May 2014 - openSUSE Commits - openSUSE Mailing Lists

commit curl.2733 for openSUSE:12.3:Update
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package curl.2733 for openSUSE:12.3:Update checked in at 2014-05-02 14:19:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/curl.2733 (Old) and /work/SRC/openSUSE:12.3:Update/.curl.2733.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "curl.2733" Changes: -------- New Changes file: --- /dev/null 2014-04-28 00:21:37.460033756 +0200 +++ /work/SRC/openSUSE:12.3:Update/.curl.2733.new/curl.changes 2014-05-02 14:19:42.000000000 +0200 @@ -0,0 +1,1105 @@ +------------------------------------------------------------------- +Wed Apr 2 10:43:38 UTC 2014 - vcizek(a)suse.com + +- fixes for two security vulnerabilities: + * CVE-2014-0138 (bnc#868627) + - curl: wrong re-use of connections + - added: curl-CVE-2014-0138.patch + - removed: curl-CVE-2014-138-bad-reuse.patch + * CVE-2014-0139 (bnc#868629) + - curl: IP address wildcard certificate validation + - added: curl-CVE-2014-0139.patch + - removed: curl-CVE-2014-139-reject-cert-ip-wildcards.patch + +------------------------------------------------------------------- +Mon Mar 17 11:16:10 UTC 2014 - vcizek(a)suse.com + +- fixes for two security vulnerabilities: + * CVE-2014-138 (bnc#868627) + - curl: wrong re-use of connections + - added curl-CVE-2014-138-bad-reuse.patch + * CVE-2014-139 (bnc#868629) + - curl: IP address wildcard certificate validation + - curl-CVE-2014-139-reject-cert-ip-wildcards.patch + +------------------------------------------------------------------- +Tue Jan 14 12:33:28 UTC 2014 - vcizek(a)suse.com + +- fix for CVE-2014-0015 (bnc#858673) + * re-use of wrong HTTP NTLM connection in libcurl + * added curl-CVE-2014-0015-NTLM_connection_reuse.patch +- fix test failure because of an expired cookie (bnc#862144) + * added curl-test172_cookie_expiration.patch + +------------------------------------------------------------------- +Mon Dec 2 11:26:06 UTC 2013 - vcizek(a)suse.com + +- fix CVE-2013-4545 (bnc#849596) + = acknowledge VERIFYHOST without VERIFYPEER + +------------------------------------------------------------------- +Thu Jun 13 10:06:23 UTC 2013 - vcizek(a)suse.com + +- fix for CVE-2013-2174 (bnc#824517) + added curl-CVE-2013-2174.patch + +------------------------------------------------------------------- +Fri Apr 12 11:01:51 UTC 2013 - vcizek(a)suse.com + +- fixed CVE-2013-1944 (bnc#814655) + added curl-CVE-2013-1944.patch + +------------------------------------------------------------------- +Thu Feb 7 10:54:15 UTC 2013 - vcizek(a)suse.com + +- fixed CVE-2013-0249 (bnc#802411) +- refreshed patches + +------------------------------------------------------------------- +Fri Jan 11 21:34:38 CET 2013 - sbrabec(a)suse.cz + +- Break build loop and make GPG signature verification optional. + +------------------------------------------------------------------- +Tue Nov 27 20:05:00 CET 2012 - sbrabec(a)suse.cz + +- Verify GPG signature. + +------------------------------------------------------------------- +Tue Nov 20 23:43:24 UTC 2012 - crrodriguez(a)opensuse.org + +- Curl 7.28.1 +* FTP: prevent the multi interface from blocking Obsoletes + curl-ftp-prevent-the-multi-interface-from-blocking.patch +* don't send '#' fragments when using proxy +* OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack +* TFTP: handle resend +* memory leak: CURLOPT_RESOLVE with multi interface +* SSL: Several SSL-backend related fixes + +------------------------------------------------------------------- +Sun Nov 4 19:57:33 UTC 2012 - gber(a)opensuse.org + +- added curl-ftp-prevent-the-multi-interface-from-blocking.patch in + order to prevent the multi interface from blocking when using ftp + and the remote end responds very slowly (sf#3579064) + +------------------------------------------------------------------- +Sun Jul 29 22:14:25 UTC 2012 - crrodriguez(a)opensuse.org + +- Curl 7.27.0 +* support metalinks +* Add sasl authentication support +* various bugfixes +- Fix previous change, _GNU_SOURCE --> AC_USE_SYSTEM_EXTENSIONS + +------------------------------------------------------------------- +Mon Jul 9 13:12:24 UTC 2012 - dnh(a)opensuse.org + +- define _GNU_SOURCE for oS/SLES <= 11.4, as O_CLOEXEC is + defined inside a ifdef __USE_GNU + +------------------------------------------------------------------- +Sat May 12 23:24:56 UTC 2012 - jengelh(a)inai.de + +- Update to new upstream release 7.25.0 +* Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, + CURLOPT_TCP_KEEPINTVL +* use new library-side TCP_KEEPALIVE options +* Added a new CURLOPT_MAIL_AUTH option +* Added support for --mail-auth +* (for more see the shipped CHANGES file) + +------------------------------------------------------------------- +Wed Feb 8 00:45:18 UTC 2012 - crrodriguez(a)opensuse.org + +- Problem with the c-ares backend, workaround for [bnc#745534] + +------------------------------------------------------------------- +Thu Feb 2 18:47:10 UTC 2012 - crrodriguez(a)opensuse.org + +- Update to version curl 7.24.0 +- refresh patches to fix broken build + +------------------------------------------------------------------- +Wed Jan 18 13:49:56 CET 2012 - dmueller(a)suse.de + +- use the rpmoptflags unconditionally, don't do own compiler flag + magic. Fixes debuginfo package built + +------------------------------------------------------------------- +Wed Dec 28 10:30:28 UTC 2011 - mmarek(a)suse.cz + +- Package /usr/share/aclocal to avoid build dependency on automake. + +------------------------------------------------------------------- +Wed Nov 30 22:39:35 UTC 2011 - crrodriguez(a)opensuse.org + +- Use O_CLOEXEC in library code. + +------------------------------------------------------------------- +Tue Nov 29 11:51:38 UTC 2011 - jengelh(a)medozas.de + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) + +------------------------------------------------------------------- +Tue Nov 29 08:20:23 UTC 2011 - idoenmez(a)suse.de + +- Use original source tarball + +------------------------------------------------------------------- +Mon Nov 28 12:00:00 UTC 2011 - opensuse(a)dstoecker.de + +- Update to version 7.23.1: + + Empty headers can be sent in HTTP requests by terminating with a semicolon + + SSL session sharing support added to curl_share_setopt() + + Added support to MAIL FROM for the optional SIZE parameter + + smtp: Added support for NTLM authentication + + curl tool: code split into tool_*.[ch] files + + lots of bugfixes +------------------------------------------------------------------- +Mon Oct 3 15:44:17 UTC 2011 - dimstar(a)opensuse.org + +- Update to version 7.22.0: + + Added CURLOPT_GSSAPI_DELEGATION + + Added support for NTLM delegation to Samba's winbind daemon + helper ntlm_auth + + Display notes from setup file in testcurl.pl + + BSD-style lwIP TCP/IP stack experimental support on Windows + + OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available + + --delegation was added to set CURLOPT_GSSAPI_DELEGATION + + nss: start with no database if the selected database is broken + + telnet: allow programatic use on Windows + + for a list of bugfixes, see + http://curl.haxx.se/changes.html#7_22_0 +- Drop curl-openssl-release-buffers.patch: fixed upstream. +- Add curl-fix-m4.patch: Use 'x' in configure scripts. Fixes issues + when configure is run with -Werror -Wall. + +------------------------------------------------------------------- +Sun Sep 18 00:10:42 UTC 2011 - jengelh(a)medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri Sep 16 17:22:44 UTC 2011 - jengelh(a)medozas.de + +- Add curl-devel to baselibs + +------------------------------------------------------------------- +Mon Aug 15 05:05:01 UTC 2011 - crrodriguez(a)opensuse.org + +- Use SSL_MODE_RELEASE_BUFFERS if available, accepted + in upstream as commit 3d919440c80333c496fb + +------------------------------------------------------------------- +Tue Jul 12 06:46:02 UTC 2011 - coolo(a)novell.com ++++ 908 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.curl.2733.new/curl.changes New: ---- baselibs.conf curl-7.28.1.tar.lzma curl-7.28.1.tar.lzma.asc curl-CVE-2013-0249.patch curl-CVE-2013-1944.patch curl-CVE-2013-2174.patch curl-CVE-2013-4545.patch curl-CVE-2014-0015-NTLM_connection_reuse.patch curl-CVE-2014-0138.patch curl-CVE-2014-0139.patch curl-test172_cookie_expiration.patch curl.changes curl.keyring curl.spec dont-mess-with-rpmoptflags.diff libcurl-ocloexec.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ # # spec file for package curl # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %bcond_without openssl %bcond_with mozilla_nss %bcond_without testsuite Name: curl Version: 7.28.1 Release: 0 Summary: A Tool for Transferring Data from URLs License: BSD-3-Clause and MIT Group: Productivity/Networking/Web/Utilities Url: http://curl.haxx.se/ Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma Source2: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma.asc Source3: baselibs.conf Source4: %{name}.keyring Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch2: curl-CVE-2013-0249.patch Patch3: curl-CVE-2013-1944.patch Patch4: curl-CVE-2013-4545.patch Patch5: curl-CVE-2013-2174.patch Patch6: curl-CVE-2014-0015-NTLM_connection_reuse.patch Patch7: curl-test172_cookie_expiration.patch Patch8: curl-CVE-2014-0138.patch Patch9: curl-CVE-2014-0139.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". %if 0%{?VERIFY_SIG} BuildRequires: gpg-offline %endif BuildRequires: libidn-devel BuildRequires: libtool BuildRequires: lzma BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: zlib-devel %if %{with openssl} BuildRequires: openssl-devel %endif %if %{with mozilla_nss} BuildRequires: mozilla-nss-devel %endif BuildRequires: krb5-devel BuildRequires: libssh2-devel BuildRequires: openssh %if 0%{?_with_stunnel:1} # used by the testsuite BuildRequires: stunnel %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 Obsoletes: curl-64bit %endif %description Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, FTPS, TFTP, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %package -n libcurl4 Summary: Version 4 of cURL shared library Group: Productivity/Networking/Web/Utilities %description -n libcurl4 The cURL shared library version 4 for accessing data using different network protocols. %package -n libcurl-devel Summary: A Tool for Transferring Data from URLs Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcurl4 = %{version} # curl-devel (v 7.15.5) was last used in 10.2 Provides: curl-devel <= 7.15.5 Obsoletes: curl-devel < 7.16.2 %description -n libcurl-devel Curl is a client to get documents and files from or send documents to a server using any of the supported protocols (HTTP, HTTPS, FTP, GOPHER, DICT, TELNET, LDAP, or FILE). The command is designed to work without user interaction or any kind of interactivity. %prep %if 0%{?VERIFY_SIG} %gpg_verify %{S:2} %endif %setup -q %patch %patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %build autoreconf -fi # local hack to make curl-config --libs stop printing libraries it depends on # (currently, libtool sets link_all_deplibs=(yes|unknown) everywhere, # will hopefully change in the future) sed -i 's/link_all_deplibs=unknown/link_all_deplibs=no/' configure %configure \ --enable-ipv6 \ %if %{with openssl} --with-ssl \ --with-ca-path=/etc/ssl/certs/ \ %else --without-ssl \ %if %{with mozilla_nss} --with-nss \ %endif %endif --with-gssapi=/usr/lib/mit \ --with-libssh2\ --enable-hidden-symbols \ --disable-static \ --enable-threaded-resolver : if this fails, the above sed hack did not work ./libtool --config | grep -q link_all_deplibs=no # enable-hidden-symbols needs gcc4 and causes that curl exports only its API make %{?_smp_mflags} %if %{with testsuite} %check cd tests make # make sure the testsuite runs don't race on MP machines in autobuild if test -z "$BUILD_INCARNATION" -a -r /.buildenv; then . /.buildenv fi if test -z "$BUILD_INCARNATION"; then BUILD_INCARNATION=0 fi base=$((8990 + $BUILD_INCARNATION * 20)) perl ./runtests.pl -a -b$base || { %if 0%{?curl_testsuite_fatal:1} exit %else echo "WARNING: runtests.pl failed with code $?, continuing nevertheless" %endif } %endif %install %{makeinstall} rm $RPM_BUILD_ROOT%_libdir/libcurl.la install -d $RPM_BUILD_ROOT/usr/share/aclocal install -m 644 docs/libcurl/libcurl.m4 $RPM_BUILD_ROOT/usr/share/aclocal/ %post -n libcurl4 -p /sbin/ldconfig %postun -n libcurl4 -p /sbin/ldconfig %files %defattr(-,root,root) %doc README RELEASE-NOTES %doc docs/{BUGS,FAQ,FEATURES,MANUAL,RESOURCES,TODO,TheArtOfHttpScripting} %doc lib/README.curl_off_t %{_prefix}/bin/curl %doc %{_mandir}/man1/curl.1%{ext_man} %files -n libcurl4 %defattr(-,root,root) %{_libdir}/libcurl.so.4* %files -n libcurl-devel %defattr(-,root,root) %{_prefix}/bin/curl-config %{_prefix}/include/curl %dir %{_prefix}/share/aclocal %{_prefix}/share/aclocal/libcurl.m4 %{_libdir}/libcurl.so %{_libdir}/pkgconfig/libcurl.pc %{_mandir}/man1/curl-config.1%{ext_man} %{_mandir}/man1/mk-ca-bundle.1%{ext_man} %{_mandir}/man3/* %doc docs/libcurl/symbols-in-versions %changelog ++++++ baselibs.conf ++++++ libcurl4 obsoletes "curl-<targettype> <= <version>" provides "curl-<targettype> = <version>" curl-devel requires -curl-<targettype> requires "libcurl4-<targettype> = <version>" ++++++ curl-CVE-2013-0249.patch ++++++ >From ee45a34907ffeb5fd95b0513040d8491d565b663 Mon Sep 17 00:00:00 2001 From: Eldar Zaitov <kyprizel(a)volema.com> Date: Wed, 30 Jan 2013 23:22:27 +0100 Subject: [PATCH] Curl_sasl_create_digest_md5_message: fix buffer overflow When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack. This vulnerability can be exploited by someone who is in control of a server that a libcurl based program is accessing with POP3, SMTP or IMAP. For applications that accept user provided URLs, it is also thinkable that a malicious user would feed an application with a URL to a server hosting code targetting this flaw. Bug: http://curl.haxx.se/docs/adv_20130206.html --- lib/curl_sasl.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) Index: curl-7.28.1/lib/curl_sasl.c =================================================================== --- curl-7.28.1.orig/lib/curl_sasl.c 2012-08-08 22:45:18.000000000 +0200 +++ curl-7.28.1/lib/curl_sasl.c 2013-02-07 11:55:15.183277599 +0100 @@ -345,9 +345,7 @@ CURLcode Curl_sasl_create_digest_md5_mes snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]); /* Prepare the URL string */ - strcpy(uri, service); - strcat(uri, "/"); - strcat(uri, realm); + snprintf(uri, sizeof(uri), "%s/%s", service, realm); /* Calculate H(A2) */ ctxt = Curl_MD5_init(Curl_DIGEST_MD5); @@ -391,20 +389,11 @@ CURLcode Curl_sasl_create_digest_md5_mes for(i = 0; i < MD5_DIGEST_LEN; i++) snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]); - strcpy(response, "username=\""); - strcat(response, userp); - strcat(response, "\",realm=\""); - strcat(response, realm); - strcat(response, "\",nonce=\""); - strcat(response, nonce); - strcat(response, "\",cnonce=\""); - strcat(response, cnonce); - strcat(response, "\",nc="); - strcat(response, nonceCount); - strcat(response, ",digest-uri=\""); - strcat(response, uri); - strcat(response, "\",response="); - strcat(response, resp_hash_hex); + snprintf(response, sizeof(response), + "username=\"%s\",realm=\"%s\",nonce=\"%s\"," + "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s", + userp, realm, nonce, + cnonce, nonceCount, uri, resp_hash_hex); /* Base64 encode the reply */ return Curl_base64_encode(data, response, 0, outptr, outlen); ++++++ curl-CVE-2013-1944.patch ++++++ diff --git a/lib/cookie.c b/lib/cookie.c index 35a3731..1aaf669 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -118,15 +118,29 @@ static void freecookie(struct Cookie *co) free(co); } -static bool tailmatch(const char *little, const char *bigone) +static bool tailmatch(const char *cooke_domain, const char *hostname) { - size_t littlelen = strlen(little); - size_t biglen = strlen(bigone); + size_t cookie_domain_len = strlen(cooke_domain); + size_t hostname_len = strlen(hostname); - if(littlelen > biglen) + if(hostname_len < cookie_domain_len) return FALSE; - return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE; + if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len)) + return FALSE; + + /* A lead char of cookie_domain is not '.'. + RFC6265 4.1.2.3. The Domain Attribute says: + For example, if the value of the Domain attribute is + "example.com", the user agent will include the cookie in the Cookie + header when making HTTP requests to example.com, www.example.com, and + www.corp.example.com. + */ + if(hostname_len == cookie_domain_len) + return TRUE; + if('.' == *(hostname + hostname_len - cookie_domain_len - 1)) + return TRUE; + return FALSE; } /* diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 0528a25..b51f524 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -78,6 +78,7 @@ test1118 test1119 test1120 test1121 test1122 test1123 test1124 test1125 \ test1126 test1127 test1128 test1129 test1130 test1131 test1132 \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 \ +test1218 \ test1220 \ test1300 test1301 test1302 test1303 test1304 test1305 \ test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \ diff --git a/tests/data/test1218 b/tests/data/test1218 new file mode 100644 index 0000000..7d86547 --- /dev/null +++ b/tests/data/test1218 @@ -0,0 +1,61 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +HTTP proxy +cookies +</keywords> +</info> + +# This test is very similar to 1216, only that it sets the cookies from the +# first site instead of reading from a file +<reply> +<data> +HTTP/1.1 200 OK +Date: Tue, 25 Sep 2001 19:37:44 GMT +Set-Cookie: domain=.example.fake; bug=fixed; +Content-Length: 21 + +This server says moo +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +HTTP cookies and domains with same prefix + </name> + <command> +http://example.fake/c/1218 http://example.fake/c/1218 http://bexample.fake/c/1218 -b nonexisting -x %HOSTIP:%HTTPPORT +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET http://example.fake/c/1218 HTTP/1.1 +Host: example.fake +Accept: */* +Proxy-Connection: Keep-Alive + +GET http://example.fake/c/1218 HTTP/1.1 +Host: example.fake +Accept: */* +Proxy-Connection: Keep-Alive +Cookie: bug=fixed + +GET http://bexample.fake/c/1218 HTTP/1.1 +Host: bexample.fake +Accept: */* +Proxy-Connection: Keep-Alive + +</protocol> +</verify> +</testcase> ++++++ curl-CVE-2013-2174.patch ++++++ commit 45030219bf8b44270d40fc62e8a02411612d00cc Author: Daniel Stenberg <daniel(a)haxx.se> Date: Sun May 19 23:24:29 2013 +0200 Curl_urldecode: no peaking beyond end of input buffer Security problem: .... If a program would give a string like "%" to curl_easy_unescape(), it would still consider the % as start of an encoded character. The function then not only read beyond the buffer but it would also deduct the *unsigned* counter variable for how many more bytes there's left to read in the buffer by two, making the counter wrap. Continuing this, the function would go on reading beyond the buffer and soon writing beyond the allocated target buffer... Reported-by: Timo Sirainen Index: curl-7.19.0/lib/escape.c =================================================================== --- curl-7.19.0.orig/lib/escape.c 2013-06-13 12:17:06.251345362 +0200 +++ curl-7.19.0/lib/escape.c 2013-06-13 12:17:07.228374970 +0200 @@ -149,7 +149,8 @@ char *curl_easy_unescape(CURL *handle, c while(--alloc > 0) { in = *string; - if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { + if(('%' == in) && (alloc > 2) && + ISXDIGIT(string[1]) && ISXDIGIT(string[2])) { /* this is two hexadecimal digits following a '%' */ char hexstr[3]; char *ptr; ++++++ curl-CVE-2013-4545.patch ++++++ commit 3c3622b66221d89509cffaa693fc7dcd5c5b96cf Author: Daniel Stenberg <daniel(a)haxx.se> Date: Wed Oct 2 15:31:10 2013 +0200 OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett diff --git a/lib/ssluse.c b/lib/ssluse.c index 4f3c1e1..9974ac8 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -2351,7 +2351,7 @@ ossl_connect_step3(struct connectdata *conn, * operations. */ - if(!data->set.ssl.verifypeer) + if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost) (void)servercert(conn, connssl, FALSE); else