diff --git a/0001-Extract-stats-functions-from-the-qemu-driver.patch b/0001-Extract-stats-functions-from-the-qemu-driver.patch index dccd0f2..ff38cd6 100644 --- a/0001-Extract-stats-functions-from-the-qemu-driver.patch +++ b/0001-Extract-stats-functions-from-the-qemu-driver.patch @@ -18,10 +18,10 @@ them. create mode 100644 src/conf/domain_stats.c create mode 100644 src/conf/domain_stats.h -Index: libvirt-5.0.0/src/conf/domain_stats.c +Index: libvirt-5.1.0/src/conf/domain_stats.c =================================================================== --- /dev/null -+++ libvirt-5.0.0/src/conf/domain_stats.c ++++ libvirt-5.1.0/src/conf/domain_stats.c @@ -0,0 +1,139 @@ +/* + * domain_stats.c: domain stats extraction helpers @@ -162,10 +162,10 @@ Index: libvirt-5.0.0/src/conf/domain_stats.c +} + +#undef STATS_ADD_NET_PARAM -Index: libvirt-5.0.0/src/conf/domain_stats.h +Index: libvirt-5.1.0/src/conf/domain_stats.h =================================================================== --- /dev/null -+++ libvirt-5.0.0/src/conf/domain_stats.h ++++ libvirt-5.1.0/src/conf/domain_stats.h @@ -0,0 +1,64 @@ +/* + * domain_stats.h: domain stats extraction helpers @@ -231,11 +231,11 @@ Index: libvirt-5.0.0/src/conf/domain_stats.h + int *maxparams); + +#endif /* __DOMAIN_STATS_H */ -Index: libvirt-5.0.0/src/libvirt_private.syms +Index: libvirt-5.1.0/src/libvirt_private.syms =================================================================== ---- libvirt-5.0.0.orig/src/libvirt_private.syms -+++ libvirt-5.0.0/src/libvirt_private.syms -@@ -661,6 +661,9 @@ virDomainConfNWFilterInstantiate; +--- libvirt-5.1.0.orig/src/libvirt_private.syms ++++ libvirt-5.1.0/src/libvirt_private.syms +@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate; virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; @@ -245,7 +245,7 @@ Index: libvirt-5.0.0/src/libvirt_private.syms # conf/interface_conf.h virInterfaceDefFormat; -@@ -1550,6 +1553,7 @@ virCgroupGetMemoryUsage; +@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage; virCgroupGetMemSwapHardLimit; virCgroupGetMemSwapUsage; virCgroupGetPercpuStats; @@ -253,10 +253,10 @@ Index: libvirt-5.0.0/src/libvirt_private.syms virCgroupHasController; virCgroupHasEmptyTasks; virCgroupKillPainfully; -Index: libvirt-5.0.0/src/qemu/qemu_driver.c +Index: libvirt-5.1.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.0.0/src/qemu/qemu_driver.c +--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.1.0/src/qemu/qemu_driver.c @@ -67,6 +67,7 @@ #include "virarptable.h" #include "viruuid.h" @@ -265,7 +265,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c #include "domain_audit.h" #include "node_device_conf.h" #include "virpci.h" -@@ -19969,21 +19970,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr +@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -288,7 +288,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c } -@@ -20173,37 +20160,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj +@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj int *maxparams) { qemuDomainObjPrivatePtr priv = dom->privateData; @@ -327,7 +327,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c } -@@ -20401,44 +20358,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr +@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr return ret; } @@ -372,7 +372,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c static int qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED, virDomainObjPtr dom, -@@ -20446,68 +20365,9 @@ qemuDomainGetStatsInterface(virQEMUDrive +@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -442,7 +442,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c #define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -20740,10 +20600,10 @@ qemuDomainGetStatsBlockExportHeader(virD +@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD { int ret = -1; @@ -455,7 +455,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c if (src->id) QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex", src->id); -@@ -20897,7 +20757,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr * after the iteration than it is to iterate twice; but we still * want count listed first. */ count_index = record->nparams; @@ -464,7 +464,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c for (i = 0; i < dom->def->ndisks; i++) { if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats, -@@ -20922,8 +20782,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr #undef QEMU_ADD_BLOCK_PARAM_ULL @@ -473,7 +473,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c #define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -20975,7 +20833,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver if (niothreads == 0) return 0; @@ -482,7 +482,7 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c for (i = 0; i < niothreads; i++) { if (iothreads[i]->poll_valid) { -@@ -21008,8 +20866,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver #undef QEMU_ADD_IOTHREAD_PARAM_ULL @@ -491,11 +491,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_driver.c static int qemuDomainGetStatsPerfOneEvent(virPerfPtr perf, virPerfEventType type, -Index: libvirt-5.0.0/src/util/vircgroup.c +Index: libvirt-5.1.0/src/util/vircgroup.c =================================================================== ---- libvirt-5.0.0.orig/src/util/vircgroup.c -+++ libvirt-5.0.0/src/util/vircgroup.c -@@ -2796,6 +2796,44 @@ virCgroupControllerAvailable(int control +--- libvirt-5.1.0.orig/src/util/vircgroup.c ++++ libvirt-5.1.0/src/util/vircgroup.c +@@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control return ret; } @@ -540,7 +540,7 @@ Index: libvirt-5.0.0/src/util/vircgroup.c #else /* !__linux__ */ bool -@@ -2805,6 +2843,15 @@ virCgroupAvailable(void) +@@ -2809,6 +2847,15 @@ virCgroupAvailable(void) } @@ -556,10 +556,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.c int virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED, bool create ATTRIBUTE_UNUSED, -Index: libvirt-5.0.0/src/util/vircgroup.h +Index: libvirt-5.1.0/src/util/vircgroup.h =================================================================== ---- libvirt-5.0.0.orig/src/util/vircgroup.h -+++ libvirt-5.0.0/src/util/vircgroup.h +--- libvirt-5.1.0.orig/src/util/vircgroup.h ++++ libvirt-5.1.0/src/util/vircgroup.h @@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller); @@ -570,10 +570,10 @@ Index: libvirt-5.0.0/src/util/vircgroup.h + int *maxparams); + #endif /* LIBVIRT_VIRCGROUP_H */ -Index: libvirt-5.0.0/src/conf/Makefile.inc.am +Index: libvirt-5.1.0/src/conf/Makefile.inc.am =================================================================== ---- libvirt-5.0.0.orig/src/conf/Makefile.inc.am -+++ libvirt-5.0.0/src/conf/Makefile.inc.am +--- libvirt-5.1.0.orig/src/conf/Makefile.inc.am ++++ libvirt-5.1.0/src/conf/Makefile.inc.am @@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \ conf/domain_audit.h \ conf/domain_nwfilter.c \ diff --git a/0001-apparmor-Check-libvirtd-profile-status-by-name.patch b/0001-apparmor-Check-libvirtd-profile-status-by-name.patch new file mode 100644 index 0000000..b2192d1 --- /dev/null +++ b/0001-apparmor-Check-libvirtd-profile-status-by-name.patch @@ -0,0 +1,46 @@ +From b1a50c10c95747dacd31a23b5c73ec4f938af329 Mon Sep 17 00:00:00 2001 +From: Jim Fehlig +Date: Fri, 1 Mar 2019 14:34:17 -0700 +Subject: [PATCH 1/2] apparmor: Check libvirtd profile status by name + +Commit a3ab6d42 changed the libvirtd profile to a named profile, +breaking the apparmor driver's ability to detect if the profile is +active. When the apparmor driver loads it checks the status of the +libvirtd profile using the full binary path, which fails since the +profile is now referenced by name. If the apparmor driver is +explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails +to load too. + +Instead of only checking the profile status by full binary path, +also check by profile name. The full path check is retained in case +users have a customized libvirtd profile with full path. + +Signed-off-by: Jim Fehlig +--- + src/security/security_apparmor.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +Index: libvirt-5.1.0/src/security/security_apparmor.c +=================================================================== +--- libvirt-5.1.0.orig/src/security/security_apparmor.c ++++ libvirt-5.1.0/src/security/security_apparmor.c +@@ -257,10 +257,16 @@ use_apparmor(void) + if (access(APPARMOR_PROFILES_PATH, R_OK) != 0) + goto cleanup; + ++ /* First check profile status using full binary path. If that fails ++ * check using profile name. ++ */ + rc = profile_status(libvirt_daemon, 1); +- /* Error or unconfined should all result in -1*/ +- if (rc < 0) +- rc = -1; ++ if (rc < 0) { ++ rc = profile_status("libvirtd", 1); ++ /* Error or unconfined should all result in -1*/ ++ if (rc < 0) ++ rc = -1; ++ } + + cleanup: + VIR_FREE(libvirt_daemon); diff --git a/0001-libxl-add-support-for-BlockResize-API.patch b/0001-libxl-add-support-for-BlockResize-API.patch index 47749e3..bea4773 100644 --- a/0001-libxl-add-support-for-BlockResize-API.patch +++ b/0001-libxl-add-support-for-BlockResize-API.patch @@ -19,10 +19,10 @@ reworking this patch and submitting it to upstream libvirt. src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) -Index: libvirt-5.0.0/src/libxl/libxl_driver.c +Index: libvirt-5.1.