From 0e53c763a0e9eecdbffe2247c0152006d76d50beda4a58b24cf9a8ba824d2d3f Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 17 Jan 2014 19:45:49 +0000 Subject: [PATCH 1/5] - Update to libvirt 1.2.1 - CVE-2014-0028, CVE-2014-1447, CVE-2013-6458, CVE-2013-6457, CVE-2013-6436 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped upstream patches: 5e397d9c-test-fix-dbus-crash.patch, 78af457e-fix-virnettlscontexttest.patch, 9faf3f29-LXC-memtune.patch, f8c1cb90-CVE-2013-6436.patch, libxl-hvm-nic.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=342 --- 5e397d9c-test-fix-dbus-crash.patch | 31 ---- 78af457e-fix-virnettlscontexttest.patch | 43 ----- 9faf3f29-LXC-memtune.patch | 199 ------------------------ f8c1cb90-CVE-2013-6436.patch | 145 ----------------- fix-pci-attach-xen-driver.patch | 10 +- ia64-clone.patch | 12 +- install-apparmor-profiles.patch | 55 +++---- libvirt-1.2.0.tar.bz2 | 3 - libvirt-1.2.1.tar.bz2 | 3 + libvirt-guests-init-script.patch | 18 +-- libvirt-suse-netcontrol.patch | 42 ++--- libvirt.changes | 13 ++ libvirt.spec | 23 +-- libvirtd-defaults.patch | 12 +- libvirtd-init-script.patch | 6 +- libxl-hvm-nic.patch | 22 --- libxl-hvm-vnc.patch | 8 +- support-managed-pci-xen-driver.patch | 12 +- suse-qemu-conf.patch | 6 +- systemd-service-xen.patch | 10 +- virtlockd-init-script.patch | 32 ++-- xen-name-for-devid.patch | 14 +- xen-pv-cdrom.patch | 6 +- 23 files changed, 140 insertions(+), 585 deletions(-) delete mode 100644 5e397d9c-test-fix-dbus-crash.patch delete mode 100644 78af457e-fix-virnettlscontexttest.patch delete mode 100644 9faf3f29-LXC-memtune.patch delete mode 100644 f8c1cb90-CVE-2013-6436.patch delete mode 100644 libvirt-1.2.0.tar.bz2 create mode 100644 libvirt-1.2.1.tar.bz2 delete mode 100644 libxl-hvm-nic.patch diff --git a/5e397d9c-test-fix-dbus-crash.patch b/5e397d9c-test-fix-dbus-crash.patch deleted file mode 100644 index 9cd8009..0000000 --- a/5e397d9c-test-fix-dbus-crash.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5e397d9c0f2ce7d464f8e7e6a598d1c955dfc04a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Wed, 18 Dec 2013 17:33:44 +0000 -Subject: [PATCH] Fix crash in virsystemdtest with dbus 1.7.6 - -D-bus introduced some changes in its locking code. Overriding the init -function skips the new locking init and thus crashes later in libvirt -test. Removing the function makes the test pass again. ---- - tests/virsystemdmock.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c -index b8fc031..b3b82b4 100644 ---- a/tests/virsystemdmock.c -+++ b/tests/virsystemdmock.c -@@ -31,11 +31,6 @@ void dbus_connection_set_change_sigpipe(dbus_bool_t will_modify_sigpipe ATTRIBUT - { - } - --dbus_bool_t dbus_threads_init_default(void) --{ -- return 1; --} -- - DBusConnection *dbus_bus_get(DBusBusType type ATTRIBUTE_UNUSED, - DBusError *error ATTRIBUTE_UNUSED) - { --- -1.8.4.4 - diff --git a/78af457e-fix-virnettlscontexttest.patch b/78af457e-fix-virnettlscontexttest.patch deleted file mode 100644 index f06f8d2..0000000 --- a/78af457e-fix-virnettlscontexttest.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 78af457eefaf40e66a28b00446c03f8ee9a7f30f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= -Date: Mon, 23 Dec 2013 09:01:42 +0100 -Subject: [PATCH] virnettlscontexttest fails with GNUTLS 3.0.28 - -On openSUSE 12.x with GNUTLS 3.0.28, virnettlscontexttest fails. It has -been reported to work from GNUTLS 3.1.11 on Fedora 19. Changed the -constraints on gnutls to 3.1+ for unit test cacert4req. - -Signed-off-by: Eric Blake ---- - tests/virnettlscontexttest.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c -index fc512fc..1cc9946 100644 ---- a/tests/virnettlscontexttest.c -+++ b/tests/virnettlscontexttest.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (C) 2011-2012 Red Hat, Inc. -+ * Copyright (C) 2011-2013 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -265,10 +265,12 @@ mymain(void) - - /* Technically a CA cert with basic constraints - * key purpose == key signing + non-critical should -- * be rejected. GNUTLS < 3 does not reject it and -+ * be rejected. GNUTLS < 3.1 does not reject it and - * we don't anticipate them changing this behaviour - */ -- DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename, GNUTLS_VERSION_MAJOR >= 3); -+ DO_CTX_TEST(true, cacert4req.filename, servercert4req.filename, -+ (GNUTLS_VERSION_MAJOR == 3 && GNUTLS_VERSION_MINOR >= 1) || -+ GNUTLS_VERSION_MAJOR > 3); - DO_CTX_TEST(true, cacert5req.filename, servercert5req.filename, true); - DO_CTX_TEST(true, cacert6req.filename, servercert6req.filename, true); - --- -1.8.4.4 - diff --git a/9faf3f29-LXC-memtune.patch b/9faf3f29-LXC-memtune.patch deleted file mode 100644 index 42fd606..0000000 --- a/9faf3f29-LXC-memtune.patch +++ /dev/null @@ -1,199 +0,0 @@ -commit 9faf3f2950aed1643ab7564afcb4c693c77f71b5 -Author: Martin Kletzander -Date: Mon Dec 9 11:15:12 2013 +0100 - - Fix crash in lxcDomainSetMemoryParameters - - The function doesn't check whether the request is made for active or - inactive domain. Thus when the domain is not running it still tries - accessing non-existing cgroups (priv->cgroup, which is NULL). - - I re-made the function in order for it to work the same way it's qemu - counterpart does. - - Reproducer: - 1) Define an LXC domain - 2) Do 'virsh memtune --hard-limit 133T' - - Backtrace: - Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)): - #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764 - #1 0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824") - at util/vircgroup.c:669 - #2 0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740 - #3 0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904 - #4 0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576) - at util/vircgroup.c:1944 - #5 0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420, - params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774 - #6 0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420, - params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051 - #7 0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00, - client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510) - at