forked from pool/libvirt
Accepting request 265257 from Virtualization
1 OBS-URL: https://build.opensuse.org/request/show/265257 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libvirt?expand=0&rev=167
This commit is contained in:
commit
40f2ce5fb1
@ -1,27 +0,0 @@
|
|||||||
From 22221233d0c2fd2c2d41b7527fe2bec13295a427 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Thu, 20 Nov 2014 11:31:44 +0100
|
|
||||||
Subject: [PATCH 1/5] virt-aa-helper wasn't running virErrorInitialize
|
|
||||||
|
|
||||||
This turns out to be working by magic but needs to be fixed.
|
|
||||||
---
|
|
||||||
src/security/virt-aa-helper.c | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
|
|
||||||
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
|
|
||||||
@@ -1251,6 +1251,12 @@ main(int argc, char **argv)
|
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (virThreadInitialize() < 0 ||
|
|
||||||
+ virErrorInitialize() < 0) {
|
|
||||||
+ fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
|
|
||||||
+ exit(EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* clear the environment */
|
|
||||||
environ = NULL;
|
|
||||||
if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0) {
|
|
@ -1,37 +0,0 @@
|
|||||||
From 433b427ff853ab72d32573d415e6ec569b77c7cb Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Thu, 20 Nov 2014 15:26:35 +0100
|
|
||||||
Subject: [PATCH 3/5] ip link needs 'name' in 3.16 to create the veth pair
|
|
||||||
|
|
||||||
Due to a change (or bug?) in ip link implementation, the command
|
|
||||||
'ip link add vnet0...'
|
|
||||||
is forced into
|
|
||||||
'ip link add name vnet0...'
|
|
||||||
The changed command also works on older versions of iproute2, just the
|
|
||||||
'name' parameter has been made mandatory.
|
|
||||||
---
|
|
||||||
src/util/virnetdevveth.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/util/virnetdevveth.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/util/virnetdevveth.c
|
|
||||||
+++ libvirt-1.2.10/src/util/virnetdevveth.c
|
|
||||||
@@ -89,7 +89,7 @@ static int virNetDevVethGetFreeNum(int s
|
|
||||||
* @veth2: pointer to return name for container end of veth pair
|
|
||||||
*
|
|
||||||
* Creates a veth device pair using the ip command:
|
|
||||||
- * ip link add veth1 type veth peer name veth2
|
|
||||||
+ * ip link add name veth1 type veth peer name veth2
|
|
||||||
* If veth1 points to NULL on entry, it will be a valid interface on
|
|
||||||
* return. veth2 should point to NULL on entry.
|
|
||||||
*
|
|
||||||
@@ -146,7 +146,7 @@ int virNetDevVethCreate(char** veth1, ch
|
|
||||||
}
|
|
||||||
|
|
||||||
cmd = virCommandNew("ip");
|
|
||||||
- virCommandAddArgList(cmd, "link", "add",
|
|
||||||
+ virCommandAddArgList(cmd, "link", "add", "name",
|
|
||||||
*veth1 ? *veth1 : veth1auto,
|
|
||||||
"type", "veth", "peer", "name",
|
|
||||||
*veth2 ? *veth2 : veth2auto,
|
|
@ -1,29 +0,0 @@
|
|||||||
commit 52691f99fa016ac46c9546c37706e57a5180d4c6
|
|
||||||
Author: Jiri Denemark <jdenemar@redhat.com>
|
|
||||||
Date: Thu Nov 20 13:09:16 2014 +0100
|
|
||||||
|
|
||||||
qemu: Fix crash in tunnelled migration
|
|
||||||
|
|
||||||
Any attempt to start a tunnelled migration with libvirtd that supports
|
|
||||||
RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
|
|
||||||
libvirtd on the destination host.
|
|
||||||
|
|
||||||
The crash is inevitable because qemuMigrationPrepareAny is always called
|
|
||||||
with NULL protocol in case of tunnelled migration.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1147331
|
|
||||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/qemu/qemu_migration.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/qemu/qemu_migration.c
|
|
||||||
+++ libvirt-1.2.10/src/qemu/qemu_migration.c
|
|
||||||
@@ -2688,7 +2688,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr
|
|
||||||
QEMU_MIGRATION_COOKIE_NBD)))
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
- if (STREQ(protocol, "rdma") && !vm->def->mem.hard_limit) {
|
|
||||||
+ if (STREQ_NULLABLE(protocol, "rdma") && !vm->def->mem.hard_limit) {
|
|
||||||
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
|
|
||||||
_("cannot start RDMA migration with no memory hard "
|
|
||||||
"limit set"));
|
|
@ -1,155 +0,0 @@
|
|||||||
From 72fecf1813b9e77a7f89bc1e708f91bdab7d9ad4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Fri, 21 Nov 2014 17:45:55 +0100
|
|
||||||
Subject: [PATCH 4/5] lxc: be more patient while resolving symlinks
|
|
||||||
|
|
||||||
Resolving symlinks can fail before mounting any file system if one file
|
|
||||||
system depends on another being mounted. Symlinks are now resolved in
|
|
||||||
two passes:
|
|
||||||
|
|
||||||
* Before any file system is mounted, but then we are more gentle if
|
|
||||||
the source path can't be accessed
|
|
||||||
* Right before mounting a file system, so that we are sure that we
|
|
||||||
have the resolved path... but then if it can't be accessed we raise
|
|
||||||
an error.
