rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity

Accepting request 265250 from home:cbosdonnat:branches:Virtualization

Browse Source 
- Update to libvirt 1.2.11
  - Implement public API for virDomainGetFSInfo
  - qemu: Add define for the new throttle options
  - CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
  - CVE-2014-7823: dumpxml: security hole with migratable flag
- Drop upstream patches: 2222123-virt-aa-helper-crash.patch,
  433b427-iplink-name.patch,
  52691f99-qemu-mig-crash.patch,
  72fecf1-lxc-resolve-symlinks.patch,
  b1674ad5-CVE-2014-7823.patch,
  ba9b7252-sys-net-rw.patch,
  c264eea-virt-aa-helper-sandbox.patch,
  e50457d-lxc-unmount-check.patch,
  cgroup-all-devices.patch,
  libvirt-ppc64le-support.patch

OBS-URL: https://build.opensuse.org/request/show/265250
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=428
This commit is contained in:
Cédric Bosdonnat 2014-12-15 14:16:23 +00:00 committed by Git OBS Bridge
parent 06949b0f82
commit 8082129d0c
18 changed files with 65 additions and 804 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
2222123-virt-aa-helper-crash.patch
View File

@ -1,27 +0,0 @@
From 22221233d0c2fd2c2d41b7527fe2bec13295a427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 20 Nov 2014 11:31:44 +0100
Subject: [PATCH 1/5] virt-aa-helper wasn't running virErrorInitialize
This turns out to be working by magic but needs to be fixed.
---
src/security/virt-aa-helper.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
@@ -1251,6 +1251,12 @@ main(int argc, char **argv)
exit(EXIT_FAILURE);
}
+ if (virThreadInitialize() < 0 ||
+ virErrorInitialize() < 0) {
+ fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
+ exit(EXIT_FAILURE);
+ }
+
/* clear the environment */
environ = NULL;
if (setenv("PATH", "/sbin:/usr/sbin", 1) != 0) {

37
433b427-iplink-name.patch
View File

@ -1,37 +0,0 @@
From 433b427ff853ab72d32573d415e6ec569b77c7cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 20 Nov 2014 15:26:35 +0100
Subject: [PATCH 3/5] ip link needs 'name' in 3.16 to create the veth pair
Due to a change (or bug?) in ip link implementation, the command
'ip link add vnet0...'
is forced into
'ip link add name vnet0...'
The changed command also works on older versions of iproute2, just the
'name' parameter has been made mandatory.
---
src/util/virnetdevveth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: libvirt-1.2.10/src/util/virnetdevveth.c
===================================================================
--- libvirt-1.2.10.orig/src/util/virnetdevveth.c
+++ libvirt-1.2.10/src/util/virnetdevveth.c
@@ -89,7 +89,7 @@ static int virNetDevVethGetFreeNum(int s
* @veth2: pointer to return name for container end of veth pair
*
* Creates a veth device pair using the ip command:
- * ip link add veth1 type veth peer name veth2
+ * ip link add name veth1 type veth peer name veth2
* If veth1 points to NULL on entry, it will be a valid interface on
* return. veth2 should point to NULL on entry.
*
@@ -146,7 +146,7 @@ int virNetDevVethCreate(char** veth1, ch
}
cmd = virCommandNew("ip");
- virCommandAddArgList(cmd, "link", "add",
+ virCommandAddArgList(cmd, "link", "add", "name",
*veth1 ? *veth1 : veth1auto,
"type", "veth", "peer", "name",
*veth2 ? *veth2 : veth2auto,

29
52691f99-qemu-mig-crash.patch
View File

@ -1,29 +0,0 @@
commit 52691f99fa016ac46c9546c37706e57a5180d4c6
Author: Jiri Denemark <jdenemar@redhat.com>
Date: Thu Nov 20 13:09:16 2014 +0100
qemu: Fix crash in tunnelled migration
Any attempt to start a tunnelled migration with libvirtd that supports
RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
libvirtd on the destination host.
The crash is inevitable because qemuMigrationPrepareAny is always called
with NULL protocol in case of tunnelled migration.
https://bugzilla.redhat.com/show_bug.cgi?id=1147331
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Index: libvirt-1.2.10/src/qemu/qemu_migration.c
===================================================================
--- libvirt-1.2.10.orig/src/qemu/qemu_migration.c
+++ libvirt-1.2.10/src/qemu/qemu_migration.c
@@ -2688,7 +2688,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr
QEMU_MIGRATION_COOKIE_NBD)))
goto cleanup;
- if (STREQ(protocol, "rdma") && !vm->def->mem.hard_limit) {
+ if (STREQ_NULLABLE(protocol, "rdma") && !vm->def->mem.hard_limit) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("cannot start RDMA migration with no memory hard "
"limit set"));

