From f1867a5ecc74990b5c91f2bc39695009c1d48ac4 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Sep 24 2012 06:22:55 +0000 Subject: Upstream release 0.10.2 --- diff --git a/0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch b/0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch deleted file mode 100644 index a08f6f3..0000000 --- a/0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch +++ /dev/null @@ -1,138 +0,0 @@ -From db2aff6adaa405f0bc998c7bd3158fe43805ee60 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 20 Sep 2012 14:58:12 +0100 -Subject: [PATCH 1/2] Make virSecurityDeviceLabelDefParseXML into generic - device parser. - -This is just code motion, allowing us to reuse the same function to -parse the from character devices too. - -However it also fixes a possible segfault in the original code if -VIR_ALLOC_N returns an error and the cleanup code (at the error: -label) tries to iterate over the unallocated array (thanks Michal -Privoznik for spotting this). - -Signed-off-by: Richard W.M. Jones ---- - src/conf/domain_conf.c | 43 +++++++++++++++++++++++++------------------ - 1 file changed, 25 insertions(+), 18 deletions(-) - -diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c -index 947cc7a..26c2042 100644 ---- a/src/conf/domain_conf.c -+++ b/src/conf/domain_conf.c -@@ -3258,29 +3258,30 @@ error: - return -1; - } - -+/* Parse the from a disk or character device. */ - static int --virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, -+virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn, -+ size_t *nseclabels_rtn, - virSecurityLabelDefPtr *vmSeclabels, - int nvmSeclabels, xmlXPathContextPtr ctxt) - { -+ virSecurityDeviceLabelDefPtr *seclabels; -+ size_t nseclabels = 0; - int n, i, j; - xmlNodePtr *list = NULL; - virSecurityLabelDefPtr vmDef = NULL; - char *model, *relabel, *label; - -- if (def == NULL) -- return 0; -- - if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0) - return 0; - -- def->nseclabels = n; -- if (VIR_ALLOC_N(def->seclabels, n) < 0) { -+ if (VIR_ALLOC_N(seclabels, n) < 0) { - virReportOOMError(); - goto error; - } -+ nseclabels = n; - for (i = 0; i < n; i++) { -- if (VIR_ALLOC(def->seclabels[i]) < 0) { -+ if (VIR_ALLOC(seclabels[i]) < 0) { - virReportOOMError(); - goto error; - } -@@ -3297,7 +3298,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, - break; - } - } -- def->seclabels[i]->model = model; -+ seclabels[i]->model = model; - } - - /* Can't use overrides if top-level doesn't allow relabeling. */ -@@ -3311,9 +3312,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, - relabel = virXMLPropString(list[i], "relabel"); - if (relabel != NULL) { - if (STREQ(relabel, "yes")) { -- def->seclabels[i]->norelabel = false; -+ seclabels[i]->norelabel = false; - } else if (STREQ(relabel, "no")) { -- def->seclabels[i]->norelabel = true; -+ seclabels[i]->norelabel = true; - } else { - virReportError(VIR_ERR_XML_ERROR, - _("invalid security relabel value %s"), -@@ -3323,30 +3324,34 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def, - } - VIR_FREE(relabel); - } else { -- def->seclabels[i]->norelabel = false; -+ seclabels[i]->norelabel = false; - } - - ctxt->node = list[i]; - label = virXPathStringLimit("string(./label)", - VIR_SECURITY_LABEL_BUFLEN-1, ctxt); -- def->seclabels[i]->label = label; -+ seclabels[i]->label = label; - -- if (label && def->seclabels[i]->norelabel) { -+ if (label && seclabels[i]->norelabel) { - virReportError(VIR_ERR_XML_ERROR, - _("Cannot specify a label if relabelling is " - "turned off. model=%s"), -- NULLSTR(def->seclabels[i]->model)); -+ NULLSTR(seclabels[i]->model)); - goto error; - } - } - VIR_FREE(list); -+ -+ *nseclabels_rtn = nseclabels; -+ *seclabels_rtn = seclabels; -+ - return 0; - - error: -- for (i = 0; i < n; i++) { -- virSecurityDeviceLabelDefFree(def->seclabels[i]); -+ for (i = 0; i < nseclabels; i++) { -+ virSecurityDeviceLabelDefFree(seclabels[i]); - } -- VIR_FREE(def->seclabels); -+ VIR_FREE(seclabels); - VIR_FREE(list); - return -1; - } -@@ -3839,7 +3844,9 @@ virDomainDiskDefParseXML(virCapsPtr caps, - if (sourceNode) { - xmlNodePtr saved_node = ctxt->node; - ctxt->node = sourceNode; -- if (virSecurityDeviceLabelDefParseXML(def, vmSeclabels, -+ if (virSecurityDeviceLabelDefParseXML(&def->seclabels, -+ &def->nseclabels, -+ vmSeclabels, - nvmSeclabels, - ctxt) < 0) - goto error; --- -1.7.11.4 - diff --git a/0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch b/0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch deleted file mode 100644 index 585c39e..0000000 --- a/0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 37865f1dead1fac2ee34af48f96d19d686296e04 Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 13 Sep 2012 14:37:22 +0100 -Subject: [PATCH] Use 'qemu-system-i386' as binary instead of 'qemu'. - ---- - src/qemu/qemu_capabilities.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c -index af3b0b2..179b3d2 100644 ---- a/src/qemu/qemu_capabilities.c -+++ b/src/qemu/qemu_capabilities.c -@@ -244,8 +244,8 @@ static const struct qemu_feature_flags const arch_info_x86_64_flags [] = { - - /* The archicture tables for supported QEMU archs */ - static const struct qemu_arch_info const arch_info_hvm[] = { -- { "i686", 32, NULL, "qemu", -- "qemu-system-x86_64", arch_info_i686_flags, 4 }, -+ { "i686", 32, NULL, "qemu-system-i386", -+ NULL, arch_info_i686_flags, 4 }, - { "x86_64", 64, NULL, "qemu-system-x86_64", - NULL, arch_info_x86_64_flags, 2 }, - { "arm", 32, NULL, "qemu-system-arm", NULL, NULL, 0 }, --- -1.7.11.4 - diff --git a/0002-Add-seclabel-to-character-devices.patch b/0002-Add-seclabel-to-character-devices.patch deleted file mode 100644 index 9e2e565..0000000 --- a/0002-Add-seclabel-to-character-devices.patch +++ /dev/null @@ -1,440 +0,0 @@ -From f8b08d0e961c7e10d87ee011ec7bf1f8fe7b1fbb Mon Sep 17 00:00:00 2001 -From: "Richard W.M. Jones" -Date: Thu, 20 Sep 2012 14:16:17 +0100 -Subject: [PATCH 2/2] Add to character devices. - -This allows the user to control labelling of each character device -separately (the default is to inherit from the VM). - -Signed-off-by: Richard W.M. Jones ---- - docs/formatdomain.html.in | 8 ++++ - docs/schemas/domaincommon.rng | 3 ++ - src/conf/domain_conf.c | 78 +++++++++++++++++++++++++++++++++-- - src/conf/domain_conf.h | 6 +++ - src/security/security_selinux.c | 90 +++++++++++++++++++++++++++++------------ - 5 files changed, 155 insertions(+), 30 deletions(-) - - -diff -ur libvirt-0.10.1.old/docs/formatdomain.html.in libvirt-0.10.1/docs/formatdomain.html.in ---- libvirt-0.10.1.old/docs/formatdomain.html.in 2012-08-31 11:01:18.000000000 +0100 -+++ libvirt-0.10.1/docs/formatdomain.html.in 2012-09-21 18:46:30.795973766 +0100 -@@ -3369,6 +3369,14 @@ -

- -

-+ The source element may contain an optional -+ seclabel to override the way that labelling -+ is done on the socket path. If this element is not present, -+ the security label is inherited from -+ the per-domain setting. -+

-+ -+

- Each character device element has an optional - sub-element <address> which can tie the - device to a -diff -ur libvirt-0.10.1.old/docs/schemas/domaincommon.rng libvirt-0.10.1/docs/schemas/domaincommon.rng ---- libvirt-0.10.1.old/docs/schemas/domaincommon.rng 2012-08-22 10:05:18.000000000 +0100 -+++ libvirt-0.10.1/docs/schemas/domaincommon.rng 2012-09-21 18:46:30.802973900 +0100 -@@ -2344,6 +2344,9 @@ - - - -+ -+ -+ - - - -diff -ur libvirt-0.10.1.old/src/conf/domain_conf.c libvirt-0.10.1/src/conf/domain_conf.c ---- libvirt-0.10.1.old/src/conf/domain_conf.c 2012-09-21 18:46:07.045533923 +0100 -+++ libvirt-0.10.1/src/conf/domain_conf.c 2012-09-21 18:47:34.781159182 +0100 -@@ -1257,6 +1257,8 @@ - - void virDomainChrDefFree(virDomainChrDefPtr def) - { -+ size_t i; -+ - if (!def) - return; - -@@ -1280,6 +1282,12 @@ - virDomainChrSourceDefClear(&def->source); - virDomainDeviceInfoClear(&def->info); - -+ if (def->seclabels) { -+ for (i = 0; i < def->nseclabels; i++) -+ virSecurityDeviceLabelDefFree(def->seclabels[i]); -+ VIR_FREE(def->seclabels); -+ } -+ - VIR_FREE(def); - } - -@@ -5264,7 +5272,11 @@ - * , which is used by but not ). */ - static int - virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def, -- xmlNodePtr cur, unsigned int flags) -+ xmlNodePtr cur, unsigned int flags, -+ virDomainChrDefPtr chr_def, -+ xmlXPathContextPtr ctxt, -+ virSecurityLabelDefPtr* vmSeclabels, -+ int nvmSeclabels) - { - char *bindHost = NULL; - char *bindService = NULL; -@@ -5319,6 +5331,21 @@ - if (def->type == VIR_DOMAIN_CHR_TYPE_UDP) - VIR_FREE(mode); - } -+ -+ /* Check for an optional seclabel override in . */ -+ if (chr_def) { -+ xmlNodePtr saved_node = ctxt->node; -+ ctxt->node = cur; -+ if (virSecurityDeviceLabelDefParseXML(&chr_def->seclabels, -+ &chr_def->nseclabels, -+ vmSeclabels, -+ nvmSeclabels, -+ ctxt) < 0) { -+ ctxt->node = saved_node; -+ goto error; -+ } -+ ctxt->node = saved_node; -+ } - } else if (xmlStrEqual(cur->name, BAD_CAST "protocol")) { - if (protocol == NULL) - protocol = virXMLPropString(cur, "type"); -@@ -5512,7 +5539,10 @@ - static virDomainChrDefPtr - virDomainChrDefParseXML(virCapsPtr caps, - virDomainDefPtr vmdef, -+ xmlXPathContextPtr ctxt, - xmlNodePtr node, -+ virSecurityLabelDefPtr* vmSeclabels, -+ int nvmSeclabels, - unsigned int flags) - { - xmlNodePtr cur; -@@ -5543,7 +5573,9 @@ - } - - cur = node->children; -- remaining = virDomainChrSourceDefParseXML(&def->source, cur, flags); -+ remaining = virDomainChrSourceDefParseXML(&def->source, cur, flags, -+ def, ctxt, -+ vmSeclabels, nvmSeclabels); - if (remaining < 0) - goto error; - if (remaining) { -@@ -5680,7 +5712,8 @@ - } - - cur = node->children; -- if (virDomainChrSourceDefParseXML(&def->data.passthru, cur, flags) < 0) -+ if (virDomainChrSourceDefParseXML(&def->data.passthru, cur, flags, -+ NULL, NULL, NULL, 0) < 0) - goto error; - - if (def->data.passthru.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC) { -@@ -7161,7 +7194,8 @@ - if (xmlStrEqual(cur->name, BAD_CAST "source")) { - int remaining; - -- remaining = virDomainChrSourceDefParseXML(&def->source.chr, cur, flags); -+ remaining = virDomainChrSourceDefParseXML(&def->source.chr, cur, flags, -+ NULL, NULL, NULL, 0); - if (remaining != 0) - goto error; - } -@@ -8974,7 +9008,10 @@ - for (i = 0 ; i < n ; i++) { - virDomainChrDefPtr chr = virDomainChrDefParseXML(caps, - def, -+ ctxt, - nodes[i], -+ def->seclabels, -+ def->nseclabels, - flags); - if (!chr) - goto error; -@@ -9001,7 +9038,10 @@ - for (i = 0 ; i < n ; i++) { - virDomainChrDefPtr chr = virDomainChrDefParseXML(caps, - def, -+ ctxt, - nodes[i], -+ def->seclabels, -+ def->nseclabels, - flags); - if (!chr) - goto error; -@@ -9031,7 +9071,10 @@ - bool create_stub = true; - virDomainChrDefPtr chr = virDomainChrDefParseXML(caps, - def, -+ ctxt, - nodes[i], -+ def->seclabels, -+ def->nseclabels, - flags); - if (!chr) - goto error; -@@ -9107,7 +9150,10 @@ - for (i = 0 ; i < n ; i++) { - virDomainChrDefPtr chr = virDomainChrDefParseXML(caps, - def, -+ ctxt, - nodes[i], -+ def->seclabels, -+ def->nseclabels, - flags); - if (!chr) - goto error; -@@ -12188,6 +12234,7 @@ - const char *targetType = virDomainChrTargetTypeToString(def->deviceType, - def->targetType); - bool tty_compat; -+ size_t n; - - int ret = 0; - -@@ -12267,6 +12314,14 @@ - return -1; - } - -+ /* Security label overrides, if any. */ -+ if (def->seclabels && def->nseclabels > 0) { -+ virBufferAdjustIndent(buf, 2); -+ for (n = 0; n < def->nseclabels; n++) -+ virSecurityDeviceLabelDefFormat(buf, def->seclabels[n]); -+ virBufferAdjustIndent(buf, -2); -+ } -+ - virBufferAsprintf(buf, " \n", elementName); - - return ret; -@@ -15032,6 +15087,21 @@ - { - int i; - -+ if (def == NULL) -+ return NULL; -+ -+ for (i = 0; i < def->nseclabels; i++) { -+ if (STREQ_NULLABLE(def->seclabels[i]->model, model)) -+ return def->seclabels[i]; -+ } -+ return NULL; -+} -+ -+virSecurityDeviceLabelDefPtr -+virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model) -+{ -+ int i; -+ - if (def == NULL) - return NULL; - -diff -ur libvirt-0.10.1.old/src/conf/domain_conf.h libvirt-0.10.1/src/conf/domain_conf.h ---- libvirt-0.10.1.old/src/conf/domain_conf.h 2012-08-31 13:14:44.000000000 +0100 -+++ libvirt-0.10.1/src/conf/domain_conf.h 2012-09-21 18:46:30.832974475 +0100 -@@ -953,6 +953,9 @@ - virDomainChrSourceDef source; - - virDomainDeviceInfo info; -+ -+ size_t nseclabels; -+ virSecurityDeviceLabelDefPtr *seclabels; - }; - - enum virDomainSmartcardType { -@@ -2074,6 +2077,9 @@ - virSecurityDeviceLabelDefPtr - virDomainDiskDefGetSecurityLabelDef(virDomainDiskDefPtr def, const char *model); - -+virSecurityDeviceLabelDefPtr -+virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model); -+ - virSecurityLabelDefPtr - virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model); - -diff -ur libvirt-0.10.1.old/src/security/security_selinux.c libvirt-0.10.1/src/security/security_selinux.c ---- libvirt-0.10.1.old/src/security/security_selinux.c 2012-08-22 04:19:44.000000000 +0100 -+++ libvirt-0.10.1/src/security/security_selinux.c 2012-09-21 18:46:30.834974513 +0100 -@@ -1213,38 +1213,61 @@ - - static int - virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def, -- virDomainChrSourceDefPtr dev) -+ virDomainChrDefPtr dev, -+ virDomainChrSourceDefPtr dev_source) - - { -- virSecurityLabelDefPtr secdef; -+ virSecurityLabelDefPtr seclabel; -+ virSecurityDeviceLabelDefPtr chr_seclabel = NULL; -+ char *imagelabel = NULL; - char *in = NULL, *out = NULL; - int ret = -1; - -- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); -- if (secdef == NULL) -+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); -+ if (seclabel == NULL) - return -1; - -- if (secdef->norelabel) -+ if (dev) -+ chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev, -+ SECURITY_SELINUX_NAME); -+ -+ if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel)) - return 0; - -- switch (dev->type) { -+ if (chr_seclabel) -+ imagelabel = chr_seclabel->label; -+ if (!imagelabel) -+ imagelabel = seclabel->imagelabel; -+ -+ switch (dev_source->type) { - case VIR_DOMAIN_CHR_TYPE_DEV: - case VIR_DOMAIN_CHR_TYPE_FILE: -- ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel); -+ ret = virSecuritySELinuxSetFilecon(dev_source->data.file.path, -+ imagelabel); -+ break; -+ -+ case VIR_DOMAIN_CHR_TYPE_UNIX: -+ if (!dev_source->data.nix.listen) { -+ if (virSecuritySELinuxSetFilecon(dev_source->data.file.path, -+ imagelabel) < 0) -+ goto done; -+ } -+ ret = 0; - break; - - case VIR_DOMAIN_CHR_TYPE_PIPE: -- if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) || -- (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) { -+ if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) || -+ (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) { - virReportOOMError(); - goto done; - } - if (virFileExists(in) && virFileExists(out)) { -- if ((virSecuritySELinuxSetFilecon(in, secdef->imagelabel) < 0) || -- (virSecuritySELinuxSetFilecon(out, secdef->imagelabel) < 0)) { -+ if ((virSecuritySELinuxSetFilecon(in, imagelabel) < 0) || -+ (virSecuritySELinuxSetFilecon(out, imagelabel) < 0)) { - goto done; - } -- } else if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) { -+ } else if (virSecuritySELinuxSetFilecon(dev_source->data.file.path, -+ imagelabel) < 0) { - goto done; - } - ret = 0; -@@ -1263,30 +1286,44 @@ - - static int - virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def, -- virDomainChrSourceDefPtr dev) -+ virDomainChrDefPtr dev, -+ virDomainChrSourceDefPtr dev_source) - - { -- virSecurityLabelDefPtr secdef; -+ virSecurityLabelDefPtr seclabel; -+ virSecurityDeviceLabelDefPtr chr_seclabel = NULL; - char *in = NULL, *out = NULL; - int ret = -1; - -- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); -- if (secdef == NULL) -+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); -+ if (seclabel == NULL) - return -1; - -- if (secdef->norelabel) -+ if (dev) -+ chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev, -+ SECURITY_SELINUX_NAME); -+ if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel)) - return 0; - -- switch (dev->type) { -+ switch (dev_source->type) { - case VIR_DOMAIN_CHR_TYPE_DEV: - case VIR_DOMAIN_CHR_TYPE_FILE: -- if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) -+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0) - goto done; - ret = 0; - break; -+ -+ case VIR_DOMAIN_CHR_TYPE_UNIX: -+ if (!dev_source->data.nix.listen) { -+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0) -+ goto done; -+ } -+ ret = 0; -+ break; -+ - case VIR_DOMAIN_CHR_TYPE_PIPE: -- if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) || -- (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) { -+ if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) || -+ (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) { - virReportOOMError(); - goto done; - } -@@ -1295,7 +1332,7 @@ - (virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) { - goto done; - } -- } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) { -+ } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0) { - goto done; - } - ret = 0; -@@ -1323,7 +1360,8 @@ - dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) - return 0; - -- return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source); -+ return virSecuritySELinuxRestoreSecurityChardevLabel(def, dev, -+ &dev->source); - } - - -@@ -1345,7 +1383,7 @@ - return virSecuritySELinuxRestoreSecurityFileLabel(database); - - case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: -- return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru); -+ return virSecuritySELinuxRestoreSecurityChardevLabel(def, NULL, &dev->data.passthru); - - default: - virReportError(VIR_ERR_INTERNAL_ERROR, -@@ -1703,7 +1741,7 @@ - dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL) - return 0; - -- return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source); -+ return virSecuritySELinuxSetSecurityChardevLabel(def, dev, &dev->source); - } - - -@@ -1727,7 +1765,7 @@ - return virSecuritySELinuxSetFilecon(database, data->content_context); - - case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH: -- return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->data.passthru); -+ return virSecuritySELinuxSetSecurityChardevLabel(def, NULL, &dev->data.passthru); - - default: - virReportError(VIR_ERR_INTERNAL_ERROR, diff --git a/libvirt-dnsmasq-drop-filterwin2k.patch b/libvirt-dnsmasq-drop-filterwin2k.patch deleted file mode 100644 index dbab62a..0000000 --- a/libvirt-dnsmasq-drop-filterwin2k.patch +++ /dev/null @@ -1,125 +0,0 @@ -commit f20b7dbe633acf7df9921027c6ca4f0b97918c8c -Author: Gene Czarcinski -Date: Thu Sep 6 12:08:22 2012 -0400 - - remove dnsmasq command line parameter "--filterwin2k" - - This patch removed the "--filterwin2k" dnsmasq command line - parameter which was unnecessary for domain specification, - possibly blocked some usage, and was command line clutter. - - Gene Czarcinski - -diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c -index 53eebed..808c843 100644 ---- a/src/network/bridge_driver.c -+++ b/src/network/bridge_driver.c -@@ -543,7 +543,7 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network, - /* need to specify local even if no domain specified */ - virCommandAddArgFormat(cmd, "--local=/%s/", - network->def->domain ? network->def->domain : ""); -- virCommandAddArgList(cmd, "--domain-needed", "--filterwin2k", NULL); -+ virCommandAddArg(cmd, "--domain-needed"); - - if (pidfile) - virCommandAddArgPair(cmd, "--pid-file", pidfile); -diff --git a/tests/networkxml2argvdata/isolated-network.argv b/tests/networkxml2argvdata/isolated-network.argv -index 276f42a..048c72b 100644 ---- a/tests/networkxml2argvdata/isolated-network.argv -+++ b/tests/networkxml2argvdata/isolated-network.