forked from pool/libvirt
Accepting request 567780 from home:jfehlig:branches:Virtualization
- Update to libvirt 4.0.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 2d07f1f0-fix-storage-crash.patch, 69ed99c7-dom0-persistent.patch, 8599aedd-libvirt-guests-dom0-filter.patch, 0f33025a-virt-aa-helper-handle-more-disk-images.patch, b475a91b-add-virStringFilterChars-string-utility.patch, faec1958-lxc-set-hostname-based-on-container-name.patch, 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch, fix-virt-aa-helper-profile.patch, suse-apparmor-signal.patch - Patches added to fix upstream bugs: 72adaf2f-revert-qemu-monitor-error-report.patch, 71d56a39-nodedev-fix-parse-PCI-address.patch - CVE-2018-5748, CVE-2017-5715, bsc#1071651 OBS-URL: https://build.opensuse.org/request/show/567780 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=661
This commit is contained in:
parent
6588d246d6
commit
803f542a4b
@ -1,98 +0,0 @@
|
||||
From 0f33025a43788f7f3483dfac6ab0b9f79c0d7957 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Mon, 11 Dec 2017 11:09:31 +0100
|
||||
Subject: [PATCH] virt-aa-helper: handle more disk images
|
||||
|
||||
virt-aa-helper needs read access to the disk image to resolve symlinks
|
||||
and add the proper rules to the profile. Its profile whitelists a few
|
||||
common paths, but users can place their images anywhere.
|
||||
|
||||
This commit helps users allowing access to their images by adding their
|
||||
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
|
||||
|
||||
This commit also adds rules to allow reading files named:
|
||||
- *.raw as this is a rather common disk image extension
|
||||
- /run/libvirt/**[vd]d[a-z] as these are used by virt-sandbox
|
||||
---
|
||||
examples/Makefile.am | 24 ++++++++++++++++++++++--
|
||||
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 5 +++++
|
||||
2 files changed, 27 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/examples/Makefile.am b/examples/Makefile.am
|
||||
index ef2f79db3..7069d74e7 100644
|
||||
--- a/examples/Makefile.am
|
||||
+++ b/examples/Makefile.am
|
||||
@@ -67,6 +67,9 @@ admin_client_info_SOURCES = admin/client_info.c
|
||||
admin_client_close_SOURCES = admin/client_close.c
|
||||
admin_logging_SOURCES = admin/logging.c
|
||||
|
||||
+INSTALL_DATA_LOCAL =
|
||||
+UNINSTALL_LOCAL =
|
||||
+
|
||||
if WITH_APPARMOR_PROFILES
|
||||
apparmordir = $(sysconfdir)/apparmor.d/
|
||||
apparmor_DATA = \
|
||||
@@ -85,20 +88,37 @@ templates_DATA = \
|
||||
apparmor/TEMPLATE.qemu \
|
||||
apparmor/TEMPLATE.lxc \
|
||||
$(NULL)
|
||||
+
|
||||
+APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
|
||||
+install-apparmor-local:
|
||||
+ $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
|
||||
+ echo "# Site-specific additions and overrides for \
|
||||
+ 'usr.lib.libvirt.virt-aa-helper'" \
|
||||
+ >$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper
|
||||
+
|
||||
+INSTALL_DATA_LOCAL += install-apparmor-local
|
||||
+UNINSTALL_LOCAL += uninstall-apparmor-local
|
||||
endif WITH_APPARMOR_PROFILES
|
||||
|
||||
if WITH_NWFILTER
|
||||
NWFILTER_DIR = "$(DESTDIR)$(sysconfdir)/libvirt/nwfilter"
|
||||
|
||||
-install-data-local:
|
||||
+install-nwfilter-local:
|
||||
$(MKDIR_P) "$(NWFILTER_DIR)"
|
||||
for f in $(FILTERS); do \
|
||||
$(INSTALL_DATA) $$f "$(NWFILTER_DIR)"; \
|
||||
done
|
||||
|
||||
-uninstall-local::
|
||||
+uninstall-nwfilter-local::
|
||||
for f in $(FILTERS); do \
|
||||
rm -f "$(NWFILTER_DIR)/`basename $$f`"; \
|
||||
done
|
||||
-test -z "$(shell ls $(NWFILTER_DIR))" || rmdir $(NWFILTER_DIR)
|
||||
+
|
||||
+INSTALL_DATA_LOCAL += install-nwfilter-local
|
||||
+UNINSTALL_LOCAL += uninstall-nwfilter-local
|
||||
endif WITH_NWFILTER
|
||||
+
|
||||
+install-data-local: $(INSTALL_DATA_LOCAL)
|
||||
+
|
||||
+uninstall-local: $(UNINSTALL_LOCAL)
|
||||
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
index bd6181d00..9c822b644 100644
|
||||
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
@@ -50,11 +50,16 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
|
||||
/var/lib/libvirt/images/ r,
|
||||
/var/lib/libvirt/images/** r,
|
||||
/{media,mnt,opt,srv}/** r,
|
||||
+ # For virt-sandbox
|
||||
+ /run/libvirt/**/[sv]d[a-z] r
|
||||
|
||||
/**.img r,
|
||||
+ /**.raw r,
|
||||
/**.qcow{,2} r,
|
||||
/**.qed r,
|
||||
/**.vmdk r,
|
||||
/**.[iI][sS][oO] r,
|
||||
/**/disk{,.*} r,
|
||||
+
|
||||
+ #include <local/usr.lib.libvirt.virt-aa-helper>
|
||||
}
|
||||
--
|
||||
2.15.1
|
||||
|
@ -1,45 +0,0 @@
|
||||
From 2089ab2112e763d6de5888e498afc4fbdc3376db Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Wed, 20 Dec 2017 17:36:10 +0100
|
||||
Subject: [PATCH] netserver: close clients before stopping all drivers
|
||||
|
||||
So far clients were closed when disposing the daemon, after the state
|
||||
driver cleanup. This was leading to libvirtd crashing at shutdown due
|
||||
to missing driver.
|
||||
|
||||
Moving the client close in virNetServerClose() fixes the problem.
|
||||
|
||||
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||||
---
|
||||
src/rpc/virnetserver.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c
|
||||
index 2b76daab5..43f889e2a 100644
|
||||
--- a/src/rpc/virnetserver.c
|
||||
+++ b/src/rpc/virnetserver.c
|
||||
@@ -774,10 +774,8 @@ void virNetServerDispose(void *obj)
|
||||
virObjectUnref(srv->programs[i]);
|
||||
VIR_FREE(srv->programs);
|
||||
|
||||
- for (i = 0; i < srv->nclients; i++) {
|
||||
- virNetServerClientClose(srv->clients[i]);
|
||||
+ for (i = 0; i < srv->nclients; i++)
|
||||
virObjectUnref(srv->clients[i]);
|
||||
- }
|
||||
VIR_FREE(srv->clients);
|
||||
|
||||
VIR_FREE(srv->mdnsGroupName);
|
||||
@@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv)
|
||||
for (i = 0; i < srv->nservices; i++)
|
||||
virNetServerServiceClose(srv->services[i]);
|
||||
|
||||
+ for (i = 0; i < srv->nclients; i++)
|
||||
+ virNetServerClientClose(srv->clients[i]);
|
||||
+
|
||||
virObjectUnlock(srv);
|
||||
}
|
||||
|
||||
--
|
||||
2.15.1
|
||||
|
@ -1,62 +0,0 @@
|
||||
commit 2d07f1f0ebd44b0348daa61afa0de34f3f838c22
|
||||
Author: Peter Krempa <pkrempa@redhat.com>
|
||||
Date: Wed Dec 6 16:20:07 2017 +0100
|
||||
|
||||
storage: Don't dereference driver object if virStorageSource is not initialized
|
||||
|
||||
virStorageFileReportBrokenChain uses data from the driver private data
|
||||
pointer to print the user and group. This would lead to a crash in call
|
||||
paths where we did not initialize the storage backend as recently added
|
||||
in commit 24e47ee2b93 to qemuDomainDetermineDiskChain.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1522682
|
||||
|
||||
Index: libvirt-3.10.0/src/storage/storage_source.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/storage/storage_source.c
|
||||
+++ libvirt-3.10.0/src/storage/storage_source.c
|
||||
@@ -419,19 +419,33 @@ virStorageFileReportBrokenChain(int errc
|
||||
virStorageSourcePtr src,
|
||||
virStorageSourcePtr parent)
|
||||
{
|
||||
- unsigned int access_user = src->drv->uid;
|
||||
- unsigned int access_group = src->drv->gid;
|
||||
|
||||
- if (src == parent) {
|
||||
- virReportSystemError(errcode,
|
||||
- _("Cannot access storage file '%s' "
|
||||
- "(as uid:%u, gid:%u)"),
|
||||
- src->path, access_user, access_group);
|
||||
+ if (src->drv) {
|
||||
+ unsigned int access_user = src->drv->uid;
|
||||
+ unsigned int access_group = src->drv->gid;
|
||||
+
|
||||
+ if (src == parent) {
|
||||
+ virReportSystemError(errcode,
|
||||
+ _("Cannot access storage file '%s' "
|
||||
+ "(as uid:%u, gid:%u)"),
|
||||
+ src->path, access_user, access_group);
|
||||
+ } else {
|
||||
+ virReportSystemError(errcode,
|
||||
+ _("Cannot access backing file '%s' "
|
||||
+ "of storage file '%s' (as uid:%u, gid:%u)"),
|
||||
+ src->path, parent->path, access_user, access_group);
|
||||
+ }
|
||||
} else {
|
||||
- virReportSystemError(errcode,
|
||||
- _("Cannot access backing file '%s' "
|
||||
- "of storage file '%s' (as uid:%u, gid:%u)"),
|
||||
- src->path, parent->path, access_user, access_group);
|
||||
+ if (src == parent) {
|
||||
+ virReportSystemError(errcode,
|
||||
+ _("Cannot access storage file '%s'"),
|
||||
+ src->path);
|
||||
+ } else {
|
||||
+ virReportSystemError(errcode,
|
||||
+ _("Cannot access backing file '%s' "
|
||||
+ "of storage file '%s'"),
|
||||
+ src->path, parent->path);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
@ -1,21 +0,0 @@
|
||||
commit 69ed99c78696d7ac405ce9e193a4a312fd9945d7
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Wed Dec 13 14:20:37 2017 -0700
|
||||
|
||||
libxl: mark domain0 as persistent
|
||||
|
||||
A Xen domain0 is better described as a persistent domain. Mark it
|
||||
as such during intialization.