155
72fecf1-lxc-resolve-symlinks.patch
View File

@ -1,155 +0,0 @@
From 72fecf1813b9e77a7f89bc1e708f91bdab7d9ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Fri, 21 Nov 2014 17:45:55 +0100
Subject: [PATCH 4/5] lxc: be more patient while resolving symlinks
Resolving symlinks can fail before mounting any file system if one file
system depends on another being mounted. Symlinks are now resolved in
two passes:
* Before any file system is mounted, but then we are more gentle if
the source path can't be accessed
* Right before mounting a file system, so that we are sure that we
have the resolved path... but then if it can't be accessed we raise
an error.
---
src/conf/domain_conf.h | 1 +
src/lxc/lxc_container.c | 77 ++++++++++++++++++++++++++++++++++---------------
2 files changed, 54 insertions(+), 24 deletions(-)
Index: libvirt-1.2.10/src/conf/domain_conf.h
===================================================================
--- libvirt-1.2.10.orig/src/conf/domain_conf.h
+++ libvirt-1.2.10/src/conf/domain_conf.h
@@ -814,6 +814,7 @@ struct _virDomainFSDef {
virDomainDeviceInfo info;
unsigned long long space_hard_limit; /* in bytes */
unsigned long long space_soft_limit; /* in bytes */
+ bool symlinksResolved;
};
Index: libvirt-1.2.10/src/lxc/lxc_container.c
===================================================================
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
+++ libvirt-1.2.10/src/lxc/lxc_container.c
@@ -609,6 +609,48 @@ static int lxcContainerUnmountSubtree(co
return ret;
}
+static int lxcContainerResolveSymlinks(virDomainFSDefPtr fs, bool gentle)
+{
+ char *newroot;
+
+ if (!fs->src || fs->symlinksResolved)
+ return 0;
+
+ if (access(fs->src, F_OK)) {
+ if (gentle) {
+ /* Just ignore the error for the while, we'll try again later */
+ VIR_DEBUG("Skipped unaccessible '%s'", fs->src);
+ return 0;
+ } else {
+ virReportSystemError(errno,
+ _("Failed to access '%s'"), fs->src);
+ return -1;
+ }
+ }
+
+ VIR_DEBUG("Resolving '%s'", fs->src);
+ if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
+ if (gentle) {
+ VIR_DEBUG("Skipped non-resolvable '%s'", fs->src);
+ return 0;
+ } else {
+ virReportSystemError(errno,
+ _("Failed to resolve symlink at %s"),
+ fs->src);
+ }
+ return -1;
+ }
+
+ /* Mark it resolved to skip it the next time */
+ fs->symlinksResolved = true;
+
+ VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
+
+ VIR_FREE(fs->src);
+ fs->src = newroot;
+
+ return 0;
+}
static int lxcContainerPrepareRoot(virDomainDefPtr def,
virDomainFSDefPtr root,
@@ -635,6 +677,9 @@ static int lxcContainerPrepareRoot(virDo
return -1;
}
+ if (lxcContainerResolveSymlinks(root, false) < 0)
+ return -1;
+
if (virAsprintf(&dst, "%s/%s.root",
LXC_STATE_DIR, def->name) < 0)
return -1;
@@ -1555,6 +1600,9 @@ static int lxcContainerMountAllFS(virDom
if (STREQ(vmDef->fss[i]->dst, "/"))
continue;
+ if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
+ return -1;
+
if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
false) < 0)
return -1;
@@ -1738,37 +1786,18 @@ static int lxcContainerSetupPivotRoot(vi
return ret;
}
-
-static int lxcContainerResolveSymlinks(virDomainDefPtr vmDef)
+static int lxcContainerResolveAllSymlinks(virDomainDefPtr vmDef)
{
- char *newroot;
size_t i;
VIR_DEBUG("Resolving symlinks");
for (i = 0; i < vmDef->nfss; i++) {
virDomainFSDefPtr fs = vmDef->fss[i];
- if (!fs->src)
- continue;
-
- if (access(fs->src, F_OK)) {
- virReportSystemError(errno,
- _("Failed to access '%s'"), fs->src);
+ /* In the first pass, be gentle as some files may
+ depend on other filesystems to be mounted */
+ if (lxcContainerResolveSymlinks(fs, true) < 0)
return -1;
- }
-
- VIR_DEBUG("Resolving '%s'", fs->src);
- if (virFileResolveAllLinks(fs->src, &newroot) < 0) {
- virReportSystemError(errno,
- _("Failed to resolve symlink at %s"),
- fs->src);
- return -1;
- }
-
- VIR_DEBUG("Resolved '%s' to %s", fs->src, newroot);
-
- VIR_FREE(fs->src);
- fs->src = newroot;
}
VIR_DEBUG("Resolved all filesystem symlinks");
@@ -2107,7 +2136,7 @@ static int lxcContainerChild(void *data)
goto cleanup;
}
- if (lxcContainerResolveSymlinks(vmDef) < 0)
+ if (lxcContainerResolveAllSymlinks(vmDef) < 0)
goto cleanup;
VIR_DEBUG("Setting up pivot");

