forked from pool/libvirt
Accepting request 265257 from Virtualization
1 OBS-URL: https://build.opensuse.org/request/show/265257 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=167
This commit is contained in:
commit
40f2ce5fb1
@ -1,27 +0,0 @@
|
||||
From 22221233d0c2fd2c2d41b7527fe2bec13295a427 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Thu, 20 Nov 2014 11:31:44 +0100
|
||||
Subject: [PATCH 1/5] virt-aa-helper wasn't running virErrorInitialize
|
||||
|
||||
This turns out to be working by magic but needs to be fixed.
|
||||
---
|
||||
src/security/virt-aa-helper.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
|
||||
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
|
||||
@@ -1251,6 +1251,12 @@ main(int argc, char **argv)
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
+ if (virThreadInitialize() < 0 ||
|
||||
+ virErrorInitialize() < 0) {
|
||||
+ fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
/* clear the environment */
|
||||
environ = NULL;
|
||||
if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0) {
|
@ -1,37 +0,0 @@
|
||||
From 433b427ff853ab72d32573d415e6ec569b77c7cb Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Thu, 20 Nov 2014 15:26:35 +0100
|
||||
Subject: [PATCH 3/5] ip link needs 'name' in 3.16 to create the veth pair
|
||||
|
||||
Due to a change (or bug?) in ip link implementation, the command
|
||||
'ip link add vnet0...'
|
||||
is forced into
|
||||
'ip link add name vnet0...'
|
||||
The changed command also works on older versions of iproute2, just the
|
||||
'name' parameter has been made mandatory.
|
||||
---
|
||||
src/util/virnetdevveth.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: libvirt-1.2.10/src/util/virnetdevveth.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/util/virnetdevveth.c
|
||||
+++ libvirt-1.2.10/src/util/virnetdevveth.c
|
||||
@@ -89,7 +89,7 @@ static int virNetDevVethGetFreeNum(int s
|
||||
* @veth2: pointer to return name for container end of veth pair
|
||||
*
|
||||
* Creates a veth device pair using the ip command:
|
||||
- * ip link add veth1 type veth peer name veth2
|
||||
+ * ip link add name veth1 type veth peer name veth2
|
||||
* If veth1 points to NULL on entry, it will be a valid interface on
|
||||
* return. veth2 should point to NULL on entry.
|
||||
*
|
||||
@@ -146,7 +146,7 @@ int virNetDevVethCreate(char** veth1, ch
|
||||
}
|
||||
|
||||
cmd = virCommandNew("ip");
|
||||
- virCommandAddArgList(cmd, "link", "add",
|
||||
+ virCommandAddArgList(cmd, "link", "add", "name",
|
||||
*veth1 ? *veth1 : veth1auto,
|
||||
"type", "veth", "peer", "name",
|
||||
*veth2 ? *veth2 : veth2auto,
|
@ -1,29 +0,0 @@
|
||||
commit 52691f99fa016ac46c9546c37706e57a5180d4c6
|
||||
Author: Jiri Denemark <jdenemar@redhat.com>
|
||||
Date: Thu Nov 20 13:09:16 2014 +0100
|
||||
|
||||
qemu: Fix crash in tunnelled migration
|
||||
|
||||
Any attempt to start a tunnelled migration with libvirtd that supports
|
||||
RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
|
||||
libvirtd on the destination host.
|
||||
|
||||
The crash is inevitable because qemuMigrationPrepareAny is always called
|
||||
with NULL protocol in case of tunnelled migration.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1147331
|
||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
|
||||
Index: libvirt-1.2.10/src/qemu/qemu_migration.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/qemu/qemu_migration.c
|
||||
+++ libvirt-1.2.10/src/qemu/qemu_migration.c
|
||||
@@ -2688,7 +2688,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr
|
||||
QEMU_MIGRATION_COOKIE_NBD)))
|
||||
goto cleanup;
|
||||
|
||||
- if (STREQ(protocol, "rdma") && !vm->def->mem.hard_limit) {
|
||||
+ if (STREQ_NULLABLE(protocol, "rdma") && !vm->def->mem.hard_limit) {
|
||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
||||
_("cannot start RDMA migration with no memory hard "
|
||||
"limit set"));
|
@ -1,155 +0,0 @@
|
||||
From 72fecf1813b9e77a7f89bc1e708f91bdab7d9ad4 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Fri, 21 Nov 2014 17:45:55 +0100
|
||||
Subject: [PATCH 4/5] lxc: be more patient while resolving symlinks
|
||||
|
||||
Resolving symlinks can fail before mounting any file system if one file
|
||||
system depends on another being mounted. Symlinks are now resolved in
|
||||
two passes:
|
||||
|
||||
* Before any file system is mounted, but then we are more gentle if
|
||||
the source path can't be accessed
|
||||
* Right before mounting a file system, so that we are sure that we
|
||||
have the resolved path... but then if it can't be accessed we raise
|
||||
an error.