|
|
||||||
---
|
|
||||||
src/conf/domain_conf.h | 1 +
|
|
||||||
src/lxc/lxc_container.c | 77 ++++++++++++++++++++++++++++++++++---------------
|
|
||||||
2 files changed, 54 insertions(+), 24 deletions(-)
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/conf/domain_conf.h
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/conf/domain_conf.h
|
|
||||||
+++ libvirt-1.2.10/src/conf/domain_conf.h
|
|
||||||
@@ -814,6 +814,7 @@ struct _virDomainFSDef {
|
|
||||||
virDomainDeviceInfo info;
|
|
||||||
unsigned long long space_hard_limit; /* in bytes */
|
|
||||||
unsigned long long space_soft_limit; /* in bytes */
|
|
||||||
+ bool symlinksResolved;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/lxc/lxc_container.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
|
|
||||||
+++ libvirt-1.2.10/src/lxc/lxc_container.c
|
|
||||||
@@ -609,6 +609,48 @@ static int lxcContainerUnmountSubtree(co
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int lxcContainerResolveSymlinks(virDomainFSDefPtr fs, bool gentle)
|
|
||||||
+{
|
|
||||||
+ char *newroot;
|
|
||||||
+
|
|
||||||
+ if (!fs->src || fs->symlinksResolved)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ if (access(fs->src, F_OK)) {
|
|
||||||
+ if (gentle) {
|
|
||||||
+ /* Just ignore the error for the while, we'll try again later */
|
|
||||||
+ VIR_DEBUG("Skipped unaccessible '%s'", fs->src);
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ virReportSystemError(errno,
|
|
||||||
+ _("Failed to access '%s'"), fs->src);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ VIR_DEBUG("Resolving '%s'", fs->src);
|
|
||||||
+ if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
|
|
||||||
+ if (gentle) {
|
|
||||||
+ VIR_DEBUG("Skipped non-resolvable '%s'", fs->src);
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ virReportSystemError(errno,
|
|
||||||
+ _("Failed to resolve symlink at %s"),
|
|
||||||
+ fs->src);
|
|
||||||
+ }
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Mark it resolved to skip it the next time */
|
|
||||||
+ fs->symlinksResolved = true;
|
|
||||||
+
|
|
||||||
+ VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
|
|
||||||
+
|
|
||||||
+ VIR_FREE(fs->src);
|
|
||||||
+ fs->src = newroot;
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
|
|
||||||
static int lxcContainerPrepareRoot(virDomainDefPtr def,
|
|
||||||
virDomainFSDefPtr root,
|
|
||||||
@@ -635,6 +677,9 @@ static int lxcContainerPrepareRoot(virDo
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (lxcContainerResolveSymlinks(root, false) < 0)
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
if (virAsprintf(&dst, "%s/%s.root",
|
|
||||||
LXC_STATE_DIR, def->name) < 0)
|
|
||||||
return -1;
|
|
||||||
@@ -1555,6 +1600,9 @@ static int lxcContainerMountAllFS(virDom
|
|
||||||
if (STREQ(vmDef->fss[i]->dst, "/"))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
+ if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
|
|
||||||
false) < 0)
|
|
||||||
return -1;
|
|
||||||
@@ -1738,37 +1786,18 @@ static int lxcContainerSetupPivotRoot(vi
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
-static int lxcContainerResolveSymlinks(virDomainDefPtr vmDef)
|
|
||||||
+static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef)
|
|
||||||
{
|
|
||||||
- char *newroot;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
VIR_DEBUG("Resolving symlinks");
|
|
||||||
|
|
||||||
for (i = 0; i < vmDef->nfss; i++) {
|
|
||||||
virDomainFSDefPtr fs = vmDef->fss[i];
|
|
||||||
- if (!fs->src)
|
|
||||||
- continue;
|
|
||||||
-
|
|
||||||
- if (access(fs->src, F_OK)) {
|
|
||||||
- virReportSystemError(errno,
|
|
||||||
- _("Failed to access '%s'"), fs->src);
|
|
||||||
+ /* In the first pass, be gentle as some files may
|
|
||||||
+ depend on other filesystems to be mounted */
|
|
||||||
+ if (lxcContainerResolveSymlinks(fs, true) < 0)
|
|
||||||
return -1;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- VIR_DEBUG("Resolving '%s'", fs->src);
|
|
||||||
- if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
|
|
||||||
- virReportSystemError(errno,
|
|
||||||
- _("Failed to resolve symlink at %s"),
|
|
||||||
- fs->src);
|
|
||||||
- return -1;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
|
|
||||||
-
|
|
||||||
- VIR_FREE(fs->src);
|
|
||||||
- fs->src = newroot;
|
|
||||||
}
|
|
||||||
VIR_DEBUG("Resolved all filesystem symlinks");
|
|
||||||
|
|
||||||
@@ -2107,7 +2136,7 @@ static int lxcContainerChild(void *data)
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (lxcContainerResolveSymlinks(vmDef) < 0)
|
|
||||||
+ if (lxcContainerResolveAllSymlinks(vmDef) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
VIR_DEBUG("Setting up pivot");
|
|
@ -1,57 +0,0 @@
|
|||||||
commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
|
|
||||||
Author: Eric Blake <eblake@redhat.com>
|
|
||||||
Date: Fri Oct 31 22:14:07 2014 -0600
|
|
||||||
|
|
||||||
CVE-2014-7823: dumpxml: security hole with migratable flag
|
|
||||||
|
|
||||||
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
|
|
||||||
the qemu implementation of virDomainGetXMLDesc, the use of the
|
|
||||||
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
|
|
||||||
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
|
|
||||||
prior to calling qemuDomainFormatXML. However, the use of
|
|
||||||
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
|
|
||||||
clients only. This patch treats the migratable flag as requiring
|
|
||||||
the same permissions, rather than analyzing what might break if
|
|
||||||
migratable xml no longer includes secret information.
|
|
||||||
|
|
||||||
Fortunately, the information leak is low-risk: all that is gated
|
|
||||||
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
|
|
||||||
but VNC passwords are already weak (FIPS forbids their use, and
|
|
||||||
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
|
|
||||||
password sent in plaintext over the network deserves what they
|
|
||||||
get). SPICE offers better security than VNC, and all other
|
|
||||||
secrets are properly protected by use of virSecret associations
|
|
||||||
rather than direct output in domain XML.
|
|
||||||
|
|
||||||
* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
|
|
||||||
Tighten rules on use of migratable flag.