57
b1674ad5-CVE-2014-7823.patch
View File

@ -1,57 +0,0 @@
commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
Author: Eric Blake <eblake@redhat.com>
Date: Fri Oct 31 22:14:07 2014 -0600
CVE-2014-7823: dumpxml: security hole with migratable flag
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
the qemu implementation of virDomainGetXMLDesc, the use of the
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
prior to calling qemuDomainFormatXML. However, the use of
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
clients only. This patch treats the migratable flag as requiring
the same permissions, rather than analyzing what might break if
migratable xml no longer includes secret information.
Fortunately, the information leak is low-risk: all that is gated
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
but VNC passwords are already weak (FIPS forbids their use, and
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
password sent in plaintext over the network deserves what they
get). SPICE offers better security than VNC, and all other
secrets are properly protected by use of virSecret associations
rather than direct output in domain XML.
* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
Tighten rules on use of migratable flag.
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
Signed-off-by: Eric Blake <eblake@redhat.com>
Index: libvirt-1.2.10/src/libvirt-domain.c
===================================================================
--- libvirt-1.2.10.orig/src/libvirt-domain.c
+++ libvirt-1.2.10/src/libvirt-domain.c
@@ -2607,7 +2607,8 @@ virDomainGetXMLDesc(virDomainPtr domain,
virCheckDomainReturn(domain, NULL);
conn = domain->conn;
- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
+ if ((conn->flags & VIR_CONNECT_RO) &&
+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
virReportError(VIR_ERR_OPERATION_DENIED, "%s",
_("virDomainGetXMLDesc with secure flag"));
goto error;
Index: libvirt-1.2.10/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.2.10.orig/src/remote/remote_protocol.x
+++ libvirt-1.2.10/src/remote/remote_protocol.x
@@ -3255,6 +3255,7 @@ enum remote_procedure {
* @generate: both
* @acl: domain:read
* @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
*/
REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,

130
ba9b7252-sys-net-rw.patch
View File

@ -1,130 +0,0 @@
From ba9b7252ea8d87dfa217fb11dc5dadc039176807 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Wed, 10 Dec 2014 10:22:28 +0100
Subject: [PATCH] lxc: give RW access to /proc/sys/net/ipv[46] to containers
Some programs want to change some values for the network interfaces
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
allows wicked to work on openSUSE 13.2+.
Reusing the lxcNeedNetworkNamespace function to tell
lxcContainerMountBasicFS if the netns is disabled. When no netns is
set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
these would provide full access to the host NICs config.
---
src/lxc/lxc_container.c | 64 +++++++++++++++++++++++++++++++------------------
1 file changed, 41 insertions(+), 23 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 3b08b86..1b9e2f2 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -800,15 +800,18 @@ typedef struct {
int mflags;
bool skipUserNS;
bool skipUnmounted;
+ bool skipNoNetns;
} virLXCBasicMountInfo;
static const virLXCBasicMountInfo lxcBasicMounts[] = {
- { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false },
- { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false },
- { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false },
- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
+ { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false, false },
+ { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false, false },
+ { "/.oldroot/proc/sys/net/ipv4", "/proc/sys/net/ipv4", NULL, MS_BIND, false, false, true },
+ { "/.oldroot/proc/sys/net/ipv6", "/proc/sys/net/ipv6", NULL, MS_BIND, false, false, true },
+ { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false, false },
+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
#if WITH_SELINUX
- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true, false },
#endif
};
@@ -940,10 +943,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled,
continue;
}
+ /* Skip mounts with missing source without shouting: it may be a
+ * missing folder in /proc due to the absence of a kernel feature */
+ if (STRPREFIX(mnt_src, "/") && !virFileExists(mnt_src)) {
+ VIR_DEBUG("Skipping due to missing source: %s", mnt_src);
+ VIR_FREE(mnt_src);
+ continue;
+ }
+
+ if (mnt->skipNoNetns && netns_disabled) {
+ VIR_DEBUG("Skipping due to absence of network namespace");
+ VIR_FREE(mnt_src);
+ continue;
+ }
+
if (virFileMakePath(mnt->dst) < 0) {
virReportSystemError(errno,
_("Failed to mkdir %s"),
- mnt_src);
+ mnt->dst);
goto cleanup;
}
@@ -1697,6 +1714,23 @@ static int lxcContainerUnmountForSharedRoot(const char *stateDir,
}
+static bool
+lxcNeedNetworkNamespace(virDomainDefPtr def)
+{
+ size_t i;
+ if (def->nets != NULL)
+ return true;
+ if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
+ return true;
+ for (i = 0; i < def->nhostdevs; i++) {
+ if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
+ def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
+ return true;
+ }
+ return false;
+}
+
+
/* Got a FS mapped to /, we're going the pivot_root
* approach to do a better-chroot-than-chroot
* this is based on this thread http://lkml.org/lkml/2008/3/5/29
@@ -1741,7 +1775,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
/* Mounts the core /proc, /sys, etc filesystems */
if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap,
- !vmDef->nnets) < 0)
+ !lxcNeedNetworkNamespace(vmDef)) < 0)
goto cleanup;
/* Ensure entire root filesystem (except /.oldroot) is readonly */
@@ -2240,22 +2274,6 @@ virArch lxcContainerGetAlt32bitArch(virArch arch)
}
-static bool
-lxcNeedNetworkNamespace(virDomainDefPtr def)
-{
- size_t i;
- if (def->nets != NULL)
- return true;
- if (def->features[VIR_DOMAIN_FEATURE_PRIVNET] == VIR_TRISTATE_SWITCH_ON)
- return true;
- for (i = 0; i < def->nhostdevs; i++) {
- if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES &&
- def->hostdevs[i]->source.caps.type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET)
- return true;
- }
- return false;
-}
-
/**
* lxcContainerStart:
* @def: pointer to virtual machine structure
--
2.1.2

