From 4acc3fdf5ce6471bb865283de0fe050e5252bc4e025b4468a794171632a17524 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Sun, 7 Aug 2011 16:53:18 +0000 Subject: [PATCH 1/5] Updating link to change in openSUSE:Factory/libvirt revision 83.0 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=29d4749edd97fcdb00098e323a3d7dcd --- libvirt.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libvirt.spec b/libvirt.spec index 2c77c3d..d5d1eed 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -17,9 +17,6 @@ # norootforbuild -# In the future, we may want a client only build, which will create a -# libvirt.so only containing the generic RPC driver and the test driver, -# but no libvirtd # For now, default to a full server + client build %define client_only 0 @@ -456,6 +453,7 @@ Authors: Karel Zak %if %{with_python} + %package python License: LGPLv2.1+ Summary: A C toolkit to interract with the virtualization capabilities of Linux @@ -750,6 +748,7 @@ fi %postun client -p /sbin/ldconfig %if %{with_libvirtd} + %files %defattr(-, root, root) %{_sbindir}/libvirtd @@ -869,6 +868,7 @@ fi %doc %{_docdir}/%{name}/html %if %{with_python} + %files python %defattr(-, root, root) %doc %{_docdir}/%{name}-python From 4cafa05b40d230576a7fb17ae6c9d37d31ea5ed7a943a1e886fd80dd116d6bdc Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 8 Aug 2011 21:26:58 +0000 Subject: [PATCH 2/5] enable libvirt apparmor driver for openSUSE OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=140 --- install-apparmor-profiles.patch | 18 ++++++++++++++++++ libvirt.changes | 6 ++++++ libvirt.spec | 20 ++++++++++++++++---- 3 files changed, 40 insertions(+), 4 deletions(-) create mode 100644 install-apparmor-profiles.patch diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch new file mode 100644 index 0000000..b5b474e --- /dev/null +++ b/install-apparmor-profiles.patch @@ -0,0 +1,18 @@ +Index: libvirt-0.9.3/examples/apparmor/Makefile.am +=================================================================== +--- libvirt-0.9.3.orig/examples/apparmor/Makefile.am ++++ libvirt-0.9.3/examples/apparmor/Makefile.am +@@ -3,3 +3,12 @@ EXTRA_DIST= \ + libvirt-qemu \ + usr.lib.libvirt.virt-aa-helper \ + usr.sbin.libvirtd ++ ++if WITH_SECDRIVER_APPARMOR ++confdir = $(sysconfdir)/apparmor.d/libvirt ++conf_DATA= \ ++ TEMPLATE \ ++ libvirt-qemu \ ++ usr.lib.libvirt.virt-aa-helper \ ++ usr.sbin.libvirtd ++endif +\ No newline at end of file diff --git a/libvirt.changes b/libvirt.changes index ddb699a..8af59d4 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Aug 8 15:21:42 MDT 2011 - jfehlig@suse.com + +- Enable apparmor security dirver, SLES bnc#705668 + install-apparmor-profiles.patch + ------------------------------------------------------------------- Thu Aug 4 11:07:32 MDT 2011 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index d5d1eed..0d3cc31 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -58,7 +58,7 @@ %define with_storage_mpath 0%{!?_without_storage_mpath:%{server_drivers}} %define with_numactl 0%{!?_without_numactl:%{server_drivers}} %define with_selinux 0%{!?_without_selinux:%{server_drivers}} -%define with_apparmor 0%{!?_without_apparmor:0} +%define with_apparmor 0%{!?_without_apparmor:%{server_drivers}} # A few optional bits off by default, we enable later %define with_polkit 0%{!?_without_polkit:0} @@ -368,6 +368,9 @@ Patch103: xend-disk-order.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: use-init-script-redhat.patch +%if %{with_apparmor} +Patch202: install-apparmor-profiles.patch +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -453,7 +456,6 @@ Authors: Karel Zak %if %{with_python} - %package python License: LGPLv2.1+ Summary: A C toolkit to interract with the virtualization capabilities of Linux @@ -482,6 +484,9 @@ Authors: %patch103 -p1 %patch200 -p1 %patch201 -p1 +%if %{with_apparmor} +%patch202 -p1 +%endif %build %if ! %{with_xen} @@ -748,7 +753,6 @@ fi %postun client -p /sbin/ldconfig %if %{with_libvirtd} - %files %defattr(-, root, root) %{_sbindir}/libvirtd @@ -812,6 +816,15 @@ fi %attr(0755, root, root) %{_libdir}/%{name}/libvirt_iohelper %doc %{_mandir}/man8/libvirtd.8* %endif +%if %{with_apparmor} +%dir %{_sysconfdir}/apparmor.d +%dir %{_sysconfdir}/apparmor.d/libvirt +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/libvirt-qemu +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.lib.libvirt.virt-aa-helper +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.sbin.libvirtd +%{_libdir}/%{name}/virt-aa-helper +%endif %config %{_fwdefdir}/libvirtd-relocation-server %files client -f %{name}.lang @@ -868,7 +881,6 @@ fi %doc %{_docdir}/%{name}/html %if %{with_python} - %files python %defattr(-, root, root) %doc %{_docdir}/%{name}-python From 785bf3956a453189e557fc75cd4189a0faae7e53ffe19c7bdd3f660f76dc0838 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 18 Aug 2011 21:11:13 +0000 Subject: [PATCH 3/5] Fix libvirtd SIGHUP handler OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=141 --- 9e093f0b-libvirtd-sighup.patch | 46 +++++++++++++++++++++++++++++++++ install-apparmor-profiles.patch | 8 +++--- libvirt.changes | 6 +++++ libvirt.spec | 2 ++ 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 9e093f0b-libvirtd-sighup.patch diff --git a/9e093f0b-libvirtd-sighup.patch b/9e093f0b-libvirtd-sighup.patch new file mode 100644 index 0000000..9cae09e --- /dev/null +++ b/9e093f0b-libvirtd-sighup.patch @@ -0,0 +1,46 @@ +commit 9e093f0b4cc5a5fc455a4893d73dc0f2c5355161 +Author: Osier Yang +Date: Mon Aug 15 15:40:46 2011 +0800 + + daemon: Fix regression of libvirtd reloading support + + This is introduced by commit df0b57a95a, which forgot to + add signal handler for SIGHUP. + + A simple reproduce method: + + 1) Create a domain XML under /etc/libvirt/qemu + 2) % kill -SIGHUP $(pidof libvirtd) + 3) % virsh list --all (the new created domain XML is not listed) + +Index: libvirt-0.9.4/daemon/libvirtd.c +=================================================================== +--- libvirt-0.9.4.orig/daemon/libvirtd.c ++++ libvirt-0.9.4/daemon/libvirtd.c +@@ -1139,6 +1139,17 @@ static void daemonShutdownHandler(virNet + virNetServerQuit(srv); + } + ++static void daemonReloadHandler(virNetServerPtr srv ATTRIBUTE_UNUSED, ++ siginfo_t *sig ATTRIBUTE_UNUSED, ++ void *opaque ATTRIBUTE_UNUSED) ++{ ++ VIR_INFO("Reloading configuration on SIGHUP"); ++ virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", ++ VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL); ++ if (virStateReload() < 0) ++ VIR_WARN("Error while reloading drivers"); ++} ++ + static int daemonSetupSignals(virNetServerPtr srv) + { + if (virNetServerAddSignalHandler(srv, SIGINT, daemonShutdownHandler, NULL) < 0) +@@ -1147,6 +1158,8 @@ static int daemonSetupSignals(virNetServ + return -1; + if (virNetServerAddSignalHandler(srv, SIGTERM, daemonShutdownHandler, NULL) < 0) + return -1; ++ if (virNetServerAddSignalHandler(srv, SIGHUP, daemonReloadHandler, NULL) < 0) ++ return -1; + return 0; + } + diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index b5b474e..a5a1a21 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,8 +1,8 @@ -Index: libvirt-0.9.3/examples/apparmor/Makefile.am +Index: libvirt-0.9.4/examples/apparmor/Makefile.am =================================================================== ---- libvirt-0.9.3.orig/examples/apparmor/Makefile.am -+++ libvirt-0.9.3/examples/apparmor/Makefile.am -@@ -3,3 +3,12 @@ EXTRA_DIST= \ +--- libvirt-0.9.4.orig/examples/apparmor/Makefile.am ++++ libvirt-0.9.4/examples/apparmor/Makefile.am +@@ -6,3 +6,12 @@ EXTRA_DIST= \ libvirt-qemu \ usr.lib.libvirt.virt-aa-helper \ usr.sbin.libvirtd diff --git a/libvirt.changes b/libvirt.changes index 8af59d4..b1ae8d8 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Aug 17 16:24:17 MDT 2011 - jfehlig@suse.com + +- Fix libvirtd SIGHUP handler + 9e093f0b-libvirtd-sighup.patch + ------------------------------------------------------------------- Mon Aug 8 15:21:42 MDT 2011 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 0d3cc31..e0a6820 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -360,6 +360,7 @@ Source0: %{name}-%{version}.tar.bz2 Source1: libvirtd.init Source2: libvirtd-relocation-server.fw # Upstream patches +Patch0: 9e093f0b-libvirtd-sighup.