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.0.0/src/libxl/libxl_driver.c +--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.1.0/src/libxl/libxl_driver.c @@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom, #undef LIBXL_SET_MEMSTAT diff --git a/0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch b/0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch new file mode 100644 index 0000000..d38c8d3 --- /dev/null +++ b/0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch @@ -0,0 +1,40 @@ +From 85001fd799deb33338aed627b3c3a6870cb70d2d Mon Sep 17 00:00:00 2001 +From: Viktor Mihajlovski +Date: Fri, 1 Mar 2019 11:29:51 +0100 +Subject: [PATCH] qemu: Fix query-cpus-fast target architecture detection + +Since qemu 2.13 reports the target architecture in a property called +'target' additionally to the property 'arch', that has been used in +qemu 2.12 in the response data of 'query-cpus-fast'. +Libvirts monitor code prefers the 'target' property over 'arch'. + +At least for s390(x), target is reported as 's390x' while arch is 's390'. +In a later step a comparison is performed against 's390' which fails for +qemu 2.13 and later. + +In consequence the architecture specific data for s390 won't be extracted +from the returned data, leading to incorrect values being reported by +virsh domstats --vcpu. + +Changing to check explicitly for 's390' and 's390x'. + +Signed-off-by: Viktor Mihajlovski +Reviewed-by: Bjoern Walk +Reviewed-by: Boris Fiuczynski +--- + src/qemu/qemu_monitor_json.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libvirt-5.1.0/src/qemu/qemu_monitor_json.c +=================================================================== +--- libvirt-5.1.0.orig/src/qemu/qemu_monitor_json.c ++++ libvirt-5.1.0/src/qemu/qemu_monitor_json.c +@@ -1772,7 +1772,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONVal + goto cleanup; + + /* process optional architecture-specific data */ +- if (STREQ_NULLABLE(arch, "s390")) ++ if (STREQ_NULLABLE(arch, "s390") || STREQ_NULLABLE(arch, "s390x")) + qemuMonitorJSONExtractCPUS390Info(entry, cpus + i); + } + diff --git a/0002-lxc-implement-connectGetAllDomainStats.patch b/0002-lxc-implement-connectGetAllDomainStats.patch index f7841f7..4901b79 100644 --- a/0002-lxc-implement-connectGetAllDomainStats.patch +++ b/0002-lxc-implement-connectGetAllDomainStats.patch @@ -9,10 +9,10 @@ them using the existing API. src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) -Index: libvirt-5.0.0/src/lxc/lxc_driver.c +Index: libvirt-5.1.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/lxc/lxc_driver.c -+++ libvirt-5.0.0/src/lxc/lxc_driver.c +--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c ++++ libvirt-5.1.0/src/lxc/lxc_driver.c @@ -75,6 +75,7 @@ #include "viraccessapichecklxc.h" #include "virhostdev.h" @@ -21,7 +21,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c #define VIR_FROM_THIS VIR_FROM_LXC -@@ -5408,6 +5409,142 @@ lxcDomainHasManagedSaveImage(virDomainPt +@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt return ret; } @@ -164,7 +164,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c /* Function Tables */ static virHypervisorDriver lxcHypervisorDriver = { -@@ -5503,6 +5640,7 @@ static virHypervisorDriver lxcHypervisor +@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor .nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */ .nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */ .domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */ diff --git a/11c8aca9-libxl-set-mem-after-balloon.patch b/11c8aca9-libxl-set-mem-after-balloon.patch deleted file mode 100644 index b9139a2..0000000 --- a/11c8aca9-libxl-set-mem-after-balloon.patch +++ /dev/null @@ -1,34 +0,0 @@ -commit 11c8aca938bff7f6b7fb9def732262f3ad9e91f9 -Author: Jim Fehlig -Date: Thu Jan 10 15:18:36 2019 -0700 - - libxl: Set current memory value after successful balloon - - The libxl driver does not set the new memory value in the active domain def - after a successful balloon. This results in the old memory value in - . E.g. - - virsh dumpxml test | grep currentMemory - 20971520 - virsh setmem test 16777216 --live - virsh dumpxml test | grep currentMemory - 20971520 - - Set the new memory value in active domain def after a successful call to - libxl_set_memory_target(). - - Signed-off-by: Jim Fehlig - Reviewed-by: Ján Tomko - -Index: libvirt-5.0.0/src/libxl/libxl_driver.c -=================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.0.0/src/libxl/libxl_driver.c -@@ -1676,6 +1676,7 @@ libxlDomainSetMemoryFlags(virDomainPtr d - " with libxenlight"), vm->def->id); - goto endjob; - } -+ vm->def->mem.cur_balloon = newmem; - } - - if (flags & VIR_DOMAIN_MEM_CONFIG) { diff --git a/17f6a257-security-dac-sev.patch b/17f6a257-security-dac-sev.patch deleted file mode 100644 index 0ecb48f..0000000 --- a/17f6a257-security-dac-sev.patch +++ /dev/null @@ -1,103 +0,0 @@ -commit 17f6a257f1ea484489277f4da38be914b246a30b -Author: Erik Skultety -Date: Thu Jan 31 15:16:50 2019 +0100 - - security: dac: Relabel /dev/sev in the namespace - - The default permissions (0600 root:root) are of no use to the qemu - process so we need to change the owner to qemu iff running with - namespaces. - - Signed-off-by: Erik Skultety - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.0.0/src/security/security_dac.c -=================================================================== ---- libvirt-5.0.0.orig/src/security/security_dac.c -+++ libvirt-5.0.0/src/security/security_dac.c -@@ -48,6 +48,7 @@ - VIR_LOG_INIT("security.security_dac"); - - #define SECURITY_DAC_NAME "dac" -+#define DEV_SEV "/dev/sev" - - typedef struct _virSecurityDACData virSecurityDACData; - typedef virSecurityDACData *virSecurityDACDataPtr; -@@ -1690,6 +1691,16 @@ virSecurityDACRestoreMemoryLabel(virSecu - - - static int -+virSecurityDACRestoreSEVLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, -+ virDomainDefPtr def ATTRIBUTE_UNUSED) -+{ -+ /* we only label /dev/sev when running with namespaces, so we don't need to -+ * restore anything */ -+ return 0; -+} -+ -+ -+static int - virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - bool migrated, -@@ -1759,6 +1770,11 @@ virSecurityDACRestoreAllLabel(virSecurit - rc = -1; - } - -+ if (def->sev) { -+ if (virSecurityDACRestoreSEVLabel(mgr, def) < 0) -+ rc = -1; -+ } -+ - if (def->os.loader && def->os.loader->nvram && - virSecurityDACRestoreFileLabel(mgr, def->os.loader->nvram) < 0) - rc = -1; -@@ -1833,6 +1849,36 @@ virSecurityDACSetMemoryLabel(virSecurity - - - static int -+virSecurityDACSetSEVLabel(virSecurityManagerPtr mgr, -+ virDomainDefPtr def) -+{ -+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr); -+ virSecurityLabelDefPtr seclabel; -+ uid_t user; -+ gid_t group; -+ -+ /* Skip chowning /dev/sev if namespaces are disabled as we'd significantly -+ * increase the chance of a DOS attack on SEV -+ */ -+ if (!priv->mountNamespace) -+ return 0; -+ -+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME); -+ if (seclabel && !seclabel->relabel) -+ return 0; -+ -+ if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0) -+ return -1; -+ -+ if (virSecurityDACSetOwnership(mgr, NULL, DEV_SEV, -+ user, group, false) < 0) -+ return -1; -+ -+ return 0; -+} -+ -+ -+static int - virSecurityDACSetAllLabel(virSecurityManagerPtr mgr, - virDomainDefPtr def, - const char *stdin_path ATTRIBUTE_UNUSED, -@@ -1902,6 +1948,11 @@ virSecurityDACSetAllLabel(virSecurityMan - return -1; - } - -+ if (def->sev) { -+ if (virSecurityDACSetSEVLabel(mgr, def) < 0) -+ return -1; -+ } -+ - if (virSecurityDACGetImageIds(secdef, priv, &user, &group)) - return -1; - diff --git a/4ec3cf9a-apparmor-rules.patch b/4ec3cf9a-apparmor-rules.patch new file mode 100644 index 0000000..4454ca1 --- /dev/null +++ b/4ec3cf9a-apparmor-rules.patch @@ -0,0 +1,33 @@ +commit 4ec3cf9a0fc3d76058ea363a6c35df19e67e6261 +Author: Jim Fehlig +Date: Fri Mar 1 15:05:36 2019 -0700 + + apparmor: Add ptrace and signal rules for named profile + + Commit a3ab6d42 changed the libvirtd profile to a named profile + but neglected to accommodate the change in the qemu profile + ptrace and signal rules. As a result, libvirtd is unable to + signal confined qemu processes and hence unable to shutdown + or destroy VMs. + + Add ptrace and signal rules that reference the libvirtd profile + by name in addition to full binary path. + + Signed-off-by: Jim Fehlig + Acked-by: Jamie Strandboge + +Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu +=================================================================== +--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu +@@ -16,8 +16,10 @@ + network inet stream, + network inet6 stream, + ++ ptrace (readby, tracedby) peer=libvirtd, + ptrace (readby, tracedby) peer=/usr/sbin/libvirtd, + ++ signal (receive) peer=libvirtd, + signal (receive) peer=/usr/sbin/libvirtd, + + /dev/net/tun rw, diff --git a/620d9dd5-qemu-no-dac-override-nonroot.patch b/620d9dd5-qemu-no-dac-override-nonroot.patch deleted file mode 100644 index 4f10d11..0000000 --- a/620d9dd5-qemu-no-dac-override-nonroot.