26
c264eea-virt-aa-helper-sandbox.patch
View File

@ -1,26 +0,0 @@
From c264eeaa381a917f01ba74526bf202073358a9dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Thu, 20 Nov 2014 11:32:38 +0100
Subject: [PATCH 2/5] virt-aa-helper: /etc/libvirt-sandbox/services isn't
restricted
To get virt-sandbox-service working with AppArmor, virt-aa-helper
needs not to choke on path in /etc/libvirt-sandbox/services.
---
src/security/virt-aa-helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: libvirt-1.2.10/src/security/virt-aa-helper.c
===================================================================
--- libvirt-1.2.10.orig/src/security/virt-aa-helper.c
+++ libvirt-1.2.10/src/security/virt-aa-helper.c
@@ -571,7 +571,8 @@ valid_path(const char *path, const bool
};
/* override the above with these */
const char * const override[] = {
- "/sys/devices/pci" /* for hostdev pci devices */
+ "/sys/devices/pci", /* for hostdev pci devices */
+ "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
};
if (path == NULL) {

36
cgroup-all-devices.patch
View File

@ -1,36 +0,0 @@
From c3cebcbf0303af428f75c53de99d75885b8a8ce3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Wed, 10 Dec 2014 14:32:10 +0100
Subject: [PATCH] Avoid getting '-1:-1' in devices cgroup list
When calling virCgroupAllowAllDevices we get these invalid entries
in the device cgroup config.
b -1:-1 rw
c -1:-1 rw
Check for positive values before outputting the major and minor to
avoid that.
---
src/util/vircgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 166f4dc..3995477 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -2767,11 +2767,11 @@ virCgroupAllowDevice(virCgroupPtr group, char type, int major, int minor,
char *minorstr = NULL;
if ((major < 0 && VIR_STRDUP(majorstr, "*") < 0) ||
- virAsprintf(&majorstr, "%i", major) < 0)
+ (major >= 0 && virAsprintf(&majorstr, "%i", major) < 0))
goto cleanup;
if ((minor < 0 && VIR_STRDUP(minorstr, "*") < 0) ||
- virAsprintf(&minorstr, "%i", minor) < 0)
+ (minor >= 0 && virAsprintf(&minorstr, "%i", minor) < 0))
goto cleanup;
if (virAsprintf(&devstr, "%c %s:%s %s", type, majorstr, minorstr,
--
2.1.2

42
e50457d-lxc-unmount-check.patch
View File

@ -1,42 +0,0 @@
From e50457dd4cc5d4ba1ac7b05734157524620d087f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Mon, 24 Nov 2014 15:10:19 +0100
Subject: [PATCH 5/5] lxc: don't unmount subtree if it contains the source of
the mount
The typical case where we had a problem is with such a filesystem
definition as created by virt-sandbox-service:
<filesystem type='bind' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/mysshd/var'/>
<target dir='/var'/>
</filesystem>
In this case, we don't want to unmount the /var subtree or we may
loose the access to the source folder.
---
src/lxc/lxc_container.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: libvirt-1.2.10/src/lxc/lxc_container.c
===================================================================
--- libvirt-1.2.10.orig/src/lxc/lxc_container.c
+++ libvirt-1.2.10/src/lxc/lxc_container.c
@@ -1600,11 +1600,15 @@ static int lxcContainerMountAllFS(virDom
if (STREQ(vmDef->fss[i]->dst, "/"))
continue;
+ VIR_DEBUG("Mounting '%s' -> '%s'", vmDef->fss[i]->src, vmDef->fss[i]->dst);
+
if (lxcContainerResolveSymlinks(vmDef->fss[i], false) < 0)
return -1;
- if (lxcContainerUnmountSubtree(vmDef->fss[i]->dst,
- false) < 0)
+
+ if (!(vmDef->fss[i]->src &&
+ STRPREFIX(vmDef->fss[i]->src, vmDef->fss[i]->dst)) &&
+ lxcContainerUnmountSubtree(vmDef->fss[i]->dst, false) < 0)
return -1;
if (lxcContainerMountFS(vmDef->fss[i], sec_mount_options) < 0)