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
@@ -609,6 +609,7 @@ libxlAddDom0(libxlDriverPrivatePtr drive
|
||||
|
||||
def = NULL;
|
||||
|
||||
+ vm->persistent = 1;
|
||||
virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED);
|
||||
if (virDomainDefSetVcpusMax(vm->def, d_info.vcpu_max_id + 1, driver->xmlopt))
|
||||
goto cleanup;
|
96
71d56a39-nodedev-fix-parse-PCI-address.patch
Normal file
96
71d56a39-nodedev-fix-parse-PCI-address.patch
Normal file
@ -0,0 +1,96 @@
|
||||
commit 71d56a397925a1bd55d3aee30afdbdcd1a14f9a8
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri Jan 5 17:10:47 2018 -0700
|
||||
|
||||
nodedev: Fix failing to parse PCI address for non-PCI network devices
|
||||
|
||||
Commit 8708ca01c added virNetDevSwitchdevFeature() to check if a network
|
||||
device has Switchdev capabilities. virNetDevSwitchdevFeature() attempts
|
||||
to retrieve the PCI device associated with the network device, ignoring
|
||||
non-PCI devices. It does so via the following call chain
|
||||
|
||||
virNetDevSwitchdevFeature()->virNetDevGetPCIDevice()->
|
||||
virPCIGetDeviceAddressFromSysfsLink()
|
||||
|
||||
For non-PCI network devices (qeth, Xen vif, etc),
|
||||
virPCIGetDeviceAddressFromSysfsLink() will report an error when
|
||||
virPCIDeviceAddressParse() fails. virPCIDeviceAddressParse() also
|
||||
logs an error. After commit 8708ca01c there are now two errors reported
|
||||
for each non-PCI network device even though the errors are harmless.
|
||||
|
||||
To avoid the errors, introduce virNetDevIsPCIDevice() and use it in
|
||||
virNetDevGetPCIDevice() before attempting to retrieve the associated
|
||||
PCI device. virNetDevIsPCIDevice() uses the 'subsystem' property of the
|
||||
device to determine if it is PCI. See the sysfs rules in kernel
|
||||
documentation for more details
|
||||
|
||||
https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html
|
||||
|
||||
Index: libvirt-4.0.0/src/util/virnetdev.c
|
||||
===================================================================
|
||||
--- libvirt-4.0.0.orig/src/util/virnetdev.c
|
||||
+++ libvirt-4.0.0/src/util/virnetdev.c
|
||||
@@ -22,6 +22,7 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
+#include "dirname.h"
|
||||
#include "virnetdev.h"
|
||||
#include "virnetlink.h"
|
||||
#include "virmacaddr.h"
|
||||
@@ -1147,6 +1148,45 @@ virNetDevSysfsDeviceFile(char **pf_sysfs
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * Determine if the device path specified in devpath is a PCI Device
|
||||
+ * by resolving the 'subsystem'-link in devpath and looking for
|
||||
+ * 'pci' in the last component. For more information see the rules
|
||||
+ * for accessing sysfs in the kernel docs
|
||||
+ *
|
||||
+ * https://www.kernel.org/doc/html/latest/admin-guide/sysfs-rules.html
|
||||
+ *
|
||||
+ * Returns true if devpath's susbsystem is pci, false otherwise.
|
||||
+ */
|
||||
+static bool
|
||||
+virNetDevIsPCIDevice(const char *devpath)
|
||||
+{
|
||||
+ char *subsys_link = NULL;
|
||||
+ char *abs_path = NULL;
|
||||
+ char *subsys = NULL;
|
||||
+ bool ret = false;
|
||||
+
|
||||
+ if (virAsprintf(&subsys_link, "%s/subsystem", devpath) < 0)
|
||||
+ return false;
|
||||
+
|
||||
+ if (!virFileExists(subsys_link))
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (virFileResolveLink(subsys_link, &abs_path) < 0) {
|
||||
+ virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
+ _("Unable to resolve device subsystem symlink %s"),
|
||||
+ subsys_link);
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ subsys = last_component(abs_path);
|
||||
+ ret = STRPREFIX(subsys, "pci");
|
||||
+
|
||||
+ cleanup:
|
||||
+ VIR_FREE(subsys_link);
|
||||
+ VIR_FREE(abs_path);
|
||||
+ return ret;
|
||||
+}
|
||||
|
||||
static virPCIDevicePtr
|
||||
virNetDevGetPCIDevice(const char *devName)
|
||||
@@ -1158,6 +1198,9 @@ virNetDevGetPCIDevice(const char *devNam
|
||||
if (virNetDevSysfsFile(&vfSysfsDevicePath, devName, "device") < 0)
|
||||
goto cleanup;
|
||||
|
||||
+ if (!virNetDevIsPCIDevice(vfSysfsDevicePath))
|
||||
+ goto cleanup;
|
||||
+
|
||||
vfPCIAddr = virPCIGetDeviceAddressFromSysfsLink(vfSysfsDevicePath);
|
||||
if (!vfPCIAddr)
|
||||
goto cleanup;
|
60
72adaf2f-revert-qemu-monitor-error-report.patch
Normal file
60
72adaf2f-revert-qemu-monitor-error-report.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 72adaf2f10509c3682f2c65ffad4176e00e5a2fb
|
||||
Author: Michal Privoznik <mprivozn@redhat.com>
|
||||
Date: Fri Jan 19 13:53:57 2018 +0100
|
||||
|
||||
Revert "qemu: monitor: do not report error on shutdown"
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1536461
|
||||
|
||||
This reverts commit aeda1b8c56dc58b0a413acc61bbea938b40499e1.
|
||||
|
||||
Problem is that we need mon->lastError to be set because it's
|
||||
used all over the place. Also, there's nothing wrong with
|
||||
reporting error if one occurred. I mean, if there's a thread
|
||||
executing an API and which currently is talking on monitor it
|
||||
definitely wants the error reported.
|
||||
|
||||
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
||||
|
||||
Index: libvirt-4.0.0/src/qemu/qemu_monitor.c
|
||||
===================================================================
|
||||
--- libvirt-4.0.0.orig/src/qemu/qemu_monitor.c
|
||||
+++ libvirt-4.0.0/src/qemu/qemu_monitor.c
|
||||
@@ -78,7 +78,6 @@ struct _qemuMonitor {
|
||||
* < 0: an error occurred during the registration of @fd */
|
||||
int watch;
|
||||
int hasSendFD;
|
||||
- int willhangup;
|
||||
|
||||
virDomainObjPtr vm;
|
||||
|
||||
@@ -716,10 +715,8 @@ qemuMonitorIO(int watch, int fd, int eve
|
||||
if (events & VIR_EVENT_HANDLE_HANGUP) {
|
||||
hangup = true;
|
||||
if (!error) {
|
||||
- if (!mon->willhangup) {
|
||||
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
- _("End of file from qemu monitor"));
|
||||
- }
|
||||
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
+ _("End of file from qemu monitor"));
|
||||
eof = true;
|
||||
events &= ~VIR_EVENT_HANDLE_HANGUP;
|
||||
}
|
||||
@@ -758,7 +755,7 @@ qemuMonitorIO(int watch, int fd, int eve
|
||||
if (mon->lastError.code != VIR_ERR_OK) {
|
||||
/* Already have an error, so clear any new error */
|
||||
virResetLastError();
|
||||
- } else if (!mon->willhangup) {
|
||||
+ } else {
|
||||
virErrorPtr err = virGetLastError();
|
||||
if (!err)
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
@@ -1352,7 +1349,6 @@ qemuMonitorEmitShutdown(qemuMonitorPtr m
|
||||
{
|
||||
int ret = -1;
|
||||
VIR_DEBUG("mon=%p guest=%u", mon, guest);
|
||||
- mon->willhangup = 1;
|
||||
|
||||
QEMU_MONITOR_CALLBACK(mon, ret, domainShutdown, mon->vm, guest);
|
||||
return ret;
|
@ -1,25 +0,0 @@
|
||||
commit 8599aedd434a2843dca7fae37bd397f07a584c1a
|
||||
Author: Jim Fehlig <jfehlig@suse.com>
|
||||
Date: Fri Dec 15 15:28:49 2017 -0700
|
||||
|
||||
Improve filtering of Xen domain0 in libvirt-guests
|
||||
|
||||
The list_guests function in libvirt-guests uses 'grep -v' to filter
|
||||
Xen domain0 from a list of guests. If domain0 is the only item in
|
||||
the list, 'grep -v' returns 1, causing the 'stop' operation to fail
|
||||
when action is 'suspend'. Improve the filtering by using sed to remove
|
||||
domain0 from the list of guests.
