diff --git a/a495365d-sexpr-empty-str.patch b/a495365d-sexpr-empty-str.patch new file mode 100644 index 0000000..962a420 --- /dev/null +++ b/a495365d-sexpr-empty-str.patch @@ -0,0 +1,46 @@ +commit a495365d09138bf0f07504cfe9b6ea2de858e18e +Author: Jim Fehlig +Date: Fri Nov 18 14:54:38 2011 -0700 + + Don't copy sexpr node value that is an empty string + + Xen4.1 initializes some unspecified sexpr config items to an empty + string, unlike previous Xen versions that would leave the item unset. + E.g. the kernel item for an HVM guest (non-direct kernel boot): + + Xen4.0 and earlier + ... + (image + (hvm + (kernel ) + ... + + Xen4.1 + ... + (image + (hvm + (kernel '') + ... + + The empty string for kernel causes some grief in subsequent parsing + where existence of specified kernel is checked, e.g. + + if (!def->os.kernel) + ... + + This patch solves the problem in sexpr_node_copy() by not copying + a node containing an empty string. + +Index: libvirt-0.9.7/src/util/sexpr.c +=================================================================== +--- libvirt-0.9.7.orig/src/util/sexpr.c ++++ libvirt-0.9.7/src/util/sexpr.c +@@ -519,7 +519,7 @@ int sexpr_node_copy(const struct sexpr * + { + const char *val = sexpr_node(sexpr, node); + +- if (val) { ++ if (val && *val) { + *dst = strdup(val); + if (!(*dst)) + return -1; diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index 54dfd22..6b2946e 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,7 +1,7 @@ -Index: libvirt-0.9.4/examples/apparmor/Makefile.am +Index: libvirt-0.9.7/examples/apparmor/Makefile.am =================================================================== ---- libvirt-0.9.4.orig/examples/apparmor/Makefile.am -+++ libvirt-0.9.4/examples/apparmor/Makefile.am +--- libvirt-0.9.7.orig/examples/apparmor/Makefile.am ++++ libvirt-0.9.7/examples/apparmor/Makefile.am @@ -1,8 +1,39 @@ ## Copyright (C) 2005-2011 Red Hat, Inc. ## See COPYING.LIB for the License of this software @@ -47,10 +47,10 @@ Index: libvirt-0.9.4/examples/apparmor/Makefile.am + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif -Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include @@ -92,9 +92,9 @@ Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-0.9.7/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-0.9.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-0.9.7.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -135,9 +135,9 @@ Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-0.9.4.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-0.9.7.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -192,11 +192,11 @@ Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,52 @@ ++++ libvirt-0.9.7/examples/apparmor/usr.sbin.libvirtd.in +@@ -0,0 +1,54 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include +@{LIBVIRT}="libvirt" @@ -244,15 +244,17 @@ Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + @libdir@/libvirt/* Pxr, ++ @libdir@/libvirt/libvirt_parthelper Ux, ++ @libdir@/libvirt/libvirt_iohelper Ux, + + # allow changing to our UUID-based named profiles + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-0.9.4/examples/apparmor/libvirt-qemu +Index: libvirt-0.9.7/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-0.9.4.orig/examples/apparmor/libvirt-qemu -+++ libvirt-0.9.4/examples/apparmor/libvirt-qemu +--- libvirt-0.9.7.orig/examples/apparmor/libvirt-qemu ++++ libvirt-0.9.7/examples/apparmor/libvirt-qemu @@ -52,6 +52,7 @@ # access to firmware's etc /usr/share/kvm/** r, diff --git a/libvirt.changes b/libvirt.changes index 5c05b1b..f6f52ac 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Nov 28 14:57:04 MST 2011 - jfehlig@suse.com + +- Handle empty strings in s-expression returned by xend + a495365d-sexpr-empty-str.patch + bnc#731344 +- Allow libvirtd to access libvirt_{io,part}helper when confined + by apparmor + Update install-apparmor-profiles.patch + bnc#730435 + ------------------------------------------------------------------- Mon Nov 21 12:34:55 MST 2011 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 64fa4e9..a810254 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -381,6 +381,7 @@ Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches Patch0: d47ab3fe-polkit0.patch +Patch1: a495365d-sexpr-empty-str.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -505,6 +506,7 @@ Authors: %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch100 -p1 %patch101 %patch102 -p1