remote_dispatch.h:7621 - #8 0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00, - client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510, - ret=0x7fffe40b84f0) at remote_dispatch.h:7591 - #9 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, - server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) - at rpc/virnetserverprogram.c:435 - #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, - server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) - at rpc/virnetserverprogram.c:305 - #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10, - prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165 - #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00) - at rpc/virnetserver.c:186 - #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 - #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 - #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 - #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 - - Signed-off-by: Martin Kletzander - -Index: libvirt-1.2.0/src/lxc/lxc_driver.c -=================================================================== ---- libvirt-1.2.0.orig/src/lxc/lxc_driver.c -+++ libvirt-1.2.0/src/lxc/lxc_driver.c -@@ -742,12 +742,24 @@ lxcDomainSetMemoryParameters(virDomainPt - int nparams, - unsigned int flags) - { -- size_t i; -+ virCapsPtr caps = NULL; -+ virDomainDefPtr vmdef = NULL; - virDomainObjPtr vm = NULL; -+ virLXCDomainObjPrivatePtr priv = NULL; -+ virLXCDriverConfigPtr cfg = NULL; -+ virLXCDriverPtr driver = dom->conn->privateData; -+ unsigned long long hard_limit; -+ unsigned long long soft_limit; -+ unsigned long long swap_hard_limit; -+ bool set_hard_limit = false; -+ bool set_soft_limit = false; -+ bool set_swap_hard_limit = false; -+ int rc; - int ret = -1; -- virLXCDomainObjPrivatePtr priv; - -- virCheckFlags(0, -1); -+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | -+ VIR_DOMAIN_AFFECT_CONFIG, -1); -+ - if (virTypedParamsValidate(params, nparams, - VIR_DOMAIN_MEMORY_HARD_LIMIT, - VIR_TYPED_PARAM_ULLONG, -@@ -762,29 +774,97 @@ lxcDomainSetMemoryParameters(virDomainPt - goto cleanup; - - priv = vm->privateData; -+ cfg = virLXCDriverGetConfig(driver); - -- if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0) -+ if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0 || -+ !(caps = virLXCDriverGetCapabilities(driver, false)) || -+ virDomainLiveConfigHelperMethod(caps, driver->xmlopt, -+ vm, &flags, &vmdef) < 0) - goto cleanup; - -- ret = 0; -- for (i = 0; i < nparams; i++) { -- virTypedParameterPtr param = ¶ms[i]; -+ if (flags & VIR_DOMAIN_AFFECT_LIVE && -+ !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { -+ virReportError(VIR_ERR_OPERATION_INVALID, -+ "%s", _("cgroup memory controller is not mounted")); -+ goto cleanup; -+ } - -- if (STREQ(param->field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) { -- if (virCgroupSetMemoryHardLimit(priv->cgroup, params[i].value.ul) < 0) -- ret = -1; -- } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) { -- if (virCgroupSetMemorySoftLimit(priv->cgroup, params[i].value.ul) < 0) -- ret = -1; -- } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) { -- if (virCgroupSetMemSwapHardLimit(priv->cgroup, params[i].value.ul) < 0) -- ret = -1; -+#define VIR_GET_LIMIT_PARAMETER(PARAM, VALUE) \ -+ if ((rc = virTypedParamsGetULLong(params, nparams, PARAM, &VALUE)) < 0) \ -+ goto cleanup; \ -+ \ -+ if (rc == 1) \ -+ set_ ## VALUE = true; -+ -+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, swap_hard_limit) -+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_HARD_LIMIT, hard_limit) -+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SOFT_LIMIT, soft_limit) -+ -+#undef VIR_GET_LIMIT_PARAMETER -+ -+ /* Swap hard limit must be greater than hard limit. -+ * Note that limit of 0 denotes unlimited */ -+ if (set_swap_hard_limit || set_hard_limit) { -+ unsigned long long mem_limit = vm->def->mem.hard_limit; -+ unsigned long long swap_limit = vm->def->mem.swap_hard_limit; -+ -+ if (set_swap_hard_limit) -+ swap_limit = swap_hard_limit; -+ -+ if (set_hard_limit) -+ mem_limit = hard_limit; -+ -+ if (virCompareLimitUlong(mem_limit, swap_limit) > 0) { -+ virReportError(VIR_ERR_INVALID_ARG, "%s", -+ _("memory hard_limit tunable value must be lower " -+ "than or equal to swap_hard_limit")); -+ goto cleanup; - } - } - -+#define LXC_SET_MEM_PARAMETER(FUNC, VALUE) \ -+ if (set_ ## VALUE) { \ -+ if (flags & VIR_DOMAIN_AFFECT_LIVE) { \ -+ if ((rc = FUNC(priv->cgroup, VALUE)) < 0) { \ -+ virReportSystemError(-rc, _("unable to set memory %s tunable"), \ -+ #VALUE); \ -+ \ -+ goto cleanup; \ -+ } \ -+ vm->def->mem.VALUE = VALUE; \ -+ } \ -+ \ -+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) \ -+ vmdef->mem.VALUE = VALUE; \ -+ } -+ -+ /* Soft limit doesn't clash with the others */ -+ LXC_SET_MEM_PARAMETER(virCgroupSetMemorySoftLimit, soft_limit); -+ -+ /* set hard limit before swap hard limit if decreasing it */ -+ if (virCompareLimitUlong(vm->def->mem.hard_limit, hard_limit) > 0) { -+ LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit); -+ /* inhibit changing the limit a second time */ -+ set_hard_limit = false; -+ } -+ -+ LXC_SET_MEM_PARAMETER(virCgroupSetMemSwapHardLimit, swap_hard_limit); -+ -+ /* otherwise increase it after swap hard limit */ -+ LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit); -+ -+#undef LXC_SET_MEM_PARAMETER -+ -+ if (flags & VIR_DOMAIN_AFFECT_CONFIG && -+ virDomainSaveConfig(cfg->configDir, vmdef) < 0) -+ goto cleanup; -+ -+ ret = 0; - cleanup: - if (vm) - virObjectUnlock(vm); -+ virObjectUnref(caps); -+ virObjectUnref(cfg); - return ret; - } - diff --git a/f8c1cb90-CVE-2013-6436.patch b/f8c1cb90-CVE-2013-6436.patch deleted file mode 100644 index 911912f..0000000 --- a/f8c1cb90-CVE-2013-6436.patch +++ /dev/null @@ -1,145 +0,0 @@ -commit f8c1cb90213508c4f32549023b0572ed774e48aa -Author: Martin Kletzander -Date: Mon Dec 9 11:15:11 2013 +0100 - - CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters - - The function doesn't check whether the request