SHA256
1
0
forked from pool/libvirt

Accepting request 295136 from home:cbosdonnat:branches:Virtualization

- boo#926153: make sure /var/run/libvirt/lxc folder exists when
  starting the driver. da33a1ac-lxc-init-statedir.patch
- Fix lxc-enter-namespace for 3.19+ kernels.
  open-ns-files-readonly.patch

OBS-URL: https://build.opensuse.org/request/show/295136
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=451
This commit is contained in:
Cédric Bosdonnat 2015-04-09 10:08:11 +00:00 committed by Git OBS Bridge
parent 563e94d4f8
commit 5d8a863e03
4 changed files with 81 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From da33a1ac1f6c0ae2ebe72bc385bbc7c407026956 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 8 Apr 2015 19:16:52 +0200
Subject: [PATCH] lxc: create the required directories upon driver start
/var/run may reside on a tmpfs and we fail to create the PID file if
/var/run/lxc does not exist.
Since commit 0a8addc1, the lxc driver's state directory isn't
automatically created before starting a domain. Now, the lxc driver
makes sure the state directory exists when it initializes.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
---
src/lxc/lxc_driver.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 245000d..8dfa686 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1648,6 +1648,13 @@ static int lxcStateInitialize(bool privileged,
if (!(caps = virLXCDriverGetCapabilities(lxc_driver, false)))
goto cleanup;
+ if (virFileMakePath(cfg->stateDir) < 0) {
+ virReportSystemError(errno,
+ _("Failed to mkdir %s"),
+ cfg->stateDir);
+ goto cleanup;
+ }
+
/* Get all the running persistent or transient configs first */
if (virDomainObjListLoadAllConfigs(lxc_driver->domains,
cfg->stateDir,
--
2.1.4

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu Apr 9 09:35:26 UTC 2015 - cbosdonnat@suse.com
- boo#926153: make sure /var/run/libvirt/lxc folder exists when
starting the driver. da33a1ac-lxc-init-statedir.patch
- Fix lxc-enter-namespace for 3.19+ kernels.
open-ns-files-readonly.patch
-------------------------------------------------------------------
Thu Apr 2 08:38:03 MDT 2015 - jfehlig@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package libvirt
#
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -449,7 +449,9 @@ Source4: libvirtd-relocation-server.fw
Source5: polkit-10-virt.rules
Source99: baselibs.conf
# Upstream patches
Patch0: da33a1ac-lxc-init-statedir.patch
# Patches pending upstream review
Patch100: open-ns-files-readonly.patch
# Need to go upstream
Patch150: xen-pv-cdrom.patch
Patch151: blockcopy-check-dst-identical-device.patch
@ -978,6 +980,8 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
%prep
%setup -q
%patch0 -p1
%patch100 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1

View File

@ -0,0 +1,29 @@
From cc21badc5c30ddeeb89abfa9ecdfbacd512f33c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 9 Apr 2015 09:22:43 +0200
Subject: [PATCH] Open /proc/PID/ns/* read-only to avoid getting permission
denied
lxc-enter-namespace stopped working on recent kernels (at least 3.19+)
due to /proc/PID/ns/* file descriptors being opened RW. From outside
the namespace these can only be opened RO.
---
src/util/virprocess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index ab1e039..7a79970 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -628,7 +628,7 @@ int virProcessGetNamespaces(pid_t pid,
ns[i]) < 0)
goto cleanup;
- if ((fd = open(nsfile, O_RDWR)) >= 0) {
+ if ((fd = open(nsfile, O_RDONLY)) >= 0) {
if (VIR_EXPAND_N(*fdlist, *nfdlist, 1) < 0) {
VIR_FORCE_CLOSE(fd);
goto cleanup;
--
2.1.4