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -478,6 +479,7 @@ Authors: %prep %setup -q +%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1 From 6e4eefb67cdb1e901188fb996e4322620e6f9aaf04ce2c71c6cb80edb8cc5c80 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Fri, 19 Aug 2011 21:40:32 +0000 Subject: [PATCH 4/5] fix apparmor profiles OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=142 --- install-apparmor-profiles.patch | 275 ++++++++++++++++++++++++++++++-- libvirt.changes | 12 ++ libvirt.spec | 12 +- 3 files changed, 283 insertions(+), 16 deletions(-) diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index a5a1a21..54dfd22 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -2,17 +2,270 @@ Index: libvirt-0.9.4/examples/apparmor/Makefile.am =================================================================== --- libvirt-0.9.4.orig/examples/apparmor/Makefile.am +++ libvirt-0.9.4/examples/apparmor/Makefile.am -@@ -6,3 +6,12 @@ EXTRA_DIST= \ - libvirt-qemu \ - usr.lib.libvirt.virt-aa-helper \ - usr.sbin.libvirtd +@@ -1,8 +1,39 @@ + ## Copyright (C) 2005-2011 Red Hat, Inc. + ## See COPYING.LIB for the License of this software + +-EXTRA_DIST= \ +- TEMPLATE \ +- libvirt-qemu \ +- usr.lib.libvirt.virt-aa-helper \ +- usr.sbin.libvirtd ++EXTRA_DIST= \ ++ TEMPLATE \ ++ libvirt-qemu \ ++ usr.lib.libvirt.virt-aa-helper.in \ ++ usr.sbin.libvirtd.in + +if WITH_SECDRIVER_APPARMOR -+confdir = $(sysconfdir)/apparmor.d/libvirt -+conf_DATA= \ -+ TEMPLATE \ -+ libvirt-qemu \ -+ usr.lib.libvirt.virt-aa-helper \ -+ usr.sbin.libvirtd ++ ++usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in ++ sed \ ++ -e 's![@]libdir[@]!$(libdir)!g' \ ++ < $< > $@-t ++ mv $@-t $@ ++ ++usr.sbin.libvirtd: usr.sbin.libvirtd.in ++ sed \ ++ -e 's![@]libdir[@]!$(libdir)!g' \ ++ < $< > $@-t ++ mv $@-t $@ ++ ++install-data-local: usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper ++ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/ ++ $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper ++ $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd ++ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt ++ $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE ++ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions ++ $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu ++ ++uninstall-local:: ++ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper ++ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd ++ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu ++ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE ++ +endif -\ No newline at end of file +Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +=================================================================== +--- /dev/null ++++ libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +@@ -0,0 +1,40 @@ ++# Last Modified: Fri Aug 19 11:21:48 2011 ++#include ++ ++@libdir@/libvirt/virt-aa-helper { ++ #include ++ ++ # needed for searching directories ++ capability dac_override, ++ capability dac_read_search, ++ ++ # needed for when disk is on a network filesystem ++ network inet, ++ ++ deny @{PROC}/[0-9]*/mounts r, ++ @{PROC}/filesystems r, ++ ++ # for hostdev ++ /sys/devices/ r, ++ /sys/devices/** r, ++ ++ @libdir@/libvirt/virt-aa-helper mr, ++ /sbin/apparmor_parser Ux, ++ ++ /etc/apparmor.d/libvirt/* r, ++ /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, ++ ++ # for backingstore -- allow access to non-hidden files in @{HOME} as well ++ # as storage pools ++ audit deny @{HOME}/.* mrwkl, ++ audit deny @{HOME}/.*/ rw, ++ audit deny @{HOME}/.*/** mrwkl, ++ audit deny @{HOME}/bin/ rw, ++ audit deny @{HOME}/bin/** mrwkl, ++ @{HOME}/ r, ++ @{HOME}/** r, ++ /var/lib/libvirt/images/ r, ++ /var/lib/libvirt/images/** r, ++ /var/lib/kvm/images/ r, ++ /var/lib/kvm/images/** r, ++} +Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper +=================================================================== +--- libvirt-0.9.