is made for active or - inactive domain. Thus when the domain is not running it still tries - accessing non-existing cgroups (priv->cgroup, which is NULL). - - I re-made the function in order for it to work the same way it's qemu - counterpart does. - - Reproducer: - 1) Define an LXC domain - 2) Do 'virsh memtune ' - - Backtrace: - Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)): - #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764 - #1 0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705 - #2 0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3, - key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804 - #3 0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8) - at util/vircgroup.c:1962 - #4 0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0, - params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826 - #5 0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0, - params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137 - #6 0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00, - client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, - ret=0x7fffd4002420) at remote.c:1895 - #7 0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00, - client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, - ret=0x7fffd4002420) at remote_dispatch.h:4050 - #8 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, - server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) - at rpc/virnetserverprogram.c:435 - #9 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, - server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) - at rpc/virnetserverprogram.c:305 - #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0, - prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165 - #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00) - at rpc/virnetserver.c:186 - #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 - #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 - #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 - #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 - - Signed-off-by: Martin Kletzander - -Index: libvirt-1.2.0/src/lxc/lxc_driver.c -=================================================================== ---- libvirt-1.2.0.orig/src/lxc/lxc_driver.c -+++ libvirt-1.2.0/src/lxc/lxc_driver.c -@@ -794,22 +794,36 @@ lxcDomainGetMemoryParameters(virDomainPt - int *nparams, - unsigned int flags) - { -- size_t i; -+ virCapsPtr caps = NULL; -+ virDomainDefPtr vmdef = NULL; - virDomainObjPtr vm = NULL; -+ virLXCDomainObjPrivatePtr priv = NULL; -+ virLXCDriverPtr driver = dom->conn->privateData; - unsigned long long val; - int ret = -1; -- virLXCDomainObjPrivatePtr priv; -+ size_t i; - -- virCheckFlags(0, -1); -+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | -+ VIR_DOMAIN_AFFECT_CONFIG, -1); - - if (!(vm = lxcDomObjFromDomain(dom))) - goto cleanup; - - priv = vm->privateData; - -- if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0) -+ if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0 || -+ !(caps = virLXCDriverGetCapabilities(driver, false)) || -+ virDomainLiveConfigHelperMethod(caps, driver->xmlopt, -+ vm, &flags, &vmdef) < 0) - goto cleanup; - -+ if (flags & VIR_DOMAIN_AFFECT_LIVE && -+ !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { -+ virReportError(VIR_ERR_OPERATION_INVALID, -+ "%s", _("cgroup memory controller is not mounted")); -+ goto cleanup; -+ } -+ - if ((*nparams) == 0) { - /* Current number of memory parameters supported by cgroups */ - *nparams = LXC_NB_MEM_PARAM; -@@ -823,22 +837,34 @@ lxcDomainGetMemoryParameters(virDomainPt - - switch (i) { - case 0: /* fill memory hard limit here */ -- if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) -+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) { -+ val = vmdef->mem.hard_limit; -+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; -+ } else if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) { - goto cleanup; -+ } - if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_HARD_LIMIT, - VIR_TYPED_PARAM_ULLONG, val) < 0) - goto cleanup; - break; - case 1: /* fill memory soft limit here */ -- if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) -+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) { -+ val = vmdef->mem.soft_limit; -+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; -+ } else if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) { - goto cleanup; -+ } - if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SOFT_LIMIT, - VIR_TYPED_PARAM_ULLONG, val) < 0) - goto cleanup; - break; - case 2: /* fill swap hard limit here */ -- if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) -+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) { -+ val = vmdef->mem.swap_hard_limit; -+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; -+ } else if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) { - goto cleanup; -+ } - if (virTypedParameterAssign(param, - VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, - VIR_TYPED_PARAM_ULLONG, val) < 0) -@@ -859,6 +885,7 @@ lxcDomainGetMemoryParameters(virDomainPt - cleanup: - if (vm) - virObjectUnlock(vm); -+ virObjectUnref(caps); - return ret; - } - diff --git a/fix-pci-attach-xen-driver.patch b/fix-pci-attach-xen-driver.patch index bb2c39a..ba4c45a 100644 --- a/fix-pci-attach-xen-driver.patch +++ b/fix-pci-attach-xen-driver.patch @@ -8,11 +8,11 @@ uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.2.0/src/xen/xend_internal.c +Index: libvirt-1.2.1/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.0.orig/src/xen/xend_internal.c -+++ libvirt-1.2.0/src/xen/xend_internal.c -@@ -2207,6 +2207,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr +--- libvirt-1.2.1.orig/src/xen/xend_internal.c ++++ libvirt-1.2.1/src/xen/xend_internal.c +@@ -2216,6 +2216,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; char *target = NULL; @@ -20,7 +20,7 @@ Index: libvirt-1.2.0/src/xen/xend_internal.c virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); -@@ -2305,8 +2306,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr +@@ -2314,8 +2315,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr } sexpr = virBufferContentAndReset(&buf); diff --git a/ia64-clone.patch b/ia64-clone.patch index d846172..b4dca93 100644 --- a/ia64-clone.patch +++ b/ia64-clone.