3
libvirt-1.2.10.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5050f4cea3dd59d3eca25c3d3f16085e10d624ecc18bd35820cd3dac6f46c08e
size 30029503

7
libvirt-1.2.10.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlRXIOgACgkQRga4pd6VvB+obgCcCzOsG4rjI5PZs5Br9SXZuh41
vUkAoIaaoJv304OoiEdsCr1x4gAwaFpU
=FzVc
-----END PGP SIGNATURE-----

3
libvirt-1.2.11.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1b886429734a53fc9a201f46d77448fda963e1323246269eb0dcb4c12fb02fcc
size 30571605

7
libvirt-1.2.11.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlSLprsACgkQRga4pd6VvB9dIgCgiRsIp7IpLVT3rGLmJeGFlWIL
TIsAnimwS0VUT5YtHfkgNIzYOUjK7yq+
=Voyk
-----END PGP SIGNATURE-----

10
libvirt-power8-models.patch
View File

@ -1,9 +1,9 @@
Index: libvirt-1.2.10/src/cpu/cpu_map.xml
Index: libvirt-1.2.11/src/cpu/cpu_map.xml
===================================================================
--- libvirt-1.2.10.orig/src/cpu/cpu_map.xml
+++ libvirt-1.2.10/src/cpu/cpu_map.xml
@@ -627,5 +627,15 @@
<pvr value='0x004b0100'/>
--- libvirt-1.2.11.orig/src/cpu/cpu_map.xml
+++ libvirt-1.2.11/src/cpu/cpu_map.xml
@@ -657,5 +657,15 @@
<pvr value='0x004d0000'/>
</model>
+ <model name='POWER8_v2.0'>