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6 -Author: Peter Krempa -Date: Mon Feb 4 16:24:15 2019 +0100 - - qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root - - It will not work. This breaks qemu capabilities probing as a user. - - Signed-off-by: Peter Krempa - Reviewed-by: Erik Skultety - -Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c -+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c -@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps - #if WITH_CAPNG - /* QEMU might run into permission issues, e.g. /dev/sev (0600), override - * them just for the purpose of probing */ -- virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); -+ if (geteuid() == 0) -+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); - #endif - - virCommandSetGID(cmd->cmd, cmd->runGid); diff --git a/6fd4c8f8-qemu-domain-sev.patch b/6fd4c8f8-qemu-domain-sev.patch deleted file mode 100644 index 170725d..0000000 --- a/6fd4c8f8-qemu-domain-sev.patch +++ /dev/null @@ -1,60 +0,0 @@ -commit 6fd4c8f8785a063112c8161a3a3f5ad3cb6647ea -Author: Erik Skultety -Date: Tue Jan 22 13:46:16 2019 +0100 - - qemu: domain: Add /dev/sev into the domain mount namespace selectively - - Instead of exposing /dev/sev to every domain, do it selectively. - - Signed-off-by: Erik Skultety - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.0.0/src/qemu/qemu_domain.c -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_domain.c -+++ libvirt-5.0.0/src/qemu/qemu_domain.c -@@ -116,6 +116,7 @@ VIR_ENUM_IMPL(qemuDomainNamespace, QEMU_ - #define DEVPREFIX "/dev/" - #define DEV_VFIO "/dev/vfio/vfio" - #define DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control" -+#define DEV_SEV "/dev/sev" - - - struct _qemuDomainLogContext { -@@ -12018,6 +12019,26 @@ qemuDomainSetupLoader(virQEMUDriverConfi - } - - -+static int -+qemuDomainSetupLaunchSecurity(virQEMUDriverConfigPtr cfg ATTRIBUTE_UNUSED, -+ virDomainObjPtr vm, -+ const struct qemuDomainCreateDeviceData *data) -+{ -+ virDomainSEVDefPtr sev = vm->def->sev; -+ -+ if (!sev || sev->sectype != VIR_DOMAIN_LAUNCH_SECURITY_SEV) -+ return 0; -+ -+ VIR_DEBUG("Setting up launch security"); -+ -+ if (qemuDomainCreateDevice(DEV_SEV, data, false) < 0) -+ return -1; -+ -+ VIR_DEBUG("Set up launch security"); -+ return 0; -+} -+ -+ - int - qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg, - virSecurityManagerPtr mgr, -@@ -12089,6 +12110,9 @@ qemuDomainBuildNamespace(virQEMUDriverCo - if (qemuDomainSetupLoader(cfg, vm, &data) < 0) - goto cleanup; - -+ if (qemuDomainSetupLaunchSecurity(cfg, vm, &data) < 0) -+ goto cleanup; -+ - /* Save some mount points because we want to share them with the host */ - for (i = 0; i < ndevMountsPath; i++) { - struct stat sb; diff --git a/70c2933d-apparmor-named-profiles.patch b/70c2933d-apparmor-named-profiles.patch deleted file mode 100644 index 5f67842..0000000 --- a/70c2933d-apparmor-named-profiles.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit 70c2933da24dc4b004118afe2f9acaeabc42c0ad -Author: Jim Fehlig -Date: Fri Jan 11 17:26:03 2019 -0700 - - apparmor: Add support for named profiles - - Upstream apparmor is switching to named profiles. In short, - - /usr/sbin/dnsmasq { - - becomes - - profile dnsmasq /usr/sbin/dnsmasq { - - Consequently, any profiles that reference profiles in a peer= condition - need to be updated if the referenced profile switches to a named profile. - Apparmor commit 9ab45d81 switched dnsmasq to a named profile. ATM it is - the only named profile switch that has affected libvirt. Add rules to the - libvirtd profile to reference dnsmasq in peer= conditions by profile name. - - Signed-off-by: Jim Fehlig - -Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd -=================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd -+++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd -@@ -52,9 +52,11 @@ - - ptrace (read,trace) peer=unconfined, - ptrace (read,trace) peer=/usr/sbin/libvirtd, -+ ptrace (read,trace) peer=dnsmasq, - ptrace (read,trace) peer=/usr/sbin/dnsmasq, - ptrace (read,trace) peer=libvirt-*, - -+ signal (send) peer=dnsmasq, - signal (send) peer=/usr/sbin/dnsmasq, - signal (read, send) peer=libvirt-*, - signal (send) set=("kill", "term") peer=unconfined, diff --git a/a2d3dea9-qemu-caps-dac-override-sev.patch b/a2d3dea9-qemu-caps-dac-override-sev.patch deleted file mode 100644 index 05955b9..0000000 --- a/a2d3dea9-qemu-caps-dac-override-sev.patch +++ /dev/null @@ -1,112 +0,0 @@ -commit a2d3dea9d41dba313d9566120a8ec9d358567bd0 -Author: Erik Skultety -Date: Thu Jan 24 10:33:01 2019 +0100 - - qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues - - This is mainly about /dev/sev and its default permissions 0600. Of - course, rule of 'tinfoil' would be that we can't trust anything, but the - probing code in QEMU is considered safe from security's perspective + we - can't create an udev rule for this at the moment, because ioctls and - file system permissions aren't cross-checked in kernel and therefore a - user with read permissions could issue a 'privileged' operation on SEV - which is currently only limited to root. - - https://bugzilla.redhat.com/show_bug.cgi?id=1665400 - - Signed-off-by: Erik Skultety - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c -+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c -@@ -53,6 +53,10 @@ - #include - #include - -+#if WITH_CAPNG -+# include -+#endif -+ - #define VIR_FROM_THIS VIR_FROM_QEMU - - VIR_LOG_INIT("qemu.qemu_capabilities"); -@@ -4521,6 +4525,13 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps - NULL); - virCommandAddEnvPassCommon(cmd->cmd); - virCommandClearCaps(cmd->cmd); -+ -+#if WITH_CAPNG -+ /* QEMU might run into permission issues, e.g. /dev/sev (0600), override -+ * them just for the purpose of probing */ -+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); -+#endif -+ - virCommandSetGID(cmd->cmd, cmd->runGid); - virCommandSetUID(cmd->cmd, cmd->runUid); - -Index: libvirt-5.0.0/src/util/virutil.c -=================================================================== ---- libvirt-5.0.0.orig/src/util/virutil.c -+++ libvirt-5.0.0/src/util/virutil.c -@@ -1502,8 +1502,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi - { - size_t i; - int capng_ret, ret = -1; -- bool need_setgid = false, need_setuid = false; -+ bool need_setgid = false; -+ bool need_setuid = false; - bool need_setpcap = false; -+ const char *capstr = NULL; - - /* First drop all caps (unless the requested uid is "unchanged" or - * root and clearExistingCaps wasn't requested), then add back -@@ -1512,14 +1514,18 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi - */ - - if (clearExistingCaps || (uid != (uid_t)-1 && uid != 0)) -- capng_clear(CAPNG_SELECT_BOTH); -+ capng_clear(CAPNG_SELECT_BOTH); - - for (i = 0; i <= CAP_LAST_CAP; i++) { -+ capstr = capng_capability_to_name(i); -+ - if (capBits & (1ULL << i)) { - capng_update(CAPNG_ADD, - CAPNG_EFFECTIVE|CAPNG_INHERITABLE| - CAPNG_PERMITTED|CAPNG_BOUNDING_SET, - i); -+ -+ VIR_DEBUG("Added '%s' to child capabilities' set", capstr); - } - } - -@@ -1579,6 +1585,27 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gi - goto cleanup; - } - -+# ifdef PR_CAP_AMBIENT -+ /* we couldn't do this in the loop earlier above, because the capabilities -+ * were not applied yet, since in order to add a capability into the AMBIENT -+ * set, it has to be present in both the PERMITTED and INHERITABLE sets -+ * (capabilities(7)) -+ */ -+ for (i = 0; i <= CAP_LAST_CAP; i++) { -+ capstr = capng_capability_to_name(i); -+ -+ if (capBits & (1ULL << i)) { -+ if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0) { -+ virReportSystemError(errno, -+ _("prctl failed to enable '%s' in the " -+ "AMBIENT set"), -+ capstr); -+ goto cleanup; -+ } -+ } -+ } -+# endif -+ - /* Set bounding set while we have CAP_SETPCAP. Unfortunately we cannot - * do this if we failed to get the capability above, so ignore the - * return value. diff --git a/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch b/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch deleted file mode 100644 index b2b514d..0000000 --- a/a3ab6d42-apparmor-conv-libvirtd-named-profile.