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/src/lxc/lxc_container.c +Index: libvirt-1.2.1/src/lxc/lxc_container.c =================================================================== ---- libvirt-1.2.0.orig/src/lxc/lxc_container.c -+++ libvirt-1.2.0/src/lxc/lxc_container.c +--- libvirt-1.2.1.orig/src/lxc/lxc_container.c ++++ libvirt-1.2.1/src/lxc/lxc_container.c @@ -162,12 +162,19 @@ int lxcContainerHasReboot(void) VIR_FREE(buf); cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF; @@ -22,7 +22,7 @@ Index: libvirt-1.2.0/src/lxc/lxc_container.c VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", -@@ -1985,6 +1992,9 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2004,6 +2011,9 @@ int lxcContainerStart(virDomainDefPtr de .handshakefd = handshakefd }; @@ -32,7 +32,7 @@ Index: libvirt-1.2.0/src/lxc/lxc_container.c /* allocate a stack for the container */ if (VIR_ALLOC_N(stack, stacksize) < 0) return -1; -@@ -2010,7 +2020,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2029,7 +2039,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } @@ -44,7 +44,7 @@ Index: libvirt-1.2.0/src/lxc/lxc_container.c VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -2044,12 +2058,19 @@ int lxcContainerAvailable(int features) +@@ -2063,12 +2077,19 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index a63df1f..1584600 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,8 +1,8 @@ -Index: libvirt-1.2.0/examples/apparmor/Makefile.am +Index: libvirt-1.2.1/examples/apparmor/Makefile.am =================================================================== ---- libvirt-1.2.0.orig/examples/apparmor/Makefile.am -+++ libvirt-1.2.0/examples/apparmor/Makefile.am -@@ -14,8 +14,45 @@ +--- libvirt-1.2.1.orig/examples/apparmor/Makefile.am ++++ libvirt-1.2.1/examples/apparmor/Makefile.am +@@ -14,13 +14,32 @@ ## License along with this library. If not, see ## . @@ -16,8 +16,8 @@ Index: libvirt-1.2.0/examples/apparmor/Makefile.am + libvirt-qemu.in \ + usr.lib.libvirt.virt-aa-helper.in \ + usr.sbin.libvirtd.in -+ -+if WITH_SECDRIVER_APPARMOR + + if WITH_APPARMOR_PROFILES + +libvirt-qemu: libvirt-qemu.in + sed \ @@ -37,26 +37,13 @@ Index: libvirt-1.2.0/examples/apparmor/Makefile.am + < $< > $@-t + mv $@-t $@ + -+install-data-local: libvirt-qemu usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper -+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/ -+ $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper -+ $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd -+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt -+ $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE -+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions -+ $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu -+ -+uninstall-local:: -+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper -+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd -+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu -+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE -+ -+endif -Index: libvirt-1.2.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + apparmordir = $(sysconfdir)/apparmor.d/ + apparmor_DATA = \ + usr.lib.libvirt.virt-aa-helper \ +Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-1.2.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,41 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include @@ -99,9 +86,9 @@ Index: libvirt-1.2.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-1.2.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-1.2.1/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-1.2.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-1.2.1.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -142,9 +129,9 @@ Index: libvirt-1.2.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-1.2.0/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-1.2.0.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-1.2.1.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -199,10 +186,10 @@ Index: libvirt-1.2.0/examples/apparmor/usr.sbin.libvirtd - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-1.2.0/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-1.2.0/examples/apparmor/usr.sbin.libvirtd.in ++++ libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,61 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include @@ -265,9 +252,9 @@ Index: libvirt-1.2.0/examples/apparmor/usr.sbin.libvirtd.in + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-1.2.0/examples/apparmor/libvirt-qemu +Index: libvirt-1.2.1/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.2.0.orig/examples/apparmor/libvirt-qemu +--- libvirt-1.2.1.orig/examples/apparmor/libvirt-qemu +++ /dev/null @@ -1,129 +0,0 @@ -# Last Modified: Fri Mar 9 14:43:22 2012 @@ -399,10 +386,10 @@ Index: libvirt-1.2.0/examples/apparmor/libvirt-qemu - - /usr/libexec/qemu-bridge-helper rmix, - } -Index: libvirt-1.2.0/examples/apparmor/libvirt-qemu.in +Index: libvirt-1.2.1/examples/apparmor/libvirt-qemu.in =================================================================== --- /dev/null -+++ libvirt-1.2.0/examples/apparmor/libvirt-qemu.in ++++ libvirt-1.2.1/examples/apparmor/libvirt-qemu.in @@ -0,0 +1,132 @@ +# Last Modified: Fri Mar 9 14:43:22 2012 + diff --git a/libvirt-1.2.0.tar.bz2 b/libvirt-1.2.0.tar.bz2 deleted file mode 100644 index 7bcf571..0000000 --- a/libvirt-1.2.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fbfe494beed93925f3f74ecc51775299218127ce9b6f747852701afa120b7eda -size 19390046 diff --git a/libvirt-1.2.1.tar.bz2 b/libvirt-1.2.1.tar.bz2 new file mode 100644 index 0000000..6d8c69e --- /dev/null +++ b/libvirt-1.2.