196
libvirt-ppc64le-support.patch
View File

@ -1,196 +0,0 @@
Index: libvirt-1.2.10/src/conf/domain_conf.c
===================================================================
--- libvirt-1.2.10.orig/src/conf/domain_conf.c
+++ libvirt-1.2.10/src/conf/domain_conf.c
@@ -10043,7 +10043,8 @@ virDomainVideoDefaultType(const virDomai
(STREQ(def->os.type, "xen") ||
STREQ(def->os.type, "linux")))
return VIR_DOMAIN_VIDEO_TYPE_XEN;
- else if (def->os.arch == VIR_ARCH_PPC64)
+ else if (def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE)
return VIR_DOMAIN_VIDEO_TYPE_VGA;
else
return VIR_DOMAIN_VIDEO_TYPE_CIRRUS;
Index: libvirt-1.2.10/src/cpu/cpu_powerpc.c
===================================================================
--- libvirt-1.2.10.orig/src/cpu/cpu_powerpc.c
+++ libvirt-1.2.10/src/cpu/cpu_powerpc.c
@@ -38,7 +38,7 @@
VIR_LOG_INIT("cpu.cpu_powerpc");
-static const virArch archs[] = { VIR_ARCH_PPC64 };
+static const virArch archs[] = { VIR_ARCH_PPC64, VIR_ARCH_PPC64LE };
struct ppc_vendor {
char *name;
Index: libvirt-1.2.10/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-1.2.10.orig/src/qemu/qemu_capabilities.c
+++ libvirt-1.2.10/src/qemu/qemu_capabilities.c
@@ -633,7 +633,8 @@ virQEMUCapsProbeCPUModels(virQEMUCapsPtr
if (qemuCaps->arch == VIR_ARCH_I686 ||
qemuCaps->arch == VIR_ARCH_X86_64) {
parse = virQEMUCapsParseX86Models;
- } else if (qemuCaps->arch == VIR_ARCH_PPC64) {
+ } else if (qemuCaps->arch == VIR_ARCH_PPC64 ||
+ qemuCaps->arch == VIR_ARCH_PPC64LE) {
parse = virQEMUCapsParsePPCModels;
} else {
VIR_DEBUG("don't know how to parse %s CPU models",
@@ -2003,7 +2004,8 @@ bool virQEMUCapsHasPCIMultiBus(virQEMUCa
return true;
if (def->os.arch == VIR_ARCH_PPC ||
- def->os.arch == VIR_ARCH_PPC64) {
+ def->os.arch == VIR_ARCH_PPC64||
+ def->os.arch == VIR_ARCH_PPC64LE) {
/*
* Usage of pci.0 naming:
*
@@ -3573,7 +3575,9 @@ virQEMUCapsSupportsChardev(virDomainDefP
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE))
return false;
- if ((def->os.arch == VIR_ARCH_PPC) || (def->os.arch == VIR_ARCH_PPC64)) {
+ if (def->os.arch == VIR_ARCH_PPC ||
+ def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) {
/* only pseries need -device spapr-vty with -chardev */
return (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
chr->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO);
Index: libvirt-1.2.10/src/qemu/qemu_command.c
===================================================================
--- libvirt-1.2.10.orig/src/qemu/qemu_command.c
+++ libvirt-1.2.10/src/qemu/qemu_command.c
@@ -713,7 +713,8 @@ qemuSetSCSIControllerModel(virDomainDefP
return -1;
}
} else {
- if ((def->os.arch == VIR_ARCH_PPC64) &&
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
STRPREFIX(def->os.machine, "pseries")) {
*model = VIR_DOMAIN_CONTROLLER_MODEL_SCSI_IBMVSCSI;
} else if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_SCSI_LSI)) {
@@ -1264,7 +1265,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
for (i = 0; i < def->nserials; i++) {
if (def->serials[i]->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
- (def->os.arch == VIR_ARCH_PPC64) &&
+ (def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
STRPREFIX(def->os.machine, "pseries"))
def->serials[i]->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
if (qemuAssignSpaprVIOAddress(def, &def->serials[i]->info,
@@ -1273,7 +1275,8 @@ int qemuDomainAssignSpaprVIOAddresses(vi
}
if (def->nvram) {
- if (def->os.arch == VIR_ARCH_PPC64 &&
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
STRPREFIX(def->os.machine, "pseries"))
def->nvram->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
if (qemuAssignSpaprVIOAddress(def, &def->nvram->info,
@@ -4195,7 +4198,8 @@ qemuBuildUSBControllerDevStr(virDomainDe
model = def->model;
if (model == -1) {
- if (domainDef->os.arch == VIR_ARCH_PPC64)
+ if (domainDef->os.arch == VIR_ARCH_PPC64 ||
+ domainDef->os.arch == VIR_ARCH_PPC64LE)
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI;
else
model = VIR_DOMAIN_CONTROLLER_MODEL_USB_PIIX3_UHCI;
@@ -8573,7 +8577,8 @@ qemuBuildCommandLine(virConnectPtr conn,
!qemuDomainMachineIsQ35(def) &&
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PIIX3_USB_UHCI) ||
(!virQEMUCapsGet(qemuCaps, QEMU_CAPS_PCI_OHCI) &&
- def->os.arch == VIR_ARCH_PPC64))) {
+ (def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE)))) {
if (usblegacy) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Multiple legacy USB controllers are "
@@ -9771,7 +9776,8 @@ qemuBuildCommandLine(virConnectPtr conn,
}
if (def->nvram) {
- if (def->os.arch == VIR_ARCH_PPC64 &&
+ if ((def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
STRPREFIX(def->os.machine, "pseries")) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_NVRAM)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -9894,7 +9900,8 @@ qemuBuildSerialChrDeviceStr(char **devic
{
virBuffer cmd = VIR_BUFFER_INITIALIZER;
- if ((arch == VIR_ARCH_PPC64) && STRPREFIX(machine, "pseries")) {
+ if ((arch == VIR_ARCH_PPC64 ||
+ arch == VIR_ARCH_PPC64LE) && STRPREFIX(machine, "pseries")) {
if (serial->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_SERIAL &&
serial->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO) {
virBufferAsprintf(&cmd, "spapr-vty,chardev=char%s",
@@ -10316,8 +10323,9 @@ qemuParseCommandLineDisk(virDomainXMLOpt
if (VIR_ALLOC(def->src) < 0)
goto error;
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
- dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
+ dom->os.machine && STRPREFIX(dom->os.machine, "pseries")))
def->bus = VIR_DOMAIN_DISK_BUS_SCSI;
else
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
@@ -10409,7 +10417,8 @@ qemuParseCommandLineDisk(virDomainXMLOpt
} else if (STREQ(keywords[i], "if")) {
if (STREQ(values[i], "ide")) {
def->bus = VIR_DOMAIN_DISK_BUS_IDE;
- if (((dom->os.arch == VIR_ARCH_PPC64) &&
+ if (((dom->os.arch == VIR_ARCH_PPC64 ||
+ dom->os.arch == VIR_ARCH_PPC64LE) &&
dom->os.machine && STRPREFIX(dom->os.machine, "pseries"))) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("pseries systems do not support ide devices '%s'"), val);
@@ -11654,8 +11663,9 @@ qemuParseCommandLine(virCapsPtr qemuCaps
}
if (STREQ(arg, "-cdrom")) {
disk->device = VIR_DOMAIN_DISK_DEVICE_CDROM;
- if (((def->os.arch == VIR_ARCH_PPC64) &&
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
if (VIR_STRDUP(disk->dst, "hdc") < 0)
goto error;
@@ -11670,9 +11680,10 @@ qemuParseCommandLine(virCapsPtr qemuCaps
disk->bus = VIR_DOMAIN_DISK_BUS_IDE;
else
disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
- if (((def->os.arch == VIR_ARCH_PPC64) &&
- def->os.machine && STRPREFIX(def->os.machine, "pseries")))
- disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
+ if (((def->os.arch == VIR_ARCH_PPC64 ||
+ def->os.arch == VIR_ARCH_PPC64LE) &&
+ def->os.machine && STRPREFIX(def->os.machine, "pseries")))
+ disk->bus = VIR_DOMAIN_DISK_BUS_SCSI;
}
if (VIR_STRDUP(disk->dst, arg + 1) < 0)
goto error;
Index: libvirt-1.2.10/src/qemu/qemu_domain.c
===================================================================
--- libvirt-1.2.10.orig/src/qemu/qemu_domain.c
+++ libvirt-1.2.10/src/qemu/qemu_domain.c
@@ -980,6 +980,7 @@ qemuDomainDefPostParse(virDomainDefPtr d
break;
case VIR_ARCH_PPC64:
+ case VIR_ARCH_PPC64LE:
addPCIRoot = true;
addDefaultUSBKBD = true;
addDefaultUSBMouse = true;