|
||||
---
|
||||
src/conf/domain_conf.h | 1 +
|
||||
src/lxc/lxc_container.c | 77 ++++++++++++++++++++++++++++++++++---------------
|
||||
2 files changed, 54 insertions(+), 24 deletions(-)
|
||||
|
||||
Index: libvirt-1.2.10/src/conf/domain_conf.h
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/conf/domain_conf.h
|
||||
+++ libvirt-1.2.10/src/conf/domain_conf.h
|
||||
@@ -814,6 +814,7 @@ struct _virDomainFSDef {
|
||||
virDomainDeviceInfo info;
|
||||
unsigned long long space_hard_limit; /* in bytes */
|
||||
unsigned long long space_soft_limit; /* in bytes */
|
||||
+ bool symlinksResolved;
|
||||
};
|
||||
|
||||
|
||||
Index: libvirt-1.2.10/src/lxc/lxc_container.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
|
||||
+++ libvirt-1.2.10/src/lxc/lxc_container.c
|
||||
@@ -609,6 +609,48 @@ static int lxcContainerUnmountSubtree(co
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static int lxcContainerResolveSymlinks(virDomainFSDefPtr fs, bool gentle)
|
||||
+{
|
||||
+ char *newroot;
|
||||
+
|
||||
+ if (!fs->src || fs->symlinksResolved)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (access(fs->src, F_OK)) {
|
||||
+ if (gentle) {
|
||||
+ /* Just ignore the error for the while, we'll try again later */
|
||||
+ VIR_DEBUG("Skipped unaccessible '%s'", fs->src);
|
||||
+ return 0;
|
||||
+ } else {
|
||||
+ virReportSystemError(errno,
|
||||
+ _("Failed to access '%s'"), fs->src);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ VIR_DEBUG("Resolving '%s'", fs->src);
|
||||
+ if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
|
||||
+ if (gentle) {
|
||||
+ VIR_DEBUG("Skipped non-resolvable '%s'", fs->src);
|
||||
+ return 0;
|
||||
+ } else {
|
||||
+ virReportSystemError(errno,
|
||||
+ _("Failed to resolve symlink at %s"),
|
||||
+ fs->src);
|
||||
+ }
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* Mark it resolved to skip it the next time */
|
||||
+ fs->symlinksResolved = true;
|
||||
+
|
||||
+ VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
|
||||
+
|
||||
+ VIR_FREE(fs->src);
|
||||
+ fs->src = newroot;
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
|
||||
static int lxcContainerPrepareRoot(virDomainDefPtr def,
|
||||
virDomainFSDefPtr root,
|
||||
@@ -635,6 +677,9 @@ static int lxcContainerPrepareRoot(virDo
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (lxcContainerResolveSymlinks(root, false) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
if (virAsprintf(&dst, "%s/%s.root",
|
||||
LXC_STATE_DIR, def->name) < 0)
|
||||
return -1;
|
||||
@@ -1555,6 +1600,9 @@ static int lxcContainerMountAllFS(virDom
|
||||
if (STREQ(vmDef->fss[i]->dst, "/"))
|
||||
continue;
|
||||
|
||||
+ if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
|
||||
false) < 0)
|
||||
return -1;
|
||||
@@ -1738,37 +1786,18 @@ static int lxcContainerSetupPivotRoot(vi
|
||||
return ret;
|
||||
}
|
||||
|
||||
-
|
||||
-static int lxcContainerResolveSymlinks(virDomainDefPtr vmDef)
|
||||
+static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef)
|
||||
{
|
||||
- char *newroot;
|
||||
size_t i;
|
||||
|
||||
VIR_DEBUG("Resolving symlinks");
|
||||
|
||||
for (i = 0; i < vmDef->nfss; i++) {
|
||||
virDomainFSDefPtr fs = vmDef->fss[i];
|
||||
- if (!fs->src)
|
||||
- continue;
|
||||
-
|
||||
- if (access(fs->src, F_OK)) {
|
||||
- virReportSystemError(errno,
|
||||
- _("Failed to access '%s'"), fs->src);
|
||||
+ /* In the first pass, be gentle as some files may
|
||||
+ depend on other filesystems to be mounted */
|
||||
+ if (lxcContainerResolveSymlinks(fs, true) < 0)
|
||||
return -1;
|
||||
- }
|
||||
-
|
||||
- VIR_DEBUG("Resolving '%s'", fs->src);
|
||||
- if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
|
||||
- virReportSystemError(errno,
|
||||
- _("Failed to resolve symlink at %s"),
|
||||
- fs->src);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
|
||||
-
|
||||
- VIR_FREE(fs->src);
|
||||
- fs->src = newroot;
|
||||
}
|
||||
VIR_DEBUG("Resolved all filesystem symlinks");
|
||||
|
||||
@@ -2107,7 +2136,7 @@ static int lxcContainerChild(void *data)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (lxcContainerResolveSymlinks(vmDef) < 0)
|
||||
+ if (lxcContainerResolveAllSymlinks(vmDef) < 0)
|
||||
goto cleanup;
|
||||
|
||||
VIR_DEBUG("Setting up pivot");
|
@ -1,57 +0,0 @@
|
||||
commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
|
||||
Author: Eric Blake <eblake@redhat.com>
|
||||
Date: Fri Oct 31 22:14:07 2014 -0600
|
||||
|
||||
CVE-2014-7823: dumpxml: security hole with migratable flag
|
||||
|
||||
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
|
||||
the qemu implementation of virDomainGetXMLDesc, the use of the
|
||||
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
|
||||
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
|
||||
prior to calling qemuDomainFormatXML. However, the use of
|
||||
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
|
||||
clients only. This patch treats the migratable flag as requiring
|
||||
the same permissions, rather than analyzing what might break if
|
||||
migratable xml no longer includes secret information.