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8234f08f12d77e5172f9f8430e9a5bb3370266bc46c9b7f5cad85c3ef2c6293b +size 19585562 diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index c64b46a..aa7d257 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.2.0/tools/libvirt-guests.init.in +Index: libvirt-1.2.1/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.2.0.orig/tools/libvirt-guests.init.in -+++ libvirt-1.2.0/tools/libvirt-guests.init.in +--- libvirt-1.2.1.orig/tools/libvirt-guests.init.in ++++ libvirt-1.2.1/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.2.0/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.2.0/tools/libvirt-guests.sh.in +Index: libvirt-1.2.1/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.2.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.2.0/tools/libvirt-guests.sh.in +--- libvirt-1.2.1.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.2.1/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -189,10 +189,10 @@ Index: libvirt-1.2.0/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-1.2.0/tools/libvirt-guests.sysconf +Index: libvirt-1.2.1/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.2.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.2.0/tools/libvirt-guests.sysconf +--- libvirt-1.2.1.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.2.1/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 855c830..5ccd71a 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/configure.ac +Index: libvirt-1.2.1/configure.ac =================================================================== ---- libvirt-1.2.0.orig/configure.ac -+++ libvirt-1.2.0/configure.ac +--- libvirt-1.2.1.orig/configure.ac ++++ libvirt-1.2.1/configure.ac @@ -231,6 +231,7 @@ LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_GLUSTER LIBVIRT_CHECK_HAL @@ -10,7 +10,7 @@ Index: libvirt-1.2.0/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2312,11 +2313,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2337,11 +2338,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.2.0/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2631,6 +2633,7 @@ LIBVIRT_RESULT_FUSE +@@ -2656,6 +2658,7 @@ LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_GLUSTER LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.2.0/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.2.0/src/Makefile.am +Index: libvirt-1.2.1/src/Makefile.am =================================================================== ---- libvirt-1.2.0.orig/src/Makefile.am -+++ libvirt-1.2.0/src/Makefile.am -@@ -781,6 +781,10 @@ if WITH_NETCF +--- libvirt-1.2.1.orig/src/Makefile.am ++++ libvirt-1.2.1/src/Makefile.am +@@ -790,6 +790,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif WITH_NETCF @@ -49,7 +49,7 @@ Index: libvirt-1.2.0/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1346,10 +1350,15 @@ if WITH_NETCF +@@ -1355,10 +1359,15 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else ! WITH_NETCF @@ -65,10 +65,10 @@ Index: libvirt-1.2.0/src/Makefile.am endif ! WITH_NETCF if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la -Index: libvirt-1.2.0/tools/virsh.c +Index: libvirt-1.2.1/tools/virsh.c =================================================================== ---- libvirt-1.2.0.orig/tools/virsh.c -+++ libvirt-1.2.0/tools/virsh.c +--- libvirt-1.2.1.orig/tools/virsh.c ++++ libvirt-1.2.1/tools/virsh.c @@ -3029,6 +3029,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -78,10 +78,10 @@ Index: libvirt-1.2.0/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.2.0/src/interface/interface_backend_netcf.c +Index: libvirt-1.2.1/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.2.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.2.0/src/interface/interface_backend_netcf.c +--- libvirt-1.2.1.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.2.1/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -165,10 +165,10 @@ Index: libvirt-1.2.0/src/interface/interface_backend_netcf.c return 0; } -Index: libvirt-1.2.0/src/interface/interface_driver.c +Index: libvirt-1.2.1/src/interface/interface_driver.c =================================================================== ---- libvirt-1.2.0.orig/src/interface/interface_driver.c -+++ libvirt-1.2.0/src/interface/interface_driver.c +--- libvirt-1.2.1.orig/src/interface/interface_driver.c ++++ libvirt-1.2.1/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; @@ -186,10 +186,10 @@ Index: libvirt-1.2.0/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.2.0/m4/virt-netcontrol.m4 +Index: libvirt-1.2.1/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.2.0/m4/virt-netcontrol.m4 ++++ libvirt-1.2.1/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index c7bbc2f..36667d9 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Jan 17 12:30:48 MST 2014 - jfehlig@suse.com + +- Update to libvirt 1.2.1 + - CVE-2014-0028, CVE-2014-1447, CVE-2013-6458, CVE-2013-6457, + CVE-2013-6436 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped upstream patches: 5e397d9c-test-fix-dbus-crash.patch, + 78af457e-fix-virnettlscontexttest.patch, + 9faf3f29-LXC-memtune.patch, f8c1cb90-CVE-2013-6436.patch, + libxl-hvm-nic.patch + ------------------------------------------------------------------- Thu Dec 26 17:01:48 MST 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index d9f0e82..769439e 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -233,7 +233,7 @@ Name: libvirt Url: http://libvirt.org/ -Version: 1.2.0 +Version: 1.2.1 Release: 0 Summary: Library providing a simple virtualization API License: LGPL-2.1+ @@ -418,16 +418,11 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: f8c1cb90-CVE-2013-6436.patch -Patch1: 9faf3f29-LXC-memtune.patch -Patch2: 5e397d9c-test-fix-dbus-crash.patch -Patch3: 78af457e-fix-virnettlscontexttest.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: ia64-clone.patch Patch102: xen-pv-cdrom.patch Patch103: libxl-hvm-vnc.patch -Patch104: libxl-hvm-nic.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -919,15 +914,10 @@ namespaces. %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 -%patch104 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 @@ -1021,6 +1011,8 @@ namespaces. %endif %if ! %{with_apparmor} %define _without_apparmor --without-apparmor +%else +%define _with_apparmor_profiles --with-apparmor-profiles %endif %if ! %{with_capng} %define _without_capng --without-capng @@ -1125,6 +1117,7 @@ export CFLAGS="$RPM_OPT_FLAGS" %{?