|
||||
|
||||
Index: libvirt-3.10.0/tools/libvirt-guests.sh.in
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/libvirt-guests.sh.in
|
||||
+++ libvirt-3.10.0/tools/libvirt-guests.sh.in
|
||||
@@ -121,7 +121,7 @@ list_guests() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
- echo "$list" | grep -v 00000000-0000-0000-0000-000000000000
|
||||
+ echo "$list" | sed "/00000000-0000-0000-0000-000000000000/d"
|
||||
}
|
||||
|
||||
# guest_name URI UUID
|
@ -1,7 +1,7 @@
|
||||
Index: libvirt-3.10.0/examples/apparmor/libvirt-lxc
|
||||
Index: libvirt-4.0.0/examples/apparmor/libvirt-lxc
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/examples/apparmor/libvirt-lxc
|
||||
+++ libvirt-3.10.0/examples/apparmor/libvirt-lxc
|
||||
--- libvirt-4.0.0.orig/examples/apparmor/libvirt-lxc
|
||||
+++ libvirt-4.0.0/examples/apparmor/libvirt-lxc
|
||||
@@ -2,39 +2,15 @@
|
||||
|
||||
#include <abstractions/base>
|
||||
|
@ -1,139 +0,0 @@
|
||||
From b475a91b7753281eb60b87f75b0055fe3c139276 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Mon, 18 Dec 2017 15:46:53 +0100
|
||||
Subject: [PATCH 1/2] Add virStringFilterChars() string utility
|
||||
|
||||
Add a function to filter a string based on a list of valid characters.
|
||||
---
|
||||
src/libvirt_private.syms | 1 +
|
||||
src/util/virstring.c | 24 ++++++++++++++++++++++++
|
||||
src/util/virstring.h | 1 +
|
||||
tests/virstringtest.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||
4 files changed, 72 insertions(+)
|
||||
|
||||
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
|
||||
index 18d0f2adf..6662c8dac 100644
|
||||
--- a/src/libvirt_private.syms
|
||||
+++ b/src/libvirt_private.syms
|
||||
@@ -2755,6 +2755,7 @@ virStrcpy;
|
||||
virStrdup;
|
||||
virStringBufferIsPrintable;
|
||||
virStringEncodeBase64;
|
||||
+virStringFilterChars;
|
||||
virStringHasChars;
|
||||
virStringHasControlChars;
|
||||
virStringIsEmpty;
|
||||
diff --git a/src/util/virstring.c b/src/util/virstring.c
|
||||
index 0cb06bdc9..1c58df915 100644
|
||||
--- a/src/util/virstring.c
|
||||
+++ b/src/util/virstring.c
|
||||
@@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str)
|
||||
str[j] = '\0';
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * virStringFilterChars:
|
||||
+ * @str: the string to strip
|
||||
+ * @valid: the valid characters for the string
|
||||
+ *
|
||||
+ * Modify the string in-place to remove the characters that aren't
|
||||
+ * in the list of valid ones.
|
||||
+ */
|
||||
+void
|
||||
+virStringFilterChars(char *str, const char *valid)
|
||||
+{
|
||||
+ size_t len, i, j;
|
||||
+
|
||||
+ if (!str)
|
||||
+ return;
|
||||
+
|
||||
+ len = strlen(str);
|
||||
+ for (i = 0, j = 0; i < len; i++) {
|
||||
+ if (strchr(valid, str[i]))
|
||||
+ str[j++] = str[i];
|
||||
+ }
|
||||
+ str[j] = '\0';
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* virStringToUpper:
|
||||
* @str: string to capitalize
|
||||
diff --git a/src/util/virstring.h b/src/util/virstring.h
|
||||
index b19abaf9f..8af054bce 100644
|
||||
--- a/src/util/virstring.h
|
||||
+++ b/src/util/virstring.h
|
||||
@@ -293,6 +293,7 @@ bool virStringHasChars(const char *str,
|
||||
const char *chars);
|
||||
bool virStringHasControlChars(const char *str);
|
||||
void virStringStripControlChars(char *str);
|
||||
+void virStringFilterChars(char *str, const char *valid);
|
||||
|
||||
bool virStringIsPrintable(const char *str);
|
||||
bool virStringBufferIsPrintable(const uint8_t *buf, size_t buflen);
|
||||
diff --git a/tests/virstringtest.c b/tests/virstringtest.c
|
||||
index 320f7a398..e8518ede1 100644
|
||||
--- a/tests/virstringtest.c
|
||||
+++ b/tests/virstringtest.c
|
||||
@@ -767,6 +767,36 @@ static int testStripControlChars(const void *args)
|
||||
return ret;
|
||||
}
|
||||
|
||||
+struct testFilterData {
|
||||
+ const char *string;
|
||||
+ const char *valid;
|
||||
+ const char *result;
|
||||
+};
|
||||
+
|
||||
+static int testFilterChars(const void *args)
|
||||
+{
|
||||
+ const struct testFilterData *data = args;
|
||||
+ int ret = -1;
|
||||
+ char *res = NULL;
|
||||
+
|
||||
+ if (VIR_STRDUP(res, data->string) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ virStringFilterChars(res, data->valid);
|
||||
+
|
||||
+ if (STRNEQ_NULLABLE(res, data->result)) {
|
||||
+ fprintf(stderr, "Returned '%s', expected '%s'\n",
|
||||
+ NULLSTR(res), NULLSTR(data->result));
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+
|
||||
+ cleanup:
|
||||
+ VIR_FREE(res);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
mymain(void)
|
||||
{
|
||||
@@ -1085,6 +1115,22 @@ mymain(void)
|
||||
TEST_STRIP_CONTROL_CHARS("\x01H\x02" "E\x03L\x04L\x05O", "HELLO");
|
||||
TEST_STRIP_CONTROL_CHARS("\x01\x02\x03\x04HELL\x05O", "HELLO");
|
||||
TEST_STRIP_CONTROL_CHARS("\nhello \x01\x07hello\t", "\nhello hello\t");
|
||||
+
|
||||
+#define TEST_FILTER_CHARS(str, filter, res) \
|
||||
+ do { \
|
||||
+ struct testFilterData filterData = { \
|
||||
+ .string = str, \
|
||||
+ .valid = filter, \
|
||||
+ .result = res, \
|
||||
+ }; \
|
||||
+ if (virTestRun("Filter chars from " #str, \
|
||||
+ testFilterChars, &filterData) < 0) \
|
||||
+ ret = -1; \
|
||||
+ } while (0)
|
||||
+
|
||||
+ TEST_FILTER_CHARS(NULL, NULL, NULL);
|
||||
+ TEST_FILTER_CHARS("hello 123 hello", "helo", "hellohello");
|
||||
+
|
||||
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||
}
|
||||
|
||||
--
|
||||
2.15.1
|
||||
|
@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu <cyliu@suse.com>
|
||||
src/qemu/qemu_driver.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
Index: libvirt-3.10.0/src/qemu/qemu_driver.c
|
||||
Index: libvirt-4.0.0/src/qemu/qemu_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-3.10.0/src/qemu/qemu_driver.c
|
||||
@@ -17145,6 +17145,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
|
||||
--- libvirt-4.0.0.orig/src/qemu/qemu_driver.c
|
||||
+++ libvirt-4.0.0/src/qemu/qemu_driver.c
|
||||
@@ -17159,6 +17159,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt
|
||||
goto endjob;
|
||||
}
|
||||
|
||||
|
@ -1,69 +0,0 @@
|
||||
From faec1958614bfcdb535b1bcc0ddac8cde4516e1a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Mon, 18 Dec 2017 15:48:33 +0100
|
||||
Subject: [PATCH 2/2] lxc: set a hostname based on the container name
|
||||
|
||||
Set a transient hostname on containers. The hostname is computed from
|
||||
the container name, only keeping the valid characters [a-zA-Z0-9-] in it.
|
||||
This filtering is based on RFC 1123 and allows a digit to start the
|
||||
hostname.
