From 0a126bf0e72998d662bf300ab2fbee65da509cdc70bf9f1bff7963fd8f3fd50f Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 2 Apr 2013 21:49:11 +0000 Subject: [PATCH 1/6] - Update to libvirt 1.0.4 - qemu: support passthrough for iscsi disks - various S390 improvements - various LXC bugs fixes and improvements - add API for thread cancellation - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: ce4557c3-apparmor-tapfd-label.patch libvirt-iptables-1.4.18.diff OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=259 --- ce4557c3-apparmor-tapfd-label.patch | 68 ---------------------------- clone.patch | 12 ++--- fix-pci-attach-xen-driver.patch | 6 +-- install-apparmor-profiles.patch | 30 ++++++------ libvirt-1.0.3.tar.bz2 | 3 -- libvirt-1.0.4.tar.bz2 | 3 ++ libvirt-guests-init-script.patch | 28 ++++++------ libvirt-iptables-1.4.18.diff | 31 ------------- libvirt-suse-netcontrol.patch | 40 ++++++++-------- libvirt.changes | 13 ++++++ libvirt.spec | 8 +--- libvirtd-defaults.patch | 12 ++--- libvirtd-init-script.patch | 6 +-- relax-qemu-usergroup-check.patch | 6 +-- support-managed-pci-xen-driver.patch | 12 ++--- suse-qemu-conf.patch | 6 +-- virtlockd-init-script.patch | 12 ++--- xen-name-for-devid.patch | 6 +-- xen-pv-cdrom.patch | 6 +-- 19 files changed, 109 insertions(+), 199 deletions(-) delete mode 100644 ce4557c3-apparmor-tapfd-label.patch delete mode 100644 libvirt-1.0.3.tar.bz2 create mode 100644 libvirt-1.0.4.tar.bz2 delete mode 100644 libvirt-iptables-1.4.18.diff diff --git a/ce4557c3-apparmor-tapfd-label.patch b/ce4557c3-apparmor-tapfd-label.patch deleted file mode 100644 index 0626f21..0000000 --- a/ce4557c3-apparmor-tapfd-label.patch +++ /dev/null @@ -1,68 +0,0 @@ -commit ce4557c3ab3702639db73615dd144ddf036321ed -Author: Guannan Ren -Date: Fri Mar 8 00:16:59 2013 +0800 - - apparmor: use AppArmorSetFDLabel for both imageFD and tapFD - - Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could - be used as a common function for *ALL* fd relabelling in Linux. - - In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773 - Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files - The last line is for the tapfd relabelling. - - # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. - "/var/log/libvirt/**/rhel6qcow2.log" w, - "/var/lib/libvirt/**/rhel6qcow2.monitor" rw, - "/var/run/libvirt/**/rhel6qcow2.pid" rwk, - "/run/libvirt/**/rhel6qcow2.pid" rwk, - "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, - "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, - "/var/lib/libvirt/images/rhel6u3qcow2.img" rw, - "/dev/tap45" rw, - -Index: libvirt-1.0.3/src/security/security_apparmor.c -=================================================================== ---- libvirt-1.0.3.orig/src/security/security_apparmor.c -+++ libvirt-1.0.3/src/security/security_apparmor.c -@@ -884,9 +884,9 @@ AppArmorRestoreSavedStateLabel(virSecuri - } - - static int --AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, -- virDomainDefPtr def, -- int fd) -+AppArmorSetFDLabel(virSecurityManagerPtr mgr, -+ virDomainDefPtr def, -+ int fd) - { - int rc = -1; - char *proc = NULL; -@@ -915,16 +915,6 @@ AppArmorSetImageFDLabel(virSecurityManag - return reload_profile(mgr, def, fd_path, true); - } - --/* TODO need code here */ --static int --AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, -- virDomainDefPtr def ATTRIBUTE_UNUSED, -- int fd ATTRIBUTE_UNUSED) --{ -- return 0; --} -- -- - static char * - AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr vm ATTRIBUTE_UNUSED) -@@ -975,8 +965,8 @@ virSecurityDriver virAppArmorSecurityDri - .domainSetSavedStateLabel = AppArmorSetSavedStateLabel, - .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel, - -- .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel, -- .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel, -+ .domainSetSecurityImageFDLabel = AppArmorSetFDLabel, -+ .domainSetSecurityTapFDLabel = AppArmorSetFDLabel, - - .domainGetSecurityMountOptions = AppArmorGetMountOptions, - }; diff --git a/clone.patch b/clone.patch index 35d1cf9..41e4a4a 100644 --- a/clone.patch +++ b/clone.patch @@ -2,7 +2,7 @@ Index: src/lxc/lxc_container.c =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c -@@ -136,6 +136,7 @@ int lxcContainerHasReboot(void) +@@ -139,6 +139,7 @@ int lxcContainerHasReboot(void) int cmd, v; int status; char *tmp; @@ -10,7 +10,7 @@ Index: src/lxc/lxc_container.c if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0) return -1; -@@ -152,14 +153,21 @@ int lxcContainerHasReboot(void) +@@ -155,14 +156,21 @@ int lxcContainerHasReboot(void) VIR_FREE(buf); cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF; @@ -34,7 +34,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", -@@ -2358,6 +2366,9 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2417,6 +2425,9 @@ int lxcContainerStart(virDomainDefPtr de ttyPaths, nttyPaths, handshakefd}; /* allocate a stack for the container */ @@ -44,7 +44,7 @@ Index: src/lxc/lxc_container.c if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; -@@ -2377,7 +2388,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2436,7 +2447,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } @@ -56,7 +56,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -2403,6 +2418,7 @@ int lxcContainerAvailable(int features) +@@ -2462,6 +2477,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; @@ -64,7 +64,7 @@ Index: src/lxc/lxc_container.c if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; -@@ -2410,14 +2426,21 @@ int lxcContainerAvailable(int features) +@@ -2469,14 +2485,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; diff --git a/fix-pci-attach-xen-driver.patch b/fix-pci-attach-xen-driver.patch index 8d7710c..6fa8fcd 100644 --- a/fix-pci-attach-xen-driver.patch +++ b/fix-pci-attach-xen-driver.patch @@ -8,10 +8,10 @@ uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.0.3/src/xen/xend_internal.c +Index: libvirt-1.0.4/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.3.orig/src/xen/xend_internal.c -+++ libvirt-1.0.3/src/xen/xend_internal.c +--- libvirt-1.0.4.orig/src/xen/xend_internal.c ++++ libvirt-1.0.4/src/xen/xend_internal.c @@ -2473,6 +2473,7 @@ xenDaemonAttachDeviceFlags(virDomainPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index f3aacd7..d10d9a1 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.3/examples/apparmor/Makefile.am +Index: libvirt-1.0.4/examples/apparmor/Makefile.am =================================================================== ---- libvirt-1.0.3.orig/examples/apparmor/Makefile.am -+++ libvirt-1.0.3/examples/apparmor/Makefile.am +--- libvirt-1.0.4.orig/examples/apparmor/Makefile.am ++++ libvirt-1.0.4/examples/apparmor/Makefile.am @@ -1,8 +1,45 @@ ## Copyright (C) 2005-2011 Red Hat, Inc. ## See COPYING.LIB for the License of this software @@ -53,10 +53,10 @@ Index: libvirt-1.0.3/examples/apparmor/Makefile.am + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif -Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include @@ -98,9 +98,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-1.0.3.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-1.0.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -141,9 +141,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.lib.libvirt.virt-aa-helper - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-1.0.3.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-1.0.4.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -198,10 +198,10 @@ Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in ++++ libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,58 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include @@ -261,9 +261,9 @@ Index: libvirt-1.0.3/examples/apparmor/usr.sbin.libvirtd.in + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu +Index: libvirt-1.0.4/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.0.3.orig/examples/apparmor/libvirt-qemu +--- libvirt-1.0.4.orig/examples/apparmor/libvirt-qemu +++ /dev/null @@ -1,129 +0,0 @@ -# Last Modified: Fri Mar 9 14:43:22 2012 @@ -395,10 +395,10 @@ Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu - - /usr/libexec/qemu-bridge-helper rmix, - } -Index: libvirt-1.0.3/examples/apparmor/libvirt-qemu.in +Index: libvirt-1.0.4/examples/apparmor/libvirt-qemu.in =================================================================== --- /dev/null -+++ libvirt-1.0.3/examples/apparmor/libvirt-qemu.in ++++ libvirt-1.0.4/examples/apparmor/libvirt-qemu.in @@ -0,0 +1,132 @@ +# Last Modified: Fri Mar 9 14:43:22 2012 + diff --git a/libvirt-1.0.3.tar.bz2 b/libvirt-1.0.3.tar.bz2 deleted file mode 100644 index 01dcd0b..0000000 --- a/libvirt-1.0.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8d085259072879ba1c9956dcfb4f016a7a6c938e0a06becf2a5817db4abe215a -size 16567568 diff --git a/libvirt-1.0.4.tar.bz2 b/libvirt-1.0.4.tar.bz2 new file mode 100644 index 0000000..9f5245e --- /dev/null +++ b/libvirt-1.0.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7b31e8a54faeeedad89b3328c08293150c0f12372c30c3ba8cf66aaa4730a926 +size 16764645 diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index c313363..14f9a57 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.0.3/tools/libvirt-guests.init.in +Index: libvirt-1.0.4/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.0.3.orig/tools/libvirt-guests.init.in -+++ libvirt-1.0.3/tools/libvirt-guests.init.in +--- libvirt-1.0.4.orig/tools/libvirt-guests.init.in ++++ libvirt-1.0.4/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.0.3/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.0.3/tools/libvirt-guests.sh.in +Index: libvirt-1.0.4/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.0.3.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.0.3/tools/libvirt-guests.sh.in +--- libvirt-1.0.4.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.0.4/tools/libvirt-guests.sh.in @@ -1,13 +1,12 @@ #!