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit a3ab6d42d825499af44b8f19f9299e150d9687bc -Author: Jim Fehlig -Date: Fri Jan 11 17:59:59 2019 -0700 - - apparmor: convert libvirtd profile to a named profile - - Signed-off-by: Jim Fehlig - -Index: libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd -=================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/usr.sbin.libvirtd -+++ libvirt-5.0.0/src/security/apparmor/usr.sbin.libvirtd -@@ -2,7 +2,7 @@ - #include - @{LIBVIRT}="libvirt" - --/usr/sbin/libvirtd flags=(attach_disconnected) { -+profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) { - #include - #include - -@@ -51,7 +51,7 @@ - unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none), - - ptrace (read,trace) peer=unconfined, -- ptrace (read,trace) peer=/usr/sbin/libvirtd, -+ ptrace (read,trace) peer=@{profile_name}, - ptrace (read,trace) peer=dnsmasq, - ptrace (read,trace) peer=/usr/sbin/dnsmasq, - ptrace (read,trace) peer=libvirt-*, -@@ -123,6 +123,7 @@ - # For communication/control from libvirtd - unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd), - signal (receive) set=("term") peer=/usr/sbin/libvirtd, -+ signal (receive) set=("term") peer=libvirtd, - - /dev/net/tun rw, - /etc/qemu/** r, diff --git a/a404ac34-qemu-cgroup-sev.patch b/a404ac34-qemu-cgroup-sev.patch deleted file mode 100644 index af17e39..0000000 --- a/a404ac34-qemu-cgroup-sev.patch +++ /dev/null @@ -1,50 +0,0 @@ -commit a404ac34768e975bd420d1eeac3811563da67e3f -Author: Erik Skultety -Date: Mon Jan 21 14:50:11 2019 +0100 - - qemu: cgroup: Expose /dev/sev/ only to domains that require SEV - - SEV has a limit on number of concurrent guests. From security POV we - should only expose resources (any resources for that matter) to domains - that truly need them. - - Signed-off-by: Erik Skultety - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c -+++ libvirt-5.0.0/src/qemu/qemu_cgroup.c -@@ -692,6 +692,22 @@ qemuTeardownChardevCgroup(virDomainObjPt - - - static int -+qemuSetupSEVCgroup(virDomainObjPtr vm) -+{ -+ qemuDomainObjPrivatePtr priv = vm->privateData; -+ int ret; -+ -+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) -+ return 0; -+ -+ ret = virCgroupAllowDevicePath(priv->cgroup, "/dev/sev", -+ VIR_CGROUP_DEVICE_RW, false); -+ virDomainAuditCgroupPath(vm, priv->cgroup, "allow", "/dev/sev", -+ "rw", ret); -+ return ret; -+} -+ -+static int - qemuSetupDevicesCgroup(virDomainObjPtr vm) - { - qemuDomainObjPrivatePtr priv = vm->privateData; -@@ -798,6 +814,9 @@ qemuSetupDevicesCgroup(virDomainObjPtr v - goto cleanup; - } - -+ if (vm->def->sev && qemuSetupSEVCgroup(vm) < 0) -+ goto cleanup; -+ - ret = 0; - cleanup: - virObjectUnref(cfg); diff --git a/apparmor-no-mount.patch b/apparmor-no-mount.patch index 28a9656..a4c13fd 100644 --- a/apparmor-no-mount.patch +++ b/apparmor-no-mount.patch @@ -1,7 +1,7 @@ -Index: libvirt-5.0.0/src/security/apparmor/libvirt-lxc +Index: libvirt-5.1.0/src/security/apparmor/libvirt-lxc =================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/libvirt-lxc -+++ libvirt-5.0.0/src/security/apparmor/libvirt-lxc +--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-lxc ++++ libvirt-5.1.0/src/security/apparmor/libvirt-lxc @@ -2,39 +2,15 @@ #include diff --git a/b6440119-qemu-conf-sev.patch b/b6440119-qemu-conf-sev.patch deleted file mode 100644 index e8b0eb3..0000000 --- a/b6440119-qemu-conf-sev.patch +++ /dev/null @@ -1,64 +0,0 @@ -commit b6440119185a4e307654a8d26d6d551a2675bf82 -Author: Erik Skultety -Date: Mon Jan 21 14:48:02 2019 +0100 - - qemu: conf: Remove /dev/sev from the default cgroup device acl list - - We should not give domains access to something they don't necessarily - need by default. Remove it from the qemu driver docs too. - - Signed-off-by: Erik Skultety - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.0.0/docs/drvqemu.html.in -=================================================================== ---- libvirt-5.0.0.orig/docs/drvqemu.html.in -+++ libvirt-5.0.0/docs/drvqemu.html.in -@@ -396,8 +396,7 @@ chmod o+x /path/to/directory - /dev/null, /dev/full, /dev/zero, - /dev/random, /dev/urandom, - /dev/ptmx, /dev/kvm, /dev/kqemu, --/dev/rtc, /dev/hpet, /dev/net/tun, --/dev/sev -+/dev/rtc, /dev/hpet, /dev/net/tun - - -

-Index: libvirt-5.0.0/src/qemu/qemu.conf -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu.conf -+++ libvirt-5.0.0/src/qemu/qemu.conf -@@ -484,7 +484,7 @@ - # "/dev/null", "/dev/full", "/dev/zero", - # "/dev/random", "/dev/urandom", - # "/dev/ptmx", "/dev/kvm", "/dev/kqemu", --# "/dev/rtc","/dev/hpet", "/dev/sev" -+# "/dev/rtc","/dev/hpet" - #] - # - # RDMA migration requires the following extra files to be added to the list: -Index: libvirt-5.0.0/src/qemu/qemu_cgroup.c -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_cgroup.c -+++ libvirt-5.0.0/src/qemu/qemu_cgroup.c -@@ -46,7 +46,7 @@ const char *const defaultDeviceACL[] = { - "/dev/null", "/dev/full", "/dev/zero", - "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", "/dev/kqemu", -- "/dev/rtc", "/dev/hpet", "/dev/sev", -+ "/dev/rtc", "/dev/hpet", - NULL, - }; - #define DEVICE_PTY_MAJOR 136 -Index: libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in -=================================================================== ---- libvirt-5.0.0.orig/src/qemu/test_libvirtd_qemu.aug.in -+++ libvirt-5.0.0/src/qemu/test_libvirtd_qemu.aug.in -@@ -62,7 +62,6 @@ module Test_libvirtd_qemu = - { "8" = "/dev/kqemu" } - { "9" = "/dev/rtc" } - { "10" = "/dev/hpet" } -- { "11" = "/dev/sev" } - } - { "save_image_format" = "raw" } - { "dump_image_format" = "raw" } diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index 0acecea..60f7fbc 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-5.0.0/src/qemu/qemu_driver.c +Index: libvirt-5.1.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.0.0/src/qemu/qemu_driver.c -@@ -17798,6 +17798,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-5.1.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.1.0/src/qemu/qemu_driver.c +@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt goto endjob; } diff --git a/f38ef0fa-no-RDMA-check.patch b/f38ef0fa-no-RDMA-check.patch new file mode 100644 index 0000000..28572a7 --- /dev/null +++ b/f38ef0fa-no-RDMA-check.patch @@ -0,0 +1,38 @@ +commit f38ef0fac0582ac0cbb749af9d3f8ba515a6084a +Author: Pavel Hrdina +Date: Thu Mar 7 17:52:55 2019 +0100 + + util: skip RDMA detection for non-PCI network devices + + Only PCI devices have '/sys/class/net//device/resource' so we + need to skip this check for all other network devices. + + Without this patch and RDMA enabled libvirt will not detect any network + device that doesn't have the path above which includes 'lo', 'virbr', + 'tun', etc. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1639258 + + Reviewed-by: Andrea Bolognani + Signed-off-by: Pavel Hrdina + +Index: libvirt-5.1.0/src/util/virnetdev.c +=================================================================== +--- libvirt-5.1.0.orig/src/util/virnetdev.c ++++ libvirt-5.1.0/src/util/virnetdev.c +@@ -2914,8 +2914,14 @@ virNetDevRDMAFeature(const char *ifname, + + if (virAsprintf(ð_devpath, SYSFS_NET_DIR "%s/device/resource", ifname) < 0) + goto cleanup; +- if (!virFileExists(eth_devpath)) ++ ++ /* If /sys/class/net//device/resource doesn't exist it is not a PCI ++ * device and therefore it will not have RDMA. */ ++ if (!virFileExists(eth_devpath)) { ++ ret = 0; + goto cleanup; ++ } ++ + if (virFileReadAll(eth_devpath, RESOURCE_FILE_LEN, ð_res_buf) < 0) + goto cleanup; + diff --git a/libvirt-5.0.0.tar.xz b/libvirt-5.0.0.tar.xz deleted file mode 100644 index b1be098..0000000 --- a/libvirt-5.0.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:afa81dbbc90b5209575930a820a222ff371e5ece5c1d8ec8f46b53c52b73b2e7 -size 14832576 diff --git a/libvirt-5.0.0.tar.xz.asc b/libvirt-5.0.0.tar.xz.asc deleted file mode 100644 index e50f911..0000000 --- a/libvirt-5.0.0.tar.xz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABAgAGBQJcPjX/AAoJEBVYiyZZa+pdu0MH/3FuXogeJV1NbW+DPKxVnmxS -2GDQou2auTZ8SRjCUfR+jLMyYRwrdf2m8+9n1HEeiT8iILwzj/9MjeJFD7+8Czye -LxDJaDhaDc/pXeVVx94DVb6KrxS660PYHNbZH3fUMWzOD1oPVvpVwmNCiOO8BXHH -laY7fDvH3C2Um3s4vDpMuRKXtvCW+dJuwLPn2OJgfUCmD9fLfvN889PS5NP3Rr5i -b/YNYzyfn7Zg0vIe5t/a6uoPp7qeICWG40X+TMiIOz9EjFvQfwQqBNtxoHjZH2Kb -fY/KCX6lAWftFxxw+hqnSArwcDs5t6Uuqk96gGs0K6xXqnJVFHGKR9N1ps1KIaA= -=MwoM ------END PGP SIGNATURE----- diff --git a/libvirt-5.1.0.tar.xz b/libvirt-5.1.0.tar.xz new file mode 100644 index 0000000..84ffbe2 --- /dev/null +++ b/libvirt-5.1.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:26f97a53d3172f07f8b63884d845ed71307c4675dc4e1b281c59d253e1e323ab +size 14893608 diff --git a/libvirt-5.1.0.tar.xz.asc b/libvirt-5.1.0.tar.xz.asc new file mode 100644 index 0000000..2b16ab8 --- /dev/null +++ b/libvirt-5.1.0.tar.xz.