|
||||
---
|
||||
src/lxc/lxc_container.c | 35 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 35 insertions(+)
|
||||
|
||||
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
|
||||
index b7216d6ee..96fceaf1b 100644
|
||||
--- a/src/lxc/lxc_container.c
|
||||
+++ b/src/lxc/lxc_container.c
|
||||
@@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static const char hostname_validchars[] =
|
||||
+ "abcdefghijklmnopqrstuvwxyz"
|
||||
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
+ "0123456789-";
|
||||
+
|
||||
+static int lxcContainerSetHostname(virDomainDefPtr def)
|
||||
+{
|
||||
+ int ret = -1;
|
||||
+ char *name = NULL;
|
||||
+ char *hostname = NULL;
|
||||
+
|
||||
+ /* Filter the VM name to get a valid hostname */
|
||||
+ if (VIR_STRDUP(name, def->name) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ /* RFC 1123 allows 0-9 digits as a first character in hostname */
|
||||
+ virStringFilterChars(name, hostname_validchars);
|
||||
+ hostname = name;
|
||||
+ if (strlen(name) > 0 && name[0] == '-')
|
||||
+ hostname = name + 1;
|
||||
+
|
||||
+ if (sethostname(hostname, strlen(hostname)) < 0) {
|
||||
+ virReportSystemError(errno, "%s", _("Failed to set hostname"));
|
||||
+ goto cleanup;
|
||||
+ }
|
||||
+ ret = 0;
|
||||
+
|
||||
+ cleanup:
|
||||
+ VIR_FREE(name);
|
||||
+ return ret;
|
||||
+}
|
||||
|
||||
/**
|
||||
* lxcContainerChild:
|
||||
@@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
+ if (lxcContainerSetHostname(vmDef) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+
|
||||
/* drop a set of root capabilities */
|
||||
if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0)
|
||||
goto cleanup;
|
||||
--
|
||||
2.15.1
|
||||
|
@ -1,28 +0,0 @@
|
||||
From 29eed5ffb8776f4e4ecf6dc6b3ee7f320f679e7e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
||||
Date: Tue, 2 Jan 2018 09:54:46 +0100
|
||||
Subject: [PATCH] apparmor: fix virt-aa-helper profile
|
||||
|
||||
Fix rule introduced by commit 0f33025a:
|
||||
* to handle /var/run not being a symlink to /run
|
||||
* to be properly parsed: missing comma at the end.
|
||||
---
|
||||
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
index 9c822b644..105f09e43 100644
|
||||
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
@@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
|
||||
/var/lib/libvirt/images/** r,
|
||||
/{media,mnt,opt,srv}/** r,
|
||||
# For virt-sandbox
|
||||
- /run/libvirt/**/[sv]d[a-z] r
|
||||
+ /{,var/}run/libvirt/**/[sv]d[a-z] r,
|
||||
|
||||
/**.img r,
|
||||
/**.raw r,
|
||||
--
|
||||
2.15.1
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:dff109cae2cc915b3ed5ba7e460502b85eb9a5058cda4f356d7bb7b1e3196b0e
|
||||
size 14952220
|
@ -1,10 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABAgAGBQJaJYL/AAoJEBVYiyZZa+pdRmsH/i9aAZCXqz0GiIlPV55Y5Rdl
|
||||
fGbP2i5o2SSs1u8lcGlC6GtC/WJAInxSMOjxxnjJgcwGVkEW/J5juvEOzZtsCCc2
|
||||
lFYIZqWTXgp/PpLr92I8Wz1UkMjy5wabKG6PcZGt7kxaFcAUb5P4ODZe+CH9NyD3
|
||||
UJHg0R7j6t81z43f9yzXOpEPATHfTCXg0TNUeqg0q7oJU3mmdZI8qxznMX+88xO+
|
||||
tUcZGDKADDtxEVDjTWPU1SZjHGEeZ2cIMJA5nsfuEFeghU1iV4QzMgnd/84fKWIh
|
||||
7tsUCF93dismVE5xwVNUvTWwmHc4shj7tSj93117GH25SPwvr/GyDEYPEp9CMEE=
|
||||
=gYo3
|
||||
-----END PGP SIGNATURE-----
|
3
libvirt-4.0.0.tar.xz
Normal file
3
libvirt-4.0.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e9e8ca1a696b70bca572f367e35807a9800a59aec5158b95fe7f4802a5fadfc8
|
||||
size 15002248
|
10
libvirt-4.0.0.tar.xz.asc
Normal file
10
libvirt-4.0.0.tar.xz.asc
Normal file
@ -0,0 +1,10 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABAgAGBQJaYc40AAoJEBVYiyZZa+pdapkIAJsN77Xyts8WupSGAjNx7BE+
|
||||
aWlLfUnXc3TmtvXaqIYP0Vyc0AtWbiDaLAuIxdOXBM7ehABfka4xLevC4+t+cN8P
|
||||
tMpT+oGnI+PhIAt1u6UAPjNwFvzV91/hwPEeA2Mhcc1+Mgzh/dU6VtbMl0iupgic
|
||||
tUJOP0r3FN2woh8y5CZUwpCMTIDZ4FlOrqC1iyZfmhAE5nyqM+bO/tArRDZwK4TE
|
||||
G1oLtioaN0ESY7zY7Vf4fpD9tufyyVfKjDvoMTKSmgzyLTzU3NpPi0NjE1Iw5TqP
|
||||
m8jlmxvTHati6U6GLVerfZTMOKVfR6WzyWrUPnGkE65xfh9+Eyo66XMtgb04lMo=
|
||||
=NAMU
|
||||
-----END PGP SIGNATURE-----
|
@ -2,11 +2,11 @@ Add POWER8 v2.0 and v2.1 to cpu map XML
|
||||
|
||||
From: <ro@suse.de>
|
||||
|
||||
Index: libvirt-3.10.0/src/cpu/cpu_map.xml
|
||||
Index: libvirt-4.0.0/src/cpu/cpu_map.xml
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/cpu/cpu_map.xml
|
||||
+++ libvirt-3.10.0/src/cpu/cpu_map.xml
|
||||
@@ -1724,6 +1724,8 @@
|
||||
--- libvirt-4.0.0.orig/src/cpu/cpu_map.xml
|
||||
+++ libvirt-4.0.0/src/cpu/cpu_map.xml
|
||||
@@ -2346,6 +2346,8 @@
|
||||
<pvr value='0x004b0000' mask='0xffff0000'/>
|
||||
<pvr value='0x004c0000' mask='0xffff0000'/>
|
||||
<pvr value='0x004d0000' mask='0xffff0000'/>
|
||||
|
@ -1,8 +1,8 @@
|
||||
Index: libvirt-3.10.0/configure.ac
|
||||
Index: libvirt-4.0.0/configure.ac
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/configure.ac
|
||||
+++ libvirt-3.10.0/configure.ac
|
||||
@@ -256,6 +256,7 @@ LIBVIRT_ARG_LIBSSH
|
||||
--- libvirt-4.0.0.orig/configure.ac
|
||||
+++ libvirt-4.0.0/configure.ac
|
||||
@@ -257,6 +257,7 @@ LIBVIRT_ARG_LIBSSH
|
||||
LIBVIRT_ARG_LIBXML
|
||||
LIBVIRT_ARG_MACVTAP
|
||||
LIBVIRT_ARG_NETCF
|
||||
@ -10,7 +10,7 @@ Index: libvirt-3.10.0/configure.ac
|
||||
LIBVIRT_ARG_NSS
|
||||
LIBVIRT_ARG_NUMACTL
|
||||
LIBVIRT_ARG_OPENWSMAN
|
||||
@@ -296,6 +297,7 @@ LIBVIRT_CHECK_LIBSSH
|
||||
@@ -298,6 +299,7 @@ LIBVIRT_CHECK_LIBSSH
|
||||
LIBVIRT_CHECK_LIBXML
|
||||
LIBVIRT_CHECK_MACVTAP
|
||||
LIBVIRT_CHECK_NETCF
|
||||
@ -18,7 +18,7 @@ Index: libvirt-3.10.0/configure.ac
|
||||
LIBVIRT_CHECK_NUMACTL
|
||||
LIBVIRT_CHECK_NWFILTER
|
||||
LIBVIRT_CHECK_OPENWSMAN
|
||||
@@ -993,6 +995,7 @@ LIBVIRT_RESULT_LIBXL
|
||||
@@ -996,6 +998,7 @@ LIBVIRT_RESULT_LIBXL
|
||||
LIBVIRT_RESULT_LIBXML
|
||||
LIBVIRT_RESULT_MACVTAP
|
||||
LIBVIRT_RESULT_NETCF
|
||||
@ -26,10 +26,10 @@ Index: libvirt-3.10.0/configure.ac
|
||||
LIBVIRT_RESULT_NSS
|
||||
LIBVIRT_RESULT_NUMACTL
|
||||
LIBVIRT_RESULT_OPENWSMAN
|
||||
Index: libvirt-3.10.0/src/Makefile.am
|
||||
Index: libvirt-4.0.0/src/Makefile.am
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/Makefile.am
|
||||
+++ libvirt-3.10.0/src/Makefile.am
|
||||
--- libvirt-4.0.0.orig/src/Makefile.am
|
||||
+++ libvirt-4.0.0/src/Makefile.am
|
||||
@@ -1038,6 +1038,10 @@ if WITH_NETCF
|
||||
INTERFACE_DRIVER_SOURCES += \
|
||||
interface/interface_backend_netcf.c
|
||||
@ -52,10 +52,10 @@ Index: libvirt-3.10.0/src/Makefile.am
|
||||
if WITH_UDEV
|
||||
libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS)
|
||||
libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)
|
||||
Index: libvirt-3.10.0/tools/virsh.c
|
||||
Index: libvirt-4.0.0/tools/virsh.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/virsh.c
|
||||
+++ libvirt-3.10.0/tools/virsh.c
|
||||
--- libvirt-4.0.0.orig/tools/virsh.c
|
||||
+++ libvirt-4.0.0/tools/virsh.c
|
||||
@@ -578,6 +578,8 @@ virshShowVersion(vshControl *ctl ATTRIBU
|
||||
vshPrint(ctl, " Interface");
|
||||
# if defined(WITH_NETCF)
|
||||
@ -65,10 +65,10 @@ Index: libvirt-3.10.0/tools/virsh.c
|
||||
# elif defined(WITH_UDEV)
|
||||
vshPrint(ctl, " udev");
|
||||
# endif
|
||||
Index: libvirt-3.10.0/src/interface/interface_backend_netcf.c
|
||||