/bin/sh @@ -130,7 +130,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in eval_gettext "Resuming guests on \$uri URI..."; echo for guest in $list; do name=$(guest_name "$uri" "$guest") -@@ -377,7 +403,7 @@ shutdown_guests_parallel() +@@ -378,7 +404,7 @@ shutdown_guests_parallel() timeout=$(($timeout - 1)) if [ $timeout -le 0 ]; then eval_gettext "Timeout expired while shutting down domains"; echo @@ -139,7 +139,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in return fi else -@@ -405,7 +431,7 @@ stop() { +@@ -406,7 +432,7 @@ stop() { if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0" echo @@ -148,7 +148,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in return fi fi -@@ -453,14 +479,14 @@ stop() { +@@ -454,14 +480,14 @@ stop() { if [ $? -ne 0 ]; then eval_gettext "Failed to list persistent guests on \$uri" echo @@ -165,7 +165,7 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in set +f return fi -@@ -519,14 +545,13 @@ gueststatus() { +@@ -520,14 +546,13 @@ gueststatus() { rh_status() { if [ -f "$LISTFILE" ]; then gettext "stopped, with saved guests"; echo @@ -181,16 +181,16 @@ Index: libvirt-1.0.3/tools/libvirt-guests.sh.in fi } -@@ -570,4 +595,4 @@ case "$1" in +@@ -571,4 +596,4 @@ case "$1" in usage ;; esac -exit $RETVAL +rc_exit -Index: libvirt-1.0.3/tools/libvirt-guests.sysconf +Index: libvirt-1.0.4/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.0.3.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.0.3/tools/libvirt-guests.sysconf +--- libvirt-1.0.4.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.0.4/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-iptables-1.4.18.diff b/libvirt-iptables-1.4.18.diff deleted file mode 100644 index a9158f7..0000000 --- a/libvirt-iptables-1.4.18.diff +++ /dev/null @@ -1,31 +0,0 @@ -Index: b/src/util/viriptables.c -=================================================================== ---- a/src/util/viriptables.c -+++ b/src/util/viriptables.c -@@ -478,22 +478,22 @@ iptablesForwardAllowRelatedIn(iptablesCo - VIR_SOCKET_ADDR_FAMILY(netaddr), - action, - "--destination", networkstr, - "--in-interface", physdev, - "--out-interface", iface, -- "--match", "state", -- "--state", "ESTABLISHED,RELATED", -+ "--match", "conntrack", -+ "--ctstate", "ESTABLISHED,RELATED", - "--jump", "ACCEPT", - NULL); - } else { - ret = iptablesAddRemoveRule(ctx->forward_filter, - VIR_SOCKET_ADDR_FAMILY(netaddr), - action, - "--destination", networkstr, - "--out-interface", iface, -- "--match", "state", -- "--state", "ESTABLISHED,RELATED", -+ "--match", "conntrack", -+ "--ctstate", "ESTABLISHED,RELATED", - "--jump", "ACCEPT", - NULL); - } - VIR_FREE(networkstr); - return ret; diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 4296abf..2d57cf2 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.3/configure.ac +Index: libvirt-1.0.4/configure.ac =================================================================== ---- libvirt-1.0.3.orig/configure.ac -+++ libvirt-1.0.3/configure.ac +--- libvirt-1.0.4.orig/configure.ac ++++ libvirt-1.0.4/configure.ac @@ -153,6 +153,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL @@ -34,11 +34,11 @@ Index: libvirt-1.0.3/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.0.3/src/Makefile.am +Index: libvirt-1.0.4/src/Makefile.am =================================================================== ---- libvirt-1.0.3.orig/src/Makefile.am -+++ libvirt-1.0.3/src/Makefile.am -@@ -643,6 +643,10 @@ if WITH_NETCF +--- libvirt-1.0.4.orig/src/Makefile.am ++++ libvirt-1.0.4/src/Makefile.am +@@ -648,6 +648,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ Index: libvirt-1.0.3/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1130,11 +1134,16 @@ if WITH_NETCF +@@ -1133,11 +1137,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else @@ -66,11 +66,11 @@ Index: libvirt-1.0.3/src/Makefile.am if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LDFLAGS += -module -avoid-version -Index: libvirt-1.0.3/tools/virsh.c +Index: libvirt-1.0.4/tools/virsh.c =================================================================== ---- libvirt-1.0.3.orig/tools/virsh.c -+++ libvirt-1.0.3/tools/virsh.c -@@ -2812,6 +2812,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-1.0.4.orig/tools/virsh.c ++++ libvirt-1.0.4/tools/virsh.c +@@ -2800,6 +2800,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -79,10 +79,10 @@ Index: libvirt-1.0.3/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.0.3/src/interface/interface_backend_netcf.c +Index: libvirt-1.0.4/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.0.3.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.0.3/src/interface/interface_backend_netcf.c +--- libvirt-1.0.4.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.0.4/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -146,10 +146,10 @@ Index: libvirt-1.0.3/src/interface/interface_backend_netcf.c /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { -Index: libvirt-1.0.3/src/interface/interface_driver.c +Index: libvirt-1.0.4/src/interface/interface_driver.c =================================================================== ---- libvirt-1.0.3.orig/src/interface/interface_driver.c -+++ libvirt-1.0.3/src/interface/interface_driver.c +--- libvirt-1.0.4.orig/src/interface/interface_driver.c ++++ libvirt-1.0.4/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; @@ -167,10 +167,10 @@ Index: libvirt-1.0.3/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.0.3/m4/virt-netcontrol.m4 +Index: libvirt-1.0.4/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.0.3/m4/virt-netcontrol.m4 ++++ libvirt-1.0.4/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 7e63a1d..9a06439 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Apr 2 15:26:18 MDT 2013 - jfehlig@suse.com + +- Update to libvirt 1.0.4 + - qemu: support passthrough for iscsi disks + - various S390 improvements + - various LXC bugs fixes and improvements + - add API for thread cancellation + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + - Drop upstream patches: ce4557c3-apparmor-tapfd-label.patch + libvirt-iptables-1.4.18.diff + ------------------------------------------------------------------- Sun Mar 24 20:05:28 UTC 2013 - seife+obs@b1-systems.com diff --git a/libvirt.spec b/libvirt.spec index b2d4f32..b2e8a86 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -139,7 +139,7 @@ %if 0%{?suse_version} >= 1210 %define with_netcontrol 0%{!?_without_netcontrol:%{server_drivers}} %endif - +%define with_netcontrol 1 # libcapng is used to manage capabilities in 11.3 or newer. # It is also used by lxc and needs to be enabled if lxc is enabled. %if 0%{?suse_version} >= 1130 || %{with_lxc} @@ -337,7 +337,7 @@ BuildRequires: systemd Name: libvirt Url: http://libvirt.org/ -Version: 1.0.3 +Version: 1.0.4 Release: 0 Summary: A C toolkit to interact with the virtualization capabilities of Linux License: LGPL-2.1+ @@ -417,12 +417,10 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: ce4557c3-apparmor-tapfd-label.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch Patch102: xen-pv-cdrom.patch -Patch103: libvirt-iptables-1.4.18.diff # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -559,11 +557,9 @@ Authors: %prep %setup -q -%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1 -%patch103 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 65b3bf6..3b8dbc4 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.3/daemon/libvirtd.conf +Index: libvirt-1.0.4/daemon/libvirtd.conf =================================================================== ---- libvirt-1.0.3.orig/daemon/libvirtd.conf -+++ libvirt-1.0.3/daemon/libvirtd.conf +--- libvirt-1.0.4.orig/daemon/libvirtd.conf ++++ libvirt-1.0.4/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.0.3/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.0.3/daemon/libvirtd-config.c +Index: libvirt-1.0.4/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.0.3.orig/daemon/libvirtd-config.c -+++ libvirt-1.0.3/daemon/libvirtd-config.c +--- libvirt-1.0.4.orig/daemon/libvirtd-config.c ++++ libvirt-1.0.4/daemon/libvirtd-config.c @@ -233,7 +233,7 @@ daemonConfigNew(bool privileged ATTRIBUT return NULL; } diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index 9423108..9e21880 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.0.3/daemon/libvirtd.sysconf +Index: libvirt-1.0.4/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.0.3.orig/daemon/libvirtd.sysconf -+++ libvirt-1.0.3/daemon/libvirtd.sysconf +--- libvirt-1.0.4.orig/daemon/libvirtd.sysconf ++++ libvirt-1.0.4/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/relax-qemu-usergroup-check.patch b/relax-qemu-usergroup-check.patch index 8f14a05..92d5af1 100644 --- a/relax-qemu-usergroup-check.patch +++ b/relax-qemu-usergroup-check.patch @@ -7,10 +7,10 @@ drivers as loadable modules instead of built-in to the daemon. Then the qemu driver would only be loaded when needed, which would never be the case on a xen-only configuration. -Index: libvirt-1.0.3/src/qemu/qemu_conf.c +Index: libvirt-1.0.4/src/qemu/qemu_conf.c =================================================================== ---- libvirt-1.0.3.orig/src/qemu/qemu_conf.c -+++ libvirt-1.0.3/src/qemu/qemu_conf.c +--- libvirt-1.0.4.orig/src/qemu/qemu_conf.c ++++ libvirt-1.0.4/src/qemu/qemu_conf.c @@ -439,15 +439,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD p = virConfGetValue(conf, "user"); diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index 55a7338..a745271 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,10 +8,10 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c +Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.3.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.3/src/xenxs/xen_sxpr.c +--- libvirt-1.0.4.