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- + +iQEcBAABAgAGBQJcfPYaAAoJEBVYiyZZa+pdr5QH/iyjpJYjAebt3UM8JO6b83gu +ybcvvYyQEWQGK7afPYXdhOhgCA99Wn7oJc/+IcUufFVhzOrcJyLRgb+M7FRgtOrt +BiUswGkYFOUIwBUDnT6Ynxtdl6ESAJJGhzXPFpUShyhxrHPh0Jr77sRJfgz93U/9 +t1IZ133EVm+Eynqejb5BDponPc28/1CsI37UL7ogCCFKNN0QTGBjkkXfGlD3FAtk +zVYdl88e4MTW73d7EmK3I/zum0Wojp8HTD+RH69TjHt3ozoSFYvQHwlKxafNC6Mo +1hR7QbpSAO2cA27waINUbtRHnEabiNgv9MlrJ54kDiFoUlJWeH7frzR6uNIRHjc= +=13hI +-----END PGP SIGNATURE----- diff --git a/libvirt-power8-models.patch b/libvirt-power8-models.patch index de386b6..c44127e 100644 --- a/libvirt-power8-models.patch +++ b/libvirt-power8-models.patch @@ -2,10 +2,10 @@ Add POWER8 v2.0 and v2.1 to cpu map XML From: -Index: libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml +Index: libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml =================================================================== ---- libvirt-5.0.0.orig/src/cpu_map/ppc64_POWER8.xml -+++ libvirt-5.0.0/src/cpu_map/ppc64_POWER8.xml +--- libvirt-5.1.0.orig/src/cpu_map/ppc64_POWER8.xml ++++ libvirt-5.1.0/src/cpu_map/ppc64_POWER8.xml @@ -4,5 +4,7 @@ diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 28740d8..fad49ee 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,8 +1,8 @@ -Index: libvirt-5.0.0/configure.ac +Index: libvirt-5.1.0/configure.ac =================================================================== ---- libvirt-5.0.0.orig/configure.ac -+++ libvirt-5.0.0/configure.ac -@@ -255,6 +255,7 @@ LIBVIRT_ARG_LIBSSH +--- libvirt-5.1.0.orig/configure.ac ++++ libvirt-5.1.0/configure.ac +@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH LIBVIRT_ARG_LIBXML LIBVIRT_ARG_MACVTAP LIBVIRT_ARG_NETCF @@ -10,7 +10,7 @@ Index: libvirt-5.0.0/configure.ac LIBVIRT_ARG_NLS LIBVIRT_ARG_NSS LIBVIRT_ARG_NUMACTL -@@ -298,6 +299,7 @@ LIBVIRT_CHECK_LIBSSH +@@ -300,6 +301,7 @@ LIBVIRT_CHECK_LIBSSH LIBVIRT_CHECK_LIBXML LIBVIRT_CHECK_MACVTAP LIBVIRT_CHECK_NETCF @@ -18,7 +18,7 @@ Index: libvirt-5.0.0/configure.ac LIBVIRT_CHECK_NLS LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_NWFILTER -@@ -1012,6 +1014,7 @@ LIBVIRT_RESULT_LIBXL +@@ -1015,6 +1017,7 @@ LIBVIRT_RESULT_LIBXL LIBVIRT_RESULT_LIBXML LIBVIRT_RESULT_MACVTAP LIBVIRT_RESULT_NETCF @@ -26,10 +26,10 @@ Index: libvirt-5.0.0/configure.ac LIBVIRT_RESULT_NLS LIBVIRT_RESULT_NSS LIBVIRT_RESULT_NUMACTL -Index: libvirt-5.0.0/tools/virsh.c +Index: libvirt-5.1.0/tools/virsh.c =================================================================== ---- libvirt-5.0.0.orig/tools/virsh.c -+++ libvirt-5.0.0/tools/virsh.c +--- libvirt-5.1.0.orig/tools/virsh.c ++++ libvirt-5.1.0/tools/virsh.c @@ -563,6 +563,8 @@ virshShowVersion(vshControl *ctl ATTRIBU vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) @@ -39,10 +39,10 @@ Index: libvirt-5.0.0/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c +Index: libvirt-5.1.0/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-5.0.0.orig/src/interface/interface_backend_netcf.c -+++ libvirt-5.0.0/src/interface/interface_backend_netcf.c +--- libvirt-5.1.0.orig/src/interface/interface_backend_netcf.c ++++ libvirt-5.1.0/src/interface/interface_backend_netcf.c @@ -21,7 +21,12 @@ #include @@ -126,10 +126,10 @@ Index: libvirt-5.0.0/src/interface/interface_backend_netcf.c if (virRegisterConnectDriver(&interfaceConnectDriver, false) < 0) return -1; if (virSetSharedInterfaceDriver(&interfaceDriver) < 0) -Index: libvirt-5.0.0/src/interface/interface_driver.c +Index: libvirt-5.1.0/src/interface/interface_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/interface/interface_driver.c -+++ libvirt-5.0.0/src/interface/interface_driver.c +--- libvirt-5.1.0.orig/src/interface/interface_driver.c ++++ libvirt-5.1.0/src/interface/interface_driver.c @@ -30,8 +30,15 @@ interfaceRegister(void) if (netcfIfaceRegister() == 0) return 0; @@ -147,10 +147,10 @@ Index: libvirt-5.0.0/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-5.0.0/m4/virt-netcontrol.m4 +Index: libvirt-5.1.0/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-5.0.0/m4/virt-netcontrol.m4 ++++ libvirt-5.1.0/m4/virt-netcontrol.m4 @@ -0,0 +1,39 @@ +dnl The libnetcontrol library +dnl @@ -191,10 +191,10 @@ Index: libvirt-5.0.0/m4/virt-netcontrol.m4 +AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[ + LIBVIRT_RESULT_LIB([NETCONTROL]) +]) -Index: libvirt-5.0.0/src/interface/Makefile.inc.am +Index: libvirt-5.1.0/src/interface/Makefile.inc.am =================================================================== ---- libvirt-5.0.0.orig/src/interface/Makefile.inc.am -+++ libvirt-5.0.0/src/interface/Makefile.inc.am +--- libvirt-5.1.0.orig/src/interface/Makefile.inc.am ++++ libvirt-5.1.0/src/interface/Makefile.inc.am @@ -4,6 +4,7 @@ INTERFACE_DRIVER_SOURCES = \ $(NULL) diff --git a/libvirt.changes b/libvirt.changes index 30880f2..e8e9dd8 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Mon Mar 11 22:50:43 UTC 2019 - James Fehlig + +- util: skip RDMA detection for non-PCI network devices + f38ef0fa-no-RDMA-check.patch + bsc#1112182 + +------------------------------------------------------------------- +Wed Mar 6 20:34:53 UTC 2019 - James Fehlig + +- qemu: s390: show correct CPU status after guest crash + 0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch + bsc#1127841 + +------------------------------------------------------------------- +Wed Mar 6 17:11:49 UTC 2019 - James Fehlig + +- apparmor: fix more fallout from changing libvirtd profile to a + named profile + 4ec3cf9a-apparmor-rules.patch, + 0001-apparmor-Check-libvirtd-profile-status-by-name.patch + boo#1125841 + +------------------------------------------------------------------- +Mon Mar 4 18:52:57 UTC 2019 - James Fehlig + +- Update to libvirt 5.1.0 + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Dropped patches: + 11c8aca9-libxl-set-mem-after-balloon.patch, + 70c2933d-apparmor-named-profiles.patch, + a3ab6d42-apparmor-conv-libvirtd-named-profile.patch, + b6440119-qemu-conf-sev.patch, + a404ac34-qemu-cgroup-sev.patch, + 6fd4c8f8-qemu-domain-sev.patch, + 17f6a257-security-dac-sev.patch, + a2d3dea9-qemu-caps-dac-override-sev.patch, + 620d9dd5-qemu-no-dac-override-nonroot.patch + - jsc#SLE-3887, jsc#SLE-4480, jsc#SLE-4577 + ------------------------------------------------------------------- Wed Feb 27 19:01:22 UTC 2019 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 10f4a85..83e22f4 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -51,6 +51,7 @@ %define with_numactl 0%{!?_without_numactl:0} %define with_numad 0%{!?_without_numad:0} %define with_firewalld 0%{!?_without_firewalld:0} +%define with_firewalld_zone 0%{!?_without_firewalld_zone:0} %define with_libssh 0%{!?_without_libssh:0} %define with_bash_completion 0%{!?_without_bash_completion:0} @@ -177,12 +178,12 @@ %endif %if %{with_wireshark} - %define wireshark_plugindir %(pkg-config --variable plugindir wireshark) + %define wireshark_plugindir %(pkg-config --variable plugindir wireshark)/epan %endif Name: libvirt Url: http://libvirt.org/ -Version: 5.0.0 +Version: 5.1.0 Release: 0 Summary: Library providing a virtualization API License: LGPL-2.1-or-later @@ -313,7 +314,7 @@ BuildRequires: systemtap-sdt-devel BuildRequires: numad %endif %if %{with_wireshark} -BuildRequires: wireshark-devel >= 2.1.0 +BuildRequires: wireshark-devel >= 2.4.0 %endif %if %{with_libssh} BuildRequires: libssh-devel >= 0.7.0 @@ -332,18 +333,13 @@ Source6: libvirtd-relocation-server.xml Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches -Patch0: 11c8aca9-libxl-set-mem-after-balloon.patch -Patch1: 70c2933d-apparmor-named-profiles.patch -Patch2: a3ab6d42-apparmor-conv-libvirtd-named-profile.patch -Patch3: b6440119-qemu-conf-sev.patch -Patch4: a404ac34-qemu-cgroup-sev.patch -Patch5: 6fd4c8f8-qemu-domain-sev.patch -Patch6: 17f6a257-security-dac-sev.patch -Patch7: a2d3dea9-qemu-caps-dac-override-sev.patch -Patch8: 620d9dd5-qemu-no-dac-override-nonroot.patch +Patch0: 4ec3cf9a-apparmor-rules.patch +Patch1: f38ef0fa-no-RDMA-check.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch +Patch102: 0001-apparmor-Check-libvirtd-profile-status-by-name.patch +Patch103: 0001-qemu-Fix-query-cpus-fast-target-architecture-detecti.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -859,7 +855,7 @@ Includes the Sanlock lock manager plugin for the QEMU driver Summary: Wireshark plugin for libvirt RPC protocol Group: Productivity/Networking/Diagnostic Requires: %{name}-libs = %{version}-%{release} -Requires: wireshark +Requires: wireshark >= 2.4.0 %description -n wireshark-plugin-libvirt Wireshark dissector plugin for better analysis of libvirt RPC traffic. @@ -876,15 +872,10 @@ libvirt plugin for NSS for translating domain names into IP addresses. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 %patch100 -p1 %patch101 -p1 +%patch102 -p1 +%patch103 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 @@ -1006,6 +997,11 @@ libvirt plugin for NSS for translating domain names into IP addresses. %else %define arg_firewalld --without-firewalld %endif +%if %{with_firewalld_zone} + %define arg_firewalld_zone --with-firewalld-zone +%else + %define arg_firewalld_zone --without-firewalld-zone +%endif %if %{with_wireshark} %define arg_wireshark --with-wireshark-dissector %else @@ -1082,6 +1078,7 @@ export PYTHON=%{_bindir}/python3 --with-dtrace \ --with-driver-modules \ %{?arg_firewalld} \ + %{?arg_firewalld_zone} \ %{?arg_wireshark} \ --with-nss-plugin \ --libexecdir=%{_libdir}/%{name} \ @@ -1287,6 +1284,14 @@ if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; done fi +%if %{with_firewalld_zone} +%post daemon-driver-network +%firewalld_reload + +%postun daemon-driver-network +%firewalld_reload +%endif + %post daemon-config-network # Install the default network if one doesn't exist if test $1 -eq 1 && test ! -f %{_sysconfdir}/%{name}/qemu/networks/default.xml ; then @@ -1433,6 +1438,9 @@ fi %attr(0755, root, root) %{_libdir}/%{name}/libvirt_leaseshelper %dir %{_libdir}/%{name}/connection-driver %{_libdir}/%{name}/connection-driver/libvirt_driver_network.so +%if %{with_firewalld_zone} +%{_prefix}/lib/firewalld/zones/libvirt.xml +%endif %files daemon-driver-nodedev %dir %{_libdir}/%{name}/connection-driver @@ -1697,6 +1705,7 @@ fi %if %{with_wireshark} %files -n wireshark-plugin-libvirt +%dir %{wireshark_plugindir}/ %{wireshark_plugindir}/libvirt.so %endif diff --git a/libxl-dom-reset.patch b/libxl-dom-reset.patch index cc43f71..7d8c7b4 100644 --- a/libxl-dom-reset.patch +++ b/libxl-dom-reset.patch @@ -8,10 +8,10 @@ Date: Mon Jun 23 15:51:20 2014 -0600 option, but domainReset can be implemented in the libxl driver by forcibly destroying the domain and starting it again. -Index: libvirt-5.0.0/src/libxl/libxl_driver.c +Index: libvirt-5.1.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.0.0/src/libxl/libxl_driver.c +--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.1.0/src/libxl/libxl_driver.c @@ -1350,6 +1350,61 @@ libxlDomainReboot(virDomainPtr dom, unsi } diff --git a/libxl-set-cach-mode.patch b/libxl-set-cach-mode.patch index 45d9edb..56e6ac4 100644 --- a/libxl-set-cach-mode.patch +++ b/libxl-set-cach-mode.patch @@ -3,10 +3,10 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425 src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) -Index: libvirt-5.0.0/src/libxl/libxl_conf.c +Index: libvirt-5.1.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.0.0/src/libxl/libxl_conf.c +--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c ++++ libvirt-5.1.0/src/libxl/libxl_conf.c @@ -884,6 +884,30 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } diff --git a/libxl-set-migration-constraints.patch b/libxl-set-migration-constraints.patch index 80c2372..d30daa8 100644 --- a/libxl-set-migration-constraints.patch +++ b/libxl-set-migration-constraints.patch @@ -16,11 +16,11 @@ Signed-off-by: Jim Fehlig tools/virsh.pod | 8 ++++++++ 6 files changed, 125 insertions(+), 6 deletions(-) -Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h +Index: libvirt-5.1.0/include/libvirt/libvirt-domain.h =================================================================== ---- libvirt-5.0.0.orig/include/libvirt/libvirt-domain.h -+++ libvirt-5.0.0/include/libvirt/libvirt-domain.h -@@ -1016,6 +1016,31 @@ typedef enum { +--- libvirt-5.1.0.orig/include/libvirt/libvirt-domain.h ++++ libvirt-5.1.0/include/libvirt/libvirt-domain.h +@@ -1025,6 +1025,31 @@ typedef enum { */ # define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment" @@ -52,10 +52,10 @@ Index: libvirt-5.0.0/include/libvirt/libvirt-domain.h /* Domain migration. */ virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn, unsigned long flags, const char *dname, -Index: libvirt-5.0.0/src/libxl/libxl_driver.c +Index: libvirt-5.1.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.0.0/src/libxl/libxl_driver.c +--- libvirt-5.1.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.1.0/src/libxl/libxl_driver.c @@ -6118,6 +6118,9 @@ libxlDomainMigratePerform3Params(virDoma const char *dname = NULL; const char *uri = NULL; @@ -99,10 +99,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_driver.c goto cleanup; } -Index: libvirt-5.0.0/src/libxl/libxl_migration.c +Index: libvirt-5.1.0/src/libxl/libxl_migration.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_migration.c -+++ libvirt-5.0.0/src/libxl/libxl_migration.c +--- libvirt-5.1.0.orig/src/libxl/libxl_migration.c ++++ libvirt-5.1.0/src/libxl/libxl_migration.c @@ -342,18 +342,39 @@ libxlMigrateDstReceive(virNetSocketPtr s static int libxlDoMigrateSrcSend(libxlDriverPrivatePtr driver, @@ -264,10 +264,10 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.c virObjectLock(vm); if (ret < 0) { -Index: libvirt-5.0.0/src/libxl/libxl_migration.h +Index: libvirt-5.1.0/src/libxl/libxl_migration.h =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_migration.h -+++ libvirt-5.0.0/src/libxl/libxl_migration.h +--- libvirt-5.1.0.orig/src/libxl/libxl_migration.h ++++ libvirt-5.1.0/src/libxl/libxl_migration.h @@ -36,6 +36,10 @@ VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \ VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \ @@ -312,13 +312,13 @@ Index: libvirt-5.0.0/src/libxl/libxl_migration.h virDomainPtr libxlDomainMigrationDstFinish(virConnectPtr dconn, -Index: libvirt-5.0.0/tools/virsh-domain.c +Index: libvirt-5.1.0/tools/virsh-domain.c =================================================================== ---- libvirt-5.0.0.orig/tools/virsh-domain.c -+++ libvirt-5.0.0/tools/virsh-domain.c -@@ -10558,6 +10558,22 @@ static const vshCmdOptDef opts_migrate[] - .type = VSH_OT_BOOL, - .help = N_("use TLS for migration") +--- libvirt-5.1.0.orig/tools/virsh-domain.c ++++ libvirt-5.1.0/tools/virsh-domain.c +@@ -10562,6 +10562,22 @@ static const vshCmdOptDef opts_migrate[] + .type = VSH_OT_INT, + .help = N_("post-copy migration bandwidth limit in MiB/s") }, + {.name = "max_iters", + .type = VSH_OT_INT, @@ -339,7 +339,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c {.name = NULL} }; -@@ -10581,6 +10597,7 @@ doMigrate(void *opaque) +@@ -10585,6 +10601,7 @@ doMigrate(void *opaque) unsigned long long ullOpt = 0; int rv; virConnectPtr dconn = data->dconn; @@ -347,7 +347,7 @@ Index: libvirt-5.0.0/tools/virsh-domain.c sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); -@@ -10700,6 +10717,27 @@ doMigrate(void *opaque) +@@ -10704,6 +10721,27 @@ doMigrate(void *opaque) goto save_error; } @@ -375,11 +375,11 @@ Index: libvirt-5.0.0/tools/virsh-domain.c if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0) goto out; if (opt) { -Index: libvirt-5.0.0/tools/virsh.pod +Index: libvirt-5.1.0/tools/virsh.pod =================================================================== ---- libvirt-5.0.0.orig/tools/virsh.pod -+++ libvirt-5.0.0/tools/virsh.pod -@@ -1994,6 +1994,14 @@ Providing I<--tls> causes the migration +--- libvirt-5.1.0.orig/tools/virsh.pod ++++ libvirt-5.1.0/tools/virsh.pod +@@ -1998,6 +1998,14 @@ Providing I<--tls> causes the migration the migration of the domain. Usage requires proper TLS setup for both source and target. diff --git a/libxl-support-block-script.patch b/libxl-support-block-script.patch index a438852..1a11d1c 100644 --- a/libxl-support-block-script.patch +++ b/libxl-support-block-script.patch @@ -7,10 +7,10 @@ and npiv. For more details, see bsc#954872 and FATE#319810 -Index: libvirt-5.0.0/src/libxl/libxl_conf.c +Index: libvirt-5.1.0/src/libxl/libxl_conf.c =================================================================== ---- libvirt-5.0.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.0.0/src/libxl/libxl_conf.c +--- libvirt-5.1.0.orig/src/libxl/libxl_conf.c ++++ libvirt-5.1.0/src/libxl/libxl_conf.c @@ -884,6 +884,25 @@ libxlDiskSetDiscard(libxl_device_disk *x #endif } diff --git a/lxc-wait-after-eth-del.patch b/lxc-wait-after-eth-del.patch index 14b1a0d..abe6231 100644 --- a/lxc-wait-after-eth-del.patch +++ b/lxc-wait-after-eth-del.patch @@ -13,10 +13,10 @@ device with the same name that is being created. src/lxc/lxc_process.c | 1 + 3 files changed, 4 insertions(+) -Index: libvirt-5.0.0/src/lxc/lxc_controller.c +Index: libvirt-5.1.0/src/lxc/lxc_controller.c =================================================================== ---- libvirt-5.0.0.orig/src/lxc/lxc_controller.c -+++ libvirt-5.0.0/src/lxc/lxc_controller.c +--- libvirt-5.1.0.orig/src/lxc/lxc_controller.c ++++ libvirt-5.1.0/src/lxc/lxc_controller.c @@ -69,6 +69,7 @@ #include "rpc/virnetdaemon.h" #include "virstring.h" @@ -25,7 +25,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c #define VIR_FROM_THIS VIR_FROM_LXC -@@ -2016,6 +2017,7 @@ static int virLXCControllerDeleteInterfa +@@ -2017,6 +2018,7 @@ static int virLXCControllerDeleteInterfa if (virNetDevVethDelete(ctrl->veths[i]) < 0) ret = -1; } @@ -33,10 +33,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_controller.c return ret; } -Index: libvirt-5.0.0/src/lxc/lxc_driver.c +Index: libvirt-5.1.