Index: libvirt-4.0.0/src/interface/interface_backend_netcf.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-3.10.0/src/interface/interface_backend_netcf.c
|
||||
--- libvirt-4.0.0.orig/src/interface/interface_backend_netcf.c
|
||||
+++ libvirt-4.0.0/src/interface/interface_backend_netcf.c
|
||||
@@ -23,7 +23,12 @@
|
||||
|
||||
#include <config.h>
|
||||
@ -152,10 +152,10 @@ Index: libvirt-3.10.0/src/interface/interface_backend_netcf.c
|
||||
if (virSetSharedInterfaceDriver(&interfaceDriver) < 0)
|
||||
return -1;
|
||||
if (virRegisterStateDriver(&interfaceStateDriver) < 0)
|
||||
Index: libvirt-3.10.0/src/interface/interface_driver.c
|
||||
Index: libvirt-4.0.0/src/interface/interface_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-3.10.0/src/interface/interface_driver.c
|
||||
--- libvirt-4.0.0.orig/src/interface/interface_driver.c
|
||||
+++ libvirt-4.0.0/src/interface/interface_driver.c
|
||||
@@ -30,8 +30,15 @@ interfaceRegister(void)
|
||||
if (netcfIfaceRegister() == 0)
|
||||
return 0;
|
||||
@ -173,10 +173,10 @@ Index: libvirt-3.10.0/src/interface/interface_driver.c
|
||||
if (udevIfaceRegister() == 0)
|
||||
return 0;
|
||||
#endif /* WITH_UDEV */
|
||||
Index: libvirt-3.10.0/m4/virt-netcontrol.m4
|
||||
Index: libvirt-4.0.0/m4/virt-netcontrol.m4
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ libvirt-3.10.0/m4/virt-netcontrol.m4
|
||||
+++ libvirt-4.0.0/m4/virt-netcontrol.m4
|
||||
@@ -0,0 +1,39 @@
|
||||
+dnl The libnetcontrol library
|
||||
+dnl
|
||||
|
@ -1,3 +1,24 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 19 16:31:53 UTC 2018 - jfehlig@suse.com
|
||||
|
||||
- Update to libvirt 4.0.0
|
||||
- Many incremental improvements and bug fixes, see
|
||||
http://libvirt.org/news.html
|
||||
- Dropped patches:
|
||||
2d07f1f0-fix-storage-crash.patch,
|
||||
69ed99c7-dom0-persistent.patch,
|
||||
8599aedd-libvirt-guests-dom0-filter.patch,
|
||||
0f33025a-virt-aa-helper-handle-more-disk-images.patch,
|
||||
b475a91b-add-virStringFilterChars-string-utility.patch,
|
||||
faec1958-lxc-set-hostname-based-on-container-name.patch,
|
||||
2089ab21-netserver-close-clients-before-stopping-all-drivers.patch,
|
||||
fix-virt-aa-helper-profile.patch,
|
||||
suse-apparmor-signal.patch
|
||||
- Patches added to fix upstream bugs:
|
||||
72adaf2f-revert-qemu-monitor-error-report.patch,
|
||||
71d56a39-nodedev-fix-parse-PCI-address.patch
|
||||
- CVE-2018-5748, CVE-2017-5715, bsc#1071651
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 11 16:52:43 UTC 2018 - jfehlig@suse.com
|
||||
|
||||
|
48
libvirt.spec
48
libvirt.spec
@ -53,6 +53,7 @@
|
||||
%define with_numad 0%{!?_without_numad:0}
|
||||
%define with_firewalld 0%{!?_without_firewalld:0}
|
||||
%define with_libssh 0%{!?_without_libssh:0}
|
||||
%define with_bash_completion 0%{!?_without_bash_completion:0}
|
||||
|
||||
# Xen no longer contains xm/xend so disable building the legacy Xen driver
|
||||
%define with_xen 0
|
||||
@ -110,6 +111,11 @@
|
||||
%define with_firewalld 1
|
||||
%endif
|
||||
|
||||
# TODO: On what distros can we support bash-completion?
|
||||
# SLE12 builds seem fine, but configure fails to detect
|
||||
# completion support on openSUSE distros.
|
||||
%define with_bash_completion 0%{!?_without_bash_completion:0}
|
||||
|
||||
# rbd enablement is a bit tricky. For x86_64
|
||||
%ifarch x86_64
|
||||
# enable on anything newer than 1320, or SLE12 family newer than 120100
|
||||
@ -165,7 +171,7 @@
|
||||
|
||||
Name: libvirt
|
||||
Url: http://libvirt.org/
|
||||
Version: 3.10.0
|
||||
Version: 4.0.0
|
||||
Release: 0
|
||||
Summary: Library providing a simple virtualization API
|
||||
License: LGPL-2.1+
|
||||
@ -218,6 +224,9 @@ BuildRequires: xen-devel
|
||||
# For managing ACLs
|
||||
BuildRequires: libacl-devel
|
||||
%endif
|
||||
%if %{with_bash_completion}
|
||||
BuildRequires: bash-completion >= 2.0
|
||||
%endif
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libgcrypt-devel
|
||||
@ -309,17 +318,11 @@ Source5: suse-qemu-domain-hook.py
|
||||
Source99: baselibs.conf
|
||||
Source100: %{name}-rpmlintrc
|
||||
# Upstream patches
|
||||
Patch0: 2d07f1f0-fix-storage-crash.patch
|
||||
Patch1: 69ed99c7-dom0-persistent.patch
|
||||
Patch2: 8599aedd-libvirt-guests-dom0-filter.patch
|
||||
Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch
|
||||
Patch4: b475a91b-add-virStringFilterChars-string-utility.patch
|
||||
Patch5: faec1958-lxc-set-hostname-based-on-container-name.patch
|
||||
Patch6: 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch
|
||||
Patch0: 72adaf2f-revert-qemu-monitor-error-report.patch
|
||||
Patch1: 71d56a39-nodedev-fix-parse-PCI-address.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
Patch102: fix-virt-aa-helper-profile.patch
|
||||
# Need to go upstream
|
||||
Patch150: xen-pv-cdrom.patch
|
||||
Patch151: blockcopy-check-dst-identical-device.patch
|
||||
@ -337,15 +340,14 @@ Patch205: suse-libvirtd-service-xen.patch
|
||||
Patch206: suse-qemu-conf.patch
|
||||
Patch207: suse-ovmf-paths.patch
|
||||
Patch208: suse-apparmor-libnl-paths.patch
|
||||
Patch209: suse-apparmor-signal.patch
|
||||
Patch210: support-managed-pci-xen-driver.patch
|
||||
Patch211: xen-sxpr-disk-type.patch
|
||||
Patch212: libxl-support-block-script.patch
|
||||
Patch213: apparmor-no-mount.patch
|
||||
Patch214: qemu-apparmor-screenshot.patch
|
||||
Patch215: libvirt-suse-netcontrol.patch
|
||||
Patch216: lxc-wait-after-eth-del.patch
|
||||
Patch217: libxl-qemu-emulator-caps.patch
|
||||
Patch209: support-managed-pci-xen-driver.patch
|
||||
Patch210: xen-sxpr-disk-type.patch
|
||||
Patch211: libxl-support-block-script.patch
|
||||
Patch212: apparmor-no-mount.patch
|
||||
Patch213: qemu-apparmor-screenshot.patch
|
||||
Patch214: libvirt-suse-netcontrol.patch
|
||||
Patch215: lxc-wait-after-eth-del.patch
|
||||
Patch216: libxl-qemu-emulator-caps.patch
|
||||
# SLES-Only patches
|
||||
%if ! 0%{?is_opensuse}
|
||||
Patch400: virt-create-rootfs.patch
|
||||
@ -903,14 +905,8 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch150 -p1
|
||||
%patch151 -p1
|
||||
%patch152 -p1
|
||||
@ -934,7 +930,6 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%patch214 -p1
|
||||
%patch215 -p1
|
||||
%patch216 -p1
|
||||
%patch217 -p1
|
||||
%if ! 0%{?is_opensuse}
|
||||
%patch400 -p1
|
||||
%endif
|
||||
@ -1390,6 +1385,9 @@ fi
|
||||
%{_datadir}/systemtap/tapset/libvirt_probes*.stp
|
||||
%{_datadir}/systemtap/tapset/libvirt_qemu_probes*.stp
|
||||
%{_datadir}/systemtap/tapset/libvirt_functions.stp
|
||||
%if %{with_bash_completion}
|
||||
%{_datadir}/bash-completion/completions/vsh
|
||||
%endif
|
||||
%dir %{_localstatedir}/lib/libvirt/
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
|
||||
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/
|
||||
|
@ -8,10 +8,10 @@ Date: Mon Jun 23 15:51:20 2014 -0600
|
||||
option, but domainReset can be implemented in the libxl driver by
|
||||
forcibly destroying the domain and starting it again.
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_driver.c
|
||||
@@ -1382,6 +1382,61 @@ libxlDomainReboot(virDomainPtr dom, unsi
|
||||
}
|
||||
|
||||
|
@ -8,10 +8,10 @@ as the default <emulator>, instead of the qemu-xen one.
|
||||
|
||||
See FATE#320638 for details.