_without_selinux} \ %{?_with_selinux_mount} \ %{?_without_apparmor} \ + %{?_with_apparmor_profiles} \ %{?_without_udev} \ %{?_without_yajl} \ %{?_without_sanlock} \ @@ -1146,7 +1139,7 @@ gzip -9 ChangeLog %install %makeinstall SYSTEMD_UNIT_DIR=%{_unitdir} DOCS_DIR=%{_docdir}/%{name}-python EXAMPLE_DIR=%{_docdir}/%{name}-python/examples HTML_DIR=%{_docdir}/%{name} -for i in domain-events/events-c dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap +for i in object-events dominfo domsuspend hellolibvirt openauth xml/nwfilter systemtap do (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in) done @@ -1421,11 +1414,11 @@ fi %if %{with_apparmor} %dir %{_sysconfdir}/apparmor.d %dir %{_sysconfdir}/apparmor.d/abstractions -%dir %{_sysconfdir}/apparmor.d/libvirt +%dir %{_sysconfdir}/apparmor.d/libvirtd %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.libvirtd %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.libvirt.virt-aa-helper %config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/libvirt-qemu -%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirtd/TEMPLATE %{_libdir}/%{name}/virt-aa-helper %endif %config %{_fwdefdir}/libvirtd-relocation-server diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 5f6f471..99a3b3b 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/daemon/libvirtd.conf +Index: libvirt-1.2.1/daemon/libvirtd.conf =================================================================== ---- libvirt-1.2.0.orig/daemon/libvirtd.conf -+++ libvirt-1.2.0/daemon/libvirtd.conf +--- libvirt-1.2.1.orig/daemon/libvirtd.conf ++++ libvirt-1.2.1/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.2.0/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.2.0/daemon/libvirtd-config.c +Index: libvirt-1.2.1/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.2.0.orig/daemon/libvirtd-config.c -+++ libvirt-1.2.0/daemon/libvirtd-config.c +--- libvirt-1.2.1.orig/daemon/libvirtd-config.c ++++ libvirt-1.2.1/daemon/libvirtd-config.c @@ -222,7 +222,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index 09fbc67..c9d6cec 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.2.0/daemon/libvirtd.sysconf +Index: libvirt-1.2.1/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.2.0.orig/daemon/libvirtd.sysconf -+++ libvirt-1.2.0/daemon/libvirtd.sysconf +--- libvirt-1.2.1.orig/daemon/libvirtd.sysconf ++++ libvirt-1.2.1/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/libxl-hvm-nic.patch b/libxl-hvm-nic.patch deleted file mode 100644 index d589ae5..0000000 --- a/libxl-hvm-nic.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: libvirt-1.2.0/src/libxl/libxl_conf.c -=================================================================== ---- libvirt-1.2.0.orig/src/libxl/libxl_conf.c -+++ libvirt-1.2.0/src/libxl/libxl_conf.c -@@ -886,8 +886,6 @@ libxlMakeNic(virDomainNetDefPtr l_nic, l - * x_nics[i].mtu = 1492; - */ - -- libxl_device_nic_init(x_nic); -- - virMacAddrGetRaw(&l_nic->mac, x_nic->mac); - - if (l_nic->model && !STREQ(l_nic->model, "netfront")) { -@@ -932,6 +930,8 @@ libxlMakeNicList(virDomainDefPtr def, l - return -1; - - for (i = 0; i < nnics; i++) { -+ libxl_device_nic_init(&x_nics[i]); -+ x_nics[i].devid = i; - if (libxlMakeNic(l_nics[i], &x_nics[i])) - goto error; - } diff --git a/libxl-hvm-vnc.patch b/libxl-hvm-vnc.patch index 93521dd..397f393 100644 --- a/libxl-hvm-vnc.patch +++ b/libxl-hvm-vnc.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/src/libxl/libxl_conf.c +Index: libvirt-1.2.1/src/libxl/libxl_conf.c =================================================================== ---- libvirt-1.2.0.orig/src/libxl/libxl_conf.c -+++ libvirt-1.2.0/src/libxl/libxl_conf.c +--- libvirt-1.2.1.orig/src/libxl/libxl_conf.c ++++ libvirt-1.2.1/src/libxl/libxl_conf.c @@ -561,6 +561,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de } @@ -33,7 +33,7 @@ Index: libvirt-1.2.0/src/libxl/libxl_conf.c libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config) { virDomainDefPtr def = vm->def; -@@ -1174,6 +1198,9 @@ libxlBuildDomainConfig(libxlDriverPrivat +@@ -1189,6 +1213,9 @@ libxlBuildDomainConfig(libxlDriverPrivat if (libxlMakeVfbList(driver, def, d_config) < 0) return -1; diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index 3b298a6..a298346 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.2.0/src/xenxs/xen_sxpr.c +Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.2.0.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.2.0/src/xenxs/xen_sxpr.c +--- libvirt-1.2.1.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.2.1/src/xenxs/xen_sxpr.c @@ -996,6 +996,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -78,10 +78,10 @@ Index: libvirt-1.2.0/src/xenxs/xen_sxpr.c xenFormatSxprPCI(def->hostdevs[i], buf); } } -Index: libvirt-1.2.0/src/xenxs/xen_xm.c +Index: libvirt-1.2.1/src/xenxs/xen_xm.c =================================================================== ---- libvirt-1.2.0.orig/src/xenxs/xen_xm.c -+++ libvirt-1.2.0/src/xenxs/xen_xm.c +--- libvirt-1.2.1.orig/src/xenxs/xen_xm.c ++++ libvirt-1.2.1/src/xenxs/xen_xm.c @@ -802,6 +802,8 @@ xenParseXM(virConfPtr conf, int xendConf int busID; int slotID; diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index eefd498..7dd5d93 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/src/qemu/qemu.conf +Index: libvirt-1.2.1/src/qemu/qemu.conf =================================================================== ---- libvirt-1.2.0.orig/src/qemu/qemu.conf -+++ libvirt-1.2.0/src/qemu/qemu.conf +--- libvirt-1.2.1.orig/src/qemu/qemu.conf ++++ libvirt-1.2.1/src/qemu/qemu.conf @@ -200,7 +200,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. diff --git a/systemd-service-xen.patch b/systemd-service-xen.patch index 7728454..adf1392 100644 --- a/systemd-service-xen.patch +++ b/systemd-service-xen.patch @@ -1,13 +1,13 @@ -Index: libvirt-1.2.0/daemon/libvirtd.service.in +Index: libvirt-1.2.1/daemon/libvirtd.service.in =================================================================== ---- libvirt-1.2.0.orig/daemon/libvirtd.service.in -+++ libvirt-1.2.0/daemon/libvirtd.service.in +--- libvirt-1.2.1.orig/daemon/libvirtd.service.in ++++ libvirt-1.2.1/daemon/libvirtd.service.in @@ -9,6 +9,8 @@ Before=libvirt-guests.service After=network.target After=dbus.service After=iscsid.service +Wants=xencommons.service +After=xencommons.service + Documentation=man:libvirtd(8) + Documentation=http://libvirt.org - [Service] - EnvironmentFile=-/etc/sysconfig/libvirtd diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index 1552186..a445eed 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.2.0/src/locking/virtlockd.sysconf +Index: libvirt-1.2.1/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.2.