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo --dhcp-option=3 --no-resolv \ - --listen-address 192.168.152.1 \ - --dhcp-range 192.168.152.2,192.168.152.254 \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv b/tests/networkxml2argvdata/nat-network-dns-hosts.argv -index 8040e2a..03a0676 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv -@@ -1,4 +1,4 @@ - @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \ ----local=/example.com/ --domain-needed --filterwin2k \ -+--local=/example.com/ --domain-needed \ - --conf-file= --except-interface lo --listen-address 192.168.122.1 \ - --expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\ -diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -index bb50fd6..a1e4200 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv -@@ -1,7 +1,7 @@ - @DNSMASQ@ \ - --strict-order \ - --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo \ - --srv-host=name.tcp.,,,, \ - --listen-address 192.168.122.1 \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -index 36498f2..8af38c4 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv -@@ -1,7 +1,7 @@ - @DNSMASQ@ \ - --strict-order \ - --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo \ - --srv-host=name.tcp.test-domain-name,.,1024,10,10 \ - --listen-address 192.168.122.1 \ -diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -index 2a6c799..404b56a 100644 ---- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -+++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo --txt-record=example,example value \ - --listen-address 192.168.122.1 --listen-address 192.168.123.1 \ - --listen-address 2001:db8:ac10:fe01::1 \ -diff --git a/tests/networkxml2argvdata/nat-network.argv b/tests/networkxml2argvdata/nat-network.argv -index 265b931..1dc8f73 100644 ---- a/tests/networkxml2argvdata/nat-network.argv -+++ b/tests/networkxml2argvdata/nat-network.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo --listen-address 192.168.122.1 \ - --listen-address 192.168.123.1 --listen-address 2001:db8:ac10:fe01::1 \ - --listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \ -diff --git a/tests/networkxml2argvdata/netboot-network.argv b/tests/networkxml2argvdata/netboot-network.argv -index 4f998d5..5a85ec2 100644 ---- a/tests/networkxml2argvdata/netboot-network.argv -+++ b/tests/networkxml2argvdata/netboot-network.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \ ----local=/example.com/ --domain-needed --filterwin2k --conf-file= \ -+--local=/example.com/ --domain-needed --conf-file= \ - --except-interface lo --listen-address 192.168.122.1 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ -diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv b/tests/networkxml2argvdata/netboot-proxy-network.argv -index 89319ef..36836b0 100644 ---- a/tests/networkxml2argvdata/netboot-proxy-network.argv -+++ b/tests/networkxml2argvdata/netboot-proxy-network.argv -@@ -1,5 +1,5 @@ - @DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \ ----local=/example.com/ --domain-needed --filterwin2k --conf-file= \ -+--local=/example.com/ --domain-needed --conf-file= \ - --except-interface lo --listen-address 192.168.122.1 \ - --dhcp-range 192.168.122.2,192.168.122.254 \ - --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \ -diff --git a/tests/networkxml2argvdata/routed-network.argv b/tests/networkxml2argvdata/routed-network.argv -index ac43991..77e802f 100644 ---- a/tests/networkxml2argvdata/routed-network.argv -+++ b/tests/networkxml2argvdata/routed-network.argv -@@ -1,3 +1,3 @@ - @DNSMASQ@ --strict-order --bind-interfaces \ ----local=// --domain-needed --filterwin2k --conf-file= \ -+--local=// --domain-needed --conf-file= \ - --except-interface lo --listen-address 192.168.122.1\ diff --git a/libvirt-fix-unwanted-connection-closing.patch