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.0.4/src/xenxs/xen_sxpr.c @@ -1035,6 +1035,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; @@ -77,10 +77,10 @@ Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c xenFormatSxprPCI(def->hostdevs[i], buf); } } -Index: libvirt-1.0.3/src/xenxs/xen_xm.c +Index: libvirt-1.0.4/src/xenxs/xen_xm.c =================================================================== ---- libvirt-1.0.3.orig/src/xenxs/xen_xm.c -+++ libvirt-1.0.3/src/xenxs/xen_xm.c +--- libvirt-1.0.4.orig/src/xenxs/xen_xm.c ++++ libvirt-1.0.4/src/xenxs/xen_xm.c @@ -815,6 +815,8 @@ xenParseXM(virConfPtr conf, int xendConf int busID; int slotID; diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 19c7cd7..88204c5 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.3/src/qemu/qemu.conf +Index: libvirt-1.0.4/src/qemu/qemu.conf =================================================================== ---- libvirt-1.0.3.orig/src/qemu/qemu.conf -+++ libvirt-1.0.3/src/qemu/qemu.conf +--- libvirt-1.0.4.orig/src/qemu/qemu.conf ++++ libvirt-1.0.4/src/qemu/qemu.conf @@ -169,7 +169,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index fdaecba..7aba627 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.0.3/src/locking/virtlockd.sysconf +Index: libvirt-1.0.4/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.0.3.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.0.3/src/locking/virtlockd.sysconf +--- libvirt-1.0.4.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.0.4/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ Index: libvirt-1.0.3/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.0.3/src/locking/virtlockd.init.in +Index: libvirt-1.0.4/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.0.3.orig/src/locking/virtlockd.init.in -+++ libvirt-1.0.3/src/locking/virtlockd.init.in +--- libvirt-1.0.4.orig/src/locking/virtlockd.init.in ++++ libvirt-1.0.4/src/locking/virtlockd.init.in @@ -4,11 +4,13 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index 2d67583..dda081e 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.0.3/src/xen/xend_internal.c +Index: libvirt-1.0.4/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.3.orig/src/xen/xend_internal.c -+++ libvirt-1.0.3/src/xen/xend_internal.c +--- libvirt-1.0.4.orig/src/xen/xend_internal.c ++++ libvirt-1.0.4/src/xen/xend_internal.c @@ -60,8 +60,8 @@ #define XEND_RCV_BUF_MAX_LEN (256 * 1024) diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index d766497..ddf6203 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.3/src/xenxs/xen_sxpr.c +Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.3.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.3/src/xenxs/xen_sxpr.c +--- libvirt-1.0.4.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.0.4/src/xenxs/xen_sxpr.c @@ -341,7 +341,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, From 5c86ebdadaac33685eb19b71c8c8c94256cc876102227aa8f0d783d77912c5df Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Tue, 2 Apr 2013 22:01:29 +0000 Subject: [PATCH 2/6] remove inadvertent change in spec file OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=260 --- libvirt.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.spec b/libvirt.spec index b2e8a86..dac23f4 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -139,7 +139,7 @@ %if 0%{?suse_version} >= 1210 %define with_netcontrol 0%{!?_without_netcontrol:%{server_drivers}} %endif -%define with_netcontrol 1 + # libcapng is used to manage capabilities in 11.3 or newer. # It is also used by lxc and needs to be enabled if lxc is enabled. %if 0%{?suse_version} >= 1130 || %{with_lxc} From 9f17752b708c9afb535fabdf56f649c92b6343a562b627c492e3869d6e22700a Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 2 May 2013 19:17:46 +0000 Subject: [PATCH 3/6] - Update to libvirt 1.0.5 - PPC64: Add NVRAM device - Add XML config for resource partitions - Add support for TPM - NPIV storage migration support - Many incremental improvements and bug fixes, see http://libvirt.org/news.html OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=261 --- clone.patch | 12 +++---- fix-pci-attach-xen-driver.patch | 6 ++-- install-apparmor-profiles.patch | 30 ++++++++--------- libvirt-1.0.4.tar.bz2 | 3 -- libvirt-1.0.5.tar.bz2 | 3 ++ libvirt-guests-init-script.patch | 25 ++++++++------- libvirt-suse-netcontrol.patch | 48 ++++++++++++++-------------- libvirt.changes | 11 +++++++ libvirt.spec | 9 +++++- libvirtd-defaults.patch | 12 +++---- libvirtd-init-script.patch | 6 ++-- relax-qemu-usergroup-check.patch | 8 ++--- support-managed-pci-xen-driver.patch | 47 ++++++++++++++------------- suse-qemu-conf.patch | 8 ++--- virtlockd-init-script.patch | 12 +++---- xen-name-for-devid.patch | 35 ++++++++++---------- xen-pv-cdrom.patch | 6 ++-- 17 files changed, 150 insertions(+), 131 deletions(-) delete mode 100644 libvirt-1.0.4.tar.bz2 create mode 100644 libvirt-1.0.5.tar.bz2 diff --git a/clone.patch b/clone.patch index 41e4a4a..81c862c 100644 --- a/clone.patch +++ b/clone.patch @@ -2,7 +2,7 @@ Index: src/lxc/lxc_container.c =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c -@@ -139,6 +139,7 @@ int lxcContainerHasReboot(void) +@@ -138,6 +138,7 @@ int lxcContainerHasReboot(void) int cmd, v; int status; char *tmp; @@ -10,7 +10,7 @@ Index: src/lxc/lxc_container.c if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0) return -1; -@@ -155,14 +156,21 @@ int lxcContainerHasReboot(void) +@@ -154,14 +155,21 @@ int lxcContainerHasReboot(void) VIR_FREE(buf); cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF; @@ -34,7 +34,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", -@@ -2417,6 +2425,9 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2116,6 +2124,9 @@ int lxcContainerStart(virDomainDefPtr de ttyPaths, nttyPaths, handshakefd}; /* allocate a stack for the container */ @@ -44,7 +44,7 @@ Index: src/lxc/lxc_container.c if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; -@@ -2436,7 +2447,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -2134,7 +2145,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } @@ -56,7 +56,7 @@ Index: src/lxc/lxc_container.c VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -2462,6 +2477,7 @@ int lxcContainerAvailable(int features) +@@ -2160,6 +2175,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; @@ -64,7 +64,7 @@ Index: src/lxc/lxc_container.c if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; -@@ -2469,14 +2485,21 @@ int lxcContainerAvailable(int features) +@@ -2167,14 +2183,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; diff --git a/fix-pci-attach-xen-driver.patch b/fix-pci-attach-xen-driver.patch index 6fa8fcd..5512b17 100644 --- a/fix-pci-attach-xen-driver.patch +++ b/fix-pci-attach-xen-driver.patch @@ -8,10 +8,10 @@ uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. -Index: libvirt-1.0.4/src/xen/xend_internal.c +Index: libvirt-1.0.5/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.4.orig/src/xen/xend_internal.c -+++ libvirt-1.0.4/src/xen/xend_internal.c +--- libvirt-1.0.5.orig/src/xen/xend_internal.c ++++ libvirt-1.0.5/src/xen/xend_internal.c @@ -2473,6 +2473,7 @@ xenDaemonAttachDeviceFlags(virDomainPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch index d10d9a1..452f21a 100644 --- a/install-apparmor-profiles.patch +++ b/install-apparmor-profiles.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.4/examples/apparmor/Makefile.am +Index: libvirt-1.0.5/examples/apparmor/Makefile.am =================================================================== ---- libvirt-1.0.4.orig/examples/apparmor/Makefile.am -+++ libvirt-1.0.4/examples/apparmor/Makefile.am +--- libvirt-1.0.5.orig/examples/apparmor/Makefile.am ++++ libvirt-1.0.5/examples/apparmor/Makefile.am @@ -1,8 +1,45 @@ ## Copyright (C) 2005-2011 Red Hat, Inc. ## See COPYING.LIB for the License of this software @@ -53,10 +53,10 @@ Index: libvirt-1.0.4/examples/apparmor/Makefile.am + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif -Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include @@ -98,9 +98,9 @@ Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-1.0.5/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-1.0.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-1.0.5.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -141,9 +141,9 @@ Index: libvirt-1.0.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-1.0.4.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-1.0.5.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -198,10 +198,10 @@ Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd.in ++++ libvirt-1.0.5/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,58 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include @@ -261,9 +261,9 @@ Index: libvirt-1.0.4/examples/apparmor/usr.sbin.libvirtd.in + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-1.0.4/examples/apparmor/libvirt-qemu +Index: libvirt-1.0.5/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-1.0.4.orig/examples/apparmor/libvirt-qemu +--- libvirt-1.0.5.orig/examples/apparmor/libvirt-qemu +++ /dev/null @@ -1,129 +0,0 @@ -# Last Modified: Fri Mar 9 14:43:22 2012 @@ -395,10 +395,10 @@ Index: libvirt-1.0.4/examples/apparmor/libvirt-qemu - - /usr/libexec/qemu-bridge-helper rmix, - } -Index: libvirt-1.0.4/examples/apparmor/libvirt-qemu.in +Index: libvirt-1.0.5/examples/apparmor/libvirt-qemu.in =================================================================== --- /dev/null -+++ libvirt-1.0.4/examples/apparmor/libvirt-qemu.in ++++ libvirt-1.0.5/examples/apparmor/libvirt-qemu.in @@ -0,0 +1,132 @@ +# Last Modified: Fri Mar 9 14:43:22 2012 + diff --git a/libvirt-1.0.4.tar.bz2 b/libvirt-1.0.4.tar.bz2 deleted file mode 100644 index 9f5245e..0000000 --- a/libvirt-1.0.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7b31e8a54faeeedad89b3328c08293150c0f12372c30c3ba8cf66aaa4730a926 -size 16764645 diff --git a/libvirt-1.0.5.tar.bz2 b/libvirt-1.0.5.tar.bz2 new file mode 100644 index 0000000..69f487b --- /dev/null +++ b/libvirt-1.0.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd0ba7e6866c35a7df15d88526c1c1fb1de12b8ad577cc92aa3eb1f859e9f3b5 +size 17170054 diff --git a/libvirt-guests-init-script.patch b/libvirt-guests-init-script.patch index 14f9a57..8d4bdda 100644 --- a/libvirt-guests-init-script.patch +++ b/libvirt-guests-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirt-guests init files to conform to SUSE standards -Index: libvirt-1.0.4/tools/libvirt-guests.init.in +Index: libvirt-1.0.5/tools/libvirt-guests.init.in =================================================================== ---- libvirt-1.0.4.orig/tools/libvirt-guests.init.in -+++ libvirt-1.0.4/tools/libvirt-guests.init.in +--- libvirt-1.0.5.orig/tools/libvirt-guests.init.in ++++ libvirt-1.0.5/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # @@ -28,10 +28,10 @@ Index: libvirt-1.0.4/tools/libvirt-guests.init.in ### END INIT INFO # the following is chkconfig init header -Index: libvirt-1.0.4/tools/libvirt-guests.sh.in +Index: libvirt-1.0.5/tools/libvirt-guests.sh.in =================================================================== ---- libvirt-1.0.4.orig/tools/libvirt-guests.sh.in -+++ libvirt-1.0.4/tools/libvirt-guests.sh.in +--- libvirt-1.0.5.orig/tools/libvirt-guests.sh.in ++++ libvirt-1.0.5/tools/libvirt-guests.sh.in @@ -1,13 +1,12 @@ #!