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper ++++ /dev/null +@@ -1,38 +0,0 @@ +-# Last Modified: Mon Apr 5 15:10:27 2010 +-#include +- +-/usr/lib/libvirt/virt-aa-helper { +- #include +- +- # needed for searching directories +- capability dac_override, +- capability dac_read_search, +- +- # needed for when disk is on a network filesystem +- network inet, +- +- deny @{PROC}/[0-9]*/mounts r, +- @{PROC}/filesystems r, +- +- # for hostdev +- /sys/devices/ r, +- /sys/devices/** r, +- +- /usr/lib/libvirt/virt-aa-helper mr, +- /sbin/apparmor_parser Ux, +- +- /etc/apparmor.d/libvirt/* r, +- /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, +- +- # for backingstore -- allow access to non-hidden files in @{HOME} as well +- # as storage pools +- audit deny @{HOME}/.* mrwkl, +- audit deny @{HOME}/.*/ rw, +- audit deny @{HOME}/.*/** mrwkl, +- audit deny @{HOME}/bin/ rw, +- audit deny @{HOME}/bin/** mrwkl, +- @{HOME}/ r, +- @{HOME}/** r, +- /var/lib/libvirt/images/ r, +- /var/lib/libvirt/images/** r, +-} +Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd +=================================================================== +--- libvirt-0.9.4.orig/examples/apparmor/usr.sbin.libvirtd ++++ /dev/null +@@ -1,52 +0,0 @@ +-# Last Modified: Mon Apr 5 15:03:58 2010 +-#include +-@{LIBVIRT}="libvirt" +- +-/usr/sbin/libvirtd { +- #include +- +- capability kill, +- capability net_admin, +- capability net_raw, +- capability setgid, +- capability sys_admin, +- capability sys_module, +- capability sys_ptrace, +- capability sys_nice, +- capability sys_chroot, +- capability setuid, +- capability dac_override, +- capability dac_read_search, +- capability fowner, +- capability chown, +- capability setpcap, +- capability mknod, +- capability fsetid, +- +- network inet stream, +- network inet dgram, +- network inet6 stream, +- network inet6 dgram, +- +- # Very lenient profile for libvirtd since we want to first focus on confining +- # the guests. Guests will have a very restricted profile. +- /** rwmkl, +- +- /bin/* Ux, +- /sbin/* Ux, +- /usr/bin/* Ux, +- /usr/sbin/* Ux, +- +- # force the use of virt-aa-helper +- audit deny /sbin/apparmor_parser rwxl, +- audit deny /etc/apparmor.d/libvirt/** wxl, +- audit deny /sys/kernel/security/apparmor/features rwxl, +- audit deny /sys/kernel/security/apparmor/matching rwxl, +- audit deny /sys/kernel/security/apparmor/.* rwxl, +- /sys/kernel/security/apparmor/profiles r, +- /usr/lib/libvirt/* PUxr, +- +- # allow changing to our UUID-based named profiles +- change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, +- +-} +Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in +=================================================================== +--- /dev/null ++++ libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in +@@ -0,0 +1,52 @@ ++# Last Modified: Fri Aug 19 11:20:36 2011 ++#include ++@{LIBVIRT}="libvirt" ++ ++/usr/sbin/libvirtd { ++ #include ++ ++ capability kill, ++ capability net_admin, ++ capability net_raw, ++ capability setgid, ++ capability sys_admin, ++ capability sys_module, ++ capability sys_ptrace, ++ capability sys_nice, ++ capability sys_chroot, ++ capability setuid, ++ capability dac_override, ++ capability dac_read_search, ++ capability fowner, ++ capability chown, ++ capability setpcap, ++ capability mknod, ++ capability fsetid, ++ ++ network inet stream, ++ network inet dgram, ++ network inet6 stream, ++ network inet6 dgram, ++ ++ # Very lenient profile for libvirtd since we want to first focus on confining ++ # the guests. Guests will have a very restricted profile. ++ /** rwmkl, ++ ++ /bin/* Ux, ++ /sbin/* Ux, ++ /usr/bin/* Ux, ++ /usr/sbin/* Ux, ++ ++ # force the use of virt-aa-helper ++ audit deny /sbin/apparmor_parser rwxl, ++ audit deny /etc/apparmor.d/libvirt/** wxl, ++ audit deny /sys/kernel/security/apparmor/features rwxl, ++ audit deny /sys/kernel/security/apparmor/matching rwxl, ++ audit deny /sys/kernel/security/apparmor/.