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_capabilities.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_capabilities.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_capabilities.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_capabilities.c
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_capabilities.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_capabilities.c
|
||||
@@ -38,6 +38,7 @@
|
||||
#include "libxl_capabilities.h"
|
||||
#include "cpu/cpu_x86.h"
|
||||
|
@ -3,11 +3,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
|
||||
src/libxl/libxl_conf.c | 25 +++++++++++++++++++++++++
|
||||
1 file changed, 25 insertions(+)
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_conf.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
@@ -735,6 +735,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_conf.c
|
||||
@@ -736,6 +736,30 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -38,7 +38,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
static char *
|
||||
libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src,
|
||||
const char *username,
|
||||
@@ -983,6 +1007,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
@@ -984,6 +1008,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0;
|
||||
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
|
||||
return -1;
|
||||
|
@ -16,10 +16,10 @@ Signed-off-by: Jim Fehlig <jfehlig@suse.com>
|
||||
tools/virsh.pod | 8 ++++++++
|
||||
6 files changed, 125 insertions(+), 6 deletions(-)
|
||||
|
||||
Index: libvirt-3.10.0/include/libvirt/libvirt-domain.h
|
||||
Index: libvirt-4.0.0/include/libvirt/libvirt-domain.h
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/include/libvirt/libvirt-domain.h
|
||||
+++ libvirt-3.10.0/include/libvirt/libvirt-domain.h
|
||||
--- libvirt-4.0.0.orig/include/libvirt/libvirt-domain.h
|
||||
+++ libvirt-4.0.0/include/libvirt/libvirt-domain.h
|
||||
@@ -1008,6 +1008,31 @@ typedef enum {
|
||||
*/
|
||||
# define VIR_MIGRATE_PARAM_AUTO_CONVERGE_INCREMENT "auto_converge.increment"
|
||||
@ -52,10 +52,10 @@ Index: libvirt-3.10.0/include/libvirt/libvirt-domain.h
|
||||
/* Domain migration. */
|
||||
virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn,
|
||||
unsigned long flags, const char *dname,
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_driver.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_driver.c
|
||||
@@ -6100,6 +6100,9 @@ libxlDomainMigratePerform3Params(virDoma
|
||||
const char *dname = NULL;
|
||||
const char *uri = NULL;
|
||||
@ -99,10 +99,10 @@ Index: libvirt-3.10.0/src/libxl/libxl_driver.c
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_migration.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_migration.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_migration.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_migration.c
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_migration.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_migration.c
|
||||
@@ -359,18 +359,39 @@ libxlMigrateReceive(virNetSocketPtr sock
|
||||
static int
|
||||
libxlDoMigrateSend(libxlDriverPrivatePtr driver,
|
||||
@ -263,10 +263,10 @@ Index: libvirt-3.10.0/src/libxl/libxl_migration.c
|
||||
virObjectLock(vm);
|
||||
|
||||
cleanup:
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_migration.h
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_migration.h
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_migration.h
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_migration.h
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_migration.h
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_migration.h
|
||||
@@ -39,6 +39,10 @@
|
||||
VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
|
||||
VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
|
||||
@ -311,11 +311,11 @@ Index: libvirt-3.10.0/src/libxl/libxl_migration.h
|
||||
|
||||
virDomainPtr
|
||||
libxlDomainMigrationFinish(virConnectPtr dconn,
|
||||
Index: libvirt-3.10.0/tools/virsh-domain.c
|
||||
Index: libvirt-4.0.0/tools/virsh-domain.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/virsh-domain.c
|
||||
+++ libvirt-3.10.0/tools/virsh-domain.c
|
||||
@@ -10536,6 +10536,22 @@ static const vshCmdOptDef opts_migrate[]
|
||||
--- libvirt-4.0.0.orig/tools/virsh-domain.c
|
||||
+++ libvirt-4.0.0/tools/virsh-domain.c
|
||||
@@ -10540,6 +10540,22 @@ static const vshCmdOptDef opts_migrate[]
|
||||
.type = VSH_OT_BOOL,
|
||||
.help = N_("use TLS for migration")
|
||||
},
|
||||
@ -338,7 +338,7 @@ Index: libvirt-3.10.0/tools/virsh-domain.c
|
||||
{.name = NULL}
|
||||
};
|
||||
|
||||
@@ -10559,6 +10575,7 @@ doMigrate(void *opaque)
|
||||
@@ -10563,6 +10579,7 @@ doMigrate(void *opaque)
|
||||
unsigned long long ullOpt = 0;
|
||||
int rv;
|
||||
virConnectPtr dconn = data->dconn;
|
||||
@ -346,7 +346,7 @@ Index: libvirt-3.10.0/tools/virsh-domain.c
|
||||
|
||||
sigemptyset(&sigmask);
|
||||
sigaddset(&sigmask, SIGINT);
|
||||
@@ -10678,6 +10695,27 @@ doMigrate(void *opaque)
|
||||
@@ -10682,6 +10699,27 @@ doMigrate(void *opaque)
|
||||
goto save_error;
|
||||
}
|
||||
|
||||
@ -374,10 +374,10 @@ Index: libvirt-3.10.0/tools/virsh-domain.c
|
||||
if (vshCommandOptStringReq(ctl, cmd, "xml", &opt) < 0)
|
||||
goto out;
|
||||
if (opt) {
|
||||
Index: libvirt-3.10.0/tools/virsh.pod
|
||||
Index: libvirt-4.0.0/tools/virsh.pod
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/virsh.pod
|
||||
+++ libvirt-3.10.0/tools/virsh.pod
|
||||
--- libvirt-4.0.0.orig/tools/virsh.pod
|
||||
+++ libvirt-4.0.0/tools/virsh.pod
|
||||
@@ -1849,6 +1849,14 @@ Providing I<--tls> causes the migration
|
||||
the migration of the domain. Usage requires proper TLS setup for both source
|
||||
and target.
|
||||
|
@ -7,11 +7,11 @@ and npiv.
|
||||
|
||||
For more details, see bsc#954872 and FATE#319810
|
||||
|
||||
Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
Index: libvirt-4.0.0/src/libxl/libxl_conf.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
@@ -735,6 +735,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
--- libvirt-4.0.0.orig/src/libxl/libxl_conf.c
|
||||
+++ libvirt-4.0.0/src/libxl/libxl_conf.c
|
||||
@@ -736,6 +736,25 @@ libxlDiskSetDiscard(libxl_device_disk *x
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -37,7 +37,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
static void
|
||||
libxlDiskSetCacheMode(libxl_device_disk *x_disk, int cachemode)
|
||||
{
|
||||
@@ -880,6 +899,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
|
||||
@@ -881,6 +900,7 @@ libxlMakeNetworkDiskSrc(virStorageSource
|
||||
int
|
||||
libxlMakeDisk(virDomainDiskDefPtr l_disk, libxl_device_disk *x_disk)
|
||||
{
|
||||
@ -45,7 +45,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
const char *driver = virDomainDiskGetDriver(l_disk);
|
||||
int format = virDomainDiskGetFormat(l_disk);
|
||||
int actual_type = virStorageSourceGetActualType(l_disk->src);
|
||||
@@ -895,7 +915,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
@@ -896,7 +916,7 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
if (libxlMakeNetworkDiskSrc(l_disk->src, &x_disk->pdev_path) < 0)
|
||||
return -1;
|
||||
} else {
|
||||
@ -54,7 +54,7 @@ Index: libvirt-3.10.0/src/libxl/libxl_conf.c
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1008,6 +1028,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
@@ -1009,6 +1029,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk
|
||||
if (libxlDiskSetDiscard(x_disk, l_disk->discard) < 0)
|
||||
return -1;
|
||||
libxlDiskSetCacheMode(x_disk, l_disk->cachemode);
|
||||
|
@ -13,10 +13,10 @@ device with the same name that is being created.