/bin/sh @@ -174,23 +174,24 @@ Index: libvirt-1.0.4/tools/libvirt-guests.sh.in else if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then gettext "started"; echo +- RETVAL=0 else gettext "stopped, with no saved guests"; echo +- RETVAL=3 ++ rc_failed 3 fi -- RETVAL=0 fi } - -@@ -571,4 +596,4 @@ case "$1" in +@@ -572,4 +597,4 @@ case "$1" in usage ;; esac -exit $RETVAL +rc_exit -Index: libvirt-1.0.4/tools/libvirt-guests.sysconf +Index: libvirt-1.0.5/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-1.0.4.orig/tools/libvirt-guests.sysconf -+++ libvirt-1.0.4/tools/libvirt-guests.sysconf +--- libvirt-1.0.5.orig/tools/libvirt-guests.sysconf ++++ libvirt-1.0.5/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + diff --git a/libvirt-suse-netcontrol.patch b/libvirt-suse-netcontrol.patch index 2d57cf2..65f5de9 100644 --- a/libvirt-suse-netcontrol.patch +++ b/libvirt-suse-netcontrol.patch @@ -1,8 +1,8 @@ -Index: libvirt-1.0.4/configure.ac +Index: libvirt-1.0.5/configure.ac =================================================================== ---- libvirt-1.0.4.orig/configure.ac -+++ libvirt-1.0.4/configure.ac -@@ -153,6 +153,7 @@ LIBVIRT_CHECK_DBUS +--- libvirt-1.0.5.orig/configure.ac ++++ libvirt-1.0.5/configure.ac +@@ -159,6 +159,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF @@ -10,7 +10,7 @@ Index: libvirt-1.0.4/configure.ac LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2199,11 +2200,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2205,11 +2206,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ Index: libvirt-1.0.4/configure.ac esac if test "$with_interface" = "yes" ; then -@@ -2473,6 +2475,7 @@ LIBVIRT_RESULT_DBUS +@@ -2488,6 +2490,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -34,11 +34,11 @@ Index: libvirt-1.0.4/configure.ac LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS -Index: libvirt-1.0.4/src/Makefile.am +Index: libvirt-1.0.5/src/Makefile.am =================================================================== ---- libvirt-1.0.4.orig/src/Makefile.am -+++ libvirt-1.0.4/src/Makefile.am -@@ -648,6 +648,10 @@ if WITH_NETCF +--- libvirt-1.0.5.orig/src/Makefile.am ++++ libvirt-1.0.5/src/Makefile.am +@@ -715,6 +715,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ Index: libvirt-1.0.4/src/Makefile.am if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1133,11 +1137,16 @@ if WITH_NETCF +@@ -1200,11 +1204,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else @@ -66,11 +66,11 @@ Index: libvirt-1.0.4/src/Makefile.am if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LDFLAGS += -module -avoid-version -Index: libvirt-1.0.4/tools/virsh.c +Index: libvirt-1.0.5/tools/virsh.c =================================================================== ---- libvirt-1.0.4.orig/tools/virsh.c -+++ libvirt-1.0.4/tools/virsh.c -@@ -2800,6 +2800,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-1.0.5.orig/tools/virsh.c ++++ libvirt-1.0.5/tools/virsh.c +@@ -2888,6 +2888,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); @@ -79,10 +79,10 @@ Index: libvirt-1.0.4/tools/virsh.c # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif -Index: libvirt-1.0.4/src/interface/interface_backend_netcf.c +Index: libvirt-1.0.5/src/interface/interface_backend_netcf.c =================================================================== ---- libvirt-1.0.4.orig/src/interface/interface_backend_netcf.c -+++ libvirt-1.0.4/src/interface/interface_backend_netcf.c +--- libvirt-1.0.5.orig/src/interface/interface_backend_netcf.c ++++ libvirt-1.0.5/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include @@ -135,7 +135,7 @@ Index: libvirt-1.0.4/src/interface/interface_backend_netcf.c static int netcf_to_vir_err(int netcf_errcode) { switch (netcf_errcode) -@@ -137,6 +173,10 @@ static virDrvOpenStatus interfaceOpenInt +@@ -137,6 +173,10 @@ static virDrvOpenStatus netcfInterfaceOp goto mutex_error; } @@ -146,10 +146,10 @@ Index: libvirt-1.0.4/src/interface/interface_backend_netcf.c /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { -Index: libvirt-1.0.4/src/interface/interface_driver.c +Index: libvirt-1.0.5/src/interface/interface_driver.c =================================================================== ---- libvirt-1.0.4.orig/src/interface/interface_driver.c -+++ libvirt-1.0.4/src/interface/interface_driver.c +--- libvirt-1.0.5.orig/src/interface/interface_driver.c ++++ libvirt-1.0.5/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; @@ -167,10 +167,10 @@ Index: libvirt-1.0.4/src/interface/interface_driver.c if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ -Index: libvirt-1.0.4/m4/virt-netcontrol.m4 +Index: libvirt-1.0.5/m4/virt-netcontrol.m4 =================================================================== --- /dev/null -+++ libvirt-1.0.4/m4/virt-netcontrol.m4 ++++ libvirt-1.0.5/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl diff --git a/libvirt.changes b/libvirt.changes index 9a06439..4936efe 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu May 2 13:14:00 MDT 2013 - jfehlig@suse.com + +- Update to libvirt 1.0.5 + - PPC64: Add NVRAM device + - Add XML config for resource partitions + - Add support for TPM + - NPIV storage migration support + - Many incremental improvements and bug fixes, see + http://libvirt.org/news.html + ------------------------------------------------------------------- Tue Apr 2 15:26:18 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index dac23f4..a9868c1 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -334,10 +334,16 @@ BuildRequires: sanlock-devel >= 2.4 %if %{with_systemd} BuildRequires: systemd %endif +%if %{with_libvirtd} +%if 0%{?suse_version} >= 1210 +# For pool-build probing for existing pools +BuildRequires: libblkid-devel >= 2.17 +%endif +%endif Name: libvirt Url: http://libvirt.org/ -Version: 1.0.4 +Version: 1.0.5 Release: 0 Summary: A C toolkit to interact with the virtualization capabilities of Linux License: LGPL-2.1+ @@ -1066,6 +1072,7 @@ fi %{_datadir}/libvirt/schemas/storagepool.rng %{_datadir}/libvirt/schemas/storagevol.rng %{_datadir}/libvirt/cpu_map.xml +%{_datadir}/libvirt/libvirtLogo.png %if %{with_sasl} %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf %endif diff --git a/libvirtd-defaults.patch b/libvirtd-defaults.patch index 3b8dbc4..7ee54b2 100644 --- a/libvirtd-defaults.patch +++ b/libvirtd-defaults.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.4/daemon/libvirtd.conf +Index: libvirt-1.0.5/daemon/libvirtd.conf =================================================================== ---- libvirt-1.0.4.orig/daemon/libvirtd.conf -+++ libvirt-1.0.4/daemon/libvirtd.conf +--- libvirt-1.0.5.orig/daemon/libvirtd.conf ++++ libvirt-1.0.5/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -13,10 +13,10 @@ Index: libvirt-1.0.4/daemon/libvirtd.conf # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to -Index: libvirt-1.0.4/daemon/libvirtd-config.c +Index: libvirt-1.0.5/daemon/libvirtd-config.c =================================================================== ---- libvirt-1.0.4.orig/daemon/libvirtd-config.c -+++ libvirt-1.0.4/daemon/libvirtd-config.c +--- libvirt-1.0.5.orig/daemon/libvirtd-config.c ++++ libvirt-1.0.5/daemon/libvirtd-config.c @@ -233,7 +233,7 @@ daemonConfigNew(bool privileged ATTRIBUT return NULL; } diff --git a/libvirtd-init-script.patch b/libvirtd-init-script.patch index 9e21880..56d469c 100644 --- a/libvirtd-init-script.patch +++ b/libvirtd-init-script.patch @@ -1,9 +1,9 @@ Adjust libvirtd sysconfig file to conform to SUSE standards -Index: libvirt-1.0.4/daemon/libvirtd.sysconf +Index: libvirt-1.0.5/daemon/libvirtd.sysconf =================================================================== ---- libvirt-1.0.4.orig/daemon/libvirtd.sysconf -+++ libvirt-1.0.4/daemon/libvirtd.sysconf +--- libvirt-1.0.5.orig/daemon/libvirtd.sysconf ++++ libvirt-1.0.5/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + diff --git a/relax-qemu-usergroup-check.patch b/relax-qemu-usergroup-check.patch index 92d5af1..a5025f4 100644 --- a/relax-qemu-usergroup-check.patch +++ b/relax-qemu-usergroup-check.patch @@ -7,11 +7,11 @@ drivers as loadable modules instead of built-in to the daemon. Then the qemu driver would only be loaded when needed, which would never be the case on a xen-only configuration. -Index: libvirt-1.0.4/src/qemu/qemu_conf.c +Index: libvirt-1.0.5/src/qemu/qemu_conf.c =================================================================== ---- libvirt-1.0.4.orig/src/qemu/qemu_conf.c -+++ libvirt-1.0.4/src/qemu/qemu_conf.c -@@ -439,15 +439,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD +--- libvirt-1.0.5.orig/src/qemu/qemu_conf.c ++++ libvirt-1.0.5/src/qemu/qemu_conf.c +@@ -435,15 +435,15 @@ int virQEMUDriverConfigLoadFile(virQEMUD p = virConfGetValue(conf, "user"); CHECK_TYPE("user", VIR_CONF_STRING); diff --git a/support-managed-pci-xen-driver.patch b/support-managed-pci-xen-driver.patch index a745271..83a463c 100644 --- a/support-managed-pci-xen-driver.patch +++ b/support-managed-pci-xen-driver.patch @@ -8,15 +8,15 @@ Subject: [PATCH] support managed pci devices in xen driver src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) -Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c +Index: libvirt-1.0.5/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.4.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.4/src/xenxs/xen_sxpr.c +--- libvirt-1.0.5.