54
libvirt-suse-netcontrol.patch
View File

@ -1,7 +1,7 @@
Index: libvirt-1.2.10/configure.ac
Index: libvirt-1.2.11/configure.ac
===================================================================
--- libvirt-1.2.10.orig/configure.ac
+++ libvirt-1.2.10/configure.ac
--- libvirt-1.2.11.orig/configure.ac
+++ libvirt-1.2.11/configure.ac
@@ -237,6 +237,7 @@ LIBVIRT_CHECK_FUSE
LIBVIRT_CHECK_GLUSTER
LIBVIRT_CHECK_HAL
@ -34,11 +34,11 @@ Index: libvirt-1.2.10/configure.ac
LIBVIRT_RESULT_NUMACTL
LIBVIRT_RESULT_OPENWSMAN
LIBVIRT_RESULT_PCIACCESS
Index: libvirt-1.2.10/src/Makefile.am
Index: libvirt-1.2.11/src/Makefile.am
===================================================================
--- libvirt-1.2.10.orig/src/Makefile.am
+++ libvirt-1.2.10/src/Makefile.am
@@ -856,6 +856,10 @@ if WITH_NETCF
--- libvirt-1.2.11.orig/src/Makefile.am
+++ libvirt-1.2.11/src/Makefile.am
@@ -859,6 +859,10 @@ if WITH_NETCF
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_netcf.c
endif WITH_NETCF
@ -49,7 +49,7 @@ Index: libvirt-1.2.10/src/Makefile.am
if WITH_UDEV
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_udev.c
@@ -1499,10 +1503,15 @@ if WITH_NETCF
@@ -1502,10 +1506,15 @@ if WITH_NETCF
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
else ! WITH_NETCF
@ -65,11 +65,11 @@ Index: libvirt-1.2.10/src/Makefile.am
endif ! WITH_NETCF
if WITH_DRIVER_MODULES
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
Index: libvirt-1.2.10/tools/virsh.c
Index: libvirt-1.2.11/tools/virsh.c
===================================================================
--- libvirt-1.2.10.orig/tools/virsh.c
+++ libvirt-1.2.10/tools/virsh.c
@@ -3340,6 +3340,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
--- libvirt-1.2.11.orig/tools/virsh.c
+++ libvirt-1.2.11/tools/virsh.c
@@ -3341,6 +3341,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
vshPrint(ctl, " netcf");
@ -78,10 +78,10 @@ Index: libvirt-1.2.10/tools/virsh.c
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
Index: libvirt-1.2.11/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-1.2.10.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.2.10/src/interface/interface_backend_netcf.c
--- libvirt-1.2.11.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.2.11/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@
#include <config.h>
@ -98,7 +98,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
#include "datatypes.h"
@@ -65,6 +70,37 @@ VIR_ONCE_GLOBAL_INIT(virNetcfDriverState
static virNetcfDriverStatePtr driverState;
static virNetcfDriverStatePtr driver;
+#ifdef WITH_NETCONTROL
+static void
@ -135,7 +135,7 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
static void
virNetcfDriverStateDispose(void *obj)
@@ -87,7 +123,22 @@ netcfStateInitialize(bool privileged ATT
if (!(driverState = virObjectLockableNew(virNetcfDriverStateClass)))
if (!(driver = virObjectLockableNew(virNetcfDriverStateClass)))
return -1;
+#ifdef WITH_NETCONTROL
@ -147,28 +147,28 @@ Index: libvirt-1.2.10/src/interface/interface_backend_netcf.c
+ * fail in netcfInterfaceOpen. This restores the behavior before
+ * commit 822fe136.
+ */
+ if (ncf_init(&driverState->netcf, NULL) != 0) {
+ if (ncf_init(&driver->netcf, NULL) != 0) {
+ VIR_WARN("Failed to initialize netcontrol. Continuing with network "
+ "interface management features disabled");
+ virObjectUnref(driverState);
+ driverState = NULL;
+ virObjectUnref(driver);
+ driver = NULL;
+ }
+#else
if (ncf_init(&driverState->netcf, NULL) != 0) {
if (ncf_init(&driver->netcf, NULL) != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to initialize netcf"));
@@ -95,6 +146,7 @@ netcfStateInitialize(bool privileged ATT
driverState = NULL;
driver = NULL;
return -1;
}
+#endif
return 0;
}
Index: libvirt-1.2.10/src/interface/interface_driver.c
Index: libvirt-1.2.11/src/interface/interface_driver.c
===================================================================
--- libvirt-1.2.10.orig/src/interface/interface_driver.c
+++ libvirt-1.2.10/src/interface/interface_driver.c
--- libvirt-1.2.11.orig/src/interface/interface_driver.c
+++ libvirt-1.2.11/src/interface/interface_driver.c
@@ -30,8 +30,15 @@ interfaceRegister(void)
if (netcfIfaceRegister() == 0)
return 0;
@ -186,10 +186,10 @@ Index: libvirt-1.2.10/src/interface/interface_driver.c
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-1.2.10/m4/virt-netcontrol.m4
Index: libvirt-1.2.11/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-1.2.10/m4/virt-netcontrol.m4
+++ libvirt-1.2.11/m4/virt-netcontrol.m4
@@ -0,0 +1,35 @@
+dnl The libnetcontrol library
+dnl