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/lxc/lxc_driver.c -+++ libvirt-5.0.0/src/lxc/lxc_driver.c +--- libvirt-5.1.0.orig/src/lxc/lxc_driver.c ++++ libvirt-5.1.0/src/lxc/lxc_driver.c @@ -70,6 +70,7 @@ #include "virtime.h" #include "virtypedparam.h" @@ -45,7 +45,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c #include "virstring.h" #include "viraccessapicheck.h" #include "viraccessapichecklxc.h" -@@ -3942,6 +3943,7 @@ lxcDomainAttachDeviceNetLive(virConnectP +@@ -3930,6 +3931,7 @@ lxcDomainAttachDeviceNetLive(virConnectP case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_ETHERNET: ignore_value(virNetDevVethDelete(veth)); @@ -53,7 +53,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c break; case VIR_DOMAIN_NET_TYPE_DIRECT: -@@ -4385,6 +4387,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb +@@ -4373,6 +4375,7 @@ lxcDomainDetachDeviceNetLive(virDomainOb virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } @@ -61,10 +61,10 @@ Index: libvirt-5.0.0/src/lxc/lxc_driver.c break; /* It'd be nice to support this, but with macvlan -Index: libvirt-5.0.0/src/lxc/lxc_process.c +Index: libvirt-5.1.0/src/lxc/lxc_process.c =================================================================== ---- libvirt-5.0.0.orig/src/lxc/lxc_process.c -+++ libvirt-5.0.0/src/lxc/lxc_process.c +--- libvirt-5.1.0.orig/src/lxc/lxc_process.c ++++ libvirt-5.1.0/src/lxc/lxc_process.c @@ -51,6 +51,7 @@ #include "viratomic.h" #include "virprocess.h" @@ -73,7 +73,7 @@ Index: libvirt-5.0.0/src/lxc/lxc_process.c #include "netdev_bandwidth_conf.h" #define VIR_FROM_THIS VIR_FROM_LXC -@@ -215,6 +216,7 @@ static void virLXCProcessCleanup(virLXCD +@@ -226,6 +227,7 @@ static void virLXCProcessCleanup(virLXCD } virDomainNetReleaseActualDevice(vm->def, iface); } diff --git a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch index d09d8f1..8b98ec0 100644 --- a/network-don-t-use-dhcp-authoritative-on-static-netwo.patch +++ b/network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -17,11 +17,11 @@ Signed-off-by: Martin Wilck tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 - 2 files changed, 8 insertions(+), 2 deletions(-) -Index: libvirt-5.0.0/src/network/bridge_driver.c +Index: libvirt-5.1.0/src/network/bridge_driver.c =================================================================== ---- libvirt-5.0.0.orig/src/network/bridge_driver.c -+++ libvirt-5.0.0/src/network/bridge_driver.c -@@ -1456,7 +1456,14 @@ networkDnsmasqConfContents(virNetworkObj +--- libvirt-5.1.0.orig/src/network/bridge_driver.c ++++ libvirt-5.1.0/src/network/bridge_driver.c +@@ -1378,7 +1378,14 @@ networkDnsmasqConfContents(virNetworkObj if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) { if (ipdef->nranges || ipdef->nhosts) { virBufferAddLit(&configbuf, "dhcp-no-override\n"); @@ -37,10 +37,10 @@ Index: libvirt-5.0.0/src/network/bridge_driver.c } if (ipdef->tftproot) { -Index: libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +Index: libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf =================================================================== ---- libvirt-5.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf -+++ libvirt-5.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf +--- libvirt-5.1.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf ++++ libvirt-5.1.0/tests/networkxml2confdata/dhcp6host-routed-network.conf @@ -10,7 +10,6 @@ bind-dynamic interface=virbr1 dhcp-range=192.168.122.1,static diff --git a/ppc64le-canonical-name.patch b/ppc64le-canonical-name.patch index c2da935..542ea05 100644 --- a/ppc64le-canonical-name.patch +++ b/ppc64le-canonical-name.patch @@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64 See bnc#894956 -Index: libvirt-5.0.0/src/util/virarch.c +Index: libvirt-5.1.0/src/util/virarch.c =================================================================== ---- libvirt-5.0.0.orig/src/util/virarch.c -+++ libvirt-5.0.0/src/util/virarch.c +--- libvirt-5.1.0.orig/src/util/virarch.c ++++ libvirt-5.1.0/src/util/virarch.c @@ -172,6 +172,8 @@ virArch virArchFromHost(void) arch = VIR_ARCH_I686; } else if (STREQ(ut.machine, "amd64")) { diff --git a/qemu-apparmor-screenshot.patch b/qemu-apparmor-screenshot.patch index 66c2826..8309781 100644 --- a/qemu-apparmor-screenshot.patch +++ b/qemu-apparmor-screenshot.patch @@ -1,8 +1,8 @@ -Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu +Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu =================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu -@@ -221,3 +221,6 @@ +--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu +@@ -222,3 +222,6 @@ # required for sasl GSSAPI plugin /etc/gss/mech.d/ r, /etc/gss/mech.d/* r, diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index 92dce09..c1d3c00 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-5.0.0/src/xenconfig/xen_common.c +Index: libvirt-5.1.0/src/xenconfig/xen_common.c =================================================================== ---- libvirt-5.0.0.orig/src/xenconfig/xen_common.c -+++ libvirt-5.0.0/src/xenconfig/xen_common.c +--- libvirt-5.1.0.orig/src/xenconfig/xen_common.c ++++ libvirt-5.1.0/src/xenconfig/xen_common.c @@ -386,12 +386,19 @@ xenParsePCI(char *entry) int busID; int slotID; @@ -64,10 +64,10 @@ Index: libvirt-5.0.0/src/xenconfig/xen_common.c hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; -Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c @@ -1053,6 +1053,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -91,7 +91,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; dev->source.subsys.u.pci.addr.domain = domainID; dev->source.subsys.u.pci.addr.bus = busID; -@@ -1968,11 +1971,15 @@ static void +@@ -1962,11 +1965,15 @@ static void xenFormatSxprPCI(virDomainHostdevDefPtr def, virBufferPtr buf) { @@ -108,7 +108,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c } -@@ -1991,12 +1998,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP +@@ -1985,12 +1992,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP virBufferPtr buf, int detach) { @@ -121,7 +121,7 @@ Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c virBufferAddLit(buf, "(pci "); xenFormatSxprPCI(def, buf); if (detach) -@@ -2051,12 +2052,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, +@@ -2045,12 +2046,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, for (i = 0; i < def->nhostdevs; i++) { if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { diff --git a/suse-apparmor-libnl-paths.patch b/suse-apparmor-libnl-paths.patch index aa008b3..983a8e5 100644 --- a/suse-apparmor-libnl-paths.patch +++ b/suse-apparmor-libnl-paths.patch @@ -8,11 +8,11 @@ It was also noticed that the per-domain profiles need a libnl rule to squelch a denial when starting confined domains. Found while investigating bsc#1058847 -Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu +Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu =================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-5.0.0/src/security/apparmor/libvirt-qemu -@@ -62,6 +62,7 @@ +--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu ++++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu +@@ -63,6 +63,7 @@ #/dev/fb* rw, /etc/pulse/client.conf r, @@ -20,10 +20,10 @@ Index: libvirt-5.0.0/src/security/apparmor/libvirt-qemu @{HOME}/.pulse-cookie rwk, owner /root/.pulse-cookie rwk, owner /root/.pulse/ rw, -Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-5.0.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper -+++ libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-5.1.0.orig/src/security/apparmor/usr.lib.libvirt.virt-aa-helper ++++ libvirt-5.1.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/ owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, @@ -31,5 +31,5 @@ Index: libvirt-5.0.0/src/security/apparmor/usr.lib.libvirt.virt-aa-helper - /etc/libnl-3/classid r, + /etc/libnl*/classid r, - # for hostdev - /sys/devices/ r, + # for gl enabled graphics + /dev/dri/{,*} r, diff --git a/suse-libvirt-guests-service.patch b/suse-libvirt-guests-service.patch index 4cc8c66..c746d63 100644 --- a/suse-libvirt-guests-service.patch +++ b/suse-libvirt-guests-service.