|
|
||||||
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
|
|
||||||
|
|
||||||
Signed-off-by: Eric Blake <eblake@redhat.com>
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/libvirt-domain.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/libvirt-domain.c
|
|
||||||
+++ libvirt-1.2.10/src/libvirt-domain.c
|
|
||||||
@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain,
|
|
||||||
virCheckDomainReturn(domain, NULL);
|
|
||||||
conn = domain->conn;
|
|
||||||
|
|
||||||
- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
|
|
||||||
+ if ((conn->flags & VIR_CONNECT_RO) &&
|
|
||||||
+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
|
|
||||||
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
|
|
||||||
_("virDomainGetXMLDesc with secure flag"));
|
|
||||||
goto error;
|
|
||||||
Index: libvirt-1.2.10/src/remote/remote_protocol.x
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/remote/remote_protocol.x
|
|
||||||
+++ libvirt-1.2.10/src/remote/remote_protocol.x
|
|
||||||
@@ -3255,6 +3255,7 @@ enum remote_procedure {
|
|
||||||
* @generate: both
|
|
||||||
* @acl: domain:read
|
|
||||||
* @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
|
|
||||||
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
|
|
||||||
*/
|
|
||||||
REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
|
|
||||||
|
|
@ -1,130 +0,0 @@
|
|||||||
From ba9b7252ea8d87dfa217fb11dc5dadc039176807 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Wed, 10 Dec 2014 10:22:28 +0100
|
|
||||||
Subject: [PATCH] lxc: give RW access to /proc/sys/net/ipv[46] to containers
|
|
||||||
|
|
||||||
Some programs want to change some values for the network interfaces
|
|
||||||
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
|
|
||||||
allows wicked to work on openSUSE 13.2+.
|
|
||||||
|
|
||||||
Reusing the lxcNeedNetworkNamespace function to tell
|
|
||||||
lxcContainerMountBasicFS if the netns is disabled. When no netns is
|
|
||||||
set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
|
|
||||||
these would provide full access to the host NICs config.
|
|
||||||
---
|
|
||||||
src/lxc/lxc_container.c | 64 +++++++++++++++++++++++++++++++------------------
|
|
||||||
1 file changed, 41 insertions(+), 23 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
|
|
||||||
index 3b08b86..1b9e2f2 100644
|
|
||||||
--- a/src/lxc/lxc_container.c
|
|
||||||
+++ b/src/lxc/lxc_container.c
|
|
||||||
@@ -800,15 +800,18 @@ typedef struct {
|
|
||||||
int mflags;
|
|
||||||
bool skipUserNS;
|
|
||||||
bool skipUnmounted;
|
|
||||||
+ bool skipNoNetns;
|
|
||||||
} virLXCBasicMountInfo;
|
|
||||||
|
|
||||||
static const virLXCBasicMountInfo lxcBasicMounts[] = {
|
|
||||||
- { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false },
|
|
||||||
- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false },
|
|
||||||
- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false },
|
|
||||||
- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
|
|
||||||
+ { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
|
|
||||||
+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
|
|
||||||
+ { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
|
|
||||||
+ { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
|
|
||||||
+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
|
|
||||||
+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
|
|
||||||
#if WITH_SELINUX
|
|
||||||
- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
|
|
||||||
+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
|
|
||||||
#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
@@ -940,10 +943,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* Skip mounts with missing source without shouting: it may be a
|
|
||||||
+ * missing folder in /proc due to the absence of a kernel feature */
|
|
||||||
+ if (STRPREFIX(mnt_src, "/") && !virFileExists(mnt_src)) {
|
|
||||||
+ VIR_DEBUG("Skipping due to missing source: %s", mnt_src);
|
|
||||||
+ VIR_FREE(mnt_src);
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (mnt->skipNoNetns && netns_disabled) {
|
|
||||||
+ VIR_DEBUG("Skipping due to absence of network namespace");
|
|
||||||
+ VIR_FREE(mnt_src);
|
|
||||||
+ continue;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (virFileMakePath(mnt->dst) < 0) {
|
|
||||||
virReportSystemError(errno,
|
|
||||||
_("Failed to mkdir %s"),
|
|
||||||
- mnt_src);
|
|
||||||
+ mnt->dst);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1697,6 +1714,23 @@ static int lxcContainerUnmountForSharedRoot(const char *stateDir,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+static bool
|
|
||||||
+lxcNeedNetworkNamespace(virDomainDefPtr def)
|
|
||||||
+{
|
|
||||||
+ size_t i;
|
|
||||||
+ if (def->nets != NULL)
|
|
||||||
+ return true;
|
|
||||||
+ if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
|
|
||||||
+ return true;
|
|
||||||
+ for (i = 0; i < def->nhostdevs; i++) {
|
|
||||||
+ if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
|
|
||||||
+ def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
+ return false;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/* Got a FS mapped to /, we're going the pivot_root
|
|
||||||
* approach to do a better-chroot-than-chroot
|
|
||||||
* this is based on this thread http://lkml.org/lkml/2008/3/5/29
|
|
||||||
@@ -1741,7 +1775,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
|
|
||||||
|
|
||||||
/* Mounts the core /proc, /sys, etc filesystems */
|
|
||||||
if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap,
|
|
||||||
- !vmDef->nnets) < 0)
|
|
||||||
+ !lxcNeedNetworkNamespace(vmDef)) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
/* Ensure entire root filesystem (except /.oldroot) is readonly */
|
|
||||||
@@ -2240,22 +2274,6 @@ virArch lxcContainerGetAlt32bitArch(virArch arch)
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
-static bool
|
|
||||||
-lxcNeedNetworkNamespace(virDomainDefPtr def)
|
|
||||||
-{
|
|
||||||
- size_t i;
|
|
||||||
- if (def->nets != NULL)
|
|
||||||
- return true;
|
|
||||||
- if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
|
|
||||||
- return true;
|
|
||||||
- for (i = 0; i < def->nhostdevs; i++) {
|
|
||||||
- if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
|
|
||||||
- def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
|
|
||||||
- return true;
|
|
||||||
- }
|
|
||||||
- return false;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/**
|
|
||||||
* lxcContainerStart:
|
|
||||||
* @def: pointer to virtual machine structure
|
|
||||||
--
|
|
||||||
2.1.2
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Thu, 20 Nov 2014 11:32:38 +0100
|
|
||||||
Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't
|
|
||||||
restricted
|
|
||||||
|
|
||||||
To get virt-sandbox-service working with AppArmor, virt-aa-helper
|
|
||||||
needs not to choke on path in /etc/libvirt-sandbox/services.