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.2.0/src/locking/virtlockd.sysconf +--- libvirt-1.2.1.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.2.1/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,20 +12,22 @@ Index: libvirt-1.2.0/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.2.0/src/locking/virtlockd.init.in +Index: libvirt-1.2.1/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.2.0.orig/src/locking/virtlockd.init.in -+++ libvirt-1.2.0/src/locking/virtlockd.init.in -@@ -4,11 +4,13 @@ +--- libvirt-1.2.1.orig/src/locking/virtlockd.init.in ++++ libvirt-1.2.1/src/locking/virtlockd.init.in +@@ -4,12 +4,14 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # ### BEGIN INIT INFO -# Provides: virtlockd --# Default-Start: 3 4 5 +-# Default-Start: +-# Default-Stop: 0 1 2 3 4 5 6 +# Provides: virtlockd +# Required-Start: $network $remote_fs -+# Default-Start: 3 4 5 ++# Default-Start: 3 5 +# Required-Stop: $network $remote_fs ++# Default-Stop: 0 1 2 4 6 # Short-Description: virtual machine lock manager -# Description: This is a daemon for managing locks -# on virtual machine disk images @@ -34,8 +36,8 @@ Index: libvirt-1.2.0/src/locking/virtlockd.init.in ### END INIT INFO # the following is chkconfig init header -@@ -23,35 +25,33 @@ - # pidfile: @localstatedir@/run/libvirt/virtlockd.pid +@@ -24,35 +26,33 @@ + # pidfile: @localstatedir@/run/virtlockd.pid # -# Source function library. @@ -45,7 +47,7 @@ Index: libvirt-1.2.0/src/locking/virtlockd.init.in SERVICE=virtlockd -PROCESS=virtlockd --PIDFILE=@localstatedir@/run/libvirt/lockd/$SERVICE.pid +-PIDFILE=@localstatedir@/run/$SERVICE.pid +PROCESS=@sbindir@/virtlockd +PIDDIR=@localstatedir@/run/libvirt/lockd/ +PIDFILE=$PIDDIR/$SERVICE.pid @@ -82,10 +84,10 @@ Index: libvirt-1.2.0/src/locking/virtlockd.init.in rm -f $PIDFILE fi } -@@ -65,9 +65,7 @@ reload() { +@@ -66,9 +66,7 @@ reload() { echo -n $"Reloading $SERVICE configuration: " - killproc -p $PIDFILE $PROCESS -HUP + killproc -p $PIDFILE $PROCESS -USR1 - RETVAL=$? - echo - return $RETVAL @@ -93,7 +95,7 @@ Index: libvirt-1.2.0/src/locking/virtlockd.init.in } # See how we were called. -@@ -76,18 +74,20 @@ case "$1" in +@@ -77,18 +75,20 @@ case "$1" in $1 ;; status) diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index b9b18bd..9ae1992 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.2.0/src/xen/xend_internal.c +Index: libvirt-1.2.1/src/xen/xend_internal.c =================================================================== ---- libvirt-1.2.0.orig/src/xen/xend_internal.c -+++ libvirt-1.2.0/src/xen/xend_internal.c +--- libvirt-1.2.1.orig/src/xen/xend_internal.c ++++ libvirt-1.2.1/src/xen/xend_internal.c @@ -70,7 +70,7 @@ #define XEND_RCV_BUF_MAX_LEN (256 * 1024) @@ -27,7 +27,7 @@ Index: libvirt-1.2.0/src/xen/xend_internal.c virDomainDeviceDefPtr dev, char *class, char *ref, int ref_len); -@@ -3316,18 +3316,18 @@ xenDaemonDomainBlockPeek(virConnectPtr c +@@ -3325,18 +3325,18 @@ xenDaemonDomainBlockPeek(virConnectPtr c * Returns 0 in case of success, -1 in case of failure. */ static int @@ -50,7 +50,7 @@ Index: libvirt-1.2.0/src/xen/xend_internal.c if (dev->data.disk->driverName && STREQ(dev->data.disk->driverName, "tap")) strcpy(class, "tap"); -@@ -3337,19 +3337,17 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3346,19 +3346,17 @@ virDomainXMLDevID(virConnectPtr conn, else strcpy(class, "vbd"); @@ -81,7 +81,7 @@ Index: libvirt-1.2.0/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { char mac[VIR_MAC_STRING_BUFLEN]; virDomainNetDefPtr netdef = dev->data.net; -@@ -3357,16 +3355,22 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3366,16 +3364,22 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "vif"); @@ -114,7 +114,7 @@ Index: libvirt-1.2.0/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { -@@ -3382,17 +3386,44 @@ virDomainXMLDevID(virConnectPtr conn, +@@ -3391,17 +3395,44 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "pci"); diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index 9c946b0..e5e930e 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.2.0/src/xenxs/xen_sxpr.c +Index: libvirt-1.2.1/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.2.0.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.2.0/src/xenxs/xen_sxpr.c +--- libvirt-1.2.1.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.2.1/src/xenxs/xen_sxpr.c @@ -330,7 +330,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, From db81eba56f3535af59d7d803c11c3e5c84c4bc3ff98ad7c5b623089c7dbd3307 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 21 Jan 2014 00:43:47 +0000 Subject: [PATCH 2/5] - Following the upstream pattern, introduce the daemon-config-network subpackage to handle defining the default network bnc#859041 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=343 --- libvirt.changes | 8 ++++++++ libvirt.spec | 40 ++++++++++++++++++++++++++++++---------- 2 files changed, 38 insertions(+), 10 deletions(-) diff --git a/libvirt.changes b/libvirt.changes index 36667d9..ff52f82 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jan 20 17:40:10 MST 2014 - jfehlig@suse.com + +- Following the upstream pattern, introduce the + daemon-config-network subpackage to handle defining the default + network + bnc#859041 + ------------------------------------------------------------------- Fri Jan 17 12:30:48 MST 2014 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 