b/libvirt-fix-unwanted-connection-closing.patch deleted file mode 100644 index a5b4279..0000000 --- a/libvirt-fix-unwanted-connection-closing.patch +++ /dev/null @@ -1,52 +0,0 @@ -commit 164c03d33bd9d58844921888560baf3f156a1f05 -Author: Christophe Fergeau -Date: Mon Sep 10 12:17:07 2012 +0200 - - Fix unwanted closing of libvirt client connection - - e5a1bee07 introduced a regression in Boxes: when Boxes is left idle - (it's still doing some libvirt calls in the background), the - libvirt connection gets closed after a few minutes. What happens is - that this code in virNetClientIOHandleOutput gets triggered: - - if (!thecall) - return -1; /* Shouldn't happen, but you never know... */ - - and after the changes in e5a1bee07, this causes the libvirt connection - to be closed. - - Upon further investigation, what happens is that - virNetClientIOHandleOutput is called from gvir_event_handle_dispatch - in libvirt-glib, which is triggered because the client fd became - writable. However, between the times gvir_event_handle_dispatch - is called, and the time the client lock is grabbed and - virNetClientIOHandleOutput is called, another thread runs and - completes the current call. 'thecall' is then NULL when the first - thread gets to run virNetClientIOHandleOutput. - - After describing this situation on IRC, danpb suggested this: - - 11:37 < danpb> In that case I think the correct thing would be to change - 'return -1' above to 'return 0' since that's not actually an - error - its a rare, but expected event - - which is what this patch is doing. I've tested it against master - libvirt, and I didn't get disconnected in ~10 minutes while this - happens in less than 5 minutes without this patch. - -diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c -index 43a9814..727ed67 100644 ---- a/src/rpc/virnetclient.c -+++ b/src/rpc/virnetclient.c -@@ -1205,7 +1205,10 @@ virNetClientIOHandleOutput(virNetClientPtr client) - thecall = thecall->next; - - if (!thecall) -- return -1; /* Shouldn't happen, but you never know... */ -+ return 0; /* This can happen if another thread raced with us and -+ * completed the call between the time this thread woke -+ * up from poll()ing and the time we locked the client -+ */ - - while (thecall) { - ssize_t ret = virNetClientIOWriteMessage(client, thecall); diff --git a/libvirt.spec b/libvirt.spec index 74e0940..9792c85 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -70,6 +70,7 @@ %define with_parallels 0%{!?_without_parallels:1} # Then the secondary host drivers, which run inside libvirtd +%define with_interface 0%{!?_without_interface:%{server_drivers}} %define with_network 0%{!?_without_network:%{server_drivers}} %define with_storage_fs 0%{!?_without_storage_fs:%{server_drivers}} %define with_storage_lvm 0%{!?_without_storage_lvm:%{server_drivers}} @@ -207,6 +208,11 @@ %define with_hal 0%{!?_without_hal:%{server_drivers}} %endif +# interface requires netcf +%if ! 0%{?with_netcf} +%define with_interface 0 +%endif + # Enable yajl library for JSON mode with QEMU %if 0%{?fedora} >= 13 || 0%{?rhel} >= 6 %define with_yajl 0%{!?_without_yajl:%{server_drivers}} @@ -226,6 +232,7 @@ # Disable some drivers when building without libvirt daemon. # The logic is the same as in configure.ac %if ! %{with_libvirtd} +%define with_interface 0 %define with_network 0 %define with_qemu 0 %define with_lxc 0 @@ -281,12 +288,6 @@ %define with_nodedev 0 %endif -%if %{with_netcf} -%define with_interface 1 -%else -%define with_interface 0 -%endif - %if %{with_storage_fs} || %{with_storage_mpath} || %{with_storage_iscsi} || %{with_storage_lvm} || %{with_storage_disk} %define with_storage 1 %else @@ -314,8 +315,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 0.10.1 -Release: 5%{?dist}%{?extra_release} +Version: 0.10.2 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -325,15 +326,6 @@ URL: http://libvirt.org/ %define mainturl stable_updates/ %endif Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz -# Drop unneeded dnsmasq --filterwin2k -Patch1: %{name}-dnsmasq-drop-filterwin2k.patch -# Fix unwanted connection closing, needed for boxes -Patch2: %{name}-fix-unwanted-connection-closing.patch -# Fix qemu -> qemu-system-i386 (RHBZ#857026). -Patch3: 0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch -# Upstream patches to label sockets for SELinux (RHBZ#853393). -Patch4: 0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch -Patch5: 0002-Add-seclabel-to-character-devices.patch %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} @@ -1044,11 +1036,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build %if ! %{with_xen} @@ -1127,6 +1114,10 @@ of recent versions of Linux (and other OSes). %define _with_rhel5_api --with-rhel5-api %endif +%if ! %{with_interface} +%define _without_interface --without-interface +%endif + %if ! %{with_network} %define _without_network --without-network %endif @@ -1226,9 +1217,7 @@ of recent versions of Linux (and other OSes). %define with_packager_version --with-packager-version="%{release}" %if %{with_systemd} -# We use 'systemd+redhat', so if someone installs upstart or -# legacy init scripts, they can still start libvirtd, etc -%define init_scripts --with-init_script=systemd+redhat +%define init_scripts --with-init_script=systemd %else %define init_scripts --with-init_script=redhat %endif @@ -1236,6 +1225,15 @@ of recent versions of Linux (and other OSes). %if 0%{?enable_autotools} autoreconf -if %endif + +%if %{with_selinux} +%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 +%define with_selinux_mount --with-selinux-mount="/sys/fs/selinux" +%else +%define with_selinux_mount --with-selinux-mount="/selinux" +%endif +%endif + %configure %{?_without_xen} \ %{?_without_qemu} \ %{?_without_openvz} \ @@ -1254,6 +1252,7 @@ autoreconf -if %{?_without_hyperv} \ %{?_without_vmware} \ %{?_without_parallels} \ + %{?_without_interface} \ %{?_without_network} \ %{?_with_rhel5_api} \ %{?_without_storage_fs} \ @@ -1268,6 +1267,7 @@ autoreconf -if %{?_without_capng} \ %{?_without_netcf} \ %{?_without_selinux} \ + %{?_with_selinux_mount} \ %{?_without_hal} \ %{?_without_udev} \ %{?_without_yajl} \ @@ -1356,6 +1356,8 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} \ $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-docs-%{version} +sed -i -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests + %clean rm -fr %{buildroot} @@ -1565,9 +1567,10 @@ fi %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/ -%{_sysconfdir}/rc.d/init.d/libvirtd %if %{with_systemd} %{_unitdir}/libvirtd.service +%else +%{_sysconfdir}/rc.d/init.d/libvirtd %endif %doc daemon/libvirtd.upstart %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd @@ -1876,6 +1879,25 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd %endif %changelog +* Mon Sep 24 2012 Daniel Veillard - 0.10.2-1 +- Upstream release 0.10.2 +- network: define new API virNetworkUpdate +- add support for QEmu sandbox support +- blockjob: add virDomainBlockCommit +- New APIs to get/set Node memory parameters +- new API virConnectListAllSecrets +- new API virConnectListAllNWFilters +- new API virConnectListAllNodeDevices +- parallels: add support of containers to the driver +- new API virConnectListAllInterfaces +- new API virConnectListAllNetworks +- new API virStoragePoolListAllVolumes +- Add PMSUSPENDED life cycle event +- new API virStorageListAllStoragePools +- Add per-guest S3/S4 state configuration +- qemu: Support for Block Device IO Limits +- a lot of bug fixes, improvements and portability work + * Fri Sep 21 2012 Richard W.M. Jones - 0.10.1-5 - Add (upstream) patches to label sockets for SELinux (RHBZ#853393). diff --git a/sources b/sources index b723e61..06d38b9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5f628e53437b0b0e78477904ba3310af libvirt-0.10.1.tar.gz +a5e50860d9da238ba270b528411c4a0d libvirt-0.10.2.tar.gz