* rwxl, ++ /sys/kernel/security/apparmor/profiles r, ++ @libdir@/libvirt/* Pxr, ++ ++ # allow changing to our UUID-based named profiles ++ change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, ++ ++} +Index: libvirt-0.9.4/examples/apparmor/libvirt-qemu +=================================================================== +--- libvirt-0.9.4.orig/examples/apparmor/libvirt-qemu ++++ libvirt-0.9.4/examples/apparmor/libvirt-qemu +@@ -52,6 +52,7 @@ + # access to firmware's etc + /usr/share/kvm/** r, + /usr/share/qemu/** r, ++ /usr/share/qemu-kvm/** r, + /usr/share/bochs/** r, + /usr/share/openbios/** r, + /usr/share/openhackware/** r, +@@ -65,6 +66,7 @@ + # the various binaries + /usr/bin/kvm rmix, + /usr/bin/qemu rmix, ++ /usr/bin/qemu-kvm rmix, + /usr/bin/qemu-system-arm rmix, + /usr/bin/qemu-system-cris rmix, + /usr/bin/qemu-system-i386 rmix, diff --git a/libvirt.changes b/libvirt.changes index b1ae8d8..53ac2c5 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,9 +1,21 @@ +------------------------------------------------------------------- +Fri Aug 19 15:21:39 MDT 2011 - jfehlig@suse.com + +- Fix apparmor profile location and content + update install-apparmor-profiles.patch + bnc#705668 + ------------------------------------------------------------------- Wed Aug 17 16:24:17 MDT 2011 - jfehlig@suse.com - Fix libvirtd SIGHUP handler 9e093f0b-libvirtd-sighup.patch +------------------------------------------------------------------- +Wed Aug 17 09:13:41 CEST 2011 - dmueller@suse.de + +- add baselibs.conf to sources + ------------------------------------------------------------------- Mon Aug 8 15:21:42 MDT 2011 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index e0a6820..0865833 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -359,6 +359,7 @@ Recommends: device-mapper Source0: %{name}-%{version}.tar.bz2 Source1: libvirtd.init Source2: libvirtd-relocation-server.fw +Source99: baselibs.conf # Upstream patches Patch0: 9e093f0b-libvirtd-sighup.patch # Need to go upstream @@ -370,7 +371,7 @@ Patch103: xend-disk-order.patch Patch200: libvirtd-defaults.patch Patch201: use-init-script-redhat.patch %if %{with_apparmor} -Patch202: install-apparmor-profiles.patch +Patch250: install-apparmor-profiles.patch %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -487,7 +488,7 @@ Authors: %patch200 -p1 %patch201 -p1 %if %{with_apparmor} -%patch202 -p1 +%patch250 -p1 %endif %build @@ -820,11 +821,12 @@ fi %endif %if %{with_apparmor} %dir %{_sysconfdir}/apparmor.d +%dir %{_sysconfdir}/apparmor.d/abstractions %dir %{_sysconfdir}/apparmor.d/libvirt +%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.libvirtd +%config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.libvirt.virt-aa-helper +%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/libvirt-qemu %config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE -%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/libvirt-qemu -%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.lib.libvirt.virt-aa-helper -%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.sbin.libvirtd %{_libdir}/%{name}/virt-aa-helper %endif %config %{_fwdefdir}/libvirtd-relocation-server From 41267d71d425910ad2dfc470549cb20f6b7f5586adfe35d09dc1ab79a25d8d2c Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 25 Aug 2011 02:34:20 +0000 Subject: [PATCH 5/5] cgconfig should be available when libvirtd is running OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=143 --- libvirt.changes | 6 ++++++ libvirtd.init | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libvirt.changes b/libvirt.changes index 53ac2c5..19c34a9 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Aug 24 20:29:37 MDT 2011 - jfehlig@novell.com + +- Add cgconfig to Should-{Start,Stop} in libvirtd init script + bnc#712245 + ------------------------------------------------------------------- Fri Aug 19 15:21:39 MDT 2011 - jfehlig@suse.com diff --git a/libvirtd.init b/libvirtd.init index 42a0158..dd77685 100644 --- a/libvirtd.init +++ b/libvirtd.init @@ -6,10 +6,10 @@ ### BEGIN INIT INFO # Provides: libvirtd # Required-Start: $network $remote_fs -# Should-Start: xend +# Should-Start: xend cgconfig # Default-Start: 3 5 # Required-Stop: $network $remote_fs -# Should-Stop: xend +# Should-Stop: xend cgconfig # Default-Stop: 0 1 2 4 6 # Short-Description: daemon for libvirt virtualization API # Description: This is a daemon for managing QEMU guest instances