|
||||
|
||||
Fortunately, the information leak is low-risk: all that is gated
|
||||
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
|
||||
but VNC passwords are already weak (FIPS forbids their use, and
|
||||
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
|
||||
password sent in plaintext over the network deserves what they
|
||||
get). SPICE offers better security than VNC, and all other
|
||||
secrets are properly protected by use of virSecret associations
|
||||
rather than direct output in domain XML.
|
||||
|
||||
* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
|
||||
Tighten rules on use of migratable flag.
|
||||
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
|
||||
|
||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
||||
|
||||
Index: libvirt-1.2.10/src/libvirt-domain.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/libvirt-domain.c
|
||||
+++ libvirt-1.2.10/src/libvirt-domain.c
|
||||
@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain,
|
||||
virCheckDomainReturn(domain, NULL);
|
||||
conn = domain->conn;
|
||||
|
||||
- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
|
||||
+ if ((conn->flags & VIR_CONNECT_RO) &&
|
||||
+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
|
||||
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
||||
_("virDomainGetXMLDesc with secure flag"));
|
||||
goto error;
|
||||
Index: libvirt-1.2.10/src/remote/remote_protocol.x
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/remote/remote_protocol.x
|
||||
+++ libvirt-1.2.10/src/remote/remote_protocol.x
|
||||
@@ -3255,6 +3255,7 @@ enum remote_procedure {
|
||||
* @generate: both
|
||||
* @acl: domain:read
|
||||
* @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
|
||||
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
|
||||
*/
|
||||
REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
|
||||
|
@ -1,130 +0,0 @@
|
||||
From ba9b7252ea8d87dfa217fb11dc5dadc039176807 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Wed, 10 Dec 2014 10:22:28 +0100
|
||||
Subject: [PATCH] lxc: give RW access to /proc/sys/net/ipv[46] to containers
|
||||
|
||||
Some programs want to change some values for the network interfaces
|
||||
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
|
||||
allows wicked to work on openSUSE 13.2+.
|
||||
|
||||
Reusing the lxcNeedNetworkNamespace function to tell
|
||||
lxcContainerMountBasicFS if the netns is disabled. When no netns is
|
||||
set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
|
||||
these would provide full access to the host NICs config.
|
||||
---
|
||||
src/lxc/lxc_container.c | 64 +++++++++++++++++++++++++++++++------------------
|
||||
1 file changed, 41 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
|
||||
index 3b08b86..1b9e2f2 100644
|
||||
--- a/src/lxc/lxc_container.c
|
||||
+++ b/src/lxc/lxc_container.c
|
||||
@@ -800,15 +800,18 @@ typedef struct {
|
||||
int mflags;
|
||||
bool skipUserNS;
|
||||
bool skipUnmounted;
|
||||
+ bool skipNoNetns;
|
||||
} virLXCBasicMountInfo;
|
||||
|
||||
static const virLXCBasicMountInfo lxcBasicMounts[] = {
|
||||
- { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false },
|
||||
- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false },
|
||||
- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false },
|
||||
- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
|
||||
+ { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
|
||||
+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
|
||||
+ { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
|
||||
+ { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
|
||||
+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
|
||||
+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
|
||||
#if WITH_SELINUX
|
||||
- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
|
||||
+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -940,10 +943,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
|
||||
continue;
|
||||
}
|
||||
|
||||
+ /* Skip mounts with missing source without shouting: it may be a
|
||||
+ * missing folder in /proc due to the absence of a kernel feature */
|
||||
+ if (STRPREFIX(mnt_src, "/") && !virFileExists(mnt_src)) {
|
||||
+ VIR_DEBUG("Skipping due to missing source: %s", mnt_src);
|
||||
+ VIR_FREE(mnt_src);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ if (mnt->skipNoNetns && netns_disabled) {
|
||||
+ VIR_DEBUG("Skipping due to absence of network namespace");
|
||||
+ VIR_FREE(mnt_src);
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (virFileMakePath(mnt->dst) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("Failed to mkdir %s"),
|
||||
- mnt_src);
|
||||
+ mnt->dst);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -1697,6 +1714,23 @@ static int lxcContainerUnmountForSharedRoot(const char *stateDir,
|
||||
}
|
||||
|
||||
|
||||
+static bool
|
||||
+lxcNeedNetworkNamespace(virDomainDefPtr def)
|
||||
+{
|
||||
+ size_t i;
|
||||
+ if (def->nets != NULL)
|
||||
+ return true;
|
||||
+ if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
|
||||
+ return true;
|
||||
+ for (i = 0; i < def->nhostdevs; i++) {
|
||||
+ if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
|
||||
+ def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
|
||||
+ return true;
|
||||
+ }
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+
|
||||
/* Got a FS mapped to /, we're going the pivot_root
|
||||
* approach to do a better-chroot-than-chroot
|
||||
* this is based on this thread http://lkml.org/lkml/2008/3/5/29
|
||||
@@ -1741,7 +1775,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
|
||||
|
||||
/* Mounts the core /proc, /sys, etc filesystems */
|
||||
if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap,
|
||||
- !vmDef->nnets) < 0)
|
||||
+ !lxcNeedNetworkNamespace(vmDef)) < 0)
|
||||
goto cleanup;
|
||||
|
||||
/* Ensure entire root filesystem (except /.oldroot) is readonly */
|
||||
@@ -2240,22 +2274,6 @@ virArch lxcContainerGetAlt32bitArch(virArch arch)
|
||||
}
|
||||
|
||||
|
||||
-static bool
|
||||
-lxcNeedNetworkNamespace(virDomainDefPtr def)
|
||||
-{
|
||||
- size_t i;
|
||||
- if (def->nets != NULL)
|
||||
- return true;
|
||||
- if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
|
||||
- return true;
|
||||
- for (i = 0; i < def->nhostdevs; i++) {
|
||||
- if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
|
||||
- def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
|
||||
- return true;
|
||||
- }
|
||||
- return false;
|
||||
-}
|
||||
-
|
||||
/**
|
||||
* lxcContainerStart:
|
||||
* @def: pointer to virtual machine structure
|
||||
--
|
||||
2.1.2
|
||||
|
@ -1,26 +0,0 @@
|
||||
From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Thu, 20 Nov 2014 11:32:38 +0100
|
||||
Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't
|
||||
restricted
|
||||
|
||||
To get virt-sandbox-service working with AppArmor, virt-aa-helper
|
||||
needs not to choke on path in /etc/libvirt-sandbox/services.