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.0.5/src/xenxs/xen_sxpr.c @@ -1035,6 +1035,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; int funcID; -+ int managed; ++ bool managed; node = cur->u.s.car; if (!sexpr_lookup(node, "dev")) @@ -30,28 +30,29 @@ Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c goto error; dev->mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS; -- dev->managed = 0; -+ dev->managed = managed; +- dev->managed = false; ++ dev->managed = managed ? true : false; dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; - dev->source.subsys.u.pci.domain = domainID; - dev->source.subsys.u.pci.bus = busID; -@@ -2044,11 +2047,14 @@ static void + dev->source.subsys.u.pci.addr.domain = domainID; + dev->source.subsys.u.pci.addr.bus = busID; +@@ -2042,11 +2045,15 @@ static void xenFormatSxprPCI(virDomainHostdevDefPtr def, virBufferPtr buf) { - virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x))", + virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x)", - def->source.subsys.u.pci.domain, - def->source.subsys.u.pci.bus, - def->source.subsys.u.pci.slot, - def->source.subsys.u.pci.function); + def->source.subsys.u.pci.addr.domain, + def->source.subsys.u.pci.addr.bus, + def->source.subsys.u.pci.addr.slot, + def->source.subsys.u.pci.addr.function); ++ + if (def->managed) + virBufferAddLit(buf, "(opts (managed 1))"); + virBufferAddLit(buf, ")"); } -@@ -2067,12 +2073,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP +@@ -2065,12 +2072,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP virBufferPtr buf, int detach) { @@ -64,7 +65,7 @@ Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c virBufferAddLit(buf, "(pci "); xenFormatSxprPCI(def, buf); if (detach) -@@ -2127,12 +2127,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, +@@ -2125,12 +2126,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, for (i = 0 ; i < def->nhostdevs ; i++) { if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { @@ -77,16 +78,16 @@ Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c xenFormatSxprPCI(def->hostdevs[i], buf); } } -Index: libvirt-1.0.4/src/xenxs/xen_xm.c +Index: libvirt-1.0.5/src/xenxs/xen_xm.c =================================================================== ---- libvirt-1.0.4.orig/src/xenxs/xen_xm.c -+++ libvirt-1.0.4/src/xenxs/xen_xm.c +--- libvirt-1.0.5.orig/src/xenxs/xen_xm.c ++++ libvirt-1.0.5/src/xenxs/xen_xm.c @@ -815,6 +815,8 @@ xenParseXM(virConfPtr conf, int xendConf int busID; int slotID; int funcID; + char *opt; -+ int managed=0; ++ int managed = 0; domain[0] = bus[0] = slot[0] = func[0] = '\0'; @@ -129,8 +130,8 @@ Index: libvirt-1.0.4/src/xenxs/xen_xm.c if (!(hostdev = virDomainHostdevDefAlloc())) goto cleanup; -- hostdev->managed = 0; -+ hostdev->managed = managed; +- hostdev->managed = false; ++ hostdev->managed = managed ? true : false; hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; - hostdev->source.subsys.u.pci.domain = domainID; - hostdev->source.subsys.u.pci.bus = busID; + hostdev->source.subsys.u.pci.addr.domain = domainID; + hostdev->source.subsys.u.pci.addr.bus = busID; diff --git a/suse-qemu-conf.patch b/suse-qemu-conf.patch index 88204c5..cd9f95e 100644 --- a/suse-qemu-conf.patch +++ b/suse-qemu-conf.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.4/src/qemu/qemu.conf +Index: libvirt-1.0.5/src/qemu/qemu.conf =================================================================== ---- libvirt-1.0.4.orig/src/qemu/qemu.conf -+++ libvirt-1.0.4/src/qemu/qemu.conf +--- libvirt-1.0.5.orig/src/qemu/qemu.conf ++++ libvirt-1.0.5/src/qemu/qemu.conf @@ -169,7 +169,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. @@ -19,7 +19,7 @@ Index: libvirt-1.0.4/src/qemu/qemu.conf # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests -@@ -357,6 +366,15 @@ +@@ -365,6 +374,15 @@ #allow_disk_format_probing = 1 diff --git a/virtlockd-init-script.patch b/virtlockd-init-script.patch index 7aba627..959c221 100644 --- a/virtlockd-init-script.patch +++ b/virtlockd-init-script.patch @@ -1,9 +1,9 @@ Adjust virtlockd init files to conform to SUSE standards -Index: libvirt-1.0.4/src/locking/virtlockd.sysconf +Index: libvirt-1.0.5/src/locking/virtlockd.sysconf =================================================================== ---- libvirt-1.0.4.orig/src/locking/virtlockd.sysconf -+++ libvirt-1.0.4/src/locking/virtlockd.sysconf +--- libvirt-1.0.5.orig/src/locking/virtlockd.sysconf ++++ libvirt-1.0.5/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + @@ -12,10 +12,10 @@ Index: libvirt-1.0.4/src/locking/virtlockd.sysconf # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= -Index: libvirt-1.0.4/src/locking/virtlockd.init.in +Index: libvirt-1.0.5/src/locking/virtlockd.init.in =================================================================== ---- libvirt-1.0.4.orig/src/locking/virtlockd.init.in -+++ libvirt-1.0.4/src/locking/virtlockd.init.in +--- libvirt-1.0.5.orig/src/locking/virtlockd.init.in ++++ libvirt-1.0.5/src/locking/virtlockd.init.in @@ -4,11 +4,13 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-generic.html#INITSCRCOMCONV # diff --git a/xen-name-for-devid.patch b/xen-name-for-devid.patch index dda081e..df36a2d 100644 --- a/xen-name-for-devid.patch +++ b/xen-name-for-devid.patch @@ -14,10 +14,10 @@ is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-1.0.4/src/xen/xend_internal.c +Index: libvirt-1.0.5/src/xen/xend_internal.c =================================================================== ---- libvirt-1.0.4.orig/src/xen/xend_internal.c -+++ libvirt-1.0.4/src/xen/xend_internal.c +--- libvirt-1.0.5.orig/src/xen/xend_internal.c ++++ libvirt-1.0.5/src/xen/xend_internal.c @@ -60,8 +60,8 @@ #define XEND_RCV_BUF_MAX_LEN (256 * 1024) @@ -48,7 +48,7 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c _("requested device does not exist")); goto cleanup; @@ -2790,7 +2790,7 @@ xenDaemonDetachDeviceFlags(virDomainPtr - def, xml, VIR_DOMAIN_XML_INACTIVE))) + VIR_DOMAIN_XML_INACTIVE))) goto cleanup; - if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) @@ -56,7 +56,7 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c goto cleanup; if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) { -@@ -3682,21 +3682,22 @@ struct xenUnifiedDriver xenDaemonDriver +@@ -3682,31 +3682,32 @@ struct xenUnifiedDriver xenDaemonDriver /** * virDomainXMLDevID: * @domain: pointer to domain object @@ -83,10 +83,10 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c virDomainDeviceDefPtr dev, char *class, char *ref, -@@ -3704,9 +3705,11 @@ virDomainXMLDevID(virDomainPtr domain, + int ref_len) { - xenUnifiedPrivatePtr priv = domain->conn->privateData; - char *xref; +- xenUnifiedPrivatePtr priv = domain->conn->privateData; +- char *xref; - char *tmp; + unsigned int i; @@ -96,7 +96,7 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c if (dev->data.disk->driverName && STREQ(dev->data.disk->driverName, "tap")) strcpy(class, "tap"); -@@ -3716,19 +3719,17 @@ virDomainXMLDevID(virDomainPtr domain, +@@ -3716,19 +3717,17 @@ virDomainXMLDevID(virDomainPtr domain, else strcpy(class, "vbd"); @@ -125,15 +125,14 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c + } + return -1; } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { - char mac[30]; + char mac[VIR_MAC_STRING_BUFLEN]; virDomainNetDefPtr def = dev->data.net; -@@ -3738,17 +3739,22 @@ virDomainXMLDevID(virDomainPtr domain, +@@ -3736,16 +3735,22 @@ virDomainXMLDevID(virDomainPtr domain, strcpy(class, "vif"); - xenUnifiedLock(priv); -- xref = xenStoreDomainGetNetworkID(domain->conn, domain->id, -- mac); +- xref = xenStoreDomainGetNetworkID(domain->conn, domain->id, mac); - xenUnifiedUnlock(priv); - if (xref == NULL) - return -1; @@ -161,7 +160,7 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { -@@ -3766,17 +3772,44 @@ virDomainXMLDevID(virDomainPtr domain, +@@ -3763,17 +3768,44 @@ virDomainXMLDevID(virDomainPtr domain, strcpy(class, "pci"); @@ -182,10 +181,10 @@ Index: libvirt-1.0.4/src/xen/xend_internal.c + continue; + + if (virAsprintf(&dst_bdf, "%04x:%02x:%02x.%0x", -+ hostdev->source.subsys.u.pci.domain, -+ hostdev->source.subsys.u.pci.bus, -+ hostdev->source.subsys.u.pci.slot, -+ hostdev->source.subsys.u.pci.function) < 0) { ++ hostdev->source.subsys.u.pci.addr.domain, ++ hostdev->source.subsys.u.pci.addr.bus, ++ hostdev->source.subsys.u.pci.addr.slot, ++ hostdev->source.subsys.u.pci.addr.function) < 0) { + virReportOOMError(); + VIR_FREE(bdf); + return -1; diff --git a/xen-pv-cdrom.patch b/xen-pv-cdrom.patch index ddf6203..45d2945 100644 --- a/xen-pv-cdrom.patch +++ b/xen-pv-cdrom.patch @@ -1,7 +1,7 @@ -Index: libvirt-1.0.4/src/xenxs/xen_sxpr.c +Index: libvirt-1.0.5/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-1.0.4.orig/src/xenxs/xen_sxpr.c -+++ libvirt-1.0.4/src/xenxs/xen_sxpr.c +--- libvirt-1.0.5.orig/src/xenxs/xen_sxpr.c ++++ libvirt-1.0.5/src/xenxs/xen_sxpr.c @@ -341,7 +341,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, From 63e2ee1ac4f254894b6cf0218744effbc68869b242363c1f941869bcce24e8c1 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 13 May 2013 15:33:43 +0000 Subject: [PATCH 4/6] - Fix starting domains when kernel has no cgroups support bbe97ae9-no-cgroups.