|
||||
src/lxc/lxc_process.c | 1 +
|
||||
3 files changed, 4 insertions(+)
|
||||
|
||||
Index: libvirt-3.10.0/src/lxc/lxc_controller.c
|
||||
Index: libvirt-4.0.0/src/lxc/lxc_controller.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/lxc/lxc_controller.c
|
||||
+++ libvirt-3.10.0/src/lxc/lxc_controller.c
|
||||
--- libvirt-4.0.0.orig/src/lxc/lxc_controller.c
|
||||
+++ libvirt-4.0.0/src/lxc/lxc_controller.c
|
||||
@@ -73,6 +73,7 @@
|
||||
#include "rpc/virnetdaemon.h"
|
||||
#include "virstring.h"
|
||||
@ -33,10 +33,10 @@ Index: libvirt-3.10.0/src/lxc/lxc_controller.c
|
||||
|
||||
return ret;
|
||||
}
|
||||
Index: libvirt-3.10.0/src/lxc/lxc_driver.c
|
||||
Index: libvirt-4.0.0/src/lxc/lxc_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-3.10.0/src/lxc/lxc_driver.c
|
||||
--- libvirt-4.0.0.orig/src/lxc/lxc_driver.c
|
||||
+++ libvirt-4.0.0/src/lxc/lxc_driver.c
|
||||
@@ -76,6 +76,7 @@
|
||||
#include "virtime.h"
|
||||
#include "virtypedparam.h"
|
||||
@ -61,10 +61,10 @@ Index: libvirt-3.10.0/src/lxc/lxc_driver.c
|
||||
break;
|
||||
|
||||
/* It'd be nice to support this, but with macvlan
|
||||
Index: libvirt-3.10.0/src/lxc/lxc_process.c
|
||||
Index: libvirt-4.0.0/src/lxc/lxc_process.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/lxc/lxc_process.c
|
||||
+++ libvirt-3.10.0/src/lxc/lxc_process.c
|
||||
--- libvirt-4.0.0.orig/src/lxc/lxc_process.c
|
||||
+++ libvirt-4.0.0/src/lxc/lxc_process.c
|
||||
@@ -52,6 +52,7 @@
|
||||
#include "viratomic.h"
|
||||
#include "virprocess.h"
|
||||
|
@ -17,10 +17,10 @@ Signed-off-by: Martin Wilck <mwilck@suse.com>
|
||||
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: libvirt-3.10.0/src/network/bridge_driver.c
|
||||
Index: libvirt-4.0.0/src/network/bridge_driver.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/network/bridge_driver.c
|
||||
+++ libvirt-3.10.0/src/network/bridge_driver.c
|
||||
--- libvirt-4.0.0.orig/src/network/bridge_driver.c
|
||||
+++ libvirt-4.0.0/src/network/bridge_driver.c
|
||||
@@ -1393,7 +1393,14 @@ networkDnsmasqConfContents(virNetworkObj
|
||||
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
|
||||
if (ipdef->nranges || ipdef->nhosts) {
|
||||
@ -37,10 +37,10 @@ Index: libvirt-3.10.0/src/network/bridge_driver.c
|
||||
}
|
||||
|
||||
if (ipdef->tftproot) {
|
||||
Index: libvirt-3.10.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
Index: libvirt-4.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
+++ libvirt-3.10.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
--- libvirt-4.0.0.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
+++ libvirt-4.0.0/tests/networkxml2confdata/dhcp6host-routed-network.conf
|
||||
@@ -10,7 +10,6 @@ bind-dynamic
|
||||
interface=virbr1
|
||||
dhcp-range=192.168.122.1,static
|
||||
|
@ -2,10 +2,10 @@ Canonicalize hostarch name ppc64le to ppc64
|
||||
|
||||
See bnc#894956
|
||||
|
||||
Index: libvirt-3.10.0/src/util/virarch.c
|
||||
Index: libvirt-4.0.0/src/util/virarch.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/util/virarch.c
|
||||
+++ libvirt-3.10.0/src/util/virarch.c
|
||||
--- libvirt-4.0.0.orig/src/util/virarch.c
|
||||
+++ libvirt-4.0.0/src/util/virarch.c
|
||||
@@ -169,6 +169,8 @@ virArch virArchFromHost(void)
|
||||
arch = VIR_ARCH_I686;
|
||||
} else if (STREQ(ut.machine, "amd64")) {
|
||||
|
@ -1,11 +1,11 @@
|
||||
Index: libvirt-3.10.0/examples/apparmor/libvirt-qemu
|
||||
Index: libvirt-4.0.0/examples/apparmor/libvirt-qemu
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/examples/apparmor/libvirt-qemu
|
||||
+++ libvirt-3.10.0/examples/apparmor/libvirt-qemu
|
||||
@@ -191,3 +191,6 @@
|
||||
/sys/devices/system/node/ r,
|
||||
/sys/devices/system/node/node[0-9]*/meminfo r,
|
||||
/sys/module/vhost/parameters/max_mem_regions r,
|
||||
--- libvirt-4.0.0.orig/examples/apparmor/libvirt-qemu
|
||||
+++ libvirt-4.0.0/examples/apparmor/libvirt-qemu
|
||||
@@ -193,3 +193,6 @@
|
||||
# silence refusals to open lttng files (see LP: #1432644)
|
||||
deny /dev/shm/lttng-ust-wait-* r,
|
||||
deny /run/shm/lttng-ust-wait-* r,
|
||||
+
|
||||
+ # Temporary screendump rule -- See bsc#904426
|
||||
+ /var/cache/libvirt/qemu/qemu.screendump.* rw,
|
||||
|
@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver
|
||||
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
|
||||
2 files changed, 35 insertions(+), 15 deletions(-)
|
||||
|
||||
Index: libvirt-3.10.0/src/xenconfig/xen_common.c
|
||||
Index: libvirt-4.0.0/src/xenconfig/xen_common.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/xenconfig/xen_common.c
|
||||
+++ libvirt-3.10.0/src/xenconfig/xen_common.c
|
||||
--- libvirt-4.0.0.orig/src/xenconfig/xen_common.c
|
||||
+++ libvirt-4.0.0/src/xenconfig/xen_common.c
|
||||
@@ -394,6 +394,8 @@ xenParsePCI(virConfPtr conf, virDomainDe
|
||||
{
|
||||
virConfValuePtr list = virConfGetValue(conf, "pci");
|
||||
@ -66,10 +66,10 @@ Index: libvirt-3.10.0/src/xenconfig/xen_common.c
|
||||
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
|
||||
hostdev->source.subsys.u.pci.addr.domain = domainID;
|
||||
hostdev->source.subsys.u.pci.addr.bus = busID;
|
||||
Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -1057,6 +1057,7 @@ xenParseSxprPCI(virDomainDefPtr def,
|
||||
int busID;
|
||||
int slotID;
|
||||
|
@ -8,10 +8,10 @@ It was also noticed that the per-domain profiles need a libnl rule
|
||||
to squelch a denial when starting confined domains.
|
||||
|
||||
Found while investigating bsc#1058847
|
||||
Index: libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
Index: libvirt-4.0.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
--- libvirt-4.0.0.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
+++ libvirt-4.0.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
@@ -17,7 +17,7 @@ profile virt-aa-helper /usr/{lib,lib64}/
|
||||
owner @{PROC}/[0-9]*/status r,
|
||||
@{PROC}/filesystems r,
|
||||
@ -21,10 +21,10 @@ Index: libvirt-3.10.0/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
||||
|
||||
# for hostdev
|
||||
/sys/devices/ r,
|
||||
Index: libvirt-3.10.0/examples/apparmor/libvirt-qemu
|
||||
Index: libvirt-4.0.0/examples/apparmor/libvirt-qemu
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/examples/apparmor/libvirt-qemu
|
||||
+++ libvirt-3.10.0/examples/apparmor/libvirt-qemu
|
||||
--- libvirt-4.0.0.orig/examples/apparmor/libvirt-qemu
|
||||
+++ libvirt-4.0.0/examples/apparmor/libvirt-qemu
|
||||
@@ -62,6 +62,7 @@
|
||||
#/dev/fb* rw,
|
||||
|
||||
|
@ -1,26 +0,0 @@
|
||||
apparmor: allow libvirtd to send signals to unconfined processes
|
||||
|
||||
When confinement of QEMU/KVM domains is not enforced (security_default_confined = 0),
|
||||
qemu processes run unconfined. Add a rule to the libvirtd apparmor profile allowing
|
||||
sending signals to unconfined processes. Without the rule, libvirtd
|
||||
is unable to signal QEMU/KVM domains. E.g. 'virsh destroy dom' results in the
|
||||
following denial in audit.log
|
||||
|
||||
type=AVC msg=audit(1510951646.581:939): apparmor="DENIED" operation="signal"
|
||||
profile="/usr/sbin/libvirtd" pid=18891 comm="libvirtd" requested_mask="send"
|
||||
denied_mask="send" signal=term peer="unconfined"
|
||||
|
||||
Index: libvirt-3.10.0/examples/apparmor/usr.sbin.libvirtd
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/examples/apparmor/usr.sbin.libvirtd
|
||||
+++ libvirt-3.10.0/examples/apparmor/usr.sbin.libvirtd
|
||||
@@ -60,6 +60,9 @@
|
||||
|
||||
signal (send) peer=/usr/sbin/dnsmasq,
|
||||
signal (read, send) peer=libvirt-*,
|
||||
+ # When confinement is not enforced (security_default_confined = 0), qemu
|
||||
+ # processes run unconfined, hence 'peer=unconfined'
|
||||
+ signal send set=(hup,kill,term) peer=unconfined,
|
||||
|
||||
# Very lenient profile for libvirtd since we want to first focus on confining
|
||||
# the guests. Guests will have a very restricted profile.
|
@ -1,9 +1,9 @@
|
||||
Adjust libvirt-guests service to conform to SUSE standards
|
||||
|
||||
Index: libvirt-3.10.0/tools/libvirt-guests.init.in
|
||||
Index: libvirt-4.0.0/tools/libvirt-guests.init.in
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/libvirt-guests.init.in
|
||||
+++ libvirt-3.10.0/tools/libvirt-guests.init.in
|
||||
--- libvirt-4.0.0.orig/tools/libvirt-guests.init.in
|
||||
+++ libvirt-4.0.0/tools/libvirt-guests.init.in
|
||||
@@ -4,27 +4,27 @@
|
||||
# http://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/initscrcomconv.html
|
||||
#
|
||||
@ -46,10 +46,10 @@ Index: libvirt-3.10.0/tools/libvirt-guests.init.in
|
||||
+
|
||||
|
||||
exec @libexecdir@/libvirt-guests.sh "$@"
|
||||
Index: libvirt-3.10.0/tools/libvirt-guests.sh.in
|
||||
Index: libvirt-4.0.0/tools/libvirt-guests.sh.in
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/libvirt-guests.sh.in
|
||||
+++ libvirt-3.10.0/tools/libvirt-guests.sh.in
|
||||
--- libvirt-4.0.0.orig/tools/libvirt-guests.sh.in
|
||||
+++ libvirt-4.0.0/tools/libvirt-guests.sh.in
|
||||
@@ -16,14 +16,13 @@
|
||||
# License along with this library. If not, see
|
||||
# <http://www.gnu.org/licenses/>.
|
||||
@ -209,10 +209,10 @@ Index: libvirt-3.10.0/tools/libvirt-guests.sh.in
|
||||
esac
|
||||
-exit $RETVAL
|
||||
+rc_exit
|
||||
Index: libvirt-3.10.0/tools/libvirt-guests.sysconf
|
||||
Index: libvirt-4.0.0/tools/libvirt-guests.sysconf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/tools/libvirt-guests.sysconf
|
||||
+++ libvirt-3.10.0/tools/libvirt-guests.sysconf
|
||||
--- libvirt-4.0.0.orig/tools/libvirt-guests.sysconf
|
||||
+++ libvirt-4.0.0/tools/libvirt-guests.sysconf
|
||||
@@ -1,19 +1,29 @@
|
||||
+## Path: System/Virtualization/libvirt-guests
|
||||
+
|
||||
|
@ -3,10 +3,10 @@ Disable TLS by default
|
||||
On SUSE distros, the default is for libvirtd to listen only on the
|
||||
Unix Domain Socket. The libvirt client still provides remote access
|
||||
via a SSH tunnel.