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests service to conform to SUSE standards -Index: libvirt-5.0.0/tools/libvirt-guests.init.in +Index: libvirt-5.1.0/tools/libvirt-guests.init.in =================================================================== ---- libvirt-5.0.0.orig/tools/libvirt-guests.init.in -+++ libvirt-5.0.0/tools/libvirt-guests.init.in +--- libvirt-5.1.0.orig/tools/libvirt-guests.init.in ++++ libvirt-5.1.0/tools/libvirt-guests.init.in @@ -4,27 +4,27 @@ # http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html # @@ -46,10 +46,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.init.in + exec @libexecdir@/libvirt-guests.sh "$@" -Index: libvirt-5.0.0/tools/libvirt-guests.sh.in +Index: libvirt-5.1.0/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-5.0.0.orig/tools/libvirt-guests.sh.in -+++ libvirt-5.0.0/tools/libvirt-guests.sh.in +--- libvirt-5.1.0.orig/tools/libvirt-guests.sh.in ++++ libvirt-5.1.0/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # . @@ -209,10 +209,10 @@ Index: libvirt-5.0.0/tools/libvirt-guests.sh.in esac -exit $RETVAL +rc_exit -Index: libvirt-5.0.0/tools/libvirt-guests.sysconf +Index: libvirt-5.1.0/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-5.0.0.orig/tools/libvirt-guests.sysconf -+++ libvirt-5.0.0/tools/libvirt-guests.sysconf +--- libvirt-5.1.0.orig/tools/libvirt-guests.sysconf ++++ libvirt-5.1.0/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/suse-libvirtd-disable-tls.patch b/suse-libvirtd-disable-tls.patch index 2ada1d1..8a4eeb5 100644 --- a/suse-libvirtd-disable-tls.patch +++ b/suse-libvirtd-disable-tls.patch @@ -3,10 +3,10 @@ Disable TLS by default On SUSE distros, the default is for libvirtd to listen only on the Unix Domain Socket. The libvirt client still provides remote access via a SSH tunnel. -Index: libvirt-5.0.0/src/remote/libvirtd.conf +Index: libvirt-5.1.0/src/remote/libvirtd.conf =================================================================== ---- libvirt-5.0.0.orig/src/remote/libvirtd.conf -+++ libvirt-5.0.0/src/remote/libvirtd.conf +--- libvirt-5.1.0.orig/src/remote/libvirtd.conf ++++ libvirt-5.1.0/src/remote/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/remote/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-5.0.0/src/remote/remote_daemon_config.c +Index: libvirt-5.1.0/src/remote/remote_daemon_config.c =================================================================== ---- libvirt-5.0.0.orig/src/remote/remote_daemon_config.c -+++ libvirt-5.0.0/src/remote/remote_daemon_config.c +--- libvirt-5.1.0.orig/src/remote/remote_daemon_config.c ++++ libvirt-5.1.0/src/remote/remote_daemon_config.c @@ -108,7 +108,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; @@ -31,10 +31,10 @@ Index: libvirt-5.0.0/src/remote/remote_daemon_config.c data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || -Index: libvirt-5.0.0/src/remote/test_libvirtd.aug.in +Index: libvirt-5.1.0/src/remote/test_libvirtd.aug.in =================================================================== ---- libvirt-5.0.0.orig/src/remote/test_libvirtd.aug.in -+++ libvirt-5.0.0/src/remote/test_libvirtd.aug.in +--- libvirt-5.1.0.orig/src/remote/test_libvirtd.aug.in ++++ libvirt-5.1.0/src/remote/test_libvirtd.aug.in @@ -2,7 +2,7 @@ module Test_libvirtd = ::CONFIG:: diff --git a/suse-libvirtd-service-xen.patch b/suse-libvirtd-service-xen.patch index 40de158..66d8cd4 100644 --- a/suse-libvirtd-service-xen.patch +++ b/suse-libvirtd-service-xen.patch @@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based tools. If a user installs libvirt on their SUSE Xen host, then libvirt should be king and override xendomains. See bsc#1015348 -Index: libvirt-5.0.0/src/remote/libvirtd.service.in +Index: libvirt-5.1.0/src/remote/libvirtd.service.in =================================================================== ---- libvirt-5.0.0.orig/src/remote/libvirtd.service.in -+++ libvirt-5.0.0/src/remote/libvirtd.service.in +--- libvirt-5.1.0.orig/src/remote/libvirtd.service.in ++++ libvirt-5.1.0/src/remote/libvirtd.service.in @@ -17,6 +17,8 @@ After=local-fs.target After=remote-fs.target After=systemd-logind.service diff --git a/suse-libvirtd-sysconfig-settings.patch b/suse-libvirtd-sysconfig-settings.patch index 483a7a9..813ac11 100644 --- a/suse-libvirtd-sysconfig-settings.patch +++ b/suse-libvirtd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-5.0.0/src/remote/libvirtd.sysconf +Index: libvirt-5.1.0/src/remote/libvirtd.sysconf =================================================================== ---- libvirt-5.0.0.orig/src/remote/libvirtd.sysconf -+++ libvirt-5.0.0/src/remote/libvirtd.sysconf +--- libvirt-5.1.0.orig/src/remote/libvirtd.sysconf ++++ libvirt-5.1.0/src/remote/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/suse-ovmf-paths.patch b/suse-ovmf-paths.patch index 01af87b..b2590c7 100644 --- a/suse-ovmf-paths.patch +++ b/suse-ovmf-paths.patch @@ -1,10 +1,10 @@ Adjust paths of OVMF firmwares on SUSE distros -Index: libvirt-5.0.0/src/qemu/qemu.conf +Index: libvirt-5.1.0/src/qemu/qemu.conf =================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu.conf -+++ libvirt-5.0.0/src/qemu/qemu.conf -@@ -767,10 +767,9 @@ security_default_confined = 0 +--- libvirt-5.1.0.orig/src/qemu/qemu.conf ++++ libvirt-5.1.0/src/qemu/qemu.conf +@@ -773,10 +773,9 @@ security_default_confined = 0 # for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default # follows this scheme. #nvram = [ @@ -18,10 +18,10 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf #] # The backend to use for handling stdout/stderr output from -Index: libvirt-5.0.0/src/qemu/qemu_conf.c +Index: libvirt-5.1.0/src/qemu/qemu_conf.c =================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu_conf.c -+++ libvirt-5.0.0/src/qemu/qemu_conf.c +--- libvirt-5.1.0.orig/src/qemu/qemu_conf.c ++++ libvirt-5.1.0/src/qemu/qemu_conf.c @@ -116,10 +116,9 @@ void qemuDomainCmdlineDefFree(qemuDomain #ifndef DEFAULT_LOADER_NVRAM @@ -36,11 +36,11 @@ Index: libvirt-5.0.0/src/qemu/qemu_conf.c #endif -Index: libvirt-5.0.0/src/security/virt-aa-helper.c +Index: libvirt-5.1.0/src/security/virt-aa-helper.c =================================================================== ---- libvirt-5.0.0.orig/src/security/virt-aa-helper.c -+++ libvirt-5.0.0/src/security/virt-aa-helper.c -@@ -507,7 +507,8 @@ valid_path(const char *path, const bool +--- libvirt-5.1.0.orig/src/security/virt-aa-helper.c ++++ libvirt-5.1.0/src/security/virt-aa-helper.c +@@ -506,7 +506,8 @@ valid_path(const char *path, const bool "/usr/share/ovmf/", /* for OVMF images */ "/usr/share/AAVMF/", /* for AAVMF images */ "/usr/share/qemu-efi/", /* for AAVMF images */ diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index bb35086..990b34f 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -7,11 +7,11 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch, etc.), but for now they are all lumped together in this single patch. -Index: libvirt-5.0.0/src/qemu/qemu.conf +Index: libvirt-5.1.0/src/qemu/qemu.conf =================================================================== ---- libvirt-5.0.0.orig/src/qemu/qemu.conf -+++ libvirt-5.0.0/src/qemu/qemu.conf -@@ -414,11 +414,20 @@ +--- libvirt-5.1.0.orig/src/qemu/qemu.conf ++++ libvirt-5.1.0/src/qemu/qemu.conf +@@ -420,11 +420,20 @@ # isolation, but it cannot appear in a list of drivers. # #security_driver = "selinux" @@ -34,7 +34,7 @@ Index: libvirt-5.0.0/src/qemu/qemu.conf # If set to non-zero, then attempts to create unconfined # guests will be blocked. Defaults to 0. -@@ -649,11 +658,22 @@ +@@ -655,11 +664,22 @@ #relaxed_acs_check = 1 diff --git a/suse-virtlockd-sysconfig-settings.patch b/suse-virtlockd-sysconfig-settings.patch index 1c55df9..e46982b 100644 --- a/suse-virtlockd-sysconfig-settings.patch +++ b/suse-virtlockd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlockd sysconfig file to conform to SUSE standards -Index: libvirt-5.0.0/src/locking/virtlockd.sysconf +Index: libvirt-5.1.0/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-5.0.0.orig/src/locking/virtlockd.sysconf -+++ libvirt-5.0.0/src/locking/virtlockd.sysconf +--- libvirt-5.1.0.orig/src/locking/virtlockd.sysconf ++++ libvirt-5.1.0/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + diff --git a/suse-virtlogd-sysconfig-settings.patch b/suse-virtlogd-sysconfig-settings.patch index 96aa012..4f859f5 100644 --- a/suse-virtlogd-sysconfig-settings.patch +++ b/suse-virtlogd-sysconfig-settings.patch @@ -1,9 +1,9 @@ Adjust virtlogd sysconfig file to conform to SUSE standards -Index: libvirt-5.0.0/src/logging/virtlogd.sysconf +Index: libvirt-5.1.0/src/logging/virtlogd.sysconf =================================================================== ---- libvirt-5.0.0.orig/src/logging/virtlogd.sysconf -+++ libvirt-5.0.0/src/logging/virtlogd.sysconf +--- libvirt-5.1.0.orig/src/logging/virtlogd.sysconf ++++ libvirt-5.1.0/src/logging/virtlogd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlogd + diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index 7edda96..b43fa67 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c @@ -383,7 +383,7 @@ xenParseSxprVifRate(const char *rate, un static int xenParseSxprDisks(virDomainDefPtr def, diff --git a/xen-sxpr-disk-type.patch b/xen-sxpr-disk-type.patch index 25da565..cc810f8 100644 --- a/xen-sxpr-disk-type.patch +++ b/xen-sxpr-disk-type.patch @@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c. https://bugzilla.suse.com/show_bug.cgi?id=938228 -Index: libvirt-5.0.0/src/xenconfig/xen_sxpr.c +Index: libvirt-5.1.0/src/xenconfig/xen_sxpr.c =================================================================== ---- libvirt-5.0.0.orig/src/xenconfig/xen_sxpr.c -+++ libvirt-5.0.0/src/xenconfig/xen_sxpr.c +--- libvirt-5.1.0.orig/src/xenconfig/xen_sxpr.c ++++ libvirt-5.1.0/src/xenconfig/xen_sxpr.c @@ -497,10 +497,11 @@ xenParseSxprDisks(virDomainDefPtr def, omnipotent, we can revisit this, perhaps stat()'ing the src file in question */