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=262 --- bbe97ae9-no-cgroups.patch | 102 ++++++++++++++++++++++++++++++++++++++ libvirt.changes | 6 +++ libvirt.spec | 2 + 3 files changed, 110 insertions(+) create mode 100644 bbe97ae9-no-cgroups.patch diff --git a/bbe97ae9-no-cgroups.patch b/bbe97ae9-no-cgroups.patch new file mode 100644 index 0000000..c3c4158 --- /dev/null +++ b/bbe97ae9-no-cgroups.patch @@ -0,0 +1,102 @@ +commit bbe97ae968eba60b71e0066d49f9fc909966d9d6 +Author: Jim Fehlig +Date: Fri May 10 12:05:00 2013 -0600 + + Fix starting domains when kernel has no cgroups support + + Found that I was unable to start existing domains after updating + to a kernel with no cgroups support + + # zgrep CGROUP /proc/config.gz + # CONFIG_CGROUPS is not set + # virsh start test + error: Failed to start domain test + error: Unable to initialize /machine cgroup: Cannot allocate memory + + virCgroupPartitionNeedsEscaping() correctly returns errno (ENOENT) when + attempting to open /proc/cgroups on such a system, but it was being + dropped in virCgroupSetPartitionSuffix(). + + Change virCgroupSetPartitionSuffix() to propagate errors returned by + its callees. Also check for ENOENT in qemuInitCgroup() when determining + if cgroups support is available. + +Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c +=================================================================== +--- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c ++++ libvirt-1.0.5/src/qemu/qemu_cgroup.c +@@ -445,7 +445,8 @@ int qemuInitCgroup(virQEMUDriverPtr driv + if (rc != 0) { + if (rc == -ENXIO || + rc == -EPERM || +- rc == -EACCES) { /* No cgroups mounts == success */ ++ rc == -EACCES || ++ rc == -ENOENT) { /* No cgroups mounts == success */ + VIR_DEBUG("No cgroups present/configured/accessible, ignoring error"); + goto done; + } +Index: libvirt-1.0.5/src/util/vircgroup.c +=================================================================== +--- libvirt-1.0.5.orig/src/util/vircgroup.c ++++ libvirt-1.0.5/src/util/vircgroup.c +@@ -1167,14 +1167,14 @@ static int virCgroupPartitionEscape(char + return 0; + } + +-static char *virCgroupSetPartitionSuffix(const char *path) ++static int virCgroupSetPartitionSuffix(const char *path, char **res) + { + char **tokens = virStringSplit(path, "/", 0); + size_t i; +- char *ret = NULL; ++ int ret = -1; + + if (!tokens) +- return NULL; ++ return ret; + + for (i = 0 ; tokens[i] != NULL ; i++) { + /* Whitelist the 3 top level fixed dirs +@@ -1193,20 +1193,27 @@ static char *virCgroupSetPartitionSuffix + !strchr(tokens[i], '.')) { + if (VIR_REALLOC_N(tokens[i], + strlen(tokens[i]) + strlen(".partition") + 1) < 0) { ++ ret = -ENOMEM; + virReportOOMError(); + goto cleanup; + } + strcat(tokens[i], ".partition"); + } + +- if (virCgroupPartitionEscape(&(tokens[i])) < 0) { +- virReportOOMError(); ++ ret = virCgroupPartitionEscape(&(tokens[i])); ++ if (ret < 0) { ++ if (ret == -ENOMEM) ++ virReportOOMError(); + goto cleanup; + } + } + +- if (!(ret = virStringJoin((const char **)tokens, "/"))) ++ if (!(*res = virStringJoin((const char **)tokens, "/"))) { ++ ret = -ENOMEM; + goto cleanup; ++ } ++ ++ ret = 0; + + cleanup: + virStringFreeList(tokens); +@@ -1241,9 +1248,9 @@ int virCgroupNewPartition(const char *pa + + /* XXX convert all cgroups APIs to use error report + * APIs instead of returning errno */ +- if (!(newpath = virCgroupSetPartitionSuffix(path))) { ++ rc = virCgroupSetPartitionSuffix(path, &newpath); ++ if (rc < 0) { + virResetLastError(); +- rc = -ENOMEM; + goto cleanup; + } + diff --git a/libvirt.changes b/libvirt.changes index 4936efe..1d10083 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 13 09:32:56 MDT 2013 - jfehlig@suse.com + +- Fix starting domains when kernel has no cgroups support + bbe97ae9-no-cgroups.patch + ------------------------------------------------------------------- Thu May 2 13:14:00 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index a9868c1..9b66118 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -423,6 +423,7 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches +Patch0: bbe97ae9-no-cgroups.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -563,6 +564,7 @@ Authors: %prep %setup -q +%patch0 -p1 %patch100 -p1 %patch101 %patch102 -p1 From d820fe0d4089adffd943401da67fcdc7d5b6b9d26a1d13d2ba972bf8a5f7a2e1 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Thu, 16 May 2013 22:26:04 +0000 Subject: [PATCH 5/6] - Fix botched backport of commit bbe97ae9 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=263 --- bbe97ae9-no-cgroups.patch | 2 +- libvirt.changes | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/bbe97ae9-no-cgroups.patch b/bbe97ae9-no-cgroups.patch index c3c4158..e98256c 100644 --- a/bbe97ae9-no-cgroups.patch +++ b/bbe97ae9-no-cgroups.patch @@ -25,7 +25,7 @@ Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c =================================================================== --- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c +++ libvirt-1.0.5/src/qemu/qemu_cgroup.c -@@ -445,7 +445,8 @@ int qemuInitCgroup(virQEMUDriverPtr driv +@@ -415,7 +415,8 @@ int qemuInitCgroup(virQEMUDriverPtr driv if (rc != 0) { if (rc == -ENXIO || rc == -EPERM || diff --git a/libvirt.changes b/libvirt.changes index 1d10083..8508803 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu May 16 16:25:13 MDT 2013 - jfehlig@suse.com + +- Fix botched backport of commit bbe97ae9 + ------------------------------------------------------------------- Mon May 13 09:32:56 MDT 2013 - jfehlig@suse.com From 8806eb20b10161890039de9374e86826e026f0f9c117828b6f090e801c9d5de8 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Sat, 18 May 2013 15:17:46 +0000 Subject: [PATCH 6/6] - fix leak after listing all volumes - CVE-2013-1962 ca697e90-CVE-2013-1962.patch bnc#820397 - Fix iohelper usage with streams opened for read a2214c52-iohelper.patch - Cope with missing swap cgroup controls f493d83f-cgroup-swap-control.patch bnc#819976 - Fix cgroup handling when setting VCPU BW 0471637d-cgroups-vcpu-bw.patch rhb#963592 - Escape a leading '.' with '_' in the cgroup names 0ced83dc-cgroup-escape-dot.patch - Add missing documentation on new cgroup layout 486a86eb-cgroups-docs.patch - Another fix related to systems with no cgroups c2cf5f1c-no-cgroups-fix.patch bnc#819963 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=264 --- 0471637d-cgroups-vcpu-bw.patch | 63 ++++++ 0ced83dc-cgroup-escape-dot.patch | 24 +++ 486a86eb-cgroups-docs.patch | 317 +++++++++++++++++++++++++++++ a2214c52-iohelper.patch | 28 +++ bbe97ae9-no-cgroups.patch | 6 +- c2cf5f1c-no-cgroups-fix.patch | 49 +++++ ca697e90-CVE-2013-1962.patch | 26 +++ f493d83f-cgroup-swap-control.patch | 34 ++++ libvirt.changes | 22 ++ libvirt.spec | 16 +- 10 files changed, 581 insertions(+), 4 deletions(-) create mode 100644 0471637d-cgroups-vcpu-bw.patch create mode 100644 0ced83dc-cgroup-escape-dot.patch create mode 100644 486a86eb-cgroups-docs.patch create mode 100644 a2214c52-iohelper.patch create mode 100644 c2cf5f1c-no-cgroups-fix.patch create mode 100644 ca697e90-CVE-2013-1962.patch create mode 100644 f493d83f-cgroup-swap-control.patch diff --git a/0471637d-cgroups-vcpu-bw.patch b/0471637d-cgroups-vcpu-bw.patch new file mode 100644 index 0000000..8c4a300 --- /dev/null +++ b/0471637d-cgroups-vcpu-bw.patch @@ -0,0 +1,63 @@ +commit 0471637d5628106d058f0eb5516ffa7d5285cc6f +Author: Martin Kletzander +Date: Thu May 16 14:37:54 2013 +0200 + + qemu: Fix cgroup handling when setting VCPU BW + + Commit 632f78c introduced a regression which causes schedinfo being + unable to set some parameters. When migrating to priv->cgroup there + was missing variable left out and due to passed NULL to underlying + function, the setting failed. + + Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963592 + +Index: libvirt-1.0.5/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-1.0.5.orig/src/qemu/qemu_driver.c ++++ libvirt-1.0.5/src/qemu/qemu_driver.c +@@ -7721,7 +7721,6 @@ qemuDomainSetSchedulerParametersFlags(vi + { + virQEMUDriverPtr driver = dom->conn->privateData; + int i; +- virCgroupPtr group = NULL; + virDomainObjPtr vm = NULL; + virDomainDefPtr vmdef = NULL; + unsigned long long value_ul; +@@ -7799,7 +7798,7 @@ qemuDomainSetSchedulerParametersFlags(vi + QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD); + + if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) { +- if ((rc = qemuSetVcpusBWLive(vm, group, value_ul, 0))) ++ if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, value_ul, 0))) + goto cleanup; + + vm->def->cputune.period = value_ul; +@@ -7813,7 +7812,7 @@ qemuDomainSetSchedulerParametersFlags(vi + QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA); + + if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) { +- if ((rc = qemuSetVcpusBWLive(vm, group, 0, value_l))) ++ if ((rc = qemuSetVcpusBWLive(vm, priv->cgroup, 0, value_l))) + goto cleanup; + + vm->def->cputune.quota = value_l; +@@ -7827,7 +7826,8 @@ qemuDomainSetSchedulerParametersFlags(vi + QEMU_SCHED_MIN_PERIOD, QEMU_SCHED_MAX_PERIOD); + + if (flags & VIR_DOMAIN_AFFECT_LIVE && value_ul) { +- if ((rc = qemuSetEmulatorBandwidthLive(vm, group, value_ul, 0))) ++ if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup, ++ value_ul, 0))) + goto cleanup; + + vm->def->cputune.emulator_period = value_ul; +@@ -7841,7 +7841,8 @@ qemuDomainSetSchedulerParametersFlags(vi + QEMU_SCHED_MIN_QUOTA, QEMU_SCHED_MAX_QUOTA); + + if (flags & VIR_DOMAIN_AFFECT_LIVE && value_l) { +- if ((rc = qemuSetEmulatorBandwidthLive(vm, group, 0, value_l))) ++ if ((rc = qemuSetEmulatorBandwidthLive(vm, priv->cgroup, ++ 0, value_l))) + goto cleanup; + + vm->def->cputune.emulator_quota = value_l; diff --git a/0ced83dc-cgroup-escape-dot.patch b/0ced83dc-cgroup-escape-dot.patch new file mode 100644 index 0000000..bd98495 --- /dev/null +++ b/0ced83dc-cgroup-escape-dot.patch @@ -0,0 +1,24 @@ +commit 0ced83dcfbb19af1201202e1af0a7073c338aabd +Author: Daniel P. Berrange +Date: Fri May 3 20:56:50 2013 +0100 + + Escaping leading '.' in cgroup names + + Escaping a leading '.' with '_' in the cgroup names + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.5/src/util/vircgroup.c +=================================================================== +--- libvirt-1.0.5.orig/src/util/vircgroup.c ++++ libvirt-1.0.5/src/util/vircgroup.c +@@ -1106,7 +1106,8 @@ static int virCgroupPartitionNeedsEscapi + if (STRPREFIX(path, "cgroup.")) + return 1; + +- if (path[0] == '_') ++ if (path[0] == '_' || ++ path[0] == '.') + return 1; + + if (!(fp = fopen("/proc/cgroups", "r"))) diff --git a/486a86eb-cgroups-docs.patch b/486a86eb-cgroups-docs.patch new file mode 100644 index 0000000..655c6f8 --- /dev/null +++ b/486a86eb-cgroups-docs.patch @@ -0,0 +1,317 @@ +commit 486a86eb184c008c5957fb68c63f163289f3344b +Author: Daniel P. Berrange +Date: Fri May 3 16:58:26 2013 +0100 + + Add docs about cgroups layout and usage + + Describe the new cgroups layout, how to customize placement + of guests and what virsh commands are used to access the + parameters. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.5/docs/cgroups.html.in +=================================================================== +--- /dev/null ++++ libvirt-1.0.5/docs/cgroups.html.in +@@ -0,0 +1,285 @@ ++ ++ ++ ++ ++