|
|
||||||
---
|
|
||||||
src/security/virt-aa-helper.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
|
|
||||||
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
|
|
||||||
@@ -571,7 +571,8 @@ valid_path(const char *path, const bool
|
|
||||||
};
|
|
||||||
/* override the above with these */
|
|
||||||
const char * const override[] = {
|
|
||||||
- "/sys/devices/pci" /* for hostdev pci devices */
|
|
||||||
+ "/sys/devices/pci", /* for hostdev pci devices */
|
|
||||||
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
|
|
||||||
};
|
|
||||||
|
|
||||||
if (path == NULL) {
|
|
@ -1,36 +0,0 @@
|
|||||||
From c3cebcbf0303af428f75c53de99d75885b8a8ce3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Wed, 10 Dec 2014 14:32:10 +0100
|
|
||||||
Subject: [PATCH] Avoid getting '-1:-1' in devices cgroup list
|
|
||||||
|
|
||||||
When calling virCgroupAllowAllDevices we get these invalid entries
|
|
||||||
in the device cgroup config.
|
|
||||||
b -1:-1 rw
|
|
||||||
c -1:-1 rw
|
|
||||||
Check for positive values before outputting the major and minor to
|
|
||||||
avoid that.
|
|
||||||
---
|
|
||||||
src/util/vircgroup.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
|
|
||||||
index 166f4dc..3995477 100644
|
|
||||||
--- a/src/util/vircgroup.c
|
|
||||||
+++ b/src/util/vircgroup.c
|
|
||||||
@@ -2767,11 +2767,11 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
|
|
||||||
char *minorstr = NULL;
|
|
||||||
|
|
||||||
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
|
|
||||||
- virAsprintf(&majorstr, "%i", major) < 0)
|
|
||||||
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
|
|
||||||
- virAsprintf(&minorstr, "%i", minor) < 0)
|
|
||||||
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
|
|
||||||
--
|
|
||||||
2.1.2
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From e50457dd4cc5d4ba1ac7b05734157524620d087f Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
||||||
Date: Mon, 24 Nov 2014 15:10:19 +0100
|
|
||||||
Subject: [PATCH 5/5] lxc: don't unmount subtree if it contains the source of
|
|
||||||
the mount
|
|
||||||
|
|
||||||
The typical case where we had a problem is with such a filesystem
|
|
||||||
definition as created by virt-sandbox-service:
|
|
||||||
|
|
||||||
<filesystem type='bind' accessmode='passthrough'>
|
|
||||||
<source dir='/var/lib/libvirt/filesystems/mysshd/var'/>
|
|
||||||
<target dir='/var'/>
|
|
||||||
</filesystem>
|
|
||||||
|
|
||||||
In this case, we don't want to unmount the /var subtree or we may
|
|
||||||
loose the access to the source folder.
|
|
||||||
---
|
|
||||||
src/lxc/lxc_container.c | 8 ++++++--
|
|
||||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/lxc/lxc_container.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
|
|
||||||
+++ libvirt-1.2.10/src/lxc/lxc_container.c
|
|
||||||
@@ -1600,11 +1600,15 @@ static int lxcContainerMountAllFS(virDom
|
|
||||||
if (STREQ(vmDef->fss[i]->dst, "/"))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
+ VIR_DEBUG("Mounting '%s' -> '%s'", vmDef->fss[i]->src, vmDef->fss[i]->dst);
|
|
||||||
+
|
|
||||||
if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
- if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
|
|
||||||
- false) < 0)
|
|
||||||
+
|
|
||||||
+ if (!(vmDef->fss[i]->src &&
|
|
||||||
+ STRPREFIX(vmDef->fss[i]->src, vmDef->fss[i]->dst)) &&
|
|
||||||
+ lxcContainerUnmountSubtree(vmDef->fss[i]->dst, false) < 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
if (lxcContainerMountFS(vmDef->fss[i], sec_mount_options) < 0)
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:5050f4cea3dd59d3eca25c3d3f16085e10d624ecc18bd35820cd3dac6f46c08e
|
|
||||||
size 30029503
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iEYEABECAAYFAlRXIOgACgkQRga4pd6VvB+obgCcCzOsG4rjI5PZs5Br9SXZuh41
|
|
||||||
vUkAoIaaoJv304OoiEdsCr1x4gAwaFpU
|
|
||||||
=FzVc
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
libvirt-1.2.11.tar.gz
Normal file
3
libvirt-1.2.11.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc
|
||||||
|
size 30571605
|
7
libvirt-1.2.11.tar.gz.asc
Normal file
7
libvirt-1.2.11.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iEYEABECAAYFAlSLprsACgkQRga4pd6VvB9dIgCgiRsIp7IpLVT3rGLmJeGFlWIL
|
||||||
|
TIsAnimwS0VUT5YtHfkgNIzYOUjK7yq+
|
||||||
|
=Voyk
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,9 +1,9 @@
|
|||||||
Index: libvirt-1.2.10/src/cpu/cpu_map.xml
|
Index: libvirt-1.2.11/src/cpu/cpu_map.xml
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/src/cpu/cpu_map.xml
|
--- libvirt-1.2.11.orig/src/cpu/cpu_map.xml
|
||||||
+++ libvirt-1.2.10/src/cpu/cpu_map.xml
|
+++ libvirt-1.2.11/src/cpu/cpu_map.xml
|
||||||
@@ -627,5 +627,15 @@
|
@@ -657,5 +657,15 @@
|
||||||
<pvr value='0x004b0100'/>
|
<pvr value='0x004d0000'/>
|
||||||
</model>
|
</model>
|
||||||
|
|
||||||
+ <model name='POWER8_v2.0'>
|
+ <model name='POWER8_v2.0'>
|
||||||
|
@ -1,196 +0,0 @@
|
|||||||
Index: libvirt-1.2.10/src/conf/domain_conf.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/conf/domain_conf.c
