state-fix.patch # Patches pending upstream review # Need to go upstream Patch150: xen-pv-cdrom.patch @@ -466,6 +473,7 @@ Patch207: disable-virCgroupGetPercpuStats-test.patch Patch208: apparmor-no-mount.patch Patch209: qemu-apparmor-screenshot.patch Patch210: libvirt-suse-netcontrol.patch +Patch211: qemu-nbd-cleanup-fix.patch # SocketUser and SocketGroup settings were added to systemd.socket in # version 214. Patch the setting away in earlier systemd %if 0%{systemd_version} < 214 @@ -976,6 +984,13 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -992,6 +1007,7 @@ Provides a dissector for the libvirt RPC protocol to help debugging it. %patch208 -p1 %patch209 -p1 %patch210 -p1 +%patch211 -p1 %if 0%{systemd_version} < 214 %patch300 -p1 %endif diff --git a/qemu-nbd-cleanup-fix.patch b/qemu-nbd-cleanup-fix.patch new file mode 100644 index 0000000..bf675a2 --- /dev/null +++ b/qemu-nbd-cleanup-fix.patch @@ -0,0 +1,55 @@ +From 1f17be07e9fbbae6fdba6842546ca86d51f84447 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= +Date: Thu, 9 Jul 2015 16:23:08 +0200 +Subject: [PATCH 5/5] Fix qemu-nbd cleanup crashes + +The virLXCControllerAppendNBDPids function didn't properly initialize +pids and npids. In case of failure it was crashing when freeing those. + +The nbd device pid file doesn't appear immediately after starting +qemu-nbd: adding a small loop to wait for it. +--- + src/lxc/lxc_controller.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c +index 828b8a8..78d3eee 100644 +--- a/src/lxc/lxc_controller.c ++++ b/src/lxc/lxc_controller.c +@@ -533,16 +533,31 @@ static int virLXCControllerAppendNBDPids(virLXCControllerPtr ctrl, + const char *dev) + { + char *pidpath = NULL; +- pid_t *pids; +- size_t npids; ++ pid_t *pids = NULL; ++ size_t npids = 0; + size_t i; + int ret = -1; ++ size_t loops = 0; + pid_t pid; + + if (!STRPREFIX(dev, "/dev/") || + virAsprintf(&pidpath, "/sys/devices/virtual/block/%s/pid", dev + 5) < 0) + goto cleanup; + ++ /* Wait for the pid file to appear */ ++ while (!virFileExists(pidpath)) { ++ /* wait for 100ms before checking again, but don't do it for ever */ ++ if (errno == ENOENT && loops < 10) { ++ usleep(100 * 1000); ++ loops++; ++ } else { ++ virReportSystemError(errno, ++ _("Cannot check NBD device %s pid"), ++ dev + 5); ++ goto cleanup; ++ } ++ } ++ + if (virPidFileReadPath(pidpath, &pid) < 0) + goto cleanup; + +-- +2.1.4 +