retcode = servercert(conn, connssl, TRUE); ++++++ curl-CVE-2014-0015-NTLM_connection_reuse.patch ++++++ commit 8ae35102c43d8d06572c3a1292eb6e27e663c78d Author: Daniel Stenberg <daniel(a)haxx.se> Date: Tue Jan 7 09:33:54 2014 +0100 ConnectionExists: fix NTLM check for new connection When the requested authentication bitmask includes NTLM, we cannot re-use a connection for another username/password as we then risk re-using NTLM (connection-based auth). This has the unfortunate downside that if you include NTLM as a possible auth, you cannot re-use connections for other usernames/passwords even if NTLM doesn't end up the auth type used. Reported-by: Paras S Patched-by: Paras S Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html Index: curl-7.28.1/lib/url.c =================================================================== --- curl-7.28.1.orig/lib/url.c 2014-01-14 14:35:12.627855282 +0100 +++ curl-7.28.1/lib/url.c 2014-01-14 14:35:52.164309737 +0100 @@ -2942,8 +2942,8 @@ ConnectionExists(struct SessionHandle *d struct connectdata *check; struct connectdata *chosen = 0; bool canPipeline = IsPipeliningPossible(data, needle); - bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) || - (data->state.authhost.want==CURLAUTH_NTLM_WB); + bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) || + (data->state.authhost.want & CURLAUTH_NTLM_WB); for(i=0; i< data->state.connc->num; i++) { bool match = FALSE; ++++++ curl-CVE-2014-0138.patch ++++++ >From 9db36827fb5eade403143b36566914ee9dc37d7b Mon Sep 17 00:00:00 2001 From: Steve Holme <steve_holme(a)hotmail.com> Date: Thu, 20 Feb 2014 23:51:36 +0000 Subject: [PATCH] url: Fixed connection re-use when using different log-in credentials In addition to FTP, other connection based protocols such as IMAP, POP3, SMTP, SCP, SFTP and LDAP require a new connection when different log-in credentials are specified. Fixed the detection logic to include these other protocols. Bug: http://curl.haxx.se/docs/adv_20140326A.html --- lib/http.c | 2 +- lib/url.c | 7 ++++--- lib/urldata.h | 2 ++ 3 files changed, 7 insertions(+), 4 deletions(-) Index: curl-7.28.1/lib/http.c =================================================================== --- curl-7.28.1.orig/lib/http.c 2014-04-10 13:48:24.391462756 +0200 +++ curl-7.28.1/lib/http.c 2014-04-10 13:48:26.799485773 +0200 @@ -148,7 +148,7 @@ const struct Curl_handler Curl_handler_h ZERO_NULL, /* readwrite */ PORT_HTTPS, /* defport */ CURLPROTO_HTTP | CURLPROTO_HTTPS, /* protocol */ - PROTOPT_SSL /* flags */ + PROTOPT_SSL | PROTOPT_CREDSPERREQUEST /* flags */ }; #endif Index: curl-7.28.1/lib/url.c =================================================================== --- curl-7.28.1.orig/lib/url.c 2014-04-10 13:48:26.800485782 +0200 +++ curl-7.28.1/lib/url.c 2014-04-10 13:50:40.772766689 +0200 @@ -3117,10 +3117,10 @@ ConnectionExists(struct SessionHandle *d continue; } } - if((needle->handler->protocol & CURLPROTO_FTP) || - ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) { - /* This is FTP or HTTP+NTLM, verify that we're using the same name - and password as well */ + if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) || + ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) { + /* This protocol requires credentials per connection or is HTTP+NTLM, + so verify that we're using the same name and password as well */ if(!strequal(needle->user, check->user) || !strequal(needle->passwd, check->passwd)) { /* one of them was different */ Index: curl-7.28.1/lib/urldata.h =================================================================== --- curl-7.28.1.orig/lib/urldata.h 2014-04-10 13:48:24.392462766 +0200 +++ curl-7.28.1/lib/urldata.h 2014-04-10 13:48:26.801485792 +0200 @@ -755,6 +755,8 @@ struct Curl_handler { gets a default */ #define PROTOPT_NOURLQUERY (1<<6) /* protocol can't handle url query strings (?foo=bar) ! */ +#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login creditials per request + as opposed to per connection */ /* return the count of bytes sent, or -1 on error */ ++++++ curl-CVE-2014-0139.patch ++++++ >From f44e3a4d0df9397278735d1520f7681715b83b59 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel(a)haxx.se> Date: Mon, 3 Mar 2014 11:46:36 +0100 Subject: [PATCH] Curl_cert_hostcheck: reject IP address wildcard matches There are server certificates used with IP address in the CN field, but we MUST not allow wild cart certs for hostnames given as IP addresses only. Therefore we must make Curl_cert_hostcheck() fail such attempts. Bug: http://curl.haxx.se/docs/adv_20140326B.html Reported-by: Richard Moore --- lib/hostcheck.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/lib/hostcheck.c b/lib/hostcheck.c index 24ddd89..d144f31 100644 --- a/lib/hostcheck.c +++ b/lib/hostcheck.c @@ -28,6 +28,7 @@ #include "hostcheck.h" #include "rawstr.h" +#include "inet_pton.h" /* * Match a hostname against a wildcard pattern. @@ -43,11 +44,23 @@ static int hostmatch(const char *hostname, const char *pattern) const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; int wildcard_enabled; size_t prefixlen, suffixlen; + struct in_addr ignored; +#ifdef ENABLE_IPV6 + struct sockaddr_in6 si6; +#endif pattern_wildcard = strchr(pattern, '*'); if(pattern_wildcard == NULL) return Curl_raw_equal(pattern, hostname) ? CURL_HOST_MATCH : CURL_HOST_NOMATCH; + /* detect IP address as hostname and fail the match if so */ + if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0) + return CURL_HOST_NOMATCH; +#ifdef ENABLE_IPV6 + else if(Curl_inet_pton(AF_INET6, hostname, &si6.sin6_addr) > 0) + return CURL_HOST_NOMATCH; +#endif + /* We require at least 2 dots in pattern to avoid too wide wildcard match. */ wildcard_enabled = 1; -- 1.9.0 ++++++ curl-test172_cookie_expiration.patch ++++++ Index: curl-7.19.7/tests/data/test172 =================================================================== --- curl-7.19.7.orig/tests/data/test172 2008-11-19 22:12:35.000000000 +0100 +++ curl-7.19.7/tests/data/test172 2014-02-04 15:05:46.817554144 +0100 @@ -36,7 +36,7 @@ http://%HOSTIP:%HTTPPORT/we/want/172 -b .%HOSTIP TRUE /silly/ FALSE 0 ismatch this .%HOSTIP TRUE / FALSE 0 partmatch present -%HOSTIP FALSE /we/want/ FALSE 1391252187 nodomain value +%HOSTIP FALSE /we/want/ FALSE 2139150993 nodomain value </file> </client> ++++++ curl.keyring ++++++ pub 1024D/279D5C91 2003-04-28 uid Daniel Stenberg (Haxx) <daniel(a)haxx.se> sub 1024g/B70B3510 2003-04-28 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV 0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iFkEExECABkFAj6tnnoECwcD AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAn1gK6Q0qUTHwYJBAhIDmrRi0 ebfDAJ4qDSHd6UU2MEkkFCgGfYgEBXKbb7kBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz 7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfx =yTQx -----END PGP PUBLIC KEY BLOCK----- ++++++ dont-mess-with-rpmoptflags.diff ++++++ Index: configure.ac =================================================================== --- configure.ac.orig 2013-02-07 11:55:15.150276599 +0100 +++ configure.ac 2013-02-07 11:55:15.167277116 +0100 @@ -288,10 +288,6 @@ dnl platform/compiler/architecture speci dnl ********************************************************************** CURL_CHECK_COMPILER -CURL_SET_COMPILER_BASIC_OPTS -CURL_SET_COMPILER_DEBUG_OPTS -CURL_SET_COMPILER_OPTIMIZE_OPTS -CURL_SET_COMPILER_WARNING_OPTS if test "$compiler_id" = "INTEL_UNIX_C"; then # ++++++ libcurl-ocloexec.patch ++++++ Open library file descriptors with O_CLOEXEC This patch is non-portable, it needs linux 2.6.23 and glibc 2.7 or later, different combinations (old linux, new glibc and vice-versa) will result in a crash. To make it portable you have to test O_CLOEXEC support at *runtime* compile time is not enough. Index: lib/cookie.c =================================================================== --- lib/cookie.c.orig 2012-08-08 23:38:25.000000000 +0200 +++ lib/cookie.c 2013-02-07 11:55:15.146276477 +0100 @@ -736,7 +736,7 @@ struct CookieInfo *Curl_cookie_init(stru fp = NULL; } else - fp = file?fopen(file, "r"):NULL; + fp = file?fopen(file, "re"):NULL; c->newsession = newsession; /* new session? */ @@ -1060,7 +1060,7 @@ static int cookie_output(struct CookieIn use_stdout=TRUE; } else { - out = fopen(dumphere, "w"); + out = fopen(dumphere, "we"); if(!out) return 1; /* failure */ } Index: lib/file.c =================================================================== --- lib/file.c.orig 2012-11-13 22:04:27.000000000 +0100 +++ lib/file.c 2013-02-07 11:55:15.147276507 +0100 @@ -249,7 +249,7 @@ static CURLcode file_connect(struct conn fd = open_readonly(actual_path, O_RDONLY|O_BINARY); file->path = actual_path; #else - fd = open_readonly(real_path, O_RDONLY); + fd = open_readonly(real_path, O_RDONLY|O_CLOEXEC); file->path = real_path; #endif file->freepath = real_path; /* free this when done */ @@ -347,7 +347,7 @@ static CURLcode file_upload(struct conne else mode = MODE_DEFAULT|O_TRUNC; - fd = open(file->path, mode, conn->data->set.new_file_perms); + fd = open(file->path, mode | O_CLOEXEC, conn->data->set.new_file_perms); if(fd < 0) { failf(data, "Can't open %s for writing", file->path); return CURLE_WRITE_ERROR; Index: lib/formdata.c =================================================================== --- lib/formdata.c.orig 2012-08-08 22:45:18.000000000 +0200 +++ lib/formdata.c 2013-02-07 11:55:15.147276507 +0100 @@ -1207,7 +1207,7 @@ CURLcode Curl_getformdata(struct Session FILE *fileread; fileread = strequal("-", file->contents)? - stdin:fopen(file->contents, "rb"); /* binary read for win32 */ + stdin:fopen(file->contents, "rbe"); /* binary read for win32 */ /* * VMS: This only allows for stream files on VMS. Stream files are @@ -1338,7 +1338,7 @@ static size_t readfromfile(struct Form * else { if(!form->fp) { /* this file hasn't yet been opened */ - form->fp = fopen(form->data->line, "rb"); /* b is for binary */ + form->fp = fopen(form->data->line, "rbe"); /* b is for binary */ if(!form->fp) return (size_t)-1; /* failure */ } Index: lib/hostip6.c =================================================================== --- lib/hostip6.c.orig 2012-03-08 20:35:24.000000000 +0100 +++ lib/hostip6.c 2013-02-07 11:55:15.147276507 +0100 @@ -45,7 +45,7 @@ #ifdef HAVE_PROCESS_H #include <process.h> #endif - +#include <fcntl.h> #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -113,7 +113,7 @@ bool Curl_ipv6works(void) static int ipv6_works = -1; if(-1 == ipv6_works) { /* probe to see if we have a working IPv6 stack */ - curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); + curl_socket_t s = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0); if(s == CURL_SOCKET_BAD) /* an ipv6 address was requested but we can't get/use one */ ipv6_works = 0; Index: lib/if2ip.c =================================================================== --- lib/if2ip.c.orig 2012-03-08 20:35:24.000000000 +0100 +++ lib/if2ip.c 2013-02-07 11:55:15.148276537 +0100 @@ -153,7 +153,7 @@ char *Curl_if2ip(int af, const char *int if(len >= sizeof(req.ifr_name)) return NULL; - dummy = socket(AF_INET, SOCK_STREAM, 0); + dummy = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); if(CURL_SOCKET_BAD == dummy) return NULL; Index: lib/netrc.c =================================================================== --- lib/netrc.c.orig 2012-08-08 22:45:18.000000000 +0200 +++ lib/netrc.c 2013-02-07 11:55:15.148276537 +0100 @@ -107,7 +107,7 @@ int Curl_parsenetrc(const char *host, netrc_alloc = TRUE; } - file = fopen(netrcfile, "r"); + file = fopen(netrcfile, "re"); if(file) { char *tok; char *tok_buf; Index: lib/ssluse.c =================================================================== --- lib/ssluse.c.orig 2012-11-13 23:01:17.000000000 +0100 +++ lib/ssluse.c 2013-02-07 11:55:15.149276568 +0100 @@ -437,7 +437,7 @@ int cert_stuff(struct connectdata *conn, STACK_OF(X509) *ca = NULL; int i; - f = fopen(cert_file,"rb"); + f = fopen(cert_file,"rbe"); if(!f) { failf(data, "could not open PKCS12 file '%s'", cert_file); return 0; @@ -2274,7 +2274,7 @@ static CURLcode servercert(struct connec /* e.g. match issuer name with provided issuer certificate */ if(data->set.str[STRING_SSL_ISSUERCERT]) { - fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r"); + fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"re"); if(!fp) { if(strict) failf(data, "SSL: Unable to open issuer cert (%s)", Index: lib/connect.c =================================================================== --- lib/connect.c.orig 2012-11-13 22:02:15.000000000 +0100 +++ lib/connect.c 2013-02-07 11:55:15.149276568 +0100 @@ -1238,7 +1238,7 @@ CURLcode Curl_socket(struct connectdata (struct curl_sockaddr *)addr); else /* opensocket callback not set, so simply create the socket now */ - *sockfd = socket(addr->family, addr->socktype, addr->protocol); + *sockfd = socket(addr->family, addr->socktype | SOCK_CLOEXEC, addr->protocol); if(*sockfd == CURL_SOCKET_BAD) /* no socket, no connection */ Index: configure.ac =================================================================== --- configure.ac.orig 2012-09-08 22:39:18.000000000 +0200 +++ configure.ac 2013-02-07 11:58:27.875122101 +0100 @@ -180,6 +180,7 @@ AC_CANONICAL_HOST dnl Get system canonical name AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +AC_USE_SYSTEM_EXTENSIONS dnl Checks for programs. CURL_CHECK_PROG_CC @@ -193,6 +194,7 @@ dnl Our configure and build reentrant se CURL_CONFIGURE_THREAD_SAFE CURL_CONFIGURE_REENTRANT + dnl check for how to do large files AC_SYS_LARGEFILE Index: m4/curl-compilers.m4 =================================================================== --- m4/curl-compilers.m4.orig 2012-11-16 13:02:23.000000000 +0100 +++ m4/curl-compilers.m4 2013-02-07 11:55:15.151276630 +0100 @@ -1272,7 +1272,7 @@ dnl CPPFLAGS from being unexpectedly cha AC_DEFUN([CURL_CHECK_PROG_CC], [ ac_save_CFLAGS="$CFLAGS" ac_save_CPPFLAGS="$CPPFLAGS" - AC_PROG_CC + AC_PROG_CC_STDC CFLAGS="$ac_save_CFLAGS" CPPFLAGS="$ac_save_CPPFLAGS" ]) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt for openSUSE:13.1:Update
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package libvirt for openSUSE:13.1:Update checked in at 2014-05-02 14:18:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libvirt (Old) and /work/SRC/openSUSE:13.1:Update/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt" Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.BA5YcK/_old 2014-05-02 14:19:00.000000000 +0200 +++ /var/tmp/diff_new_pack.BA5YcK/_new 2014-05-02 14:19:00.000000000 +0200 @@ -1 +1 @@ -<link package='libvirt.2560' cicount='copy' /> +<link package='libvirt.2692' cicount='copy' /> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit libvirt.2692 for openSUSE:13.1:Update
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package libvirt.2692 for openSUSE:13.1:Update checked in at 2014-05-02 14:18:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libvirt.2692 (Old) and /work/SRC/openSUSE:13.1:Update/.libvirt.2692.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt.2692" Changes: -------- New Changes file: --- /dev/null 2014-04-28 00:21:37.460033756 +0200 +++ /work/SRC/openSUSE:13.1:Update/.libvirt.2692.new/libvirt.changes 2014-05-02 14:18:57.000000000 +0200 @@ -0,0 +1,2374 @@ +------------------------------------------------------------------- +Fri Apr 18 14:35:48 MDT 2014 - jfehlig(a)suse.com + +- libvirtd: notify systemd when ready to accept connections + bnc#873103, bnc#871154 + +------------------------------------------------------------------- +Fri Mar 21 12:16:25 MDT 2014 - jfehlig(a)suse.com + +- Rename patch to include CVE number + 484cc321-fix-spice-migration.patch -> 484cc321-CVE-2013-7336.patch + +------------------------------------------------------------------- +Tue Mar 18 10:50:21 UTC 2014 - cbosdonnat(a)suse.com + +- Backport libvirt-guests fixes + 4e7fc83-bnc852005.patch, 68954fb-bnc852005.patch, + ba79e38-bnc852005.patch + bnc#852005 + +------------------------------------------------------------------- +Tue Mar 4 17:34:36 UTC 2014 - cbosdonnat(a)suse.com + +- CVE-2013-6456: unsafe usage of paths under /proc/$PID/root + 1754c7f-CVE-2013-6456.patch + 1cadeaf-CVE-2013-6456.patch + 2c2bec9-CVE-2013-6456.patch + 4dd3a7d-CVE-2013-6456.patch + 5fc590a-CVE-2013-6456.patch + 7a44af9-CVE-2013-6456.patch + 7c72ef6-CVE-2013-6456.patch + 7fba01c-CVE-2013-6456.patch + a537827-CVE-2013-6456.patch + aebbcdd-CVE-2013-6456.patch + c321bfc-CVE-2013-6456.patch + c364897-CVE-2013-6456.patch + c3eb12c-CVE-2013-6456.patch + d24e6b8-CVE-2013-6456.patch + bnc#857490 +- avoid short reads while chasing backing chain. This commit is + needed by one of the patches fixing the CVE. + d697b0f3-storage-avoid-short-reads.patch + +------------------------------------------------------------------- +Wed Jan 22 15:12:21 MST 2014 - jfehlig(a)suse.com + +- CVE-2013-6458: qemu: Fix job usage in several APIs + 17db7e28-CVE-2013-6458.patch, 54cb7f05-CVE-2013-6458.patch, + bcb9a035-CVE-2013-6458.patch, 939b0818-CVE-2013-6458.patch, + 82daa87f-CVE-2013-6458.patch + bnc#857492 + +------------------------------------------------------------------- +Wed Jan 22 14:49:40 MST 2014 - jfehlig(a)suse.com + +- CVE-2014-1447: Prevent libvirtd crash if a connection closes + early + ed327dfc-CVE-2014-1447.patch, 2842b103-CVE-2014-1447.patch + bnc#858817 + +------------------------------------------------------------------- +Wed Jan 22 14:40:21 MST 2014 - jfehlig(a)suse.com + +- CVE-2013-6457: avoid crashing libvirtd when calling + `virsh numatune' on inactive Xen libxl domain + 52c40003-CVE-2013-6457.patch + bnc#858824 + +------------------------------------------------------------------- +Wed Jan 22 14:33:55 MST 2014 - jfehlig(a)suse.com + +- CVE-2014-0028: filter global events by domain:getattr ACL + fb5a3190-CVE-2014-0028.patch + bnc#859051 + +------------------------------------------------------------------- +Wed Jan 22 10:02:06 MST 2014 - jfehlig(a)suse.com + +- Add CAP_SYS_PACCT capability to libvirtd AppArmor profile + Modified install-apparmor-profiles.patch + bnc#817407 + +-------------------------------------------------------------------- +Mon Jan 20 18:29:29 MST 2014 - jfehlig(a)suse.com + +- Following the upstream pattern, introduce the + daemon-config-network subpackage to handle defining the default + network + bnc#859041 + +------------------------------------------------------------------- +Thu Jan 9 18:01:04 MST 2014 - jfehlig(a)suse.com + +- Fix initialization of emulated NICs + Added 7c98d1c1-nic-type.patch + Replaced libxl-hvm-nic.patch with upstream + e1459c1f-nic-devid.patch + bnc#857271 + +------------------------------------------------------------------- +Wed Jan 8 11:16:47 MST 2014 - jfehlig(a)suse.com + +- Fix potential segfault in libxl driver when domain create fails + b03eba13-libxl-segfault-fix.patch + bnc#857271 + +------------------------------------------------------------------- +Fri Dec 20 09:04:45 MST 2013 - jfehlig(a)suse.com + +- CVE-2013-6436: Fix crashes in lxc memtune code, one of which + results in DoS + f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch + bnc#854486 + +------------------------------------------------------------------- +Thu Dec 12 21:00:32 UTC 2013 - cbosdonnat(a)suse.com + +- Backported upstream patch to fix LXC container failing start. + bnc#855239 + +------------------------------------------------------------------- +Mon Dec 9 13:07:29 MST 2013 - jfehlig(a)suse.com + +- Building with polkit support requires polkit-devel + bnc#854144 + +------------------------------------------------------------------- +Fri Dec 6 10:52:56 MST 2013 - jfehlig(a)suse.com + +- More adjustments to the spec file to fix package dependency + issues + bnc#848918 + +------------------------------------------------------------------- +Tue Nov 26 14:46:21 MST 2013 - jfehlig(a)suse.com + +- Allow execution of libvirt hook scripts in /etc/libvirt/hooks/ + in libvirtd AppArmor profile + +------------------------------------------------------------------- +Tue Nov 19 14:23:27 MST 2013 - jfehlig(a)suse.com + +- Allow execution of Xen binaries in /usr/lib{,64}/xen/bin in + libvirtd AppArmor profile + bnc#849524 + +------------------------------------------------------------------- +Tue Nov 19 13:09:31 MST 2013 - jfehlig(a)suse.com + +- Require libvirt-daemon-<hypervisor> in the main libvirt package + for each supported hypervisor + bnc#850882 + +------------------------------------------------------------------- +Mon Nov 4 15:44:39 MST 2013 - jfehlig(a)suse.com + +- Fix initialization of libxl NIC devices + libxl-hvm-nic.patch + bnc#848918 + +------------------------------------------------------------------- +Wed Oct 30 08:35:47 MDT 2013 - jfehlig(a)suse.com + +- Fix typo in libvirtd apparmor profile which prevented the profile + from loading + bnc#848216 + +------------------------------------------------------------------- +Fri Oct 25 13:10:27 MDT 2013 - jfehlig(a)suse.com + +- libxl driver: fix initialization of VNC and SDL info for + HVM domains + libxl-hvm-vnc.patch + bnc#847566 +- Allow libvirtd apparmor profile to access /etc/xen/scripts/* + +------------------------------------------------------------------- +Tue Oct 22 21:37:08 MDT 2013 - jfehlig(a)suse.com + +- Fix file descriptor passing in python bindings + e350826c-python-fix-fd-passing.patch + rhb#1021434 + +------------------------------------------------------------------- +Tue Oct 22 14:37:08 MDT 2013 - cbosdonnat(a)suse.com + +- Have systemd terminate the machine as a workaround of fdo#68370 + bd773e74-lxc-terminate-machine.patch + bnc#842834 + +------------------------------------------------------------------- +Tue Oct 22 12:28:03 MDT 2013 - jfehlig(a)suse.com + +- Spec file fixes to only package libvirt-login-shell when + building the LXC driver + +------------------------------------------------------------------- ++++ 2177 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.libvirt.2692.new/libvirt.changes New: ---- 1754c7f-CVE-2013-6456.patch 17db7e28-CVE-2013-6458.patch 1cadeaf-CVE-2013-6456.patch 2842b103-CVE-2014-1447.patch 2c2bec9-CVE-2013-6456.patch 2dba0323-CVE-2013-4297.patch 3e2f27e1-CVE-2013-4400.patch 484cc321-CVE-2013-7336.patch 4dd3a7d-CVE-2013-6456.patch 4e7fc83-bnc852005.patch 52c40003-CVE-2013-6457.patch 54cb7f05-CVE-2013-6458.patch 57687fd6-CVE-2013-4401.patch 5a0ea4b7-CVE-2013-4400.patch 5fc590a-CVE-2013-6456.patch 68954fb-bnc852005.patch 79552754-libvirtd-chardev-crash.patch 7a44af9-CVE-2013-6456.patch 7c72ef6-CVE-2013-6456.patch 7c98d1c1-nic-type.patch 7fba01c-CVE-2013-6456.patch 8294aa0c-CVE-2013-4399.patch 82daa87f-CVE-2013-6458.patch 843bdb2f-CVE-2013-4400.patch 8c3586ea-CVE-2013-4400.patch 922b7fda-CVE-2013-4311.patch 939b0818-CVE-2013-6458.patch 97973ebb-LXC-threading-error.patch 9faf3f29-LXC-memtune.patch a537827-CVE-2013-6456.patch ae53e5d1-CVE-2013-4400.patch aebbcdd-CVE-2013-6456.patch b03eba13-libxl-segfault-fix.patch b7fcc799a-CVE-2013-4400.patch ba79e38-bnc852005.patch baselibs.conf bcb9a035-CVE-2013-6458.patch bd773e74-lxc-terminate-machine.patch c321bfc-CVE-2013-6456.patch c364897-CVE-2013-6456.patch c3eb12c-CVE-2013-6456.patch clone.patch d24e6b8-CVE-2013-6456.patch d697b0f3-storage-avoid-short-reads.patch db7a5688-CVE-2013-4311.patch e1459c1f-nic-devid.patch e350826c-python-fix-fd-passing.patch e4697b92-CVE-2013-4311.patch e65667c0-CVE-2013-4311.patch e7f400a1-CVE-2013-4296.patch ed327dfc-CVE-2014-1447.patch f8c1cb90-CVE-2013-6436.patch fb5a3190-CVE-2014-0028.patch fix-pci-attach-xen-driver.patch install-apparmor-profiles.patch libvirt-1.1.2.tar.bz2 libvirt-guests-init-script.patch libvirt-suse-netcontrol.patch libvirt.changes libvirt.spec libvirtd-defaults.patch libvirtd-init-script.patch libvirtd-relocation-server.fw libvirtd.init libxl-hvm-vnc.patch support-managed-pci-xen-driver.patch suse-qemu-conf.patch systemd-service-xen.patch virtlockd-init-script.patch xen-name-for-devid.patch xen-pv-cdrom.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ ++++ 1877 lines (skipped) ++++++ 1754c7f-CVE-2013-6456.patch ++++++ >From 77ddbad2a9272239a09673c5d6993793308514e9 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 17:45:08 +0000 Subject: [PATCH 12/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug Rewrite lxcDomainAttachDeviceHostdevStorageLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 1754c7f0ab1407dcf7c89636a35711dd9b1febe1) --- src/lxc/lxc_driver.c | 66 ++++++++++++++-------------------------------------- 1 file changed, 18 insertions(+), 48 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3492,11 +3492,7 @@ lxcDomainAttachDeviceHostdevStorageLive( virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = dev->data.hostdev; int ret = -1; - char *dst = NULL; - char *vroot = NULL; struct stat sb; - bool created = false; - mode_t mode = 0; if (!def->source.caps.u.storage.block) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -3524,51 +3520,29 @@ lxcDomainAttachDeviceHostdevStorageLive( goto cleanup; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - - if (virAsprintf(&dst, "%s/%s", - vroot, - def->source.caps.u.storage.block) < 0) - goto cleanup; - if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs+1) < 0) goto cleanup; - if (lxcContainerSetupHostdevCapsMakePath(dst) < 0) { - virReportSystemError(errno, - _("Unable to create directory for device %s"), - dst); - goto cleanup; - } - - mode = 0700 | S_IFBLK; - - VIR_DEBUG("Creating dev %s (%d,%d)", - def->source.caps.u.storage.block, - major(sb.st_rdev), minor(sb.st_rdev)); - if (mknod(dst, mode, sb.st_rdev) < 0) { - virReportSystemError(errno, - _("Unable to create device %s"), - dst); - goto cleanup; - } - created = true; - - if (lxcContainerChown(vm->def, dst) < 0) - goto cleanup; - - if (virSecurityManagerSetHostdevLabel(driver->securityManager, - vm->def, def, vroot) < 0) - goto cleanup; - - if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block, - VIR_CGROUP_DEVICE_RW | - VIR_CGROUP_DEVICE_MKNOD) != 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot allow device %s for domain %s"), - def->source.caps.u.storage.block, vm->def->name); + if (virCgroupAllowDevice(priv->cgroup, + 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + VIR_CGROUP_DEVICE_RWM) < 0) + goto cleanup; + + if (lxcDomainAttachDeviceMknod(driver, + 0700 | S_IFBLK, + sb.st_rdev, + vm, + dev, + def->source.caps.u.storage.block) < 0) { + if (virCgroupDenyDevice(priv->cgroup, + 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + VIR_CGROUP_DEVICE_RWM) < 0) + VIR_WARN("cannot deny device %s for domain %s", + def->source.caps.u.storage.block, vm->def->name); goto cleanup; } @@ -3578,10 +3552,6 @@ lxcDomainAttachDeviceHostdevStorageLive( cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); - if (dst && created && ret < 0) - unlink(dst); - VIR_FREE(dst); - VIR_FREE(vroot); return ret; } ++++++ 17db7e28-CVE-2013-6458.patch ++++++ commit 17db7e28a1ec77382bb8fa96205ef2cf6deefa88 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Thu Dec 19 22:10:04 2013 +0100 qemu: Do not access stale data in virDomainBlockStats CVE-2013-6458 https://bugzilla.redhat.com/show_bug.cgi?id=1043069 When virDomainDetachDeviceFlags is called concurrently to virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats finds a disk in vm->def before getting a job on a domain and uses the disk pointer after getting the job. However, the domain in unlocked while waiting on a job condition and thus data behind the disk pointer may disappear. This happens when thread 1 runs virDomainDetachDeviceFlags and enters monitor to actually remove the disk. Then another thread starts running virDomainBlockStats, finds the disk in vm->def, and while it's waiting on the job condition (owned by the first thread), the first thread finishes the disk removal. When the second thread gets the job, the memory pointed to be the disk pointer is already gone. That said, every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit db86da5ca2109e4006c286a09b6c75bfe10676ad) Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -8946,34 +8946,29 @@ qemuDomainBlockStats(virDomainPtr dom, if (virDomainBlockStatsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); - goto cleanup; + goto endjob; } if ((idx = virDomainDiskIndexByName(vm->def, path, false)) < 0) { virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path); - goto cleanup; + goto endjob; } disk = vm->def->disks[idx]; if (!disk->info.alias) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing disk device alias name for %s"), disk->dst); - goto cleanup; + goto endjob; } priv = vm->privateData; - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, - "%s", _("domain is not running")); - goto endjob; - } qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorGetBlockStatsInfo(priv->mon, ++++++ 1cadeaf-CVE-2013-6456.patch ++++++ >From a06bdfcb446f182e490f70422a8431c3bcb2c801 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 17:47:39 +0000 Subject: [PATCH 13/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug Rewrite lxcDomainAttachDeviceHostdevMiscLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 1cadeafcaa422844a27ef622e2a7041d0235bcb3) --- src/lxc/lxc_driver.c | 66 ++++++++++++++-------------------------------------- 1 file changed, 18 insertions(+), 48 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3564,11 +3564,7 @@ lxcDomainAttachDeviceHostdevMiscLive(vir virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = dev->data.hostdev; int ret = -1; - char *dst = NULL; - char *vroot = NULL; struct stat sb; - bool created = false; - mode_t mode = 0; if (!def->source.caps.u.misc.chardev) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -3596,51 +3592,29 @@ lxcDomainAttachDeviceHostdevMiscLive(vir goto cleanup; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - - if (virAsprintf(&dst, "%s/%s", - vroot, - def->source.caps.u.misc.chardev) < 0) + if (virCgroupAllowDevice(priv->cgroup, + 'c', + major(sb.st_rdev), + minor(sb.st_rdev), + VIR_CGROUP_DEVICE_RWM) < 0) goto cleanup; if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs+1) < 0) goto cleanup; - if (lxcContainerSetupHostdevCapsMakePath(dst) < 0) { - virReportSystemError(errno, - _("Unable to create directory for device %s"), - dst); - goto cleanup; - } - - mode = 0700 | S_IFCHR; - - VIR_DEBUG("Creating dev %s (%d,%d)", - def->source.caps.u.misc.chardev, - major(sb.st_rdev), minor(sb.st_rdev)); - if (mknod(dst, mode, sb.st_rdev) < 0) { - virReportSystemError(errno, - _("Unable to create device %s"), - dst); - goto cleanup; - } - created = true; - - if (lxcContainerChown(vm->def, dst) < 0) - goto cleanup; - - if (virSecurityManagerSetHostdevLabel(driver->securityManager, - vm->def, def, vroot) < 0) - goto cleanup; - - if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev, - VIR_CGROUP_DEVICE_RW | - VIR_CGROUP_DEVICE_MKNOD) != 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot allow device %s for domain %s"), - def->source.caps.u.misc.chardev, vm->def->name); + if (lxcDomainAttachDeviceMknod(driver, + 0700 | S_IFBLK, + sb.st_rdev, + vm, + dev, + def->source.caps.u.misc.chardev) < 0) { + if (virCgroupDenyDevice(priv->cgroup, + 'c', + major(sb.st_rdev), + minor(sb.st_rdev), + VIR_CGROUP_DEVICE_RWM) < 0) + VIR_WARN("cannot deny device %s for domain %s", + def->source.caps.u.storage.block, vm->def->name); goto cleanup; } @@ -3650,10 +3624,6 @@ lxcDomainAttachDeviceHostdevMiscLive(vir cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); - if (dst && created && ret < 0) - unlink(dst); - VIR_FREE(dst); - VIR_FREE(vroot); return ret; } ++++++ 2842b103-CVE-2014-1447.patch ++++++ commit 2842b103b1cd5d0872050a164b758967eb2e4be4 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Mon Jan 13 15:46:24 2014 +0100 Really don't crash if a connection closes early https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c291, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com> (cherry picked from commit 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0) Index: libvirt-1.1.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.1.2/src/rpc/virnetserverclient.c @@ -1540,7 +1540,7 @@ virNetServerClientStartKeepAlive(virNetS /* The connection might have been closed before we got here and thus the * keepalive object could have been removed too. */ - if (!client->sock) { + if (!client->keepalive) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection not open")); goto cleanup; ++++++ 2c2bec9-CVE-2013-6456.patch ++++++ >From b272b572cc013e1e0a9aadc22b9690ee097a2bb8 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Tue, 4 Feb 2014 17:41:22 +0000 Subject: [PATCH 04/14] Fix reset of cgroup when detaching USB device from LXC guests When detaching a USB device from an LXC guest we must remove the device from the cgroup ACL. Unfortunately we were telling the cgroup code to use the guest /dev path, not the host /dev path, and the guest device node had already been unlinked. This was, however, fortunate since the code passed &priv->cgroup instead of priv->cgroup, so would have crash if the device node were accessible. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 2c2bec94d27ccd070bee18a6113b1cfea6d80126) --- src/lxc/lxc_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3908,7 +3908,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL } if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus, - def->source.subsys.u.usb.device, vroot))) + def->source.subsys.u.usb.device, NULL))) goto cleanup; VIR_DEBUG("Unlinking %s", dst); @@ -3922,7 +3922,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL if (virUSBDeviceFileIterate(usb, virLXCTeardownHostUsbDeviceCgroup, - &priv->cgroup) < 0) + priv->cgroup) < 0) VIR_WARN("cannot deny device %s for domain %s", dst, vm->def->name); ++++++ 2dba0323-CVE-2013-4297.patch ++++++ commit 2dba0323ff0cec31bdcea9dd3b2428af297401f2 Author: Michal Privoznik <mprivozn(a)redhat.com> Date: Tue Sep 3 18:56:06 2013 +0200 virFileNBDDeviceAssociate: Avoid use of uninitialized variable The @qemunbd variable can be used uninitialized. Index: libvirt-1.1.2/src/util/virfile.c =================================================================== --- libvirt-1.1.2.orig/src/util/virfile.c +++ libvirt-1.1.2/src/util/virfile.c @@ -732,7 +732,7 @@ int virFileNBDDeviceAssociate(const char char **dev) { char *nbddev; - char *qemunbd; + char *qemunbd = NULL; virCommandPtr cmd = NULL; int ret = -1; const char *fmtstr = NULL; ++++++ 3e2f27e1-CVE-2013-4400.patch ++++++ commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Thu Oct 10 13:09:08 2013 +0100 Don't link virt-login-shell against libvirt.so (CVE-2013-4400) The libvirt.so library has far too many library deps to allow linking against it from setuid programs. Those libraries can do stuff in __attribute__((constructor) functions which is not setuid safe. The virt-login-shell needs to link directly against individual files that it uses, with all library deps turned off except for libxml2 and libselinux. Create a libvirt-setuid-rpc-client.la library which is linked to by virt-login-shell. A config-post.h file allows this library to disable all external deps except libselinux and libxml2. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/Makefile.am =================================================================== --- libvirt-1.1.2.orig/Makefile.am +++ libvirt-1.1.2/Makefile.am @@ -31,6 +31,7 @@ XML_EXAMPLES = \ test/*.xml storage/*.xml))) EXTRA_DIST = \ + config-post.h \ ChangeLog-old \ libvirt.spec libvirt.spec.in \ mingw-libvirt.spec.in \ Index: libvirt-1.1.2/config-post.h =================================================================== --- /dev/null +++ libvirt-1.1.2/config-post.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +/* + * Since virt-login-shell will be setuid, we must do everything + * we can to avoid linking to other libraries. Many of them do + * unsafe things in functions marked __atttribute__((constructor)). + * The only way avoid to avoid such deps is to re-compile the + * functions with the code in question disabled, and for that we + * must override the main config.h rules. Hence this file :-( + */ + +#ifdef LIBVIRT_SETUID_RPC_CLIENT +# undef HAVE_LIBDEVMAPPER_H +# undef HAVE_LIBNL +# undef HAVE_LIBNL3 +# undef HAVE_LIBSASL2 +# undef WITH_CAPNG +# undef WITH_CURL +# undef WITH_DTRACE_PROBES +# undef WITH_GNUTLS +# undef WITH_MACVTAP +# undef WITH_NUMACTL +# undef WITH_SASL +# undef WITH_SSH2 +# undef WITH_VIRTUALPORT +# undef WITH_YAJL +# undef WITH_YAJL2 +#endif Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac @@ -20,6 +20,7 @@ AC_INIT([libvirt], [1.1.2], [libvir-list AC_CONFIG_SRCDIR([src/libvirt.c]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) +AH_BOTTOM([#include <config-post.h>]) AC_CONFIG_MACRO_DIR([m4]) dnl Make automake keep quiet about wildcards & other GNUmake-isms AM_INIT_AUTOMAKE([-Wno-portability tar-ustar]) Index: libvirt-1.1.2/daemon/Makefile.am =================================================================== --- libvirt-1.1.2.orig/daemon/Makefile.am +++ libvirt-1.1.2/daemon/Makefile.am @@ -18,6 +18,7 @@ INCLUDES = \ -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I$(top_builddir)/include -I$(top_srcdir)/include \ -I$(top_builddir)/src -I$(top_srcdir)/src \ -I$(top_srcdir)/src/util \ Index: libvirt-1.1.2/examples/domain-events/events-c/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/domain-events/events-c/Makefile.am +++ libvirt-1.1.2/examples/domain-events/events-c/Makefile.am @@ -15,7 +15,8 @@ ## <http://www.gnu.org/licenses/>. INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) noinst_PROGRAMS = event-test event_test_CFLAGS = $(WARN_CFLAGS) event_test_SOURCES = event-test.c Index: libvirt-1.1.2/examples/hellolibvirt/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/hellolibvirt/Makefile.am +++ libvirt-1.1.2/examples/hellolibvirt/Makefile.am @@ -14,7 +14,7 @@ ## License along with this library. If not, see ## <http://www.gnu.org/licenses/>. -INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) noinst_PROGRAMS = hellolibvirt hellolibvirt_CFLAGS = $(WARN_CFLAGS) hellolibvirt_SOURCES = hellolibvirt.c Index: libvirt-1.1.2/examples/openauth/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/openauth/Makefile.am +++ libvirt-1.1.2/examples/openauth/Makefile.am @@ -14,7 +14,7 @@ ## License along with this library. If not, see ## <http://www.gnu.org/licenses/>. -INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) noinst_PROGRAMS = openauth openauth_CFLAGS = $(WARN_CFLAGS) openauth_SOURCES = openauth.c Index: libvirt-1.1.2/gnulib/lib/Makefile.am =================================================================== --- libvirt-1.1.2.orig/gnulib/lib/Makefile.am +++ libvirt-1.1.2/gnulib/lib/Makefile.am @@ -27,4 +27,4 @@ noinst_LTLIBRARIES = include gnulib.mk -INCLUDES = $(GETTEXT_CPPFLAGS) +INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS) Index: libvirt-1.1.2/python/Makefile.am =================================================================== --- libvirt-1.1.2.orig/python/Makefile.am +++ libvirt-1.1.2/python/Makefile.am @@ -20,6 +20,7 @@ INCLUDES = \ $(PYTHON_INCLUDES) \ -I$(top_builddir)/gnulib/lib \ -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I$(top_builddir)/src \ -I$(top_srcdir)/src \ -I$(top_srcdir)/src/util \ Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -21,6 +21,7 @@ # that actually use them. Also keep GETTEXT_CPPFLAGS at the end. INCLUDES = -I../gnulib/lib \ -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I../include \ -I$(top_srcdir)/include \ -I$(top_srcdir)/src/util \ @@ -1917,6 +1918,77 @@ libvirt_lxc_la_LDFLAGS = \ libvirt_lxc_la_CFLAGS = $(AM_CFLAGS) libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD) +# Since virt-login-shell will be setuid, we must do everything +# we can to avoid linking to other libraries. Many of them do +# unsafe things in functions marked __atttribute__((constructor)). +# This library is built to include the bare minimum required to +# have a RPC client for local UNIX socket access only. We use +# the ../config-post.h header to disable all external deps that +# we don't want +if WITH_LXC +noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la + +libvirt_setuid_rpc_client_la_SOURCES = \ + util/viralloc.c \ + util/virbitmap.c \ + util/virbuffer.c \ + util/vircommand.c \ + util/virconf.c \ + util/virerror.c \ + util/virevent.c \ + util/vireventpoll.c \ + util/virfile.c \ + util/virhash.c \ + util/virhashcode.c \ + util/virjson.c \ + util/virlog.c \ + util/virobject.c \ + util/virpidfile.c \ + util/virprocess.c \ + util/virrandom.c \ + util/virsocketaddr.c \ + util/virstoragefile.c \ + util/virstring.c \ + util/virtime.c \ + util/virthread.c \ + util/virtypedparam.c \ + util/viruri.c \ + util/virutil.c \ + util/viruuid.c \ + conf/domain_event.c \ + rpc/virnetsocket.c \ + rpc/virnetsocket.h \ + rpc/virnetmessage.h \ + rpc/virnetmessage.c \ + rpc/virkeepalive.c \ + rpc/virkeepalive.h \ + rpc/virnetclient.c \ + rpc/virnetclientprogram.c \ + rpc/virnetclientstream.c \ + rpc/virnetprotocol.c \ + remote/remote_driver.c \ + remote/remote_protocol.c \ + remote/qemu_protocol.c \ + remote/lxc_protocol.c \ + datatypes.c \ + libvirt.c \ + libvirt-lxc.c \ + $(NULL) + +libvirt_setuid_rpc_client_la_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(LIBXML_LIBS) \ + $(SELINUX_LIBS) \ + $(NULL) +libvirt_setuid_rpc_client_la_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ + -I$(top_srcdir)/src/conf \ + -I$(top_srcdir)/src/rpc \ + $(AM_CFLAGS) \ + $(SELINUX_CFLAGS) \ + $(NULL) +endif WITH_LXC + lockdriverdir = $(libdir)/libvirt/lock-driver lockdriver_LTLIBRARIES = Index: libvirt-1.1.2/src/libvirt.c =================================================================== --- libvirt-1.1.2.orig/src/libvirt.c +++ libvirt-1.1.2/src/libvirt.c @@ -446,40 +446,46 @@ virGlobalInit(void) goto error; /* + * Note we must avoid everything except 'remote' driver + * for virt-login-shell usage + */ +#ifndef LIBVIRT_SETUID_RPC_CLIENT + /* * Note that the order is important: the first ones have a higher * priority when calling virConnectOpen. */ -#ifdef WITH_TEST +# ifdef WITH_TEST if (testRegister() == -1) goto error; -#endif -#ifdef WITH_OPENVZ +# endif +# ifdef WITH_OPENVZ if (openvzRegister() == -1) goto error; -#endif -#ifdef WITH_VMWARE +# endif +# ifdef WITH_VMWARE if (vmwareRegister() == -1) goto error; -#endif -#ifdef WITH_PHYP +# endif +# ifdef WITH_PHYP if (phypRegister() == -1) goto error; -#endif -#ifdef WITH_ESX +# endif +# ifdef WITH_ESX if (esxRegister() == -1) goto error; -#endif -#ifdef WITH_HYPERV +# endif +# ifdef WITH_HYPERV if (hypervRegister() == -1) goto error; -#endif -#ifdef WITH_XENAPI +# endif +# ifdef WITH_XENAPI if (xenapiRegister() == -1) goto error; -#endif -#ifdef WITH_PARALLELS +# endif +# ifdef WITH_PARALLELS if (parallelsRegister() == -1) goto error; +# endif #endif #ifdef WITH_REMOTE if (remoteRegister() == -1) Index: libvirt-1.1.2/tools/Makefile.am =================================================================== --- libvirt-1.1.2.orig/tools/Makefile.am +++ libvirt-1.1.2/tools/Makefile.am @@ -149,6 +149,11 @@ virt_host_validate_CFLAGS = \ $(COVERAGE_CFLAGS) \ $(NULL) +# Since virt-login-shell will be setuid, we must do everything +# we can to avoid linking to other libraries. Many of them do +# unsafe things in functions marked __atttribute__((constructor)). +# This we statically link to a library containing only the minimal +# libvirt client code, not libvirt.so itself. virt_login_shell_SOURCES = \ virt-login-shell.c @@ -159,11 +164,11 @@ virt_login_shell_LDFLAGS = \ virt_login_shell_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - ../src/libvirt.la \ - ../src/libvirt-lxc.la \ + ../src/libvirt-setuid-rpc-client.la \ ../gnulib/lib/libgnu.la virt_login_shell_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ $(WARN_CFLAGS) \ $(PIE_CFLAGS) \ $(COVERAGE_CFLAGS) ++++++ 484cc321-CVE-2013-7336.patch ++++++ commit b6ea7abcf72d7d0aaf90e17aa8e8e88db8f778ea Author: Martin Kletzander <mkletzan(a)redhat.com> Date: Fri Sep 20 16:40:20 2013 +0200 qemu: Fix seamless SPICE migration Since the wait is done during migration (still inside QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such in order to prohibit all other jobs from interfering in the meantime. This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was waiting on the monitor condition and after GetSpiceMigrationStatus mangled its internal data, the daemon crashed. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886 (cherry picked from commit 484cc3217b73b865f00bf42a9c12187b37200699) Index: libvirt-1.1.2/src/qemu/qemu_migration.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_migration.c +++ libvirt-1.1.2/src/qemu/qemu_migration.c @@ -1598,7 +1598,10 @@ qemuMigrationWaitForSpice(virQEMUDriverP /* Poll every 50ms for progress & to allow cancellation */ struct timespec ts = { .tv_sec = 0, .tv_nsec = 50 * 1000 * 1000ull }; - qemuDomainObjEnterMonitor(driver, vm); + if (qemuDomainObjEnterMonitorAsync(driver, vm, + QEMU_ASYNC_JOB_MIGRATION_OUT) < 0) + return -1; + if (qemuMonitorGetSpiceMigrationStatus(priv->mon, &spice_migrated) < 0) { qemuDomainObjExitMonitor(driver, vm); ++++++ 4dd3a7d-CVE-2013-6456.patch ++++++ >From eae2a2ada81c5828991bb1b9438f7556a7e51ce8 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 15:59:20 +0000 Subject: [PATCH 10/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug Rewrite lxcDomainAttachDeviceDiskLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 4dd3a7d5bc44980135a1b11810ba9aeab42a4a59) --- src/lxc/lxc_driver.c | 185 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 141 insertions(+), 44 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3059,6 +3059,115 @@ cleanup: } +struct lxcDomainAttachDeviceMknodData { + virLXCDriverPtr driver; + mode_t mode; + dev_t dev; + virDomainObjPtr vm; + virDomainDeviceDefPtr def; + char *file; +}; + +static int +lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, + void *opaque) +{ + struct lxcDomainAttachDeviceMknodData *data = opaque; + int ret = -1; + + virSecurityManagerPostFork(data->driver->securityManager); + + if (virFileMakeParentPath(data->file) < 0) { + virReportSystemError(errno, + _("Unable to create %s"), data->file); + goto cleanup; + } + + /* Yes, the device name we're creating may not + * actually correspond to the major:minor number + * we're using, but we've no other option at this + * time. Just have to hope that containerized apps + * don't get upset that the major:minor is different + * to that normally implied by the device name + */ + VIR_DEBUG("Creating dev %s (%d,%d)", + data->file, major(data->dev), minor(data->dev)); + if (mknod(data->file, data->mode, data->dev) < 0) { + virReportSystemError(errno, + _("Unable to create device %s"), + data->file); + goto cleanup; + } + + if (lxcContainerChown(data->vm->def, data->file) < 0) + goto cleanup; + + /* Labelling normally operates on src, but we need + * to actually label the dst here, so hack the config */ + switch (data->def->type) { + case VIR_DOMAIN_DEVICE_DISK: { + virDomainDiskDefPtr def = data->def->data.disk; + char *tmpsrc = def->src; + def->src = data->file; + if (virSecurityManagerSetImageLabel(data->driver->securityManager, + data->vm->def, def) < 0) { + def->src = tmpsrc; + goto cleanup; + } + def->src = tmpsrc; + } break; + + default: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unexpected device type %d"), + data->def->type); + goto cleanup; + } + + ret = 0; + + cleanup: + if (ret < 0) + unlink(data->file); + return ret; +} + + +static int +lxcDomainAttachDeviceMknod(virLXCDriverPtr driver, + mode_t mode, + dev_t dev, + virDomainObjPtr vm, + virDomainDeviceDefPtr def, + char *file) +{ + virLXCDomainObjPrivatePtr priv = vm->privateData; + struct lxcDomainAttachDeviceMknodData data; + + memset(&data, 0, sizeof(data)); + + data.driver = driver; + data.mode = mode; + data.dev = dev; + data.vm = vm; + data.def = def; + data.file = file; + + if (virSecurityManagerPreFork(driver->securityManager) < 0) + return -1; + + if (virProcessRunInMountNamespace(priv->initpid, + lxcDomainAttachDeviceMknodHelper, + &data) < 0) { + virSecurityManagerPostFork(driver->securityManager); + return -1; + } + + virSecurityManagerPostFork(driver->securityManager); + return 0; +} + + static int lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver, virDomainObjPtr vm, @@ -3067,11 +3176,9 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainDiskDefPtr def = dev->data.disk; int ret = -1; - char *dst = NULL; struct stat sb; - bool created = false; - mode_t mode = 0; - char *tmpsrc = def->src; + char *file = NULL; + int perms; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -3115,51 +3222,44 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv goto cleanup; } - if (virAsprintf(&dst, "/proc/%llu/root/dev/%s", - (unsigned long long)priv->initpid, def->dst) < 0) - goto cleanup; - - if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0) - goto cleanup; - - mode = 0700 | S_IFBLK; - - /* Yes, the device name we're creating may not - * actually correspond to the major:minor number - * we're using, but we've no other option at this - * time. Just have to hope that containerized apps - * don't get upset that the major:minor is different - * to that normally implied by the device name - */ - VIR_DEBUG("Creating dev %s (%d,%d) from %s", - dst, major(sb.st_rdev), minor(sb.st_rdev), def->src); - if (mknod(dst, mode, sb.st_rdev) < 0) { - virReportSystemError(errno, - _("Unable to create device %s"), - dst); + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("devices cgroup isn't mounted")); goto cleanup; } - if (lxcContainerChown(vm->def, dst) < 0) - goto cleanup; - - created = true; - - /* Labelling normally operates on src, but we need - * to actally label the dst here, so hack the config */ - def->src = dst; - if (virSecurityManagerSetImageLabel(driver->securityManager, - vm->def, def) < 0) - goto cleanup; - - if (virCgroupAllowDevicePath(priv->cgroup, def->src, - (def->readonly ? - VIR_CGROUP_DEVICE_READ : - VIR_CGROUP_DEVICE_RW) | - VIR_CGROUP_DEVICE_MKNOD) != 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("cannot allow device %s for domain %s"), - def->src, vm->def->name); + perms = (def->readonly ? + VIR_CGROUP_DEVICE_READ : + VIR_CGROUP_DEVICE_RW) | + VIR_CGROUP_DEVICE_MKNOD; + + if (virCgroupAllowDevice(priv->cgroup, + 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + perms) < 0) + goto cleanup; + + if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks + 1) < 0) + goto cleanup; + + if (virAsprintf(&file, + "/dev/%s", def->dst) < 0) + goto cleanup; + + if (lxcDomainAttachDeviceMknod(driver, + 0700 | S_IFBLK, + sb.st_rdev, + vm, + dev, + file) < 0) { + if (virCgroupDenyDevice(priv->cgroup, + 'b', + major(sb.st_rdev), + minor(sb.st_rdev), + perms) < 0) + VIR_WARN("cannot deny device %s for domain %s", + def->src, vm->def->name); goto cleanup; } @@ -3168,10 +3268,8 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv ret = 0; cleanup: - def->src = tmpsrc; virDomainAuditDisk(vm, NULL, def->src, "attach", ret == 0); - if (dst && created && ret < 0) - unlink(dst); + VIR_FREE(file); return ret; } ++++++ 4e7fc83-bnc852005.patch ++++++ >From 4e7fc8305a53676ba2362bfaa8ca05c4851b7e12 Mon Sep 17 00:00:00 2001 From: Michal Privoznik <mprivozn(a)redhat.com> Date: Fri, 21 Feb 2014 12:46:08 +0100 Subject: [PATCH] libvirt-guests: Wait for libvirtd to initialize I've noticed that in some cases systemd was quick enough and even if libvirt-guests.service is marked to be started after the libvirtd.service my guests were not resumed as libvirt-guests.sh failed to connect. This is because of a simple fact: systemd correctly starts libvirt-guests after it execs libvirtd. However, the daemon is not able to accept connections right from the start. It's doing some initialization which may take ages. This problem is not limited to systemd only, indeed. Any init system that is able to startup services in parallel (e.g. OpenRC) may run into this situation. The fix is to try connecting not only once, but continuously a few times with a small sleep in between tries. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- tools/libvirt-guests.sh.in | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) Index: libvirt-1.1.2/tools/libvirt-guests.sh.in =================================================================== --- libvirt-1.1.2.orig/tools/libvirt-guests.sh.in +++ libvirt-1.1.2/tools/libvirt-guests.sh.in @@ -37,6 +37,8 @@ SHUTDOWN_TIMEOUT=300 PARALLEL_SHUTDOWN=0 START_DELAY=0 BYPASS_CACHE=0 +CONNECT_RETRIES=10 +RETRIES_SLEEP=1 test -f "$sysconfdir"/sysconfig/libvirt-guests && . "$sysconfdir"/sysconfig/libvirt-guests @@ -87,12 +89,17 @@ test_connect() { uri=$1 - run_virsh "$uri" connect 2>/dev/null - if [ $? -ne 0 ]; then - eval_gettext "Can't connect to \$uri. Skipping." - echo - return 1 - fi + for ((i = 0; i < ${CONNECT_RETRIES}; i++)); do + run_virsh "$uri" connect 2>/dev/null + if [ $? -eq 0 ]; then + return 0; + fi + sleep ${RETRIES_SLEEP} + eval_gettext "Unable to connect to libvirt currently. Retrying .. \$i" + done + eval_gettext "Can't connect to \$uri. Skipping." + echo + return 1 } # list_guests URI PERSISTENT ++++++ 52c40003-CVE-2013-6457.patch ++++++ commit 52c40003805f1702f103095dc5c3d00cf38e7a82 Author: Dario Faggioli <dario.faggioli(a)citrix.com> Date: Fri Dec 20 16:29:47 2013 +0100 libxl: avoid crashing if calling `virsh numatune' on inactive domain by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose() happens, without having initialized the nodemap, and hence crashing after some invalid free()-s: # ./daemon/libvirtd -v *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7] /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045] /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26] /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c] /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2] /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa] /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38] /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5] /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e] /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53] /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd] Signed-off-by: Dario Faggili <dario.faggioli(a)citrix.com> Cc: Jim Fehlig <jfehlig(a)suse.com> Cc: Ian Jackson <Ian.Jackson(a)eu.citrix.com> (cherry picked from commit f9ee91d35510ccbc6fc42cef8864b291b2d220f4) Conflicts: src/libxl/libxl_driver.c Index: libvirt-1.1.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_driver.c +++ libvirt-1.1.2/src/libxl/libxl_driver.c @@ -4682,6 +4682,8 @@ libxlDomainGetNumaParameters(virDomainPt * the filtering on behalf of older clients that can't parse it. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; + libxl_bitmap_init(&nodemap); + libxlDriverLock(driver); vm = virDomainObjListFindByUUID(driver->domains, dom->uuid); libxlDriverUnlock(driver); @@ -4703,8 +4705,6 @@ libxlDomainGetNumaParameters(virDomainPt priv = vm->privateData; - libxl_bitmap_init(&nodemap); - if ((*nparams) == 0) { *nparams = LIBXL_NUMA_NPARAM; ret = 0; ++++++ 54cb7f05-CVE-2013-6458.patch ++++++ commit 54cb7f05ec5c822bb786833367dc80327648f2c0 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 14:50:02 2013 +0100 qemu: Avoid using stale data in virDomainGetBlockInfo CVE-2013-6458 Generally, every API that is going to begin a job should do that before fetching data from vm->def. However, qemuDomainGetBlockInfo does not know whether it will have to start a job or not before checking vm->def. To avoid using disk alias that might have been freed while we were waiting for a job, we use its copy. In case the disk was removed in the meantime, we will fail with "cannot find statistics for device '...'" error message. (cherry picked from commit b799259583bd65c0b2f5042e6c3ff19637ade881) Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -9706,10 +9706,12 @@ cleanup: } -static int qemuDomainGetBlockInfo(virDomainPtr dom, - const char *path, - virDomainBlockInfoPtr info, - unsigned int flags) { +static int +qemuDomainGetBlockInfo(virDomainPtr dom, + const char *path, + virDomainBlockInfoPtr info, + unsigned int flags) +{ virQEMUDriverPtr driver = dom->conn->privateData; virDomainObjPtr vm; int ret = -1; @@ -9721,6 +9723,7 @@ static int qemuDomainGetBlockInfo(virDom int idx; int format; virQEMUDriverConfigPtr cfg = NULL; + char *alias = NULL; virCheckFlags(0, -1); @@ -9827,13 +9830,16 @@ static int qemuDomainGetBlockInfo(virDom virDomainObjIsActive(vm)) { qemuDomainObjPrivatePtr priv = vm->privateData; + if (VIR_STRDUP(alias, disk->info.alias) < 0) + goto cleanup; + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0) goto cleanup; if (virDomainObjIsActive(vm)) { qemuDomainObjEnterMonitor(driver, vm); ret = qemuMonitorGetBlockExtent(priv->mon, - disk->info.alias, + alias, &info->allocation); qemuDomainObjExitMonitor(driver, vm); } else { @@ -9847,6 +9853,7 @@ static int qemuDomainGetBlockInfo(virDom } cleanup: + VIR_FREE(alias); virStorageFileFreeMetadata(meta); VIR_FORCE_CLOSE(fd); if (vm) ++++++ 57687fd6-CVE-2013-4401.patch ++++++ commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Thu Oct 3 16:37:57 2013 +0100 Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401) The virConnectDomainXMLToNative API should require 'connect:write' not 'connect:read', since it will trigger execution of the QEMU binaries listed in the XML. Also make virConnectDomainXMLFromNative API require a full read-write connection and 'connect:write' permission. Although the current impl doesn't trigger execution of QEMU, we should not rely on that impl detail from an API permissioning POV. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/libvirt.c =================================================================== --- libvirt-1.1.2.orig/src/libvirt.c +++ libvirt-1.1.2/src/libvirt.c @@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC virDispatchError(NULL); return NULL; } + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } virCheckNonNullArgGoto(nativeFormat, error); virCheckNonNullArgGoto(nativeConfig, error); Index: libvirt-1.1.2/src/remote/remote_protocol.x =================================================================== --- libvirt-1.1.2.orig/src/remote/remote_protocol.x +++ libvirt-1.1.2/src/remote/remote_protocol.x @@ -3812,13 +3812,13 @@ enum remote_procedure { /** * @generate: both - * @acl: connect:read + * @acl: connect:write */ REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135, /** * @generate: both - * @acl: connect:read + * @acl: connect:write */ REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136, ++++++ 5a0ea4b7-CVE-2013-4400.patch ++++++ commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2 Author: Jim Fehlig <jfehlig(a)suse.com> Date: Mon Oct 21 15:36:11 2013 -0600 build: fix linking virt-login-shell After commit 3e2f27e1, I've noticed build failures of virt-login-shell when libapparmor-devel is installed on the build host CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status I was about to commit an easy fix under the build-breaker rule (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it makes sense (build-fix-2.patch). Should I just stick with the simple fix, or is something along the lines of patch 2 preferred? Regards, Jim >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001 From: Jim Fehlig <jfehlig(a)suse.com> Date: Mon, 21 Oct 2013 15:30:02 -0600 Subject: [PATCH] build: fix virt-login-shell build with apparmor With libapparmor-devel installed, virt-login-shell fails to link CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status Fix by linking libvirt_setuid_rpc_client with previously determined SECDRIVER_LIBS in src/Makefile.am. While at it, introduce SECDRIVER_CFLAGS and use both throughout src/Makefile.am where it makes sense. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -49,11 +49,14 @@ nodist_conf_DATA = THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD) +SECDRIVER_CFLAGS = SECDRIVER_LIBS = if WITH_SECDRIVER_SELINUX +SECDRIVER_CFLAGS += $(SELINUX_CFLAGS) SECDRIVER_LIBS += $(SELINUX_LIBS) endif if WITH_SECDRIVER_APPARMOR +SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS) SECDRIVER_LIBS += $(APPARMOR_LIBS) endif @@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES = libvirt_setuid_rpc_client_la_LDFLAGS = \ $(AM_LDFLAGS) \ $(LIBXML_LIBS) \ - $(SELINUX_LIBS) \ + $(SECDRIVER_LIBS) \ $(NULL) libvirt_setuid_rpc_client_la_CFLAGS = \ -DLIBVIRT_SETUID_RPC_CLIENT \ -I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/rpc \ $(AM_CFLAGS) \ - $(SELINUX_CFLAGS) \ + $(SECDRIVER_CFLAGS) \ $(NULL) endif WITH_LXC @@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \ $(GNUTLS_LIBS) \ $(SASL_LIBS) \ $(SSH2_LIBS)\ + $(SECDRIVER_LIBS) \ $(AM_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) @@ -2410,12 +2414,7 @@ if WITH_BLKID libvirt_lxc_CFLAGS += $(BLKID_CFLAGS) libvirt_lxc_LDADD += $(BLKID_LIBS) endif -if WITH_SECDRIVER_SELINUX -libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS) -endif -if WITH_SECDRIVER_APPARMOR -libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS) -endif +libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS) endif endif EXTRA_DIST += $(LXC_CONTROLLER_SOURCES) ++++++ 5fc590a-CVE-2013-6456.patch ++++++ >From f639b2d17ce935b650bb2aca7bdd8d727cab8b02 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 17:58:36 +0000 Subject: [PATCH 14/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code Rewrite multiple hotunplug functions to to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with an absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 5fc590ad9f4071350a8df4d567ba88baacc8334d) --- src/lxc/lxc_driver.c | 79 ++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 40 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3176,6 +3176,39 @@ lxcDomainAttachDeviceMknod(virLXCDriverP static int +lxcDomainAttachDeviceUnlinkHelper(pid_t pid ATTRIBUTE_UNUSED, + void *opaque) +{ + const char *path = opaque; + + VIR_DEBUG("Unlinking %s", path); + if (unlink(path) < 0 && errno != ENOENT) { + virReportSystemError(errno, + _("Unable to remove device %s"), path); + return -1; + } + + return 0; +} + + +static int +lxcDomainAttachDeviceUnlink(virDomainObjPtr vm, + char *file) +{ + virLXCDomainObjPrivatePtr priv = vm->privateData; + + if (virProcessRunInMountNamespace(priv->initpid, + lxcDomainAttachDeviceUnlinkHelper, + file) < 0) { + return -1; + } + + return 0; +} + + +static int lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver, virDomainObjPtr vm, virDomainDeviceDefPtr dev) @@ -3766,8 +3799,7 @@ lxcDomainDetachDeviceDiskLive(virDomainO def = vm->def->disks[idx]; - if (virAsprintf(&dst, "/proc/%llu/root/dev/%s", - (unsigned long long)priv->initpid, def->dst) < 0) + if (virAsprintf(&dst, "/dev/%s", def->dst) < 0) goto cleanup; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { @@ -3776,11 +3808,8 @@ lxcDomainDetachDeviceDiskLive(virDomainO goto cleanup; } - VIR_DEBUG("Unlinking %s (backed by %s)", dst, def->src); - if (unlink(dst) < 0 && errno != ENOENT) { + if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) { virDomainAuditDisk(vm, def->src, NULL, "detach", false); - virReportSystemError(errno, - _("Unable to remove device %s"), dst); goto cleanup; } virDomainAuditDisk(vm, def->src, NULL, "detach", true); @@ -3875,7 +3904,6 @@ lxcDomainDetachDeviceHostdevUSBLive(virL virDomainHostdevDefPtr def = NULL; int idx, ret = -1; char *dst = NULL; - char *vroot; virUSBDevicePtr usb = NULL; if ((idx = virDomainHostdevFind(vm->def, @@ -3886,12 +3914,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL goto cleanup; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - - if (virAsprintf(&dst, "%s/dev/bus/usb/%03d/%03d", - vroot, + if (virAsprintf(&dst, "/dev/bus/usb/%03d/%03d", def->source.subsys.u.usb.bus, def->source.subsys.u.usb.device) < 0) goto cleanup; @@ -3906,11 +3929,8 @@ lxcDomainDetachDeviceHostdevUSBLive(virL def->source.subsys.u.usb.device, NULL))) goto cleanup; - VIR_DEBUG("Unlinking %s", dst); - if (unlink(dst) < 0 && errno != ENOENT) { + if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) { virDomainAuditHostdev(vm, def, "detach", false); - virReportSystemError(errno, - _("Unable to remove device %s"), dst); goto cleanup; } virDomainAuditHostdev(vm, def, "detach", true); @@ -3944,7 +3964,6 @@ lxcDomainDetachDeviceHostdevStorageLive( virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = NULL; int idx, ret = -1; - char *dst = NULL; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -3961,22 +3980,14 @@ lxcDomainDetachDeviceHostdevStorageLive( goto cleanup; } - if (virAsprintf(&dst, "/proc/%llu/root/%s", - (unsigned long long)priv->initpid, - def->source.caps.u.storage.block) < 0) - goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); goto cleanup; } - VIR_DEBUG("Unlinking %s", dst); - if (unlink(dst) < 0 && errno != ENOENT) { + if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.storage.block) < 0) { virDomainAuditHostdev(vm, def, "detach", false); - virReportSystemError(errno, - _("Unable to remove device %s"), dst); goto cleanup; } virDomainAuditHostdev(vm, def, "detach", true); @@ -3991,7 +4002,6 @@ lxcDomainDetachDeviceHostdevStorageLive( ret = 0; cleanup: - VIR_FREE(dst); return ret; } @@ -4003,7 +4013,6 @@ lxcDomainDetachDeviceHostdevMiscLive(vir virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = NULL; int idx, ret = -1; - char *dst = NULL; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", @@ -4020,22 +4029,14 @@ lxcDomainDetachDeviceHostdevMiscLive(vir goto cleanup; } - if (virAsprintf(&dst, "/proc/%llu/root/%s", - (unsigned long long)priv->initpid, - def->source.caps.u.misc.chardev) < 0) - goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); goto cleanup; } - VIR_DEBUG("Unlinking %s", dst); - if (unlink(dst) < 0 && errno != ENOENT) { + if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.misc.chardev) < 0) { virDomainAuditHostdev(vm, def, "detach", false); - virReportSystemError(errno, - _("Unable to remove device %s"), dst); goto cleanup; } virDomainAuditHostdev(vm, def, "detach", true); @@ -4050,7 +4051,6 @@ lxcDomainDetachDeviceHostdevMiscLive(vir ret = 0; cleanup: - VIR_FREE(dst); return ret; } ++++++ 68954fb-bnc852005.patch ++++++ >From 68954fb25c4a75c5c2c213f57927eb188cca2239 Mon Sep 17 00:00:00 2001 From: Michal Privoznik <mprivozn(a)redhat.com> Date: Fri, 21 Feb 2014 13:06:42 +0100 Subject: [PATCH] virNetServerRun: Notify systemd that we're accepting clients Systemd does not forget about the cases, where client service needs to wait for daemon service to initialize and start accepting new clients. Setting a dependency in client is not enough as systemd doesn't know when the daemon has initialized itself and started accepting new clients. However, it offers a mechanism to solve this. The daemon needs to call a special systemd function by which the daemon tells "I'm ready to accept new clients". This is exactly what we need with libvirtd-guests (client) and libvirtd (daemon). So now, with this change, libvirt-guests.service is invoked not any sooner than libvirtd.service calls the systemd notify function. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- configure.ac | 2 ++ daemon/libvirtd.service.in | 1 + m4/virt-systemd-daemon.m4 | 34 ++++++++++++++++++++++++++++++++++ src/Makefile.am | 4 ++-- src/libvirt_private.syms | 1 + src/rpc/virnetserver.c | 5 +++++ src/util/virsystemd.c | 12 ++++++++++++ src/util/virsystemd.h | 2 ++ 8 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 m4/virt-systemd-daemon.m4 Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac @@ -181,6 +181,7 @@ LIBVIRT_CHECK_SANLOCK LIBVIRT_CHECK_SASL LIBVIRT_CHECK_SELINUX LIBVIRT_CHECK_SSH2 +LIBVIRT_CHECK_SYSTEMD_DAEMON LIBVIRT_CHECK_UDEV LIBVIRT_CHECK_YAJL @@ -2616,6 +2617,7 @@ LIBVIRT_RESULT_SANLOCK LIBVIRT_RESULT_SASL LIBVIRT_RESULT_SELINUX LIBVIRT_RESULT_SSH2 +LIBVIRT_RESULT_SYSTEMD_DAEMON LIBVIRT_RESULT_UDEV LIBVIRT_RESULT_YAJL AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS]) Index: libvirt-1.1.2/daemon/libvirtd.service.in =================================================================== --- libvirt-1.1.2.orig/daemon/libvirtd.service.in +++ libvirt-1.1.2/daemon/libvirtd.service.in @@ -11,6 +11,7 @@ After=dbus.service After=iscsid.service [Service] +Type=notify EnvironmentFile=-/etc/sysconfig/libvirtd ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS ExecReload=/bin/kill -HUP $MAINPID Index: libvirt-1.1.2/m4/virt-systemd-daemon.m4 =================================================================== --- /dev/null +++ libvirt-1.1.2/m4/virt-systemd-daemon.m4 @@ -0,0 +1,34 @@ +dnl The libsystemd-daemon.so library +dnl +dnl Copyright (C) 2012-2013 Red Hat, Inc. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_CHECK_SYSTEMD_DAEMON],[ + LIBVIRT_CHECK_PKG([SYSTEMD_DAEMON], [libsystemd-daemon], [0.27.1]) + + old_CFLAGS="$CFLAGS" + old_LIBS="$LIBS" + CFLAGS="$CFLAGS $SYSTEMD_DAEMON_CFLAGS" + LIBS="$LIBS $SYSTEMD_DAEMON_LIBS" + AC_CHECK_FUNCS([sd_notify]) + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" +]) + +AC_DEFUN([LIBVIRT_RESULT_SYSTEMD_DAEMON],[ + LIBVIRT_RESULT_LIB([SYSTEMD_DAEMON]) +]) Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -906,11 +906,11 @@ libvirt_util_la_SOURCES = \ libvirt_util_la_CFLAGS = $(CAPNG_CFLAGS) $(YAJL_CFLAGS) $(LIBNL_CFLAGS) \ $(AM_CFLAGS) $(AUDIT_CFLAGS) $(DEVMAPPER_CFLAGS) \ $(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS) \ - -I$(top_srcdir)/src/conf + $(SYSTEMD_DAEMON_CFLAGS) -I$(top_srcdir)/src/conf libvirt_util_la_LIBADD = $(CAPNG_LIBS) $(YAJL_LIBS) $(LIBNL_LIBS) \ $(THREAD_LIBS) $(AUDIT_LIBS) $(DEVMAPPER_LIBS) \ $(LIB_CLOCK_GETTIME) $(DBUS_LIBS) $(MSCOM_LIBS) $(LIBXML_LIBS) \ - $(SECDRIVER_LIBS) $(NUMACTL_LIBS) + $(SECDRIVER_LIBS) $(NUMACTL_LIBS) $(SYSTEMD_DAEMON_LIBS) noinst_LTLIBRARIES += libvirt_conf.la Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1946,6 +1946,7 @@ virSystemdCreateMachine; virSystemdMakeMachineName; virSystemdMakeScopeName; virSystemdMakeSliceName; +virSystemdNotifyStartup; virSystemdTerminateMachine; Index: libvirt-1.1.2/src/rpc/virnetserver.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserver.c +++ libvirt-1.1.2/src/rpc/virnetserver.c @@ -38,6 +38,7 @@ #include "virnetservermdns.h" #include "virdbus.h" #include "virstring.h" +#include "virsystemd.h" #ifndef SA_SIGINFO # define SA_SIGINFO 0 @@ -1085,6 +1086,10 @@ void virNetServerRun(virNetServerPtr srv goto cleanup; } + /* We are accepting connections now. Notify systemd + * so it can start dependent services. */ + virSystemdNotifyStartup(); + VIR_DEBUG("srv=%p quit=%d", srv, srv->quit); while (!srv->quit) { /* A shutdown timeout is specified, so check Index: libvirt-1.1.2/src/util/virsystemd.c =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.c +++ libvirt-1.1.2/src/util/virsystemd.c @@ -21,6 +21,10 @@ #include <config.h> +#ifdef WITH_SYSTEMD_DAEMON +# include <systemd/sd-daemon.h> +#endif + #include "virsystemd.h" #include "virdbus.h" #include "virstring.h" @@ -305,3 +309,11 @@ cleanup: VIR_FREE(machinename); return ret; } + +void +virSystemdNotifyStartup(void) +{ +#ifdef WITH_SYSTEMD_DAEMON + sd_notify(0, "READY=1"); +#endif +} Index: libvirt-1.1.2/src/util/virsystemd.h =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.h +++ libvirt-1.1.2/src/util/virsystemd.h @@ -46,4 +46,6 @@ int virSystemdTerminateMachine(const cha const char *drivername, bool privileged); +void virSystemdNotifyStartup(void); + #endif /* __VIR_SYSTEMD_H__ */ ++++++ 79552754-libvirtd-chardev-crash.patch ++++++ commit 795527548fea79902ea4ce32747e069944cf3e61 Author: Peter Krempa <pkrempa(a)redhat.com> Date: Thu Sep 26 08:12:39 2013 +0200 conf: Don't crash on invalid chardev source definition of RNGs and other Since commit 297c99a5 an invalid source definition XML of a character device that is used as backend for RNG devices, smartcards and redirdevs causes crash of the daemon when parsing such a definition. The device types mentioned above are not a part of a regular character device but are backends for other types. Thus when parsing such device NULL is passed as the argument @chr_def. Later when checking the validity of the definition @chr_def was dereferenced when parsing a UNIX socket backend with missing path of the socket and crashed the daemon. Sample offending configuration: <devices> ... <rng model='virtio'> <backend model='egd' type='unix'> <source mode='bind' service='1024'/> </backend> </rng> </devices> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196 Index: libvirt-1.1.2/src/conf/domain_conf.c =================================================================== --- libvirt-1.1.2.orig/src/conf/domain_conf.c +++ libvirt-1.1.2/src/conf/domain_conf.c @@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC case VIR_DOMAIN_CHR_TYPE_UNIX: /* path can be auto generated */ if (!path && - chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) { + (!chr_def || + chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing source path attribute for char device")); goto error; Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml =================================================================== --- /dev/null +++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + <rng model='virtio'> + <backend model='egd' type='unix'> +  + <source mode='connect' host='1.2.3.4' service='1234'/> + </backend> + </rng> + </devices> +</domain> Index: libvirt-1.1.2/tests/qemuxml2argvtest.c =================================================================== --- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c +++ libvirt-1.1.2/tests/qemuxml2argvtest.c @@ -973,6 +973,8 @@ mymain(void) QEMU_CAPS_OBJECT_RNG_RANDOM); DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD); + DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE, + QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD); DO_TEST("virtio-rng-ccw", QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW, ++++++ 7a44af9-CVE-2013-6456.patch ++++++ >From 8ee7bd55c2a27f1e1e995f078b639bfbb5a1f462 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Tue, 4 Feb 2014 16:21:12 +0000 Subject: [PATCH 01/14] Don't block use of USB with containers virDomainDefCompatibleDevice blocks use of USB if no USB controller is present. This is not correct for containers since devices can be assigned directly regardless of any controllers. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 7a44af963ef75c487f874bc91613ad45e5b167e9) --- src/conf/domain_conf.c | 1 + 1 file changed, 1 insertion(+) Index: libvirt-1.1.2/src/conf/domain_conf.c =================================================================== --- libvirt-1.1.2.orig/src/conf/domain_conf.c +++ libvirt-1.1.2/src/conf/domain_conf.c @@ -16996,6 +16996,7 @@ virDomainDefCompatibleDevice(virDomainDe virDomainDeviceDefPtr dev) { if (!virDomainDefHasUSB(def) && + STRNEQ(def->os.type, "exe") && virDomainDeviceIsUSB(dev)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Device configuration is not compatible: " ++++++ 7c72ef6-CVE-2013-6456.patch ++++++ >From f7b4d314c734908ca4f45e74aac10e7c2d711918 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 13:11:23 +0000 Subject: [PATCH 08/14] Add helper for running code in separate namespaces Implement virProcessRunInMountNamespace, which runs callback of type virProcessNamespaceCallback in a container namespace. This uses a child process to run the callback, since you can't change the mount namespace of a thread. This implies that callbacks have to be careful about what code they run due to async safety rules. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n(a)gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394 Signed-off-by: Daniel Berrange <berrange(a)redhat.com> Signed-off-by: Eric Blake <eblake(a)redhat.com> (cherry picked from commit 7c72ef6f555f1f9844d51be2f38f078bc908652c) --- src/libvirt_private.syms | 1 + src/util/virprocess.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++ src/util/virprocess.h | 11 +++++ 3 files changed, 118 insertions(+) Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1807,6 +1807,7 @@ virProcessGetNamespaces; virProcessGetStartTime; virProcessKill; virProcessKillPainfully; +virProcessRunInMountNamespace; virProcessSetAffinity; virProcessSetMaxFiles; virProcessSetMaxMemLock; Index: libvirt-1.1.2/src/util/virprocess.c =================================================================== --- libvirt-1.1.2.orig/src/util/virprocess.c +++ libvirt-1.1.2/src/util/virprocess.c @@ -46,6 +46,7 @@ #include "virlog.h" #include "virutil.h" #include "virstring.h" +#include "vircommand.h" #define VIR_FROM_THIS VIR_FROM_NONE @@ -847,3 +848,108 @@ int virProcessGetStartTime(pid_t pid, return 0; } #endif + + +#ifdef HAVE_SETNS +static int virProcessNamespaceHelper(int errfd, + pid_t pid, + virProcessNamespaceCallback cb, + void *opaque) +{ + char *path; + int fd = -1; + int ret = -1; + + if (virAsprintf(&path, "/proc/%llu/ns/mnt", (unsigned long long)pid) < 0) + goto cleanup; + + if ((fd = open(path, O_RDONLY)) < 0) { + virReportSystemError(errno, "%s", + _("Kernel does not provide mount namespace")); + goto cleanup; + } + + if (setns(fd, 0) < 0) { + virReportSystemError(errno, "%s", + _("Unable to enter mount namespace")); + goto cleanup; + } + + ret = cb(pid, opaque); + + cleanup: + if (ret < 0) { + virErrorPtr err = virGetLastError(); + if (err) { + size_t len = strlen(err->message) + 1; + ignore_value(safewrite(errfd, err->message, len)); + } + } + VIR_FREE(path); + VIR_FORCE_CLOSE(fd); + return ret; +} + +/* Run cb(opaque) in the mount namespace of pid. Return -1 with error + * message raised if we fail to run the child, if the child dies from + * a signal, or if the child has status 1; otherwise return the exit + * status of the child. The callback will be run in a child process + * so must be careful to only use async signal safe functions. + */ +int +virProcessRunInMountNamespace(pid_t pid, + virProcessNamespaceCallback cb, + void *opaque) +{ + int ret = -1; + pid_t child = -1; + int errfd[2] = { -1, -1 }; + + if (pipe(errfd) < 0) { + virReportSystemError(errno, "%s", + _("Cannot create pipe for child")); + return -1; + } + + ret = virFork(&child); + + if (ret < 0 || child < 0) { + if (child == 0) + _exit(1); + + /* parent */ + virProcessAbort(child); + goto cleanup; + } + + if (child == 0) { + VIR_FORCE_CLOSE(errfd[0]); + ret = virProcessNamespaceHelper(errfd[1], pid, + cb, opaque); + VIR_FORCE_CLOSE(errfd[1]); + _exit(ret < 0 ? 1 : 0); + } else { + char *buf = NULL; + VIR_FORCE_CLOSE(errfd[1]); + + ignore_value(virFileReadHeaderFD(errfd[0], 1024, &buf)); + ret = virProcessWait(child, NULL); + VIR_FREE(buf); + } + +cleanup: + VIR_FORCE_CLOSE(errfd[0]); + VIR_FORCE_CLOSE(errfd[1]); + return ret; +} +#else /* !HAVE_SETNS */ +int +virProcessRunInMountNamespace(pid_t pid ATTRIBUTE_UNUSED, + virProcessNamespaceCallback cb ATTRIBUTE_UNUSED, + void *opaque ATTRIBUTE_UNUSED) +{ + virReportSystemError(ENOSYS, "%s", + _("Mount namespaces are not available on this platform")); + return -1; +} +#endif Index: libvirt-1.1.2/src/util/virprocess.h =================================================================== --- libvirt-1.1.2.orig/src/util/virprocess.h +++ libvirt-1.1.2/src/util/virprocess.h @@ -60,4 +60,15 @@ int virProcessSetNamespaces(size_t nfdli int virProcessSetMaxMemLock(pid_t pid, unsigned long long bytes); int virProcessSetMaxProcesses(pid_t pid, unsigned int procs); int virProcessSetMaxFiles(pid_t pid, unsigned int files); + +/* Callback to run code within the mount namespace tied to the given + * pid. This function must use only async-signal-safe functions, as + * it gets run after a fork of a multi-threaded process. The return + * value of this function is passed to _exit(), except that a + * negative value is treated as an error. */ +typedef int (*virProcessNamespaceCallback)(pid_t pid, void *opaque); + +int virProcessRunInMountNamespace(pid_t pid, + virProcessNamespaceCallback cb, + void *opaque); #endif /* __VIR_PROCESS_H__ */ ++++++ 7c98d1c1-nic-type.patch ++++++ commit 7c98d1c153da5810ed4dcaa6be177df369b7d4bd Author: Jim Fehlig <jfehlig(a)suse.com> Date: Mon Jan 6 11:37:20 2014 -0700 libxl: Fix initialization of nictype in libxl_device_nic As pointed out by the Xen folks [1], HVM nics should always be set to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests LIBXL_NIC_TYPE_VIF via model='netfront'. The current logic in libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if a model is specified that is not 'netfront', which breaks PXE booting configurations where no model is specified (i.e. use the hypervisor default). Reported-by: Stefan Bader <stefan.bader(a)canonical.com> [1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html Index: libvirt-1.1.