|
|
||||||
+++ libvirt-1.2.10/src/conf/domain_conf.c
|
|
||||||
@@ -10043,7 +10043,8 @@ virDomainVideoDefaultType(const virDomai
|
|
||||||
(STREQ(def->os.type, "xen") ||
|
|
||||||
STREQ(def->os.type, "linux")))
|
|
||||||
return VIR_DOMAIN_VIDEO_TYPE_XEN;
|
|
||||||
- else if (def->os.arch == VIR_ARCH_PPC64)
|
|
||||||
+ else if (def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE)
|
|
||||||
return VIR_DOMAIN_VIDEO_TYPE_VGA;
|
|
||||||
else
|
|
||||||
return VIR_DOMAIN_VIDEO_TYPE_CIRRUS;
|
|
||||||
Index: libvirt-1.2.10/src/cpu/cpu_powerpc.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/cpu/cpu_powerpc.c
|
|
||||||
+++ libvirt-1.2.10/src/cpu/cpu_powerpc.c
|
|
||||||
@@ -38,7 +38,7 @@
|
|
||||||
|
|
||||||
VIR_LOG_INIT("cpu.cpu_powerpc");
|
|
||||||
|
|
||||||
-static const virArch archs[] = { VIR_ARCH_PPC64 };
|
|
||||||
+static const virArch archs[] = { VIR_ARCH_PPC64, VIR_ARCH_PPC64LE };
|
|
||||||
|
|
||||||
struct ppc_vendor {
|
|
||||||
char *name;
|
|
||||||
Index: libvirt-1.2.10/src/qemu/qemu_capabilities.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/qemu/qemu_capabilities.c
|
|
||||||
+++ libvirt-1.2.10/src/qemu/qemu_capabilities.c
|
|
||||||
@@ -633,7 +633,8 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr
|
|
||||||
if (qemuCaps->arch == VIR_ARCH_I686 ||
|
|
||||||
qemuCaps->arch == VIR_ARCH_X86_64) {
|
|
||||||
parse = virQEMUCapsParseX86Models;
|
|
||||||
- } else if (qemuCaps->arch == VIR_ARCH_PPC64) {
|
|
||||||
+ } else if (qemuCaps->arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ qemuCaps->arch == VIR_ARCH_PPC64LE) {
|
|
||||||
parse = virQEMUCapsParsePPCModels;
|
|
||||||
} else {
|
|
||||||
VIR_DEBUG("don't know how to parse %s CPU models",
|
|
||||||
@@ -2003,7 +2004,8 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCa
|
|
||||||
return true;
|
|
||||||
|
|
||||||
if (def->os.arch == VIR_ARCH_PPC ||
|
|
||||||
- def->os.arch == VIR_ARCH_PPC64) {
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) {
|
|
||||||
/*
|
|
||||||
* Usage of pci.0 naming:
|
|
||||||
*
|
|
||||||
@@ -3573,7 +3575,9 @@ virQEMUCapsSupportsChardev(virDomainDefP
|
|
||||||
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
- if ((def->os.arch == VIR_ARCH_PPC) || (def->os.arch == VIR_ARCH_PPC64)) {
|
|
||||||
+ if (def->os.arch == VIR_ARCH_PPC ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) {
|
|
||||||
/* only pseries need -device spapr-vty with -chardev */
|
|
||||||
return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
|
||||||
chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO);
|
|
||||||
Index: libvirt-1.2.10/src/qemu/qemu_command.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/qemu/qemu_command.c
|
|
||||||
+++ libvirt-1.2.10/src/qemu/qemu_command.c
|
|
||||||
@@ -713,7 +713,8 @@ qemuSetSCSIControllerModel(virDomainDefP
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
- if ((def->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
STRPREFIX(def->os.machine, "pseries")) {
|
|
||||||
*model = VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI;
|
|
||||||
} else if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SCSI_LSI)) {
|
|
||||||
@@ -1264,7 +1265,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
|
|
||||||
|
|
||||||
for (i = 0; i < def->nserials; i++) {
|
|
||||||
if (def->serials[i]->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
|
||||||
- (def->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
+ (def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
STRPREFIX(def->os.machine, "pseries"))
|
|
||||||
def->serials[i]->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
|
|
||||||
if (qemuAssignSpaprVIOAddress(def, &def->serials[i]->info,
|
|
||||||
@@ -1273,7 +1275,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
|
|
||||||
}
|
|
||||||
|
|
||||||
if (def->nvram) {
|
|
||||||
- if (def->os.arch == VIR_ARCH_PPC64 &&
|
|
||||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
STRPREFIX(def->os.machine, "pseries"))
|
|
||||||
def->nvram->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
|
|
||||||
if (qemuAssignSpaprVIOAddress(def, &def->nvram->info,
|
|
||||||
@@ -4195,7 +4198,8 @@ qemuBuildUSBControllerDevStr(virDomainDe
|
|
||||||
model = def->model;
|
|
||||||
|
|
||||||
if (model == -1) {
|
|
||||||
- if (domainDef->os.arch == VIR_ARCH_PPC64)
|
|
||||||
+ if (domainDef->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ domainDef->os.arch == VIR_ARCH_PPC64LE)
|
|
||||||
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI;
|
|
||||||
else
|
|
||||||
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
|
|
||||||
@@ -8573,7 +8577,8 @@ qemuBuildCommandLine(virConnectPtr conn,
|
|
||||||
!qemuDomainMachineIsQ35(def) &&
|
|
||||||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) ||
|
|
||||||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) &&
|
|
||||||
- def->os.arch == VIR_ARCH_PPC64))) {
|
|
||||||
+ (def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE)))) {