|
||||
Index: libvirt-3.10.0/daemon/libvirtd.conf
|
||||
Index: libvirt-4.0.0/daemon/libvirtd.conf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/daemon/libvirtd.conf
|
||||
+++ libvirt-3.10.0/daemon/libvirtd.conf
|
||||
--- libvirt-4.0.0.orig/daemon/libvirtd.conf
|
||||
+++ libvirt-4.0.0/daemon/libvirtd.conf
|
||||
@@ -18,8 +18,8 @@
|
||||
# It is necessary to setup a CA and issue server certificates before
|
||||
# using this capability.
|
||||
@ -18,10 +18,10 @@ Index: libvirt-3.10.0/daemon/libvirtd.conf
|
||||
|
||||
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
||||
# NB, must pass the --listen flag to the libvirtd process for this to
|
||||
Index: libvirt-3.10.0/daemon/libvirtd-config.c
|
||||
Index: libvirt-4.0.0/daemon/libvirtd-config.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/daemon/libvirtd-config.c
|
||||
+++ libvirt-3.10.0/daemon/libvirtd-config.c
|
||||
--- libvirt-4.0.0.orig/daemon/libvirtd-config.c
|
||||
+++ libvirt-4.0.0/daemon/libvirtd-config.c
|
||||
@@ -110,7 +110,7 @@ daemonConfigNew(bool privileged ATTRIBUT
|
||||
if (VIR_ALLOC(data) < 0)
|
||||
return NULL;
|
||||
@ -31,10 +31,10 @@ Index: libvirt-3.10.0/daemon/libvirtd-config.c
|
||||
data->listen_tcp = 0;
|
||||
|
||||
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
|
||||
Index: libvirt-3.10.0/daemon/test_libvirtd.aug.in
|
||||
Index: libvirt-4.0.0/daemon/test_libvirtd.aug.in
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/daemon/test_libvirtd.aug.in
|
||||
+++ libvirt-3.10.0/daemon/test_libvirtd.aug.in
|
||||
--- libvirt-4.0.0.orig/daemon/test_libvirtd.aug.in
|
||||
+++ libvirt-4.0.0/daemon/test_libvirtd.aug.in
|
||||
@@ -2,7 +2,7 @@ module Test_libvirtd =
|
||||
::CONFIG::
|
||||
|
||||
|
@ -7,10 +7,10 @@ On SUSE distros, we promote libvirt and all the libvirt-based
|
||||
tools. If a user installs libvirt on their SUSE Xen host, then
|
||||
libvirt should be king and override xendomains. See bsc#1015348
|
||||
|
||||
Index: libvirt-3.10.0/daemon/libvirtd.service.in
|
||||
Index: libvirt-4.0.0/daemon/libvirtd.service.in
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/daemon/libvirtd.service.in
|
||||
+++ libvirt-3.10.0/daemon/libvirtd.service.in
|
||||
--- libvirt-4.0.0.orig/daemon/libvirtd.service.in
|
||||
+++ libvirt-4.0.0/daemon/libvirtd.service.in
|
||||
@@ -14,6 +14,8 @@ After=iscsid.service
|
||||
After=apparmor.service
|
||||
After=local-fs.target
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust libvirtd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-3.10.0/daemon/libvirtd.sysconf
|
||||
Index: libvirt-4.0.0/daemon/libvirtd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/daemon/libvirtd.sysconf
|
||||
+++ libvirt-3.10.0/daemon/libvirtd.sysconf
|
||||
--- libvirt-4.0.0.orig/daemon/libvirtd.sysconf
|
||||
+++ libvirt-4.0.0/daemon/libvirtd.sysconf
|
||||
@@ -1,16 +1,25 @@
|
||||
+## Path: System/Virtualization/libvirt
|
||||
+
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust paths of OVMF firmwares on SUSE distros
|
||||
|
||||
Index: libvirt-3.10.0/src/qemu/qemu.conf
|
||||
Index: libvirt-4.0.0/src/qemu/qemu.conf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-3.10.0/src/qemu/qemu.conf
|
||||
--- libvirt-4.0.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-4.0.0/src/qemu/qemu.conf
|
||||
@@ -743,10 +743,9 @@ security_default_confined = 0
|
||||
# for x86_64 and i686, but it's AAVMF for aarch64. The libvirt default
|
||||
# follows this scheme.
|
||||
@ -18,10 +18,10 @@ Index: libvirt-3.10.0/src/qemu/qemu.conf
|
||||
#]
|
||||
|
||||
# The backend to use for handling stdout/stderr output from
|
||||
Index: libvirt-3.10.0/src/qemu/qemu_conf.c
|
||||
Index: libvirt-4.0.0/src/qemu/qemu_conf.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/qemu/qemu_conf.c
|
||||
+++ libvirt-3.10.0/src/qemu/qemu_conf.c
|
||||
--- libvirt-4.0.0.orig/src/qemu/qemu_conf.c
|
||||
+++ libvirt-4.0.0/src/qemu/qemu_conf.c
|
||||
@@ -127,10 +127,9 @@ void qemuDomainCmdlineDefFree(qemuDomain
|
||||
|
||||
#ifndef DEFAULT_LOADER_NVRAM
|
||||
|
@ -7,10 +7,10 @@ suse-qemu-conf-secdriver.patch, suse-qemu-conf-lockmgr.patch,
|
||||
etc.), but for now they are all lumped together in this
|
||||
single patch.
|
||||
|
||||
Index: libvirt-3.10.0/src/qemu/qemu.conf
|
||||
Index: libvirt-4.0.0/src/qemu/qemu.conf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-3.10.0/src/qemu/qemu.conf
|
||||
--- libvirt-4.0.0.orig/src/qemu/qemu.conf
|
||||
+++ libvirt-4.0.0/src/qemu/qemu.conf
|
||||
@@ -380,11 +380,20 @@
|
||||
# isolation, but it cannot appear in a list of drivers.
|
||||
#
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust virtlockd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-3.10.0/src/locking/virtlockd.sysconf
|
||||
Index: libvirt-4.0.0/src/locking/virtlockd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/locking/virtlockd.sysconf
|
||||
+++ libvirt-3.10.0/src/locking/virtlockd.sysconf
|
||||
--- libvirt-4.0.0.orig/src/locking/virtlockd.sysconf
|
||||
+++ libvirt-4.0.0/src/locking/virtlockd.sysconf
|
||||
@@ -1,3 +1,7 @@
|
||||
+## Path: System/Virtualization/virtlockd
|
||||
+
|
||||
|
@ -1,9 +1,9 @@
|
||||
Adjust virtlogd sysconfig file to conform to SUSE standards
|
||||
|
||||
Index: libvirt-3.10.0/src/logging/virtlogd.sysconf
|
||||
Index: libvirt-4.0.0/src/logging/virtlogd.sysconf
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/logging/virtlogd.sysconf
|
||||
+++ libvirt-3.10.0/src/logging/virtlogd.sysconf
|
||||
--- libvirt-4.0.0.orig/src/logging/virtlogd.sysconf
|
||||
+++ libvirt-4.0.0/src/logging/virtlogd.sysconf
|
||||
@@ -1,3 +1,7 @@
|
||||
+## Path: System/Virtualization/virtlogd
|
||||
+
|
||||
|
@ -1,7 +1,7 @@
|
||||
Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -387,7 +387,7 @@ xenParseSxprVifRate(const char *rate, un
|
||||
static int
|
||||
xenParseSxprDisks(virDomainDefPtr def,
|
||||
|
@ -6,10 +6,10 @@ and 'file'. This was implicitly done prior to commit 9673418c.
|
||||
|
||||
https://bugzilla.suse.com/show_bug.cgi?id=938228
|
||||
|
||||
Index: libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
Index: libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
===================================================================
|
||||
--- libvirt-3.10.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-3.10.0/src/xenconfig/xen_sxpr.c
|
||||
--- libvirt-4.0.0.orig/src/xenconfig/xen_sxpr.c
|
||||
+++ libvirt-4.0.0/src/xenconfig/xen_sxpr.c
|
||||
@@ -501,10 +501,11 @@ xenParseSxprDisks(virDomainDefPtr def,
|
||||
omnipotent, we can revisit this, perhaps stat()'ing
|
||||
the src file in question */
|
||||
|
Loading…
Reference in New Issue
Block a user