|
||||
---
|
||||
src/security/virt-aa-helper.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
|
||||
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
|
||||
@@ -571,7 +571,8 @@ valid_path(const char *path, const bool
|
||||
};
|
||||
/* override the above with these */
|
||||
const char * const override[] = {
|
||||
- "/sys/devices/pci" /* for hostdev pci devices */
|
||||
+ "/sys/devices/pci", /* for hostdev pci devices */
|
||||
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
|
||||
};
|
||||
|
||||
if (path == NULL) {
|
@ -1,36 +0,0 @@
|
||||
From c3cebcbf0303af428f75c53de99d75885b8a8ce3 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Wed, 10 Dec 2014 14:32:10 +0100
|
||||
Subject: [PATCH] Avoid getting '-1:-1' in devices cgroup list
|
||||
|
||||
When calling virCgroupAllowAllDevices we get these invalid entries
|
||||
in the device cgroup config.
|
||||
b -1:-1 rw
|
||||
c -1:-1 rw
|
||||
Check for positive values before outputting the major and minor to
|
||||
avoid that.
|
||||
---
|
||||
src/util/vircgroup.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
|
||||
index 166f4dc..3995477 100644
|
||||
--- a/src/util/vircgroup.c
|
||||
+++ b/src/util/vircgroup.c
|
||||
@@ -2767,11 +2767,11 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
|
||||
char *minorstr = NULL;
|
||||
|
||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
||||
- virAsprintf(&majorstr, "%i", major) < 0)
|
||||
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
||||
goto cleanup;
|
||||
|
||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
||||
- virAsprintf(&minorstr, "%i", minor) < 0)
|
||||
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
||||
goto cleanup;
|
||||
|
||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
||||
--
|
||||
2.1.2
|
||||
|
@ -1,42 +0,0 @@
|
||||
From e50457dd4cc5d4ba1ac7b05734157524620d087f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Mon, 24 Nov 2014 15:10:19 +0100
|
||||
Subject: [PATCH 5/5] lxc: don't unmount subtree if it contains the source of
|
||||
the mount
|
||||
|
||||
The typical case where we had a problem is with such a filesystem
|
||||
definition as created by virt-sandbox-service:
|
||||
|
||||
<filesystem type='bind' accessmode='passthrough'>
|
||||
<source dir='/var/lib/libvirt/filesystems/mysshd/var'/>
|
||||
<target dir='/var'/>
|
||||
</filesystem>
|
||||
|
||||
In this case, we don't want to unmount the /var subtree or we may
|
||||
loose the access to the source folder.