Control Groups Resource Management

++ ++
    ++ ++

    ++ The QEMU and LXC drivers make use of the Linux "Control Groups" facility ++ for applying resource management to their virtual machines and containers. ++

    ++ ++

    Required controllers

    ++ ++

    ++ The control groups filesystem supports multiple "controllers". By default ++ the init system (such as systemd) should mount all controllers compiled ++ into the kernel at /sys/fs/cgroup/$CONTROLLER-NAME. Libvirt ++ will never attempt to mount any controllers itself, merely detect where ++ they are mounted. ++

    ++ ++

    ++ The QEMU driver is capable of using the cpuset, ++ cpu, memory, blkio and ++ devices controllers. None of them are compulsory. ++ If any controller is not mounted, the resource management APIs ++ which use it will cease to operate. It is possible to explicitly ++ turn off use of a controller, even when mounted, via the ++ /etc/libvirt/qemu.conf configuration file. ++

    ++ ++

    ++ The LXC driver is capable of using the cpuset, ++ cpu, cpuset, freezer, ++ memory, blkio and devices ++ controllers. The cpuset, devices ++ and memory controllers are compulsory. Without ++ them mounted, no containers can be started. If any of the ++ other controllers are not mounted, the resource management APIs ++ which use them will cease to operate. ++

    ++ ++

    Current cgroups layout

    ++ ++

    ++ As of libvirt 1.0.5 or later, the cgroups layout created by libvirt has been ++ simplified, in order to facilitate the setup of resource control policies by ++ administrators / management applications. The layout is based on the concepts of ++ "partitions" and "consumers". Each virtual machine or container is a consumer, ++ and has a corresponding cgroup named $VMNAME.libvirt-{qemu,lxc}. ++ Each consumer is associated with exactly one partition, which also have a ++ corresponding cgroup usually named $PARTNAME.partition. The ++ exceptions to this naming rule are the three top level default partitions, ++ named /system (for system services), /user (for ++ user login sessions) and /machine (for virtual machines and ++ containers). By default every consumer will of course be associated with ++ the /machine partition. This leads to a hierarchy that looks ++ like ++

    ++ ++ 
    ++$ROOT
++  |
++  +- system
++  |   |
++  |   +- libvirtd.service
++  |
++  +- machine
++      |
++      +- vm1.libvirt-qemu
++      |   |
++      |   +- emulator
++      |   +- vcpu0
++      |   +- vcpu1
++      |
++      +- vm2.libvirt-qemu
++      |   |
++      |   +- emulator
++      |   +- vcpu0
++      |   +- vcpu1
++      |
++      +- vm3.libvirt-qemu
++      |   |
++      |   +- emulator
++      |   +- vcpu0
++      |   +- vcpu1
++      |
++      +- container1.libvirt-lxc
++      |
++      +- container2.libvirt-lxc
++      |
++      +- container3.libvirt-lxc
++
    ++ ++

    ++ The default cgroups layout ensures that, when there is contention for ++ CPU time, it is shared equally between system services, user sessions ++ and virtual machines / containers. This prevents virtual machines from ++ locking the administrator out of the host, or impacting execution of ++ system services. Conversely, when there is no contention from ++ system services / user sessions, it is possible for virtual machines ++ to fully utilize the host CPUs. ++

    ++ ++

    Using custom partitions

    ++ ++

    ++ If there is a need to apply resource constraints to groups of ++ virtual machines or containers, then the single default ++ partition /machine may not be sufficiently ++ flexible. The administrator may wish to sub-divide the ++ default partition, for example into "testing" and "production" ++ partitions, and then assign each guest to a specific ++ sub-partition. This is achieved via a small element addition ++ to the guest domain XML config, just below the main domain ++ element ++

    ++ ++ 
    ++  ...
++  <resource>
++    <partition>/machine/production</partition>
++  </resource>
++  ...
++
    ++ ++

    ++ Libvirt will not auto-create the cgroups directory to back ++ this partition. In the future, libvirt / virsh will provide ++ APIs / commands to create custom partitions, but currently ++ this is left as an exercise for the administrator. For ++ example, given the XML config above, the admin would need ++ to create a cgroup named '/machine/production.partition' ++

    ++ ++ 
    ++# cd /sys/fs/cgroup
++# for i in blkio cpu,cpuacct cpuset devices freezer memory net_cls perf_event
++  do
++    mkdir $i/machine/production.partition
++  done
++# for i in cpuset.cpus  cpuset.mems
++  do
++    cat cpuset/machine/$i > cpuset/machine/production.partition/$i
++  done
++
    ++ ++

    ++ Note: the cgroups directory created as a ".partition" ++ suffix, but the XML config does not require this suffix. ++

    ++ ++

    ++ Note: the ability to place guests in custom ++ partitions is only available with libvirt >= 1.0.5, using ++ the new cgroup layout. The legacy cgroups layout described ++ later did not support customization per guest. ++

    ++ ++

    Resource management APIs/commands

    ++ ++

    ++ Since libvirt aims to provide an API which is portable across ++ hypervisors, the concept of cgroups is not exposed directly ++ in the API or XML configuration. It is considered to be an ++ internal implementation detail. Instead libvirt provides a ++ set of APIs for applying resource controls, which are then ++ mapped to corresponding cgroup tunables ++

    ++ ++

    Scheduler tuning

    ++ ++

    ++ Parameters from the "cpu" controller are exposed via the ++ schedinfo command in virsh. ++

    ++ ++ 
    ++# virsh schedinfo demo
++Scheduler      : posix
++cpu_shares     : 1024
++vcpu_period    : 100000
++vcpu_quota     : -1
++emulator_period: 100000
++emulator_quota : -1
    ++ ++ ++

    Block I/O tuning

    ++ ++

    ++ Parameters from the "blkio" controller are exposed via the ++ bkliotune command in virsh. ++

    ++ ++ ++ 
    ++# virsh blkiotune demo
++weight         : 500
++device_weight  :
    ++ ++

    Memory tuning

    ++ ++

    ++ Parameters from the "memory" controller are exposed via the ++ memtune command in virsh. ++

    ++ ++ 
    ++# virsh memtune demo
++hard_limit     : 580192
++soft_limit     : unlimited
++swap_hard_limit: unlimited
++
    ++ ++

    Network tuning

    ++ ++

    ++ The net_cls is not currently used. Instead traffic ++ filter policies are set directly against individual virtual ++ network interfaces. ++

    ++ ++

    Legacy cgroups layout

    ++ ++

    ++ Prior to libvirt 1.0.5, the cgroups layout created by libvirt was different ++ from that described above, and did not allow for administrator customization. ++ Libvirt used a fixed, 3-level hierarchy libvirt/{qemu,lxc}/$VMNAME ++ which was rooted at the point in the hierarchy where libvirtd itself was ++ located. So if libvirtd was placed at /system/libvirtd.service ++ by systemd, the groups for each virtual machine / container would be located ++ at /system/libvirtd.service/libvirt/{qemu,lxc}/$VMNAME. In addition ++ to this, the QEMU drivers further child groups for each vCPU thread and the ++ emulator thread(s). This leads to a hierarchy that looked like ++

    ++ ++ ++ 
    ++$ROOT
++  |
++  +- system
++      |
++      +- libvirtd.service
++           |
++           +- libvirt
++               |
++               +- qemu
++               |   |
++               |   +- vm1
++               |   |   |
++               |   |   +- emulator
++               |   |   +- vcpu0
++               |   |   +- vcpu1
++               |   |
++               |   +- vm2
++               |   |   |
++               |   |   +- emulator
++               |   |   +- vcpu0
++               |   |   +- vcpu1
++               |   |
++               |   +- vm3
++               |       |
++               |       +- emulator
++               |       +- vcpu0
++               |       +- vcpu1
++               |
++               +- lxc
++                   |
++                   +- container1
++                   |
++                   +- container2
++                   |
++                   +- container3
++
    ++ ++