769439e..e7ac02f 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -241,6 +241,9 @@ Group: Development/Libraries/C and C++ %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} +%if %{with_network} +Requires: libvirt-daemon-config-network = %{version}-%{release} +%endif %if %{with_nwfilter} Requires: libvirt-daemon-config-nwfilter = %{version}-%{release} %endif @@ -513,6 +516,17 @@ Server side daemon required to manage the virtualization capabilities of recent versions of Linux. Requires a hypervisor specific sub-RPM for specific drivers. +%if %{with_network} +%package daemon-config-network +Summary: Default configuration files for the libvirtd daemon +Group: Development/Libraries + +Requires: libvirt-daemon = %{version}-%{release} + +%description daemon-config-network +Default configuration files for setting up NAT based networking +%endif + %if %{with_nwfilter} %package daemon-config-nwfilter @@ -1291,16 +1305,6 @@ fi %post daemon /sbin/ldconfig -%if %{with_network} -# Install the default network if one doesn't exist -if test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml -then - UUID=`/usr/bin/uuidgen` - sed -e "s,,\n $UUID," \ - < %{_datadir}/libvirt/networks/default.xml \ - > %{_sysconfdir}/libvirt/qemu/networks/default.xml -fi -%endif %if %{with_systemd} %service_add_post libvirtd.service %service_add_post virtlockd.service virtlockd.socket @@ -1329,6 +1333,17 @@ fi %restart_on_update libvirtd %restart_on_update virtlockd %insserv_cleanup + +%if %{with_network} +%post daemon-config-network +# Install the default network if one doesn't exist +if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; then + UUID=`/usr/bin/uuidgen` + sed -e "s,,\n $UUID," \ + < %{_datadir}/libvirt/networks/default.xml \ + > %{_sysconfdir}/libvirt/qemu/networks/default.xml +fi + %endif %endif # with_libvirtd %post client @@ -1468,6 +1483,11 @@ fi %endif %endif # ! %{with_driver_modules} +%if %{with_network} +%files daemon-config-network +%defattr(-, root, root) +%endif + %if %{with_nwfilter} %files daemon-config-nwfilter From 629e5aaef7582ea18e1f773895cb77ba1d0727fd09b7e47bf0970d7408bbf286 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 21 Jan 2014 01:24:00 +0000 Subject: [PATCH 3/5] - Fix build on code 11 - Fix rpmlint warning OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=344 --- libvirt.changes | 6 ++++++ libvirt.spec | 9 +++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/libvirt.changes b/libvirt.changes index ff52f82..d46e5cc 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jan 20 18:22:59 MST 2014 - jfehlig@suse.com + +- Fix build on code 11 +- Fix rpmlint warning + ------------------------------------------------------------------- Mon Jan 20 17:40:10 MST 2014 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index e7ac02f..fc22a77 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -519,7 +519,7 @@ for specific drivers. %if %{with_network} %package daemon-config-network Summary: Default configuration files for the libvirtd daemon -Group: Development/Libraries +Group: Development/Libraries/C and C++ Requires: libvirt-daemon = %{version}-%{release} @@ -1189,6 +1189,10 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml # Strip auto-generated UUID - we need it generated per-install sed -i -e "//d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml +cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-config-network.README << 'EOF' +Any empty package containing only a post install scriptlet that ensures +a default network is defined. +EOF %else rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml @@ -1343,7 +1347,7 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; < %{_datadir}/libvirt/networks/default.xml \ > %{_sysconfdir}/libvirt/qemu/networks/default.xml fi - %endif +%endif %endif # with_libvirtd %post client @@ -1486,6 +1490,7 @@ fi %if %{with_network} %files daemon-config-network %defattr(-, root, root) +%doc %{_docdir}/%{name}/libvirt-daemon-config-network.README %endif %if %{with_nwfilter} From 063e1ec7ae74accea1742a03c0f242f2a9e6a2d322ec73d013a248f7742571f6 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 22 Jan 2014 17:05:10 +0000 Subject: [PATCH 4/5] - Add CAP_SYS_PACCT capability to libvirtd AppArmor profile bnc#817407 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=345 --- install-apparmor-profiles.patch | 3 ++- libvirt.changes | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index 1584600..8bea44f 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -190,7 +190,7 @@ Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null +++ libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,61 @@ +@@ -0,0 +1,62 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include +@{LIBVIRT}="libvirt" @@ -205,6 +205,7 @@ Index: libvirt-1.2.1/examples/apparmor/usr.sbin.libvirtd.in + capability sys_admin, + capability sys_module, + capability sys_ptrace, ++ capability sys_pacct, + capability sys_nice, + capability sys_chroot, + capability setuid, diff --git a/libvirt.changes b/libvirt.changes index d46e5cc..efec6e5 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 22 10:02:06 MST 2014 - jfehlig@suse.com + +- Add CAP_SYS_PACCT capability to libvirtd AppArmor profile + bnc#817407 + ------------------------------------------------------------------- Mon Jan 20 18:22:59 MST 2014 - jfehlig@suse.com From fb199c00cedeed76e2b9975f9ec63fe887bd4828aee49d325977c5f640ded073 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Wed, 22 Jan 2014 17:19:10 +0000 Subject: [PATCH 5/5] Include note in changelog that install-apparmor-profiles.patch was modified OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=346 --- libvirt.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/libvirt.changes b/libvirt.changes index efec6e5..2857279 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -2,6 +2,7 @@ Wed Jan 22 10:02:06 MST 2014 - jfehlig@suse.com - Add CAP_SYS_PACCT capability to libvirtd AppArmor profile + Modified install-apparmor-profiles.patch bnc#817407 -------------------------------------------------------------------