|
|
||||||
if (usblegacy) {
|
|
||||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
||||||
_("Multiple legacy USB controllers are "
|
|
||||||
@@ -9771,7 +9776,8 @@ qemuBuildCommandLine(virConnectPtr conn,
|
|
||||||
}
|
|
||||||
|
|
||||||
if (def->nvram) {
|
|
||||||
- if (def->os.arch == VIR_ARCH_PPC64 &&
|
|
||||||
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
STRPREFIX(def->os.machine, "pseries")) {
|
|
||||||
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) {
|
|
||||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
||||||
@@ -9894,7 +9900,8 @@ qemuBuildSerialChrDeviceStr(char **devic
|
|
||||||
{
|
|
||||||
virBuffer cmd = VIR_BUFFER_INITIALIZER;
|
|
||||||
|
|
||||||
- if ((arch == VIR_ARCH_PPC64) && STRPREFIX(machine, "pseries")) {
|
|
||||||
+ if ((arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ arch == VIR_ARCH_PPC64LE) && STRPREFIX(machine, "pseries")) {
|
|
||||||
if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
|
|
||||||
serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) {
|
|
||||||
virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s",
|
|
||||||
@@ -10316,8 +10323,9 @@ qemuParseCommandLineDisk(virDomainXMLOpt
|
|
||||||
if (VIR_ALLOC(def->src) < 0)
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
- dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
|
|
||||||
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
+ dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
|
|
||||||
def->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
|
||||||
else
|
|
||||||
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
|
||||||
@@ -10409,7 +10417,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt
|
|
||||||
} else if (STREQ(keywords[i], "if")) {
|
|
||||||
if (STREQ(values[i], "ide")) {
|
|
||||||
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
|
||||||
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) {
|
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
||||||
_("pseries systems do not support ide devices '%s'"), val);
|
|
||||||
@@ -11654,8 +11663,9 @@ qemuParseCommandLine(virCapsPtr qemuCaps
|
|
||||||
}
|
|
||||||
if (STREQ(arg, "-cdrom")) {
|
|
||||||
disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM;
|
|
||||||
- if (((def->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
|
||||||
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
|
||||||
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
|
||||||
if (VIR_STRDUP(disk->dst, "hdc") < 0)
|
|
||||||
goto error;
|
|
||||||
@@ -11670,9 +11680,10 @@ qemuParseCommandLine(virCapsPtr qemuCaps
|
|
||||||
disk->bus = VIR_DOMAIN_DISK_BUS_IDE;
|
|
||||||
else
|
|
||||||
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
|
||||||
- if (((def->os.arch == VIR_ARCH_PPC64) &&
|
|
||||||
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
|
||||||
- disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
|
||||||
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
|
|
||||||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
|
|
||||||
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
|
|
||||||
+ disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
|
|
||||||
}
|
|
||||||
if (VIR_STRDUP(disk->dst, arg + 1) < 0)
|
|
||||||
goto error;
|
|
||||||
Index: libvirt-1.2.10/src/qemu/qemu_domain.c
|
|
||||||
===================================================================
|
|
||||||
--- libvirt-1.2.10.orig/src/qemu/qemu_domain.c
|
|
||||||
+++ libvirt-1.2.10/src/qemu/qemu_domain.c
|
|
||||||
@@ -980,6 +980,7 @@ qemuDomainDefPostParse(virDomainDefPtr d
|
|
||||||
break;
|
|
||||||
|
|
||||||
case VIR_ARCH_PPC64:
|
|
||||||
+ case VIR_ARCH_PPC64LE:
|
|
||||||
addPCIRoot = true;
|
|
||||||
addDefaultUSBKBD = true;
|
|
||||||
addDefaultUSBMouse = true;
|
|
@ -1,7 +1,7 @@
|
|||||||
Index: libvirt-1.2.10/configure.ac
|
Index: libvirt-1.2.11/configure.ac
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/configure.ac
|
--- libvirt-1.2.11.orig/configure.ac
|
||||||
+++ libvirt-1.2.10/configure.ac
|
+++ libvirt-1.2.11/configure.ac
|
||||||
@@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE
|
@@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE
|
||||||
LIBVIRT_CHECK_GLUSTER
|
LIBVIRT_CHECK_GLUSTER
|
||||||
LIBVIRT_CHECK_HAL
|
LIBVIRT_CHECK_HAL
|
||||||
@ -34,11 +34,11 @@ Index: libvirt-1.2.10/configure.ac
|
|||||||
LIBVIRT_RESULT_NUMACTL
|
LIBVIRT_RESULT_NUMACTL
|
||||||
LIBVIRT_RESULT_OPENWSMAN
|
LIBVIRT_RESULT_OPENWSMAN
|
||||||
LIBVIRT_RESULT_PCIACCESS
|
LIBVIRT_RESULT_PCIACCESS
|
||||||
Index: libvirt-1.2.10/src/Makefile.am
|
Index: libvirt-1.2.11/src/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/src/Makefile.am
|
--- libvirt-1.2.11.orig/src/Makefile.am
|
||||||
+++ libvirt-1.2.10/src/Makefile.am
|
+++ libvirt-1.2.11/src/Makefile.am
|
||||||
@@ -856,6 +856,10 @@ if WITH_NETCF
|
@@ -859,6 +859,10 @@ if WITH_NETCF
|
||||||
INTERFACE_DRIVER_SOURCES += \
|
INTERFACE_DRIVER_SOURCES += \
|
||||||
interface/interface_backend_netcf.c