|
||||
---
|
||||
src/lxc/lxc_container.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: libvirt-1.2.10/src/lxc/lxc_container.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
|
||||
+++ libvirt-1.2.10/src/lxc/lxc_container.c
|
||||
@@ -1600,11 +1600,15 @@ static int lxcContainerMountAllFS(virDom
|
||||
if (STREQ(vmDef->fss[i]->dst, "/"))
|
||||
continue;
|
||||
|
||||
+ VIR_DEBUG("Mounting '%s' -> '%s'", vmDef->fss[i]->src, vmDef->fss[i]->dst);
|
||||
+
|
||||
if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
|
||||
return -1;
|
||||
|
||||
- if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
|
||||
- false) < 0)
|
||||
+
|
||||
+ if (!(vmDef->fss[i]->src &&
|
||||
+ STRPREFIX(vmDef->fss[i]->src, vmDef->fss[i]->dst)) &&
|
||||
+ lxcContainerUnmountSubtree(vmDef->fss[i]->dst, false) < 0)
|
||||
return -1;
|
||||
|
||||
if (lxcContainerMountFS(vmDef->fss[i], sec_mount_options) < 0)
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5050f4cea3dd59d3eca25c3d3f16085e10d624ecc18bd35820cd3dac6f46c08e
|
||||
size 30029503
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlRXIOgACgkQRga4pd6VvB+obgCcCzOsG4rjI5PZs5Br9SXZuh41
|
||||
vUkAoIaaoJv304OoiEdsCr1x4gAwaFpU
|
||||
=FzVc
|
||||
-----END PGP SIGNATURE-----
|
3
libvirt-1.2.11.tar.gz
Normal file
3
libvirt-1.2.11.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc
|
||||
size 30571605
|
7
libvirt-1.2.11.tar.gz.asc
Normal file
7
libvirt-1.2.11.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlSLprsACgkQRga4pd6VvB9dIgCgiRsIp7IpLVT3rGLmJeGFlWIL
|
||||
TIsAnimwS0VUT5YtHfkgNIzYOUjK7yq+
|
||||
=Voyk
|
||||
-----END PGP SIGNATURE-----
|
@ -1,9 +1,9 @@
|
||||
Index: libvirt-1.2.10/src/cpu/cpu_map.xml
|
||||
Index: libvirt-1.2.11/src/cpu/cpu_map.xml
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/cpu/cpu_map.xml
|
||||
+++ libvirt-1.2.10/src/cpu/cpu_map.xml
|
||||
@@ -627,5 +627,15 @@
|
||||
<pvr value='0x004b0100'/>
|
||||
--- libvirt-1.2.11.orig/src/cpu/cpu_map.xml
|
||||
+++ libvirt-1.2.11/src/cpu/cpu_map.xml
|
||||
@@ -657,5 +657,15 @@
|
||||
<pvr value='0x004d0000'/>
|
||||
</model>
|
||||
|
||||
+ <model name='POWER8_v2.0'>
|
||||
|
@ -1,196 +0,0 @@
|
||||
Index: libvirt-1.2.10/src/conf/domain_conf.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/conf/domain_conf.c
|
||||
+++ libvirt-1.2.10/src/conf/domain_conf.c
|
||||
@@ -10043,7 +10043,8 @@ virDomainVideoDefaultType(const virDomai
|
||||
(STREQ(def->os.type, "xen") ||
|
||||
STREQ(def->os.type, "linux")))
|
||||
return VIR_DOMAIN_VIDEO_TYPE_XEN;
|
||||
- else if (def->os.arch == VIR_ARCH_PPC64)
|
||||
+ else if (def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE)
|
||||
return VIR_DOMAIN_VIDEO_TYPE_VGA;
|
||||
else
|
||||
return VIR_DOMAIN_VIDEO_TYPE_CIRRUS;
|
||||
Index: libvirt-1.2.10/src/cpu/cpu_powerpc.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/cpu/cpu_powerpc.c
|
||||
+++ libvirt-1.2.10/src/cpu/cpu_powerpc.c
|
||||
@@ -38,7 +38,7 @@
|
||||
|
||||
VIR_LOG_INIT("cpu.cpu_powerpc");
|
||||
|
||||
-static const virArch archs[] = { VIR_ARCH_PPC64 };
|
||||
+static const virArch archs[] = { VIR_ARCH_PPC64, VIR_ARCH_PPC64LE };
|
||||
|
||||
struct ppc_vendor {
|
||||
char *name;
|
||||
Index: libvirt-1.2.10/src/qemu/qemu_capabilities.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/qemu/qemu_capabilities.c
|
||||
+++ libvirt-1.2.10/src/qemu/qemu_capabilities.c
|
||||
@@ -633,7 +633,8 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr
|
||||
if (qemuCaps->arch == VIR_ARCH_I686 ||
|
||||
qemuCaps->arch == VIR_ARCH_X86_64) {
|
||||
parse = virQEMUCapsParseX86Models;
|
||||
- } else if (qemuCaps->arch == VIR_ARCH_PPC64) {
|
||||
+ } else if (qemuCaps->arch == VIR_ARCH_PPC64 ||
|
||||
+ qemuCaps->arch == VIR_ARCH_PPC64LE) {
|
||||
parse = virQEMUCapsParsePPCModels;
|
||||
} else {
|
||||
VIR_DEBUG("don't know how to parse %s CPU models",
|
||||
@@ -2003,7 +2004,8 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCa
|
||||
return true;
|
||||
|
||||
if (def->os.arch == VIR_ARCH_PPC ||
|
||||
- def->os.arch == VIR_ARCH_PPC64) {
|
||||
+ def->os.arch == VIR_ARCH_PPC64||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) {
|
||||
/*
|
||||
* Usage of pci.0 naming:
|
||||
*
|
||||
@@ -3573,7 +3575,9 @@ virQEMUCapsSupportsChardev(virDomainDefP
|
||||
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
|
||||
return false;
|
||||
|
||||
- if ((def->os.arch == VIR_ARCH_PPC) || (def->os.arch == VIR_ARCH_PPC64)) {
|
||||
+ if (def->os.arch == VIR_ARCH_PPC ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) {
|
||||
/* only pseries need -device spapr-vty with -chardev */
|
||||
return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