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_conf.c +++ libvirt-1.1.2/src/libxl/libxl_conf.c @@ -815,8 +815,12 @@ error: } int -libxlMakeNic(virDomainNetDefPtr l_nic, libxl_device_nic *x_nic) +libxlMakeNic(virDomainDefPtr def, + virDomainNetDefPtr l_nic, + libxl_device_nic *x_nic) { + bool ioemu_nic = STREQ(def->os.type, "hvm"); + /* TODO: Where is mtu stored? * * x_nics[i].mtu = 1492; @@ -826,12 +830,16 @@ libxlMakeNic(virDomainNetDefPtr l_nic, l virMacAddrGetRaw(&l_nic->mac, x_nic->mac); - if (l_nic->model && !STREQ(l_nic->model, "netfront")) { - if (VIR_STRDUP(x_nic->model, l_nic->model) < 0) - return -1; + if (ioemu_nic) x_nic->nictype = LIBXL_NIC_TYPE_VIF_IOEMU; - } else { + else x_nic->nictype = LIBXL_NIC_TYPE_VIF; + + if (l_nic->model) { + if (VIR_STRDUP(x_nic->model, l_nic->model) < 0) + return -1; + if (STREQ(l_nic->model, "netfront")) + x_nic->nictype = LIBXL_NIC_TYPE_VIF; } if (VIR_STRDUP(x_nic->ifname, l_nic->ifname) < 0) @@ -868,7 +876,7 @@ libxlMakeNicList(virDomainDefPtr def, l return -1; for (i = 0; i < nnics; i++) { - if (libxlMakeNic(l_nics[i], &x_nics[i])) + if (libxlMakeNic(def, l_nics[i], &x_nics[i])) goto error; } Index: libvirt-1.1.2/src/libxl/libxl_conf.h =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_conf.h +++ libvirt-1.1.2/src/libxl/libxl_conf.h @@ -126,7 +126,9 @@ libxlMakeCapabilities(libxl_ctx *ctx); int libxlMakeDisk(virDomainDiskDefPtr l_dev, libxl_device_disk *x_dev); int -libxlMakeNic(virDomainNetDefPtr l_nic, libxl_device_nic *x_nic); +libxlMakeNic(virDomainDefPtr def, + virDomainNetDefPtr l_nic, + libxl_device_nic *x_nic); int libxlMakeVfb(libxlDriverPrivatePtr driver, virDomainGraphicsDefPtr l_vfb, libxl_device_vfb *x_vfb); ++++++ 7fba01c-CVE-2013-6456.patch ++++++ >From a6e9270ec79924fabd5a872984bb5d38eaf3df8a Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 16:34:19 +0000 Subject: [PATCH 11/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit 7fba01c15c1f886b4235825692b4c13e88dd9f7b) --- src/lxc/lxc_driver.c | 73 ++++++++++++++++------------------------------------ 1 file changed, 22 insertions(+), 51 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3117,6 +3117,13 @@ lxcDomainAttachDeviceMknodHelper(pid_t p def->src = tmpsrc; } break; + case VIR_DOMAIN_DEVICE_HOSTDEV: { + virDomainHostdevDefPtr def = data->def->data.hostdev; + if (virSecurityManagerSetHostdevLabel(data->driver->securityManager, + data->vm->def, def, NULL) < 0) + goto cleanup; + } break; + default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected device type %d"), @@ -3411,13 +3418,8 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = dev->data.hostdev; int ret = -1; - char *vroot = NULL; char *src = NULL; - char *dstdir = NULL; - char *dstfile = NULL; struct stat sb; - mode_t mode; - bool created = false; virUSBDevicePtr usb = NULL; if (virDomainHostdevFind(vm->def, def, NULL) >= 0) { @@ -3426,27 +3428,13 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv return -1; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - - if (virAsprintf(&dstdir, "%s/dev/bus/usb/%03d", - vroot, - def->source.subsys.u.usb.bus) < 0) - goto cleanup; - - if (virAsprintf(&dstfile, "%s/%03d", - dstdir, - def->source.subsys.u.usb.device) < 0) - goto cleanup; - if (virAsprintf(&src, "/dev/bus/usb/%03d/%03d", def->source.subsys.u.usb.bus, def->source.subsys.u.usb.device) < 0) goto cleanup; if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus, - def->source.subsys.u.usb.device, vroot))) + def->source.subsys.u.usb.device, NULL))) goto cleanup; if (stat(src, &sb) < 0) { @@ -3462,53 +3450,36 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv goto cleanup; } - mode = 0700 | S_IFCHR; - if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs + 1) < 0) goto cleanup; - if (virFileMakePath(dstdir) < 0) { - virReportSystemError(errno, - _("Unable to create %s"), dstdir); - goto cleanup; - } - - VIR_DEBUG("Creating dev %s (%d,%d)", - dstfile, major(sb.st_rdev), minor(sb.st_rdev)); - if (mknod(dstfile, mode, sb.st_rdev) < 0) { - virReportSystemError(errno, - _("Unable to create device %s"), - dstfile); - goto cleanup; - } - created = true; - - if (lxcContainerChown(vm->def, dstfile) < 0) - goto cleanup; - - if (virSecurityManagerSetHostdevLabel(driver->securityManager, - vm->def, def, vroot) < 0) - goto cleanup; - if (virUSBDeviceFileIterate(usb, virLXCSetupHostUsbDeviceCgroup, priv->cgroup) < 0) goto cleanup; + if (lxcDomainAttachDeviceMknod(driver, + 0700 | S_IFCHR, + sb.st_rdev, + vm, + dev, + src) < 0) { + if (virUSBDeviceFileIterate(usb, + virLXCTeardownHostUsbDeviceCgroup, + priv->cgroup) < 0) + VIR_WARN("cannot deny device %s for domain %s", + src, vm->def->name); + goto cleanup; + } + vm->def->hostdevs[vm->def->nhostdevs++] = def; ret = 0; cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); - if (ret < 0 && created) - unlink(dstfile); - virUSBDeviceFree(usb); VIR_FREE(src); - VIR_FREE(dstfile); - VIR_FREE(dstdir); - VIR_FREE(vroot); return ret; } ++++++ 8294aa0c-CVE-2013-4399.patch ++++++ commit 8294aa0c1750dcb49d6345cd9bd97bf421580d8b Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Fri Sep 27 15:46:07 2013 +0100 Fix crash in libvirtd when events are registered & ACLs active When a client disconnects from libvirtd, all event callbacks must be removed. This involves running the public API virConnectDomainEventDeregisterAny This code does not run in normal API dispatch context, so no identity was set. The result was that the access control drivers denied the attempt to deregister callbacks. The callbacks thus continued to trigger after the client was free'd causing fairly predictable use of free memory & a crash. This can be triggered by any client with readonly access when the ACL drivers are active. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/daemon/remote.c =================================================================== --- libvirt-1.1.2.orig/daemon/remote.c +++ libvirt-1.1.2/daemon/remote.c @@ -666,8 +666,11 @@ void remoteClientFreeFunc(void *data) /* Deregister event delivery callback */ if (priv->conn) { + virIdentityPtr sysident = virIdentityGetSystem(); size_t i; + virIdentitySetCurrent(sysident); + for (i = 0; i < VIR_DOMAIN_EVENT_ID_LAST; i++) { if (priv->domainEventCallbackID[i] != -1) { VIR_DEBUG("Deregistering to relay remote events %zu", i); @@ -678,6 +681,9 @@ void remoteClientFreeFunc(void *data) } virConnectClose(priv->conn); + + virIdentitySetCurrent(NULL); + virObjectUnref(sysident); } VIR_FREE(priv); ++++++ 82daa87f-CVE-2013-6458.patch ++++++ commit 82daa87f6a020ba2d1274b300f8e95f903fbe0f8 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:41:04 2013 +0100 qemu: Fix job usage in virDomainGetBlockIoTune CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit 3b56425938e2f97208d5918263efa0d6439e4ecd) Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -14851,12 +14851,6 @@ qemuDomainGetBlockIoTune(virDomainPtr do goto cleanup; } - device = qemuDiskPathToAlias(vm, disk, NULL); - - if (!device) { - goto cleanup; - } - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) goto cleanup; @@ -14864,6 +14858,11 @@ qemuDomainGetBlockIoTune(virDomainPtr do &persistentDef) < 0) goto endjob; + device = qemuDiskPathToAlias(vm, disk, NULL); + if (!device) { + goto endjob; + } + if (flags & VIR_DOMAIN_AFFECT_LIVE) { priv = vm->privateData; qemuDomainObjEnterMonitor(driver, vm); ++++++ 843bdb2f-CVE-2013-4400.patch ++++++ commit 843bdb2f8a3364637cda2911624149525188843f Author: Jim Fehlig <jfehlig(a)suse.com> Date: Mon Oct 21 23:12:22 2013 -0600 build: fix build of virt-login-shell on systems with older gnutls On systems where gnutls uses libgcrypt, I'm seeing the following build failure libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function) ... Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h Index: libvirt-1.1.2/config-post.h =================================================================== --- libvirt-1.1.2.orig/config-post.h +++ libvirt-1.1.2/config-post.h @@ -34,6 +34,7 @@ # undef WITH_CURL # undef WITH_DTRACE_PROBES # undef WITH_GNUTLS +# undef WITH_GNUTLS_GCRYPT # undef WITH_MACVTAP # undef WITH_NUMACTL # undef WITH_SASL ++++++ 8c3586ea-CVE-2013-4400.patch ++++++ commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Oct 9 10:59:36 2013 +0100 Only allow 'stderr' log output when running setuid (CVE-2013-4400) We must not allow file/syslog/journald log outputs when running setuid since they can be abused to do bad things. In particular the 'file' output can be used to overwrite files. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/util/virlog.c =================================================================== --- libvirt-1.1.2.orig/src/util/virlog.c +++ libvirt-1.1.2/src/util/virlog.c @@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit * Multiple output can be defined in a single @output, they just need to be * separated by spaces. * + * If running in setuid mode, then only the 'stderr' output will + * be allowed + * * Returns the number of output parsed and installed or -1 in case of error */ int @@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs) virLogPriority prio; int ret = -1; int count = 0; + bool isSUID = virIsSUID(); if (cur == NULL) return -1; @@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs) if (virLogAddOutputToStderr(prio) == 0) count++; } else if (STREQLEN(cur, "syslog", 6)) { + if (isSUID) + goto cleanup; cur += 6; if (*cur != ':') goto cleanup; @@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs) VIR_FREE(name); #endif /* HAVE_SYSLOG_H */ } else if (STREQLEN(cur, "file", 4)) { + if (isSUID) + goto cleanup; cur += 4; if (*cur != ':') goto cleanup; @@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs) VIR_FREE(name); VIR_FREE(abspath); } else if (STREQLEN(cur, "journald", 8)) { + if (isSUID) + goto cleanup; cur += 8; #if USE_JOURNALD if (virLogAddOutputToJournald(prio) == 0) ++++++ 922b7fda-CVE-2013-4311.patch ++++++ commit 922b7fda77b094dbf022d625238262ea05335666 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Aug 28 15:25:40 2013 +0100 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) With the existing pkcheck (pid, start time) tuple for identifying the process, there is a race condition, where a process can make a libvirt RPC call and in another thread exec a setuid application, causing it to change to effective UID 0. This in turn causes polkit to do its permission check based on the wrong UID. To address this, libvirt must get the UID the caller had at time of connect() (from SO_PEERCRED) and pass a (pid, start time, uid) triple to the pkcheck program. This fix requires that libvirt is re-built against a version of polkit that has the fix for its CVE-2013-4288, so that libvirt can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1' Signed-off-by: Colin Walters <walters(a)redhat.com> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac @@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH]) if test "x$PKCHECK_PATH" != "x" ; then AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program]) + AC_MSG_CHECKING([whether pkcheck supports uid value]) + pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1` + if test "x$pkcheck_supports_uid" = "xtrue"; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck]) + else + AC_MSG_RESULT([no]) + fi AC_DEFINE_UNQUOTED([WITH_POLKIT], 1, [use PolicyKit for UNIX socket access checks]) AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1, Index: libvirt-1.1.2/daemon/remote.c =================================================================== --- libvirt-1.1.2.orig/daemon/remote.c +++ libvirt-1.1.2/daemon/remote.c @@ -2738,10 +2738,12 @@ remoteDispatchAuthPolkit(virNetServerPtr int status = -1; char *ident = NULL; bool authdismissed = 0; + bool supportsuid = false; char *pkout = NULL; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); virCommandPtr cmd = NULL; + static bool polkitInsecureWarned; virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? @@ -2763,14 +2765,28 @@ remoteDispatchAuthPolkit(virNetServerPtr goto authfail; } + if (timestamp == 0) { + VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time", + (long long)callerPid); + goto authfail; + } + VIR_INFO("Checking PID %lld running as %d", (long long) callerPid, callerUid); virCommandAddArg(cmd, "--process"); - if (timestamp != 0) { - virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); +# ifdef PKCHECK_SUPPORTS_UID + supportsuid = true; +# endif + if (supportsuid) { + virCommandAddArgFormat(cmd, "%lld,%llu,%lu", + (long long) callerPid, timestamp, (unsigned long) callerUid); } else { - virCommandAddArgFormat(cmd, "%lld", (long long) callerPid); + if (!polkitInsecureWarned) { + VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); + polkitInsecureWarned = true; + } + virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp); } virCommandAddArg(cmd, "--allow-user-interaction"); Index: libvirt-1.1.2/libvirt.spec.in =================================================================== --- libvirt-1.1.2.orig/libvirt.spec.in +++ libvirt-1.1.2/libvirt.spec.in @@ -508,8 +508,7 @@ BuildRequires: cyrus-sasl-devel %endif %if %{with_polkit} %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 -# Only need the binary, not -devel -BuildRequires: polkit >= 0.93 +BuildRequires: polkit-devel >= 0.93 %else BuildRequires: PolicyKit-devel >= 0.6 %endif Index: libvirt-1.1.2/src/access/viraccessdriverpolkit.c =================================================================== --- libvirt-1.1.2.orig/src/access/viraccessdriverpolkit.c +++ libvirt-1.1.2/src/access/viraccessdriverpolkit.c @@ -72,8 +72,12 @@ static char * virAccessDriverPolkitFormatProcess(const char *actionid) { virIdentityPtr identity = virIdentityGetCurrent(); - const char *process = NULL; + const char *callerPid = NULL; + const char *callerTime = NULL; + const char *callerUid = NULL; char *ret = NULL; + bool supportsuid = false; + static bool polkitInsecureWarned; if (!identity) { virAccessError(VIR_ERR_ACCESS_DENIED, @@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const actionid); return NULL; } - if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0) + if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0) + goto cleanup; + if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0) + goto cleanup; + if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0) goto cleanup; - if (!process) { + if (!callerPid) { virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", _("No UNIX process ID available")); goto cleanup; } - - if (VIR_STRDUP(ret, process) < 0) + if (!callerTime) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX process start time available")); + goto cleanup; + } + if (!callerUid) { + virAccessError(VIR_ERR_INTERNAL_ERROR, "%s", + _("No UNIX caller UID available")); goto cleanup; + } + +#ifdef PKCHECK_SUPPORTS_UID + supportsuid = true; +#endif + if (supportsuid) { + if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0) + goto cleanup; + } else { + if (!polkitInsecureWarned) { + VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure."); + polkitInsecureWarned = true; + } + if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0) + goto cleanup; + } cleanup: virObjectUnref(identity); ++++++ 939b0818-CVE-2013-6458.patch ++++++ commit 939b0818c223cd6e7a59dcf94c8117dfc5df2604 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:08:06 2013 +0100 qemu: Fix job usage in qemuDomainBlockCopy Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit ff5f30b6bfa317f2a4c33f69289baf4e887eb048) Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -14216,7 +14216,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm, virQEMUDriverPtr driver = conn->privateData; qemuDomainObjPrivatePtr priv; char *device = NULL; - virDomainDiskDefPtr disk; + virDomainDiskDefPtr disk = NULL; int ret = -1; int idx; struct stat st; @@ -14231,29 +14231,32 @@ qemuDomainBlockCopy(virDomainObjPtr vm, priv = vm->privateData; cfg = virQEMUDriverGetConfig(driver); + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not running")); - goto cleanup; + goto endjob; } device = qemuDiskPathToAlias(vm, path, &idx); if (!device) { - goto cleanup; + goto endjob; } disk = vm->def->disks[idx]; if (disk->mirror) { virReportError(VIR_ERR_BLOCK_COPY_ACTIVE, _("disk '%s' already in active block copy job"), disk->dst); - goto cleanup; + goto endjob; } if (!(virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DRIVE_MIRROR) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKJOB_ASYNC))) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("block copy is not supported with this QEMU binary")); - goto cleanup; + goto endjob; } if (vm->persistent) { /* XXX if qemu ever lets us start a new domain with mirroring @@ -14262,17 +14265,9 @@ qemuDomainBlockCopy(virDomainObjPtr vm, * this on persistent domains. */ virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is not transient")); - goto cleanup; - } - - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("domain is not running")); goto endjob; } + if (qemuDomainDetermineDiskChain(driver, disk, false) < 0) goto endjob; @@ -14362,7 +14357,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm, endjob: if (need_unlink && unlink(dest)) VIR_WARN("unable to unlink just-created %s", dest); - if (ret < 0) + if (ret < 0 && disk) disk->mirrorFormat = VIR_STORAGE_FILE_NONE; VIR_FREE(mirror); if (qemuDomainObjEndJob(driver, vm) == 0) { ++++++ 97973ebb-LXC-threading-error.patch ++++++ >From 97973ebb7a64a3be6710ddd38d124307991ad7cb Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Tue, 8 Oct 2013 14:35:01 +0100 Subject: [PATCH] Initialize threading & error layer in LXC controller In Fedora 20, libvirt_lxc crashes immediately at startup with a trace #0 0x00007f0cddb653ec in free () from /lib64/libc.so.6 #1 0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580 #2 0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354 #3 0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387 #4 0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233 #5 0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352 Normally virInitialize calls virErrorInitialize and virThreadInitialize, but we don't link to libvirt.so in libvirt_lxc, and nor did we ever call the error or thread initializers. I have absolutely no idea how this has ever worked, let alone what caused it to stop working in Fedora 20. In addition not all code paths from virLogSetFromEnv will ensure virLogInitialize is called correctly, which is another possible crash scenario. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- src/lxc/lxc_controller.c | 4 +++- src/util/virlog.c | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) Index: libvirt-1.1.2/src/lxc/lxc_controller.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_controller.c +++ libvirt-1.1.2/src/lxc/lxc_controller.c @@ -2250,7 +2250,9 @@ int main(int argc, char *argv[]) if (setlocale(LC_ALL, "") == NULL || bindtextdomain(PACKAGE, LOCALEDIR) == NULL || - textdomain(PACKAGE) == NULL) { + textdomain(PACKAGE) == NULL || + virThreadInitialize() < 0 || + virErrorInitialize() < 0) { fprintf(stderr, _("%s: initialization failed\n"), argv[0]); exit(EXIT_FAILURE); } Index: libvirt-1.1.2/src/util/virlog.c =================================================================== --- libvirt-1.1.2.orig/src/util/virlog.c +++ libvirt-1.1.2/src/util/virlog.c @@ -547,6 +547,9 @@ virLogDefineFilter(const char *match, virCheckFlags(VIR_LOG_STACK_TRACE, -1); + if (virLogInitialize() < 0) + return -1; + if ((match == NULL) || (priority < VIR_LOG_DEBUG) || (priority > VIR_LOG_ERROR)) return -1; @@ -662,6 +665,9 @@ virLogDefineOutput(virLogOutputFunc f, virCheckFlags(0, -1); + if (virLogInitialize() < 0) + return -1; + if (f == NULL) return -1; ++++++ 9faf3f29-LXC-memtune.patch ++++++ commit 9faf3f2950aed1643ab7564afcb4c693c77f71b5 Author: Martin Kletzander <mkletzan(a)redhat.com> Date: Mon Dec 9 11:15:12 2013 +0100 Fix crash in lxcDomainSetMemoryParameters The function doesn't check whether the request is made for active or inactive domain. Thus when the domain is not running it still tries accessing non-existing cgroups (priv->cgroup, which is NULL). I re-made the function in order for it to work the same way it's qemu counterpart does. Reproducer: 1) Define an LXC domain 2) Do 'virsh memtune <domain> --hard-limit 133T' Backtrace: Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)): #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764 #1 0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824") at util/vircgroup.c:669 #2 0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740 #3 0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904 #4 0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576) at util/vircgroup.c:1944 #5 0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774 #6 0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051 #7 0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510) at remote_dispatch.h:7621 #8 0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510, ret=0x7fffe40b84f0) at remote_dispatch.h:7591 #9 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:435 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:305 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10, prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00) at rpc/virnetserver.c:186 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -743,12 +743,24 @@ lxcDomainSetMemoryParameters(virDomainPt int nparams, unsigned int flags) { - size_t i; + virCapsPtr caps = NULL; + virDomainDefPtr vmdef = NULL; virDomainObjPtr vm = NULL; + virLXCDomainObjPrivatePtr priv = NULL; + virLXCDriverConfigPtr cfg = NULL; + virLXCDriverPtr driver = dom->conn->privateData; + unsigned long long hard_limit; + unsigned long long soft_limit; + unsigned long long swap_hard_limit; + bool set_hard_limit = false; + bool set_soft_limit = false; + bool set_swap_hard_limit = false; + int rc; int ret = -1; - virLXCDomainObjPrivatePtr priv; - virCheckFlags(0, -1); + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); + if (virTypedParamsValidate(params, nparams, VIR_DOMAIN_MEMORY_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, @@ -763,29 +775,97 @@ lxcDomainSetMemoryParameters(virDomainPt goto cleanup; priv = vm->privateData; + cfg = virLXCDriverGetConfig(driver); - if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0) + if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0 || + !