|
interface/interface_backend_netcf.c
|
||||||
endif WITH_NETCF
|
endif WITH_NETCF
|
||||||
@ -49,7 +49,7 @@ Index: libvirt-1.2.10/src/Makefile.am
|
|||||||
if WITH_UDEV
|
if WITH_UDEV
|
||||||
INTERFACE_DRIVER_SOURCES += \
|
INTERFACE_DRIVER_SOURCES += \
|
||||||
interface/interface_backend_udev.c
|
interface/interface_backend_udev.c
|
||||||
@@ -1499,10 +1503,15 @@ if WITH_NETCF
|
@@ -1502,10 +1506,15 @@ if WITH_NETCF
|
||||||
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
|
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
|
||||||
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
|
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
|
||||||
else ! WITH_NETCF
|
else ! WITH_NETCF
|
||||||
@ -65,11 +65,11 @@ Index: libvirt-1.2.10/src/Makefile.am
|
|||||||
endif ! WITH_NETCF
|
endif ! WITH_NETCF
|
||||||
if WITH_DRIVER_MODULES
|
if WITH_DRIVER_MODULES
|
||||||
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
|
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
|
||||||
Index: libvirt-1.2.10/tools/virsh.c
|
Index: libvirt-1.2.11/tools/virsh.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/tools/virsh.c
|
--- libvirt-1.2.11.orig/tools/virsh.c
|
||||||
+++ libvirt-1.2.10/tools/virsh.c
|
+++ libvirt-1.2.11/tools/virsh.c
|
||||||
@@ -3340,6 +3340,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
|
@@ -3341,6 +3341,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
|
||||||
vshPrint(ctl, " Interface");
|
vshPrint(ctl, " Interface");
|
||||||
# if defined(WITH_NETCF)
|
# if defined(WITH_NETCF)
|
||||||
vshPrint(ctl, " netcf");
|
vshPrint(ctl, " netcf");
|
||||||
@ -78,10 +78,10 @@ Index: libvirt-1.2.10/tools/virsh.c
|
|||||||
# elif defined(WITH_UDEV)
|
# elif defined(WITH_UDEV)
|
||||||
vshPrint(ctl, " udev");
|
vshPrint(ctl, " udev");
|
||||||
# endif
|
# endif
|
||||||
Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/src/interface/interface_backend_netcf.c
|
--- libvirt-1.2.11.orig/src/interface/interface_backend_netcf.c
|
||||||
+++ libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
+++ libvirt-1.2.11/src/interface/interface_backend_netcf.c
|
||||||
@@ -23,7 +23,12 @@
|
@@ -23,7 +23,12 @@
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
@ -98,7 +98,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
|||||||
#include "datatypes.h"
|
#include "datatypes.h"
|
||||||
@@ -65,6 +70,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
|
@@ -65,6 +70,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
|
||||||
|
|
||||||
static virNetcfDriverStatePtr driverState;
|
static virNetcfDriverStatePtr driver;
|
||||||
|
|
||||||
+#ifdef WITH_NETCONTROL
|
+#ifdef WITH_NETCONTROL
|
||||||
+static void
|
+static void
|
||||||
@ -135,7 +135,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
|||||||
static void
|
static void
|
||||||
virNetcfDriverStateDispose(void *obj)
|
virNetcfDriverStateDispose(void *obj)
|
||||||
@@ -87,7 +123,22 @@ netcfStateInitialize(bool privileged ATT
|
@@ -87,7 +123,22 @@ netcfStateInitialize(bool privileged ATT
|
||||||
if (!(driverState = virObjectLockableNew(virNetcfDriverStateClass)))
|
if (!(driver = virObjectLockableNew(virNetcfDriverStateClass)))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
+#ifdef WITH_NETCONTROL
|
+#ifdef WITH_NETCONTROL
|
||||||
@ -147,28 +147,28 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
|
|||||||
+ * fail in netcfInterfaceOpen. This restores the behavior before
|
+ * fail in netcfInterfaceOpen. This restores the behavior before
|
||||||
+ * commit 822fe136.
|
+ * commit 822fe136.
|
||||||
+ */
|
+ */
|
||||||
+ if (ncf_init(&driverState->netcf, NULL) != 0) {
|
+ if (ncf_init(&driver->netcf, NULL) != 0) {
|
||||||
+ VIR_WARN("Failed to initialize netcontrol. Continuing with network "
|
+ VIR_WARN("Failed to initialize netcontrol. Continuing with network "
|
||||||
+ "interface management features disabled");
|
+ "interface management features disabled");
|
||||||
+ virObjectUnref(driverState);
|
+ virObjectUnref(driver);
|
||||||
+ driverState = NULL;
|
+ driver = NULL;
|
||||||
+ }
|
+ }
|
||||||
+#else
|
+#else
|
||||||
if (ncf_init(&driverState->netcf, NULL) != 0) {
|
if (ncf_init(&driver->netcf, NULL) != 0) {
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||||
_("failed to initialize netcf"));
|
_("failed to initialize netcf"));
|
||||||
@@ -95,6 +146,7 @@ netcfStateInitialize(bool privileged ATT
|
@@ -95,6 +146,7 @@ netcfStateInitialize(bool privileged ATT
|
||||||
driverState = NULL;
|
driver = NULL;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
+#endif
|
+#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
Index: libvirt-1.2.10/src/interface/interface_driver.c
|
Index: libvirt-1.2.11/src/interface/interface_driver.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- libvirt-1.2.10.orig/src/interface/interface_driver.c
|
--- libvirt-1.2.11.orig/src/interface/interface_driver.c
|
||||||
+++ libvirt-1.2.10/src/interface/interface_driver.c
|
+++ libvirt-1.2.11/src/interface/interface_driver.c