||||
chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO);
|
||||
Index: libvirt-1.2.10/src/qemu/qemu_command.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/qemu/qemu_command.c
|
||||
+++ libvirt-1.2.10/src/qemu/qemu_command.c
|
||||
@@ -713,7 +713,8 @@ qemuSetSCSIControllerModel(virDomainDefP
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
- if ((def->os.arch == VIR_ARCH_PPC64) &&
|
||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
STRPREFIX(def->os.machine, "pseries")) {
|
||||
*model = VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI;
|
||||
} else if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SCSI_LSI)) {
|
||||
@@ -1264,7 +1265,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
|
||||
|
||||
for (i = 0; i < def->nserials; i++) {
|
||||
if (def->serials[i]->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
||||
- (def->os.arch == VIR_ARCH_PPC64) &&
|
||||
+ (def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
STRPREFIX(def->os.machine, "pseries"))
|
||||
def->serials[i]->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
|
||||
if (qemuAssignSpaprVIOAddress(def, &def->serials[i]->info,
|
||||
@@ -1273,7 +1275,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
|
||||
}
|
||||
|
||||
if (def->nvram) {
|
||||
- if (def->os.arch == VIR_ARCH_PPC64 &&
|
||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
STRPREFIX(def->os.machine, "pseries"))
|
||||
def->nvram->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
|
||||
if (qemuAssignSpaprVIOAddress(def, &def->nvram->info,
|
||||
@@ -4195,7 +4198,8 @@ qemuBuildUSBControllerDevStr(virDomainDe
|
||||
model = def->model;
|
||||
|
||||
if (model == -1) {
|
||||
- if (domainDef->os.arch == VIR_ARCH_PPC64)
|
||||
+ if (domainDef->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ domainDef->os.arch == VIR_ARCH_PPC64LE)
|
||||
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI;
|
||||
else
|
||||
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
|
||||
@@ -8573,7 +8577,8 @@ qemuBuildCommandLine(virConnectPtr conn,
|
||||
!qemuDomainMachineIsQ35(def) &&
|
||||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) ||
|
||||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) &&
|
||||
- def->os.arch == VIR_ARCH_PPC64))) {
|
||||
+ (def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE)))) {
|
||||
if (usblegacy) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("Multiple legacy USB controllers are "
|
||||
@@ -9771,7 +9776,8 @@ qemuBuildCommandLine(virConnectPtr conn,
|
||||
}
|
||||
|
||||
if (def->nvram) {
|
||||
- if (def->os.arch == VIR_ARCH_PPC64 &&
|
||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
STRPREFIX(def->os.machine, "pseries")) {
|
||||
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
@@ -9894,7 +9900,8 @@ qemuBuildSerialChrDeviceStr(char **devic
|
||||
{
|
||||
virBuffer cmd = VIR_BUFFER_INITIALIZER;
|
||||
|
||||
- if ((arch == VIR_ARCH_PPC64) && STRPREFIX(machine, "pseries")) {
|
||||
+ if ((arch == VIR_ARCH_PPC64 ||
|
||||
+ arch == VIR_ARCH_PPC64LE) && STRPREFIX(machine, "pseries")) {
|
||||
if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
||||
serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) {
|
||||
virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s",
|
||||
@@ -10316,8 +10323,9 @@ qemuParseCommandLineDisk(virDomainXMLOpt
|
||||
if (VIR_ALLOC(def->src) < 0)
|
||||
goto error;
|
||||
|
||||
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
|
||||
- dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
|
||||
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
+ dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
|
||||
def->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
||||
else
|
||||
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
||||
@@ -10409,7 +10417,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt
|
||||
} else if (STREQ(keywords[i], "if")) {
|
||||
if (STREQ(values[i], "ide")) {
|
||||
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
||||
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
|
||||
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("pseries systems do not support ide devices '%s'"), val);
|
||||
@@ -11654,8 +11663,9 @@ qemuParseCommandLine(virCapsPtr qemuCaps
|
||||
}
|
||||
if (STREQ(arg, "-cdrom")) {
|
||||
disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM;
|
||||
- if (((def->os.arch == VIR_ARCH_PPC64) &&
|
||||
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
||||
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
||||
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
||||
if (VIR_STRDUP(disk->dst, "hdc") < 0)