    ++ Although current releases are much improved, historically the use of deep ++ hierarchies has had a significant negative impact on the kernel scalability. ++ The legacy libvirt cgroups layout highlighted these problems, to the detriment ++ of the performance of virtual machines and containers. ++

    ++ ++ +Index: libvirt-1.0.5/docs/sitemap.html.in +=================================================================== +--- libvirt-1.0.5.orig/docs/sitemap.html.in ++++ libvirt-1.0.5/docs/sitemap.html.in +@@ -87,6 +87,10 @@ + Ensuring exclusive guest access to disks + +
  • ++ CGroups ++ Control groups integration ++
    • ++
  • + Hooks + Hooks for system specific management +
    • diff --git a/a2214c52-iohelper.patch b/a2214c52-iohelper.patch new file mode 100644 index 0000000..a71458c --- /dev/null +++ b/a2214c52-iohelper.patch @@ -0,0 +1,28 @@ +commit a2214c5257d3bd7b086ce04aca1648e8ff05ee96 +Author: Daniel P. Berrange +Date: Fri May 10 14:45:05 2013 +0100 + + Fix iohelper usage with streams opened for read + + In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY + flag when opening files in the stream code. Unfortunately a later + piece of code was comparing the flags == O_RDONLY, without masking + out the non-access mode flags. This broke the iohelper when used + with streams for read, since it caused us to attach the stream + output pipe to the stream input FD instead of output FD :-( + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.5/src/fdstream.c +=================================================================== +--- libvirt-1.0.5.orig/src/fdstream.c ++++ libvirt-1.0.5/src/fdstream.c +@@ -640,7 +640,7 @@ virFDStreamOpenFileInternal(virStreamPtr + virCommandTransferFD(cmd, fd); + virCommandAddArgFormat(cmd, "%d", fd); + +- if (oflags == O_RDONLY) { ++ if ((oflags & O_ACCMODE) == O_RDONLY) { + childfd = fds[1]; + fd = fds[0]; + virCommandSetOutputFD(cmd, &childfd); diff --git a/bbe97ae9-no-cgroups.patch b/bbe97ae9-no-cgroups.patch index e98256c..431fe1d 100644 --- a/bbe97ae9-no-cgroups.patch +++ b/bbe97ae9-no-cgroups.patch @@ -39,7 +39,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c =================================================================== --- libvirt-1.0.5.orig/src/util/vircgroup.c +++ libvirt-1.0.5/src/util/vircgroup.c -@@ -1167,14 +1167,14 @@ static int virCgroupPartitionEscape(char +@@ -1168,14 +1168,14 @@ static int virCgroupPartitionEscape(char return 0; } @@ -57,7 +57,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c for (i = 0 ; tokens[i] != NULL ; i++) { /* Whitelist the 3 top level fixed dirs -@@ -1193,20 +1193,27 @@ static char *virCgroupSetPartitionSuffix +@@ -1194,20 +1194,27 @@ static char *virCgroupSetPartitionSuffix !strchr(tokens[i], '.')) { if (VIR_REALLOC_N(tokens[i], strlen(tokens[i]) + strlen(".partition") + 1) < 0) { @@ -88,7 +88,7 @@ Index: libvirt-1.0.5/src/util/vircgroup.c cleanup: virStringFreeList(tokens); -@@ -1241,9 +1248,9 @@ int virCgroupNewPartition(const char *pa +@@ -1242,9 +1249,9 @@ int virCgroupNewPartition(const char *pa /* XXX convert all cgroups APIs to use error report * APIs instead of returning errno */ diff --git a/c2cf5f1c-no-cgroups-fix.patch b/c2cf5f1c-no-cgroups-fix.patch new file mode 100644 index 0000000..3417262 --- /dev/null +++ b/c2cf5f1c-no-cgroups-fix.patch @@ -0,0 +1,49 @@ +commit c2cf5f1c2abc81d607abe34bf5dc4c615a9b8b4d +Author: Daniel P. Berrange +Date: Thu May 16 18:47:07 2013 +0100 + + Fix failure to detect missing cgroup partitions + + Change bbe97ae968eba60b71e0066d49f9fc909966d9d6 caused the + QEMU driver to ignore ENOENT errors from cgroups, in order + to cope with missing /proc/cgroups. This is not good though + because many other things can cause ENOENT and should not + be ignored. The callers expect to see ENXIO when cgroups + are not present, so adjust the code to report that errno + when /proc/cgroups is missing + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.5/src/qemu/qemu_cgroup.c +=================================================================== +--- libvirt-1.0.5.orig/src/qemu/qemu_cgroup.c ++++ libvirt-1.0.5/src/qemu/qemu_cgroup.c +@@ -415,8 +415,7 @@ int qemuInitCgroup(virQEMUDriverPtr driv + if (rc != 0) { + if (rc == -ENXIO || + rc == -EPERM || +- rc == -EACCES || +- rc == -ENOENT) { /* No cgroups mounts == success */ ++ rc == -EACCES) { /* No cgroups mounts == success */ + VIR_DEBUG("No cgroups present/configured/accessible, ignoring error"); + goto done; + } +Index: libvirt-1.0.5/src/util/vircgroup.c +=================================================================== +--- libvirt-1.0.5.orig/src/util/vircgroup.c ++++ libvirt-1.0.5/src/util/vircgroup.c +@@ -1110,8 +1110,13 @@ static int virCgroupPartitionNeedsEscapi + path[0] == '.') + return 1; + +- if (!(fp = fopen("/proc/cgroups", "r"))) ++ if (!(fp = fopen("/proc/cgroups", "r"))) { ++ /* The API contract is that we return ENXIO ++ * if cgroups are not available on a host */ ++ if (errno == ENOENT) ++ errno = ENXIO; + return -errno; ++ } + + /* + * Data looks like this: diff --git a/ca697e90-CVE-2013-1962.patch b/ca697e90-CVE-2013-1962.patch new file mode 100644 index 0000000..a90ba6b --- /dev/null +++ b/ca697e90-CVE-2013-1962.patch @@ -0,0 +1,26 @@ +commit ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 +Author: Ján Tomko +Date: Fri Apr 12 17:30:56 2013 +0200 + + daemon: fix leak after listing all volumes + + CVE-2013-1962 + + remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. + The pool also held a reference to the connection, preventing it from + getting freed and closing the netcf interface driver, which held two + sockets open. + +Index: libvirt-1.0.5/daemon/remote.c +=================================================================== +--- libvirt-1.0.5.orig/daemon/remote.c ++++ libvirt-1.0.5/daemon/remote.c +@@ -4226,6 +4226,8 @@ cleanup: + virStorageVolFree(vols[i]); + VIR_FREE(vols); + } ++ if (pool) ++ virStoragePoolFree(pool); + return rv; + } + diff --git a/f493d83f-cgroup-swap-control.patch b/f493d83f-cgroup-swap-control.patch new file mode 100644 index 0000000..9b77ee9 --- /dev/null +++ b/f493d83f-cgroup-swap-control.patch @@ -0,0 +1,34 @@ +commit f493d83fbd3257453e63f2f32ee90a216fd531c1 +Author: Daniel P. Berrange +Date: Thu May 9 13:53:39 2013 +0100 + + Cope with missing swap cgroup controls + + It is possible to build a kernel without swap cgroup controls + present. This causes a fatal error when querying memory + parameters. Treat missing swap controls as meaning "unlimited". + The fatal error remains if the user tries to actually change + the limit. + + Signed-off-by: Daniel P. Berrange + +Index: libvirt-1.0.5/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-1.0.5.orig/src/qemu/qemu_driver.c ++++ libvirt-1.0.5/src/qemu/qemu_driver.c +@@ -7351,9 +7351,12 @@ qemuDomainGetMemoryParameters(virDomainP + case 2: /* fill swap hard limit here */ + rc = virCgroupGetMemSwapHardLimit(priv->cgroup, &val); + if (rc != 0) { +- virReportSystemError(-rc, "%s", +- _("unable to get swap hard limit")); +- goto cleanup; ++ if (rc != -ENOENT) { ++ virReportSystemError(-rc, "%s", ++ _("unable to get swap hard limit")); ++ goto cleanup; ++ } ++ val = VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; + } + if (virTypedParameterAssign(param, + VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, diff --git a/libvirt.changes b/libvirt.changes index 8508803..cc8c1b3 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Sat May 18 09:15:00 MDT 2013 - jfehlig@suse.com + +- fix leak after listing all volumes - CVE-2013-1962 + ca697e90-CVE-2013-1962.patch + bnc#820397 +- Fix iohelper usage with streams opened for read + a2214c52-iohelper.patch +- Cope with missing swap cgroup controls + f493d83f-cgroup-swap-control.patch + bnc#819976 +- Fix cgroup handling when setting VCPU BW + 0471637d-cgroups-vcpu-bw.patch + rhb#963592 +- Escape a leading '.' with '_' in the cgroup names + 0ced83dc-cgroup-escape-dot.patch +- Add missing documentation on new cgroup layout + 486a86eb-cgroups-docs.patch +- Another fix related to systems with no cgroups + c2cf5f1c-no-cgroups-fix.patch + bnc#819963 + ------------------------------------------------------------------- Thu May 16 16:25:13 MDT 2013 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index 9b66118..0c0353c 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -423,7 +423,14 @@ Source1: libvirtd.init Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: bbe97ae9-no-cgroups.patch +Patch0: f493d83f-cgroup-swap-control.patch +Patch1: 486a86eb-cgroups-docs.patch +Patch2: 0ced83dc-cgroup-escape-dot.patch +Patch3: bbe97ae9-no-cgroups.patch +Patch4: 0471637d-cgroups-vcpu-bw.patch +Patch5: c2cf5f1c-no-cgroups-fix.patch +Patch6: a2214c52-iohelper.patch +Patch7: ca697e90-CVE-2013-1962.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -565,6 +572,13 @@ Authors: %prep %setup -q %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %patch100 -p1 %patch101 %patch102 -p1