20
libvirt.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Mon Dec 15 09:48:02 UTC 2014 - cbosdonnat@suse.com
- Update to libvirt 1.2.11
- Implement public API for virDomainGetFSInfo
- qemu: Add define for the new throttle options
- CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
- CVE-2014-7823: dumpxml: security hole with migratable flag
- Drop upstream patches: 2222123-virt-aa-helper-crash.patch,
433b427-iplink-name.patch,
52691f99-qemu-mig-crash.patch,
72fecf1-lxc-resolve-symlinks.patch,
b1674ad5-CVE-2014-7823.patch,
ba9b7252-sys-net-rw.patch,
c264eea-virt-aa-helper-sandbox.patch,
e50457d-lxc-unmount-check.patch,
cgroup-all-devices.patch,
libvirt-ppc64le-support.patch
-------------------------------------------------------------------
Wed Dec 10 13:22:14 UTC 2014 - cbosdonnat@suse.com

30
libvirt.spec
View File

@ -235,7 +235,7 @@
Name: libvirt
Url: http://libvirt.org/
Version: 1.2.10
Version: 1.2.11
Release: 0
Summary: Library providing a simple virtualization API
License: LGPL-2.1+
@ -434,23 +434,13 @@ Source3: libvirtd.init
Source4: libvirtd-relocation-server.fw
Source99: baselibs.conf
# Upstream patches
Patch0: b1674ad5-CVE-2014-7823.patch
Patch1: 2222123-virt-aa-helper-crash.patch
Patch2: c264eea-virt-aa-helper-sandbox.patch
Patch3: 433b427-iplink-name.patch
Patch4: 72fecf1-lxc-resolve-symlinks.patch
Patch5: e50457d-lxc-unmount-check.patch
Patch6: 52691f99-qemu-mig-crash.patch
Patch7: ba9b7252-sys-net-rw.patch
# Patches pending upstream review
Patch100: cgroup-all-devices.patch
# Need to go upstream
Patch150: xen-name-for-devid.patch
Patch151: xen-pv-cdrom.patch
Patch152: blockcopy-check-dst-identical-device.patch
Patch153: libvirt-ppc64le-support.patch
Patch154: libvirt-power8-models.patch
Patch155: ppc64le-canonical-name.patch
Patch153: libvirt-power8-models.patch
Patch154: ppc64le-canonical-name.patch
# Our patches
Patch200: libvirtd-defaults.patch
Patch201: libvirtd-init-script.patch
@ -975,21 +965,11 @@ Provides a dissector for the libvirt RPC protocol to help debugging it.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch100 -p1
%patch150 -p1
%patch151 -p1
%patch152 -p1
%patch153 -p1
%patch154 -p1
%patch155 -p1
%patch200 -p1
%patch201 -p1
%patch202 -p1
@ -1827,10 +1807,6 @@ fi
%{_libdir}/libvirt-qemu.so
%{_libdir}/libvirt-lxc.so
%{_includedir}/libvirt
%{_includedir}/libvirt/virterror.h
%{_includedir}/libvirt/libvirt.h
%{_includedir}/libvirt/libvirt-qemu.h
%{_includedir}/libvirt/libvirt-lxc.h
%{_libdir}/pkgconfig/libvirt.pc
%{_libdir}/pkgconfig/libvirt-qemu.pc
%{_libdir}/pkgconfig/libvirt-lxc.pc