|
||||
goto error;
|
||||
@@ -11670,9 +11680,10 @@ qemuParseCommandLine(virCapsPtr qemuCaps
|
||||
disk->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
||||
else
|
||||
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
||||
- if (((def->os.arch == VIR_ARCH_PPC64) &&
|
||||
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
||||
- disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
||||
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
|
||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
||||
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
||||
+ disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
||||
}
|
||||
if (VIR_STRDUP(disk->dst, arg + 1) < 0)
|
||||
goto error;
|
||||
Index: libvirt-1.2.10/src/qemu/qemu_domain.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/qemu/qemu_domain.c
|
||||
+++ libvirt-1.2.10/src/qemu/qemu_domain.c
|
||||
@@ -980,6 +980,7 @@ qemuDomainDefPostParse(virDomainDefPtr d
|
||||
break;
|
||||
|
||||
case VIR_ARCH_PPC64:
|
||||
+ case VIR_ARCH_PPC64LE:
|
||||
addPCIRoot = true;
|
||||
addDefaultUSBKBD = true;
|
||||
addDefaultUSBMouse = true;
|
@ -1,7 +1,7 @@
|
||||
Index: libvirt-1.2.10/configure.ac
|
||||
Index: libvirt-1.2.11/configure.ac
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/configure.ac
|
||||
+++ libvirt-1.2.10/configure.ac
|
||||
--- libvirt-1.2.11.orig/configure.ac
|
||||
+++ libvirt-1.2.11/configure.ac
|
||||
@@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE
|
||||
LIBVIRT_CHECK_GLUSTER
|
||||
LIBVIRT_CHECK_HAL
|
||||
@ -34,11 +34,11 @@ Index: libvirt-1.2.10/configure.ac
|
||||
LIBVIRT_RESULT_NUMACTL
|
||||
LIBVIRT_RESULT_OPENWSMAN
|
||||
LIBVIRT_RESULT_PCIACCESS
|
||||
Index: libvirt-1.2.10/src/Makefile.am
|
||||
Index: libvirt-1.2.11/src/Makefile.am
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/Makefile.am
|
||||
+++ libvirt-1.2.10/src/Makefile.am
|
||||
@@ -856,6 +856,10 @@ if WITH_NETCF
|
||||
--- libvirt-1.2.11.orig/src/Makefile.am
|
||||
+++ libvirt-1.2.11/src/Makefile.am
|
||||
@@ -859,6 +859,10 @@ if WITH_NETCF
|
||||
INTERFACE_DRIVER_SOURCES += \
|
||||
interface/interface_backend_netcf.c
|
||||
endif WITH_NETCF
|
||||
@ -49,7 +49,7 @@ Index: libvirt-1.2.10/src/Makefile.am
|
||||
if WITH_UDEV
|
||||
INTERFACE_DRIVER_SOURCES += \
|
||||
interface/interface_backend_udev.c
|
||||
@@ -1499,10 +1503,15 @@ if WITH_NETCF
|
||||
@@ -1502,10 +1506,15 @@ if WITH_NETCF
|
||||
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
|
||||
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
|
||||
else ! WITH_NETCF
|
||||
@ -65,11 +65,11 @@ Index: libvirt-1.2.10/src/Makefile.am
|
||||
endif ! WITH_NETCF
|
||||
if WITH_DRIVER_MODULES
|
||||
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
|
||||
Index: libvirt-1.2.10/tools/virsh.c
|
||||
Index: libvirt-1.2.11/tools/virsh.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/tools/virsh.c
|
||||
+++ libvirt-1.2.10/tools/virsh.c
|
||||
@@ -3340,6 +3340,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
|
||||
--- libvirt-1.2.11.orig/tools/virsh.c
|
||||
+++ libvirt-1.2.11/tools/virsh.c
|
||||
@@ -3341,6 +3341,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
|
||||
vshPrint(ctl, " Interface");
|
||||
# if defined(WITH_NETCF)
|
||||
vshPrint(ctl, " netcf");
|
||||
@ -78,10 +78,10 @@ Index: libvirt-1.2.10/tools/virsh.c
|
||||
# elif defined(WITH_UDEV)
|
||||
vshPrint(ctl, " udev");
|
||||
# endif
|
||||
Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
||||
Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
||||
--- libvirt-1.2.11.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-1.2.11/src/interface/interface_backend_netcf.c
|
||||
@@ -23,7 +23,12 @@
|
||||
|
||||
#include <config.h>
|
||||
@ -98,7 +98,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
||||
#include "datatypes.h"
|
||||
@@ -65,6 +70,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
|
||||
|
||||
static virNetcfDriverStatePtr driverState;
|
||||
static virNetcfDriverStatePtr driver;
|
||||
|
||||
+#ifdef WITH_NETCONTROL
|
||||
+static void
|
||||
@ -135,7 +135,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
||||
static void
|
||||
virNetcfDriverStateDispose(void *obj)
|
||||
@@ -87,7 +123,22 @@ netcfStateInitialize(bool privileged ATT
|
||||
if (!(driverState = virObjectLockableNew(virNetcfDriverStateClass)))
|
||||
if (!(driver = virObjectLockableNew(virNetcfDriverStateClass)))
|
||||
return -1;
|
||||
|
||||
+#ifdef WITH_NETCONTROL
|
||||
@ -147,28 +147,28 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
||||
+ * fail in netcfInterfaceOpen. This restores the behavior before
|
||||
+ * commit 822fe136.