(caps = virLXCDriverGetCapabilities(driver, false)) || + virDomainLiveConfigHelperMethod(caps, driver->xmlopt, + vm, &flags, &vmdef) < 0) goto cleanup; - ret = 0; - for (i = 0; i < nparams; i++) { - virTypedParameterPtr param = &params[i]; + if (flags & VIR_DOMAIN_AFFECT_LIVE && + !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("cgroup memory controller is not mounted")); + goto cleanup; + } - if (STREQ(param->field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) { - if (virCgroupSetMemoryHardLimit(priv->cgroup, params[i].value.ul) < 0) - ret = -1; - } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) { - if (virCgroupSetMemorySoftLimit(priv->cgroup, params[i].value.ul) < 0) - ret = -1; - } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) { - if (virCgroupSetMemSwapHardLimit(priv->cgroup, params[i].value.ul) < 0) - ret = -1; +#define VIR_GET_LIMIT_PARAMETER(PARAM, VALUE) \ + if ((rc = virTypedParamsGetULLong(params, nparams, PARAM, &VALUE)) < 0) \ + goto cleanup; \ + \ + if (rc == 1) \ + set_ ## VALUE = true; + + VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, swap_hard_limit) + VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_HARD_LIMIT, hard_limit) + VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SOFT_LIMIT, soft_limit) + +#undef VIR_GET_LIMIT_PARAMETER + + /* Swap hard limit must be greater than hard limit. + * Note that limit of 0 denotes unlimited */ + if (set_swap_hard_limit || set_hard_limit) { + unsigned long long mem_limit = vm->def->mem.hard_limit; + unsigned long long swap_limit = vm->def->mem.swap_hard_limit; + + if (set_swap_hard_limit) + swap_limit = swap_hard_limit; + + if (set_hard_limit) + mem_limit = hard_limit; + + if (virCompareLimitUlong(mem_limit, swap_limit) > 0) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("memory hard_limit tunable value must be lower " + "than or equal to swap_hard_limit")); + goto cleanup; } } +#define LXC_SET_MEM_PARAMETER(FUNC, VALUE) \ + if (set_ ## VALUE) { \ + if (flags & VIR_DOMAIN_AFFECT_LIVE) { \ + if ((rc = FUNC(priv->cgroup, VALUE)) < 0) { \ + virReportSystemError(-rc, _("unable to set memory %s tunable"), \ + #VALUE); \ + \ + goto cleanup; \ + } \ + vm->def->mem.VALUE = VALUE; \ + } \ + \ + if (flags & VIR_DOMAIN_AFFECT_CONFIG) \ + vmdef->mem.VALUE = VALUE; \ + } + + /* Soft limit doesn't clash with the others */ + LXC_SET_MEM_PARAMETER(virCgroupSetMemorySoftLimit, soft_limit); + + /* set hard limit before swap hard limit if decreasing it */ + if (virCompareLimitUlong(vm->def->mem.hard_limit, hard_limit) > 0) { + LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit); + /* inhibit changing the limit a second time */ + set_hard_limit = false; + } + + LXC_SET_MEM_PARAMETER(virCgroupSetMemSwapHardLimit, swap_hard_limit); + + /* otherwise increase it after swap hard limit */ + LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit); + +#undef LXC_SET_MEM_PARAMETER + + if (flags & VIR_DOMAIN_AFFECT_CONFIG && + virDomainSaveConfig(cfg->configDir, vmdef) < 0) + goto cleanup; + + ret = 0; cleanup: if (vm) virObjectUnlock(vm); + virObjectUnref(caps); + virObjectUnref(cfg); return ret; } ++++++ a537827-CVE-2013-6456.patch ++++++ >From 5ef86f41148af71aefca9c7ad31926ca179c185b Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Tue, 4 Feb 2014 16:46:28 +0000 Subject: [PATCH 03/14] Record hotplugged USB device in LXC live guest config After hotplugging a USB device, the LXC driver forgot to add the device def to the virDomainDefPtr. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit a537827d15516f2b59afb23ce2d50b8a88d7f090) --- src/lxc/lxc_driver.c | 5 +++++ 1 file changed, 5 insertions(+) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3374,6 +3374,9 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv mode = 0700 | S_IFCHR; + if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs + 1) < 0) + goto cleanup; + if (virFileMakePath(dstdir) < 0) { virReportSystemError(errno, _("Unable to create %s"), dstdir); @@ -3402,6 +3405,8 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv priv->cgroup) < 0) goto cleanup; + vm->def->hostdevs[vm->def->nhostdevs++] = def; + ret = 0; cleanup: ++++++ ae53e5d1-CVE-2013-4400.patch ++++++ commit ae53e5d10e434e07079d7e3ba11ec654ba6a256e Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Oct 9 10:52:39 2013 +0100 Add helpers for getting env vars in a setuid environment Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -2042,6 +2042,8 @@ virFindFCHostCapableVport; virFormatIntDecimal; virGetDeviceID; virGetDeviceUnprivSGIO; +virGetEnvAllowSUID; +virGetEnvBlockSUID; virGetFCHostNameByWWN; virGetGroupID; virGetGroupList; @@ -2060,6 +2062,7 @@ virIndexToDiskName; virIsCapableFCHost; virIsCapableVport; virIsDevMapperDevice; +virIsSUID; virManageVport; virParseNumber; virParseOwnershipIds; Index: libvirt-1.1.2/src/util/virutil.c =================================================================== --- libvirt-1.1.2.orig/src/util/virutil.c +++ libvirt-1.1.2/src/util/virutil.c @@ -2116,3 +2116,42 @@ cleanup: return rc; } + + +/** + * virGetEnvBlockSUID: + * @name: the environment variable name + * + * Obtain an environment variable which is unsafe to + * use when running setuid. If running setuid, a NULL + * value will be returned + */ +const char *virGetEnvBlockSUID(const char *name) +{ + return secure_getenv(name); +} + + +/** + * virGetEnvBlockSUID: + * @name: the environment variable name + * + * Obtain an environment variable which is safe to + * use when running setuid. The value will be returned + * even when running setuid + */ +const char *virGetEnvAllowSUID(const char *name) +{ + return getenv(name); +} + + +/** + * virIsSUID: + * Return a true value if running setuid. Does not + * check for elevated capabilities bits. + */ +bool virIsSUID(void) +{ + return getuid() != geteuid(); +} Index: libvirt-1.1.2/src/util/virutil.h =================================================================== --- libvirt-1.1.2.orig/src/util/virutil.h +++ libvirt-1.1.2/src/util/virutil.h @@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long l int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr); +const char *virGetEnvBlockSUID(const char *name); +const char *virGetEnvAllowSUID(const char *name); +bool virIsSUID(void); + #endif /* __VIR_UTIL_H__ */ ++++++ aebbcdd-CVE-2013-6456.patch ++++++ >From 21368274a9aa91e8a5f0addb3a6bba8dad91e334 Mon Sep 17 00:00:00 2001 From: Eric Blake <eblake(a)redhat.com> Date: Mon, 23 Dec 2013 22:55:51 -0700 Subject: [PATCH 09/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and lxcDomainReboot. Otherwise, a malicious guest could use symlinks to force the host to manipulate the wrong file in the host's namespace. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n(a)gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394 Signed-off-by: Eric Blake <eblake(a)redhat.com> (cherry picked from commit aebbcdd33c8c18891f0bdbbf8924599a28152c9c) --- src/lxc/lxc_driver.c | 38 ++++++++++++++++++++------------------ src/util/virinitctl.c | 26 ++++++++++---------------- src/util/virinitctl.h | 5 ++--- 3 files changed, 32 insertions(+), 37 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -2739,12 +2739,20 @@ lxcConnectListAllDomains(virConnectPtr c static int +lxcDomainInitctlCallback(pid_t pid ATTRIBUTE_UNUSED, + void *opaque) +{ + int *command = opaque; + return virInitctlSetRunLevel(*command); +} + + +static int lxcDomainShutdownFlags(virDomainPtr dom, unsigned int flags) { virLXCDomainObjPrivatePtr priv; virDomainObjPtr vm; - char *vroot = NULL; int ret = -1; int rc; @@ -2771,16 +2779,14 @@ lxcDomainShutdownFlags(virDomainPtr dom, goto cleanup; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - if (flags == 0 || (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) { - if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, - vroot)) < 0) { + int command = VIR_INITCTL_RUNLEVEL_POWEROFF; + + if ((rc = virProcessRunInMountNamespace(priv->initpid, + lxcDomainInitctlCallback, + &command)) < 0) goto cleanup; - } if (rc == 0 && flags != 0 && ((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", @@ -2806,7 +2812,6 @@ lxcDomainShutdownFlags(virDomainPtr dom, ret = 0; cleanup: - VIR_FREE(vroot); if (vm) virObjectUnlock(vm); return ret; @@ -2818,13 +2823,13 @@ lxcDomainShutdown(virDomainPtr dom) return lxcDomainShutdownFlags(dom, 0); } + static int lxcDomainReboot(virDomainPtr dom, unsigned int flags) { virLXCDomainObjPrivatePtr priv; virDomainObjPtr vm; - char *vroot = NULL; int ret = -1; int rc; @@ -2851,16 +2856,14 @@ lxcDomainReboot(virDomainPtr dom, goto cleanup; } - if (virAsprintf(&vroot, "/proc/%llu/root", - (unsigned long long)priv->initpid) < 0) - goto cleanup; - if (flags == 0 || (flags & VIR_DOMAIN_REBOOT_INITCTL)) { - if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_REBOOT, - vroot)) < 0) { + int command = VIR_INITCTL_RUNLEVEL_REBOOT; + + if ((rc = virProcessRunInMountNamespace(priv->initpid, + lxcDomainInitctlCallback, + &command)) < 0) goto cleanup; - } if (rc == 0 && flags != 0 && ((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", @@ -2886,7 +2889,6 @@ lxcDomainReboot(virDomainPtr dom, ret = 0; cleanup: - VIR_FREE(vroot); if (vm) virObjectUnlock(vm); return ret; Index: libvirt-1.1.2/src/util/virinitctl.c =================================================================== --- libvirt-1.1.2.orig/src/util/virinitctl.c +++ libvirt-1.1.2/src/util/virinitctl.c @@ -111,16 +111,18 @@ struct virInitctlRequest { # endif /* - * Send a message to init to change the runlevel + * Send a message to init to change the runlevel. This function is + * asynchronous-signal-safe (thus safe to use after fork of a + * multithreaded parent) - which is good, because it should only be + * used after forking and entering correct namespace. * * Returns 1 on success, 0 if initctl does not exist, -1 on error */ -int virInitctlSetRunLevel(virInitctlRunLevel level, - const char *vroot) +int +virInitctlSetRunLevel(virInitctlRunLevel level) { struct virInitctlRequest req; int fd = -1; - char *path = NULL; int ret = -1; memset(&req, 0, sizeof(req)); @@ -131,36 +133,28 @@ int virInitctlSetRunLevel(virInitctlRunL /* Yes it is an 'int' field, but wants a numeric character. Go figure */ req.runlevel = '0' + level; - if (vroot) { - if (virAsprintf(&path, "%s/%s", vroot, VIR_INITCTL_FIFO) < 0) - return -1; - } else { - if (VIR_STRDUP(path, VIR_INITCTL_FIFO) < 0) - return -1; - } - - if ((fd = open(path, O_WRONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY)) < 0) { + if ((fd = open(VIR_INITCTL_FIFO, + O_WRONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY)) < 0) { if (errno == ENOENT) { ret = 0; goto cleanup; } virReportSystemError(errno, _("Cannot open init control %s"), - path); + VIR_INITCTL_FIFO); goto cleanup; } if (safewrite(fd, &req, sizeof(req)) != sizeof(req)) { virReportSystemError(errno, _("Failed to send request to init control %s"), - path); + VIR_INITCTL_FIFO); goto cleanup; } ret = 1; cleanup: - VIR_FREE(path); VIR_FORCE_CLOSE(fd); return ret; } Index: libvirt-1.1.2/src/util/virinitctl.h =================================================================== --- libvirt-1.1.2.orig/src/util/virinitctl.h +++ libvirt-1.1.2/src/util/virinitctl.h @@ -1,7 +1,7 @@ /* * virinitctl.h: API for talking to init systems via initctl * - * Copyright (C) 2012 Red Hat, Inc. + * Copyright (C) 2012-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -37,7 +37,6 @@ enum virInitctlRunLevel { VIR_INITCTL_RUNLEVEL_LAST }; -int virInitctlSetRunLevel(virInitctlRunLevel level, - const char *vroot); +int virInitctlSetRunLevel(virInitctlRunLevel level); #endif ++++++ b03eba13-libxl-segfault-fix.patch ++++++ commit b03eba137616a9c48921c017d9c1142a47020dc2 Author: Bamvor Jian Zhang <bjzhang(a)suse.com> Date: Fri Dec 20 15:14:42 2013 +0800 libxl: fix segfault when domain create fail there is a segfault in libxl logging in libxl_ctx_free when domain create fail. because the log output handler vmessage is freed by xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove. move xtl_logger_destroy after libxl_ctx_free could fix this bug. Signed-off-by: Bamvor Jian Zhang <bjzhang(a)suse.com> Index: libvirt-1.1.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_driver.c +++ libvirt-1.1.2/src/libxl/libxl_driver.c @@ -472,11 +472,10 @@ libxlDomainObjPrivateDispose(void *obj) virChrdevFree(priv->devs); + libxl_ctx_free(priv->ctx); xtl_logger_destroy(priv->logger); if (priv->logger_file) VIR_FORCE_FCLOSE(priv->logger_file); - - libxl_ctx_free(priv->ctx); } static void ++++++ b7fcc799a-CVE-2013-4400.patch ++++++ commit b7fcc799ad5d8f3e55b89b94e599903e3c092467 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Oct 9 15:14:34 2013 +0100 Close all non-stdio FDs in virt-login-shell (CVE-2013-4400) We don't want to inherit any FDs in the new namespace except for the stdio FDs. Explicitly close them all, just in case some do not have the close-on-exec flag set. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/tools/virt-login-shell.c =================================================================== --- libvirt-1.1.2.orig/tools/virt-login-shell.c +++ libvirt-1.1.2/tools/virt-login-shell.c @@ -313,6 +313,18 @@ main(int argc, char **argv) if (cpid == 0) { pid_t ccpid; + int openmax = sysconf(_SC_OPEN_MAX); + int fd; + if (openmax < 0) { + virReportSystemError(errno, "%s", + _("sysconf(_SC_OPEN_MAX) failed")); + return EXIT_FAILURE; + } + for (fd = 3; fd < openmax; fd++) { + int tmpfd = fd; + VIR_MASS_CLOSE(tmpfd); + } + /* Fork once because we don't want to affect * virt-login-shell's namespace itself */ ++++++ ba79e38-bnc852005.patch ++++++ >From ba79e3879e771417ee90e125d8b38743a867d7d1 Mon Sep 17 00:00:00 2001 From: Michal Privoznik <mprivozn(a)redhat.com> Date: Fri, 21 Feb 2014 10:16:36 +0100 Subject: [PATCH] virSystemdCreateMachine: Set dependencies for slices https://bugzilla.redhat.com/show_bug.cgi?id=1031696 When creating a new domain, we let systemd know about it by calling CreateMachine() function via dbus. Systemd then creates a scope and places domain into it. However, later when the host is shutting down, systemd computes the shutdown order to see what processes can be shut down in parallel. And since we were not setting dependencies at all, the slices (and thus domains) were most likely killed before libvirt-guests.service. So user domains that had to be saved, shut off, whatever were in fact killed. This problem can be solved by letting systemd know that scopes we're creating must not be killed before libvirt-guests.service. Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com> --- src/util/virsystemd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) Index: libvirt-1.1.2/src/util/virsystemd.c =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.c +++ libvirt-1.1.2/src/util/virsystemd.c @@ -240,8 +240,10 @@ int virSystemdCreateMachine(const char * iscontainer ? "container" : "vm", (unsigned int)pidleader, rootdir ? rootdir : "", - 1, "Slice", "s", - slicename) < 0) { + 3, + "Slice", "s", slicename, + "After", "as", 1, "libvirtd.service", + "Before", "as", 1, "libvirt-guests.service") < 0) { virErrorPtr err = virGetLastError(); if (err->code == VIR_ERR_DBUS_SERVICE && STREQ(err->str2, "org.freedesktop.DBus.Error.ServiceUnknown")) { ++++++ baselibs.conf ++++++ libvirt-client requires -libvirt-<targettype> libvirt-devel requires -libvirt-<targettype> ++++++ bcb9a035-CVE-2013-6458.patch ++++++ commit bcb9a035a99cf8389069c401c94605aedccdc4df Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Fri Dec 20 15:04:09 2013 +0100 qemu: Fix job usage in qemuDomainBlockJobImpl CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit f93d2caa070f6197ab50d372d286018b0ba6bbd8) Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -14030,16 +14030,25 @@ qemuDomainBlockJobImpl(virDomainObjPtr v goto cleanup; } + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("domain is not running")); + goto endjob; + } + device = qemuDiskPathToAlias(vm, path, &idx); if (!device) - goto cleanup; + goto endjob; disk = vm->def->disks[idx]; if (mode == BLOCK_JOB_PULL && disk->mirror) { virReportError(VIR_ERR_BLOCK_COPY_ACTIVE, _("disk '%s' already in active block copy job"), disk->dst); - goto cleanup; + goto endjob; } if (mode == BLOCK_JOB_ABORT && (flags & VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT) && @@ -14047,15 +14056,6 @@ qemuDomainBlockJobImpl(virDomainObjPtr v virReportError(VIR_ERR_OPERATION_INVALID, _("pivot of disk '%s' requires an active copy job"), disk->dst); - goto cleanup; - } - - if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) - goto cleanup; - - if (!virDomainObjIsActive(vm)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("domain is not running")); goto endjob; } ++++++ bd773e74-lxc-terminate-machine.patch ++++++ commit bd773e74f0d1d1b9ebbfcaa645178316b4f2265c Author: Cédric Bosdonnat <cbosdonnat(a)suse.com> Date: Mon Sep 30 16:46:29 2013 +0200 LXC: workaround machined uncleaned data with containers running systemd. The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370 Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1940,8 +1940,10 @@ virSysinfoSetup; # util/virsystemd.h virSystemdCreateMachine; +virSystemdMakeMachineName; virSystemdMakeScopeName; virSystemdMakeSliceName; +virSystemdTerminateMachine; # util/virthread.h Index: libvirt-1.1.2/src/lxc/lxc_process.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_process.c +++ libvirt-1.1.2/src/lxc/lxc_process.c @@ -50,6 +50,7 @@ #include "virstring.h" #include "viratomic.h" #include "virprocess.h" +#include "virsystemd.h" #define VIR_FROM_THIS VIR_FROM_LXC @@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCD virCgroupFree(&priv->cgroup); } + /* Get machined to terminate the machine as it may not have cleaned it + * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for + * the bug we are working around here. + */ + virSystemdTerminateMachine(vm->def->name, "lxc", true); + + /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); Index: libvirt-1.1.2/src/util/virsystemd.c =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.c +++ libvirt-1.1.2/src/util/virsystemd.c @@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char return virBufferContentAndReset(&buf); } +char *virSystemdMakeMachineName(const char *name, + const char *drivername, + bool privileged) +{ + char *machinename = NULL; + char *username = NULL; + if (privileged) { + if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) + goto cleanup; + } else { + if (!(username = virGetUserName(geteuid()))) + goto cleanup; + if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) + goto cleanup; + } + +cleanup: + VIR_FREE(username); + + return machinename; +} /** * virSystemdCreateMachine: @@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char * DBusConnection *conn; char *machinename = NULL; char *creatorname = NULL; - char *username = NULL; char *slicename = NULL; if (!virDBusHasSystemBus()) @@ -150,15 +170,8 @@ int virSystemdCreateMachine(const char * conn = virDBusGetSystemBus(); - if (privileged) { - if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) - goto cleanup; - } else { - if (!(username = virGetUserName(geteuid()))) - goto cleanup; - if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) - goto cleanup; - } + if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) + goto cleanup; if (virAsprintf(&creatorname, "libvirt-%s", drivername) < 0) goto cleanup; @@ -241,8 +254,52 @@ int virSystemdCreateMachine(const char * ret = 0; cleanup: - VIR_FREE(username); VIR_FREE(creatorname); VIR_FREE(machinename); return ret; } + +int virSystemdTerminateMachine(const char *name, + const char *drivername, + bool privileged) +{ + int ret; + DBusConnection *conn; + char *machinename = NULL; + + if(!virDBusHasSystemBus()) + return -2; + + conn = virDBusGetSystemBus(); + + ret = -1; + if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) + goto cleanup; + + /* + * The systemd DBus API we're invoking has the + * following signature + * + * TerminateMachine(in s name); + * + * @name a host unique name for the machine. shows up + * in 'ps' listing & similar + */ + + VIR_DEBUG("Attempting to terminate machine via systemd"); + if (virDBusCallMethod(conn, + NULL, + "org.freedesktop.machine1", + "/org/freedesktop/machine1", + "org.freedesktop.machine1.Manager", + "TerminateMachine", + "s", + machinename) < 0) + goto cleanup; + + ret = 0; + +cleanup: + VIR_FREE(machinename); + return ret; +} Index: libvirt-1.1.2/src/util/virsystemd.h =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.h +++ libvirt-1.1.2/src/util/virsystemd.h @@ -29,6 +29,10 @@ char *virSystemdMakeScopeName(const char const char *slicename); char *virSystemdMakeSliceName(const char *partition); +char *virSystemdMakeMachineName(const char *name, + const char *drivername, + bool privileged); + int virSystemdCreateMachine(const char *name, const char *drivername, bool privileged, @@ -38,4 +42,8 @@ int virSystemdCreateMachine(const char * bool iscontainer, const char *partition); +int virSystemdTerminateMachine(const char *name, + const char *drivername, + bool privileged); + #endif /* __VIR_SYSTEMD_H__ */ Index: libvirt-1.1.2/tests/virsystemdtest.c =================================================================== --- libvirt-1.1.2.orig/tests/virsystemdtest.c +++ libvirt-1.1.2/tests/virsystemdtest.c @@ -51,6 +51,18 @@ static int testCreateContainer(const voi return 0; } +static int testTerminateContainer(const void *opaque ATTRIBUTE_UNUSED) +{ + if (virSystemdTerminateMachine("demo", + "lxc", + true) < 0) { + fprintf(stderr, "%s", "Failed to terminate LXC machine\n"); + return -1; + } + + return 0; +} + static int testCreateMachine(const void *opaque ATTRIBUTE_UNUSED) { unsigned char uuid[VIR_UUID_BUFLEN] = { @@ -74,6 +86,18 @@ static int testCreateMachine(const void return 0; } +static int testTerminateMachine(const void *opaque ATTRIBUTE_UNUSED) +{ + if (virSystemdTerminateMachine("demo", + "qemu", + false) < 0) { + fprintf(stderr, "%s", "Failed to terminate KVM machine\n"); + return -1; + } + + return 0; +} + static int testCreateNoSystemd(const void *opaque ATTRIBUTE_UNUSED) { unsigned char uuid[VIR_UUID_BUFLEN] = { @@ -177,8 +201,12 @@ mymain(void) if (virtTestRun("Test create container ", 1, testCreateContainer, NULL) < 0) ret = -1; + if (virtTestRun("Test terminate container ", 1, testTerminateContainer, NULL) < 0) + ret = -1; if (virtTestRun("Test create machine ", 1, testCreateMachine, NULL) < 0) ret = -1; + if (virtTestRun("Test terminate machine ", 1, testTerminateMachine, NULL) < 0) + ret = -1; if (virtTestRun("Test create no systemd ", 1, testCreateNoSystemd, NULL) < 0) ret = -1; if (virtTestRun("Test create bad systemd ", 1, testCreateBadSystemd, NULL) < 0) ++++++ c321bfc-CVE-2013-6456.patch ++++++ >From 4f2282e9e1bb55b56b929a38512a6ef3e4319c44 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Thu, 30 Jan 2014 17:06:39 +0000 Subject: [PATCH 07/14] Add virFileMakeParentPath helper function Add a helper function which takes a file path and ensures that all directory components leading up to the file exist. IOW, it strips the filename part of the path and passes the result to virFileMakePath. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit c321bfc5c37c603af349dacf531bb03c91b0755e) --- src/libvirt_private.syms | 1 + src/util/virfile.c | 29 +++++++++++++++++++++++++++++ src/util/virfile.h | 1 + 3 files changed, 31 insertions(+) Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1378,6 +1378,7 @@ virFileIsLink; virFileLinkPointsTo; virFileLock; virFileLoopDeviceAssociate; +virFileMakeParentPath; virFileMakePath; virFileMakePathWithMode; virFileMatchesNameSuffix; Index: libvirt-1.1.2/src/util/virfile.c =================================================================== --- libvirt-1.1.2.orig/src/util/virfile.c +++ libvirt-1.1.2/src/util/virfile.c @@ -2093,6 +2093,35 @@ cleanup: return ret; } + +int +virFileMakeParentPath(const char *path) +{ + char *p; + char *tmp; + int ret = -1; + + VIR_DEBUG("path=%s", path); + + if (VIR_STRDUP(tmp, path) < 0) { + errno = ENOMEM; + return -1; + } + + if ((p = strrchr(tmp, '/')) == NULL) { + errno = EINVAL; + goto cleanup; + } + *p = '\0'; + + ret = virFileMakePathHelper(tmp, 0777); + + cleanup: + VIR_FREE(tmp); + return ret; +} + + /* Build up a fully qualified path for a config file to be * associated with a persistent guest or network */ char * Index: libvirt-1.1.2/src/util/virfile.h =================================================================== --- libvirt-1.1.2.orig/src/util/virfile.h +++ libvirt-1.1.2/src/util/virfile.h @@ -187,6 +187,7 @@ int virDirCreate(const char *path, mode_ int virFileMakePath(const char *path) ATTRIBUTE_RETURN_CHECK; int virFileMakePathWithMode(const char *path, mode_t mode) ATTRIBUTE_RETURN_CHECK; +int virFileMakeParentPath(const char *path) ATTRIBUTE_RETURN_CHECK; char *virFileBuildPath(const char *dir, const char *name, ++++++ c364897-CVE-2013-6456.patch ++++++ >From e2a0b1a6b4f1c2f25957cc81ba93a13f247b9221 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Tue, 4 Feb 2014 16:43:18 +0000 Subject: [PATCH 02/14] Fix path used for USB device attach with LXC The LXC code missed the 'usb' component out of the path /dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually setup cgroups for the device. This was in fact lucky because the call to virLXCSetupHostUsbDeviceCgroup was also mistakenly passing '&priv->cgroup' instead of just 'priv->cgroup'. So once the path is fixed, libvirtd would then crash trying to access the bogus virCgroupPtr pointer. This would have been a security issue, were it not for the bogus path preventing the pointer reference being reached. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit c3648972222d4eb056e6e667c193ba56a7aa3557) --- src/lxc/lxc_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3334,7 +3334,7 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv (unsigned long long)priv->initpid) < 0) goto cleanup; - if (virAsprintf(&dstdir, "%s/dev/bus/%03d", + if (virAsprintf(&dstdir, "%s/dev/bus/usb/%03d", vroot, def->source.subsys.u.usb.bus) < 0) goto cleanup; @@ -3399,7 +3399,7 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv if (virUSBDeviceFileIterate(usb, virLXCSetupHostUsbDeviceCgroup, - &priv->cgroup) < 0) + priv->cgroup) < 0) goto cleanup; ret = 0; ++++++ c3eb12c-CVE-2013-6456.patch ++++++ >From 703a3af08166a705d1df031b897c98a411e3da67 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Wed, 5 Feb 2014 17:48:03 +0000 Subject: [PATCH 06/14] Move check for cgroup devices ACL upfront in LXC hotplug The check for whether the cgroup devices ACL is available is done quite late during LXC hotplug - in fact after the device node is already created in the container in some cases. Better to do it upfront so we fail immediately. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit c3eb12cace868884393d35c23278653634d81c70) --- src/lxc/lxc_driver.c | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3077,6 +3077,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv goto cleanup; } + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("devices cgroup isn't mounted")); + goto cleanup; + } + if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Can't setup disk for non-block device")); @@ -3144,12 +3150,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv vm->def, def) < 0) goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("devices cgroup isn't mounted")); - goto cleanup; - } - if (virCgroupAllowDevicePath(priv->cgroup, def->src, (def->readonly ? VIR_CGROUP_DEVICE_READ : @@ -3345,12 +3345,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv def->source.subsys.u.usb.device) < 0) goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("devices cgroup isn't mounted")); - goto cleanup; - } - if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus, def->source.subsys.u.usb.device, vroot))) goto cleanup; @@ -3498,12 +3492,6 @@ lxcDomainAttachDeviceHostdevStorageLive( vm->def, def, vroot) < 0) goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("devices cgroup isn't mounted")); - goto cleanup; - } - if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block, VIR_CGROUP_DEVICE_RW | VIR_CGROUP_DEVICE_MKNOD) != 0) { @@ -3606,12 +3594,6 @@ lxcDomainAttachDeviceHostdevMiscLive(vir vm->def, def, vroot) < 0) goto cleanup; - if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("devices cgroup isn't mounted")); - goto cleanup; - } - if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev, VIR_CGROUP_DEVICE_RW | VIR_CGROUP_DEVICE_MKNOD) != 0) { @@ -3687,6 +3669,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCD return -1; } + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("devices cgroup isn't mounted")); + return -1; + } + switch (dev->data.hostdev->mode) { case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS: return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev); ++++++ clone.patch ++++++ Index: src/lxc/lxc_container.c =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c @@ -144,6 +144,7 @@ int lxcContainerHasReboot(void) int cmd, v; int status; char *tmp; + int stacksize = getpagesize() * 4; if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0) return -1; @@ -160,12 +161,19 @@ int lxcContainerHasReboot(void) VIR_FREE(buf); cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF; - if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) +#ifdef __ia64__ + stacksize *= 2; +#endif + if (VIR_ALLOC_N(stack, stacksize) < 0) return -1; - childStack = stack + (getpagesize() * 4); + childStack = stack + stacksize; +#ifdef __ia64__ + cpid = __clone2(lxcContainerRebootChild, childStack, stacksize, flags, &cmd); +#else cpid = clone(lxcContainerRebootChild, childStack, flags, &cmd); +#endif VIR_FREE(stack); if (cpid < 0) { virReportSystemError(errno, "%s", @@ -1893,7 +1901,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } +#ifdef __ia64__ + pid = __clone2(lxcContainerChild, stacktop, stacksize, cflags, &args); +#else pid = clone(lxcContainerChild, stacktop, cflags, &args); +#endif VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); @@ -1919,6 +1931,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; + int stacksize = getpagesize() * 4; if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; @@ -1926,14 +1939,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; - if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) { +#ifdef __ia64__ + stacksize *= 2; +#endif + if (VIR_ALLOC_N(stack, stacksize) < 0) { VIR_DEBUG("Unable to allocate stack"); return -1; } - childStack = stack + (getpagesize() * 4); + childStack = stack + stacksize; +#ifdef __ia64__ + cpid = __clone2(lxcContainerDummyChild, childStack, stacksize, flags, NULL); +#else cpid = clone(lxcContainerDummyChild, childStack, flags, NULL); +#endif VIR_FREE(stack); if (cpid < 0) { char ebuf[1024] ATTRIBUTE_UNUSED; ++++++ d24e6b8-CVE-2013-6456.patch ++++++ >From c54afa41704e0e05829b9d373600ea194068ecbb Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" <berrange(a)redhat.com> Date: Wed, 5 Feb 2014 11:01:09 +0000 Subject: [PATCH 05/14] Disks are always block devices, never character devices The LXC disk hotplug code was allowing block or character devices to be given as disk. A disk is always a block device. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> (cherry picked from commit d24e6b8b1eb87daa6ee467b76cf343725468949c) --- src/lxc/lxc_driver.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -3100,9 +3100,9 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv goto cleanup; } - if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) { + if (!S_ISBLK(sb.st_mode)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Disk source %s must be a character/block device"), + _("Disk source %s must be a block device"), def->src); goto cleanup; } @@ -3114,11 +3114,7 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0) goto cleanup; - mode = 0700; - if (S_ISCHR(sb.st_mode)) - mode |= S_IFCHR; - else - mode |= S_IFBLK; + mode = 0700 | S_IFBLK; /* Yes, the device name we're creating may not * actually correspond to the major:minor number ++++++ d697b0f3-storage-avoid-short-reads.patch ++++++ >From d697b0f383a23a94d7415b0e02b025eda46ad534 Mon Sep 17 00:00:00 2001 From: Eric Blake <eblake(a)redhat.com> Date: Tue, 5 Nov 2013 10:30:56 -0700 Subject: [PATCH] storage: avoid short reads while chasing backing chain Our backing file chain code was not very robust to an ill-timed EINTR, which could lead to a short read causing us to randomly treat metadata differently than usual. But the existing virFileReadLimFD forces an error if we don't read the entire file, even though we only care about the header of the file. So add a new virFile function that does what we want. * src/util/virfile.h (virFileReadHeaderFD): New prototype. * src/util/virfile.c (virFileReadHeaderFD): New function. * src/libvirt_private.syms (virfile.h): Export it. * src/util/virstoragefile.c (virStorageFileGetMetadataInternal) (virStorageFileProbeFormatFromFD): Use it. Signed-off-by: Eric Blake <eblake(a)redhat.com> (cherry picked from commit 5327fad4f292e4f3f84884ffe158c492bf00519c) Conflicts: src/util/virstoragefile.c: buffer signedness --- src/libvirt_private.syms | 1 + src/util/virfile.c | 21 +++++++++++++++++++++ src/util/virfile.h | 9 ++++++--- src/util/virstoragefile.c | 10 ++-------- 4 files changed, 30 insertions(+), 11 deletions(-) Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1386,6 +1386,7 @@ virFileOpenAs; virFileOpenTty; virFilePrintf; virFileReadAll; +virFileReadHeaderFD; virFileReadLimFD; virFileResolveAllLinks; virFileResolveLink; Index: libvirt-1.1.2/src/util/virfile.c =================================================================== --- libvirt-1.1.2.orig/src/util/virfile.c +++ libvirt-1.1.2/src/util/virfile.c @@ -1153,6 +1153,27 @@ saferead_lim(int fd, size_t max_len, siz return NULL; } + +/* A wrapper around saferead_lim that merely stops reading at the + * specified maximum size. */ +int +virFileReadHeaderFD(int fd, int maxlen, char **buf) +{ + size_t len; + char *s; + + if (maxlen <= 0) { + errno = EINVAL; + return -1; + } + s = saferead_lim(fd, maxlen, &len); + if (s == NULL) + return -1; + *buf = s; + return len; +} + + /* A wrapper around saferead_lim that maps a failure due to exceeding the maximum size limitation to EOVERFLOW. */ int Index: libvirt-1.1.2/src/util/virfile.h =================================================================== --- libvirt-1.1.2.orig/src/util/virfile.h +++ libvirt-1.1.2/src/util/virfile.h @@ -122,9 +122,12 @@ int virFileNBDDeviceAssociate(const char int virFileDeleteTree(const char *dir); -int virFileReadLimFD(int fd, int maxlen, char **buf) ATTRIBUTE_RETURN_CHECK; - -int virFileReadAll(const char *path, int maxlen, char **buf) ATTRIBUTE_RETURN_CHECK; +int virFileReadHeaderFD(int fd, int maxlen, char **buf) + ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(3); +int virFileReadLimFD(int fd, int maxlen, char **buf) + ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(3); +int virFileReadAll(const char *path, int maxlen, char **buf) + ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3); int virFileWriteStr(const char *path, const char *str, mode_t mode) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK; Index: libvirt-1.1.2/src/util/virstoragefile.c =================================================================== --- libvirt-1.1.2.orig/src/util/virstoragefile.c +++ libvirt-1.1.2/src/util/virstoragefile.c @@ -788,10 +788,7 @@ virStorageFileGetMetadataInternal(const goto cleanup; } - if (VIR_ALLOC_N(buf, len) < 0) - goto cleanup; - - if ((len = read(fd, buf, len)) < 0) { + if ((len = virFileReadHeaderFD(fd, len, (char **)&buf)) < 0) { virReportSystemError(errno, _("cannot read header '%s'"), path); goto cleanup; } @@ -934,15 +931,12 @@ virStorageFileProbeFormatFromFD(const ch return VIR_STORAGE_FILE_DIR; } - if (VIR_ALLOC_N(head, len) < 0) - return -1; - if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { virReportSystemError(errno, _("cannot set to start of '%s'"), path); goto cleanup; } - if ((len = read(fd, head, len)) < 0) { + if ((len = virFileReadHeaderFD(fd, len, (char **)&head)) < 0) { virReportSystemError(errno, _("cannot read header '%s'"), path); goto cleanup; } ++++++ db7a5688-CVE-2013-4311.patch ++++++ commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Thu Aug 22 16:00:01 2013 +0100 Also store user & group ID values in virIdentity Future improvements to the polkit code will require access to the numeric user ID, not merely user name. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.1.2/src/rpc/virnetserverclient.c @@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetS char *processid = NULL; char *processtime = NULL; char *username = NULL; + char *userid = NULL; char *groupname = NULL; + char *groupid = NULL; #if WITH_SASL char *saslname = NULL; #endif @@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetS if (!(username = virGetUserName(uid))) goto cleanup; + if (virAsprintf(&userid, "%d", (int)uid) < 0) + goto cleanup; if (!(groupname = virGetGroupName(gid))) goto cleanup; + if (virAsprintf(&userid, "%d", (int)gid) < 0) + goto cleanup; if (virAsprintf(&processid, "%llu", (unsigned long long)pid) < 0) goto cleanup; @@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetS VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) goto error; + if (userid && + virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_USER_ID, + userid) < 0) + goto error; if (groupname && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) goto error; + if (groupid && + virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + groupid) < 0) + goto error; if (processid && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, @@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetS cleanup: VIR_FREE(username); + VIR_FREE(userid); VIR_FREE(groupname); + VIR_FREE(groupid); VIR_FREE(processid); VIR_FREE(processtime); VIR_FREE(seccontext); Index: libvirt-1.1.2/src/util/viridentity.c =================================================================== --- libvirt-1.1.2.orig/src/util/viridentity.c +++ libvirt-1.1.2/src/util/viridentity.c @@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr virIdentityPtr virIdentityGetSystem(void) { char *username = NULL; + char *userid = NULL; char *groupname = NULL; + char *groupid = NULL; char *seccontext = NULL; virIdentityPtr ret = NULL; #if WITH_SELINUX @@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void if (!(username = virGetUserName(getuid()))) goto cleanup; + if (virAsprintf(&userid, "%d", (int)getuid()) < 0) + goto cleanup; + if (!(groupname = virGetGroupName(getgid()))) goto cleanup; + if (virAsprintf(