|
||||||
@@ -30,8 +30,15 @@ interfaceRegister(void)
|
@@ -30,8 +30,15 @@ interfaceRegister(void)
|
||||||
if (netcfIfaceRegister() == 0)
|
if (netcfIfaceRegister() == 0)
|
||||||
return 0;
|
return 0;
|
||||||
@ -186,10 +186,10 @@ Index: libvirt-1.2.10/src/interface/interface_driver.c
|
|||||||
if (udevIfaceRegister() == 0)
|
if (udevIfaceRegister() == 0)
|
||||||
return 0;
|
return 0;
|
||||||
#endif /* WITH_UDEV */
|
#endif /* WITH_UDEV */
|
||||||
Index: libvirt-1.2.10/m4/virt-netcontrol.m4
|
Index: libvirt-1.2.11/m4/virt-netcontrol.m4
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ libvirt-1.2.10/m4/virt-netcontrol.m4
|
+++ libvirt-1.2.11/m4/virt-netcontrol.m4
|
||||||
@@ -0,0 +1,35 @@
|
@@ -0,0 +1,35 @@
|
||||||
+dnl The libnetcontrol library
|
+dnl The libnetcontrol library
|
||||||
+dnl
|
+dnl
|
||||||
|
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 15 09:48:02 UTC 2014 - cbosdonnat@suse.com
|
||||||
|
|
||||||
|
- Update to libvirt 1.2.11
|
||||||
|
- Implement public API for virDomainGetFSInfo
|
||||||
|
- qemu: Add define for the new throttle options
|
||||||
|
- CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
|
||||||
|
- CVE-2014-7823: dumpxml: security hole with migratable flag
|
||||||
|
- Drop upstream patches: 2222123-virt-aa-helper-crash.patch,
|
||||||
|
433b427-iplink-name.patch,
|
||||||
|
52691f99-qemu-mig-crash.patch,
|
||||||
|
72fecf1-lxc-resolve-symlinks.patch,
|
||||||
|
b1674ad5-CVE-2014-7823.patch,
|
||||||
|
ba9b7252-sys-net-rw.patch,
|
||||||
|
c264eea-virt-aa-helper-sandbox.patch,
|
||||||
|
e50457d-lxc-unmount-check.patch,
|
||||||
|
cgroup-all-devices.patch,
|
||||||
|
libvirt-ppc64le-support.patch
|
||||||
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 10 13:22:14 UTC 2014 - cbosdonnat@suse.com
|
Wed Dec 10 13:22:14 UTC 2014 - cbosdonnat@suse.com
|
||||||
|
|
||||||
|
30
libvirt.spec
30
libvirt.spec
@ -235,7 +235,7 @@
|
|||||||
|
|
||||||
Name: libvirt
|
Name: libvirt
|
||||||
Url: http://libvirt.org/
|
Url: http://libvirt.org/
|
||||||
Version: 1.2.10
|
Version: 1.2.11
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Library providing a simple virtualization API
|
Summary: Library providing a simple virtualization API
|
||||||
License: LGPL-2.1+
|
License: LGPL-2.1+
|
||||||
@ -434,23 +434,13 @@ Source3: libvirtd.init
|
|||||||
Source4: libvirtd-relocation-server.fw
|
Source4: libvirtd-relocation-server.fw
|
||||||
Source99: baselibs.conf
|
Source99: baselibs.conf
|
||||||
# Upstream patches
|
# Upstream patches
|
||||||
Patch0: b1674ad5-CVE-2014-7823.patch
|
|
||||||
Patch1: 2222123-virt-aa-helper-crash.patch
|
|
||||||
Patch2: c264eea-virt-aa-helper-sandbox.patch
|
|
||||||
Patch3: 433b427-iplink-name.patch
|
|
||||||
Patch4: 72fecf1-lxc-resolve-symlinks.patch
|
|
||||||
Patch5: e50457d-lxc-unmount-check.patch
|
|
||||||
Patch6: 52691f99-qemu-mig-crash.patch
|
|
||||||
Patch7: ba9b7252-sys-net-rw.patch
|
|
||||||
# Patches pending upstream review
|
# Patches pending upstream review
|
||||||
Patch100: cgroup-all-devices.patch
|
|
||||||
# Need to go upstream
|
# Need to go upstream
|
||||||
Patch150: xen-name-for-devid.patch
|
Patch150: xen-name-for-devid.patch
|
||||||
Patch151: xen-pv-cdrom.patch
|
Patch151: xen-pv-cdrom.patch
|
||||||
Patch152: blockcopy-check-dst-identical-device.patch
|
Patch152: blockcopy-check-dst-identical-device.patch
|
||||||
Patch153: libvirt-ppc64le-support.patch
|
Patch153: libvirt-power8-models.patch
|
||||||
Patch154: libvirt-power8-models.patch
|
Patch154: ppc64le-canonical-name.patch
|
||||||
Patch155: ppc64le-canonical-name.patch
|
|
||||||
# Our patches
|
# Our patches
|
||||||
Patch200: libvirtd-defaults.patch
|
Patch200: libvirtd-defaults.patch
|
||||||
Patch201: libvirtd-init-script.patch
|
Patch201: libvirtd-init-script.patch
|
||||||
@ -975,21 +965,11 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
%patch6 -p1
|
|
||||||
%patch7 -p1
|
|
||||||
%patch100 -p1
|
|
||||||
%patch150 -p1
|
%patch150 -p1
|
||||||
%patch151 -p1
|
%patch151 -p1
|
||||||
%patch152 -p1
|
%patch152 -p1
|
||||||
%patch153 -p1
|
%patch153 -p1
|
||||||
%patch154 -p1
|
%patch154 -p1
|
||||||
%patch155 -p1
|
|
||||||
%patch200 -p1
|
%patch200 -p1
|
||||||
%patch201 -p1
|
%patch201 -p1
|
||||||
%patch202 -p1
|
%patch202 -p1
|
||||||
@ -1827,10 +1807,6 @@ fi
|
|||||||
%{_libdir}/libvirt-qemu.so
|
%{_libdir}/libvirt-qemu.so
|
||||||
%{_libdir}/libvirt-lxc.so
|
%{_libdir}/libvirt-lxc.so
|
||||||
%{_includedir}/libvirt
|
%{_includedir}/libvirt
|
||||||
%{_includedir}/libvirt/virterror.h
|
|
||||||
%{_includedir}/libvirt/libvirt.h
|
|
||||||
%{_includedir}/libvirt/libvirt-qemu.h
|
|
||||||
%{_includedir}/libvirt/libvirt-lxc.h
|
|
||||||
%{_libdir}/pkgconfig/libvirt.pc
|
%{_libdir}/pkgconfig/libvirt.pc
|
||||||
%{_libdir}/pkgconfig/libvirt-qemu.pc
|
%{_libdir}/pkgconfig/libvirt-qemu.pc
|
||||||
%{_libdir}/pkgconfig/libvirt-lxc.pc
|
%{_libdir}/pkgconfig/libvirt-lxc.pc
|
||||||
|
Loading…
Reference in New Issue
Block a user