|
||||
+ */
|
||||
+ if (ncf_init(&driverState->netcf, NULL) != 0) {
|
||||
+ if (ncf_init(&driver->netcf, NULL) != 0) {
|
||||
+ VIR_WARN("Failed to initialize netcontrol. Continuing with network "
|
||||
+ "interface management features disabled");
|
||||
+ virObjectUnref(driverState);
|
||||
+ driverState = NULL;
|
||||
+ virObjectUnref(driver);
|
||||
+ driver = NULL;
|
||||
+ }
|
||||
+#else
|
||||
if (ncf_init(&driverState->netcf, NULL) != 0) {
|
||||
if (ncf_init(&driver->netcf, NULL) != 0) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
_("failed to initialize netcf"));
|
||||
@@ -95,6 +146,7 @@ netcfStateInitialize(bool privileged ATT
|
||||
driverState = NULL;
|
||||
driver = NULL;
|
||||
return -1;
|
||||
}
|
||||
+#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
Index: libvirt-1.2.10/src/interface/interface_driver.c
|
||||
Index: libvirt-1.2.11/src/interface/interface_driver.c
|
||||
===================================================================
|
||||
--- libvirt-1.2.10.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-1.2.10/src/interface/interface_driver.c
|
||||
--- libvirt-1.2.11.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-1.2.11/src/interface/interface_driver.c
|
||||
@@ -30,8 +30,15 @@ interfaceRegister(void)
|
||||
if (netcfIfaceRegister() == 0)
|
||||
return 0;
|
||||
@ -186,10 +186,10 @@ Index: libvirt-1.2.10/src/interface/interface_driver.c
|
||||
if (udevIfaceRegister() == 0)
|
||||
return 0;
|
||||
#endif /* WITH_UDEV */
|
||||
Index: libvirt-1.2.10/m4/virt-netcontrol.m4
|
||||
Index: libvirt-1.2.11/m4/virt-netcontrol.m4
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libvirt-1.2.10/m4/virt-netcontrol.m4
|
||||
+++ libvirt-1.2.11/m4/virt-netcontrol.m4
|
||||
@@ -0,0 +1,35 @@
|
||||
+dnl The libnetcontrol library
|
||||
+dnl
|
||||
|
@ -1,3 +1,23 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 15 09:48:02 UTC 2014 - cbosdonnat@suse.com
|
||||
|
||||
- Update to libvirt 1.2.11
|
||||
- Implement public API for virDomainGetFSInfo
|
||||
- qemu: Add define for the new throttle options
|
||||
- CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
|
||||
- CVE-2014-7823: dumpxml: security hole with migratable flag
|
||||
- Drop upstream patches: 2222123-virt-aa-helper-crash.patch,
|
||||
433b427-iplink-name.patch,
|
||||
52691f99-qemu-mig-crash.patch,
|
||||
72fecf1-lxc-resolve-symlinks.patch,
|
||||
b1674ad5-CVE-2014-7823.patch,
|
||||
ba9b7252-sys-net-rw.patch,
|
||||
c264eea-virt-aa-helper-sandbox.patch,
|
||||
e50457d-lxc-unmount-check.patch,
|
||||
cgroup-all-devices.patch,
|
||||
libvirt-ppc64le-support.patch
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 10 13:22:14 UTC 2014 - cbosdonnat@suse.com
|
||||
|
||||
|
30
libvirt.spec
30
libvirt.spec
@ -235,7 +235,7 @@
|
||||
|
||||
Name: libvirt
|
||||
Url: http://libvirt.org/
|
||||
Version: 1.2.10
|
||||
Version: 1.2.11
|
||||
Release: 0
|
||||
Summary: Library providing a simple virtualization API
|
||||
License: LGPL-2.1+
|
||||
@ -434,23 +434,13 @@ Source3: libvirtd.init
|
||||
Source4: libvirtd-relocation-server.fw
|
||||
Source99: baselibs.conf
|
||||
# Upstream patches
|
||||
Patch0: b1674ad5-CVE-2014-7823.patch
|
||||
Patch1: 2222123-virt-aa-helper-crash.patch
|
||||
Patch2: c264eea-virt-aa-helper-sandbox.patch
|
||||
Patch3: 433b427-iplink-name.patch
|
||||
Patch4: 72fecf1-lxc-resolve-symlinks.patch
|
||||
Patch5: e50457d-lxc-unmount-check.patch
|
||||
Patch6: 52691f99-qemu-mig-crash.patch
|
||||
Patch7: ba9b7252-sys-net-rw.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: cgroup-all-devices.patch
|
||||
# Need to go upstream
|
||||
Patch150: xen-name-for-devid.patch
|
||||
Patch151: xen-pv-cdrom.patch
|
||||
Patch152: blockcopy-check-dst-identical-device.patch
|
||||
Patch153: libvirt-ppc64le-support.patch
|
||||
Patch154: libvirt-power8-models.patch
|
||||
Patch155: ppc64le-canonical-name.patch
|
||||
Patch153: libvirt-power8-models.patch
|
||||
Patch154: ppc64le-canonical-name.patch
|
||||
# Our patches
|
||||
Patch200: libvirtd-defaults.patch
|
||||
Patch201: libvirtd-init-script.patch
|
||||
@ -975,21 +965,11 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch100 -p1
|
||||
%patch150 -p1
|
||||
%patch151 -p1
|
||||
%patch152 -p1
|
||||
%patch153 -p1
|
||||
%patch154 -p1
|
||||
%patch155 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
%patch202 -p1
|
||||
@ -1827,10 +1807,6 @@ fi
|
||||
%{_libdir}/libvirt-qemu.so
|
||||
%{_libdir}/libvirt-lxc.so
|
||||
%{_includedir}/libvirt
|
||||
%{_includedir}/libvirt/virterror.h
|
||||
%{_includedir}/libvirt/libvirt.h
|
||||
%{_includedir}/libvirt/libvirt-qemu.h
|
||||
%{_includedir}/libvirt/libvirt-lxc.h
|
||||
%{_libdir}/pkgconfig/libvirt.pc
|
||||
%{_libdir}/pkgconfig/libvirt-qemu.pc
|
||||
%{_libdir}/pkgconfig/libvirt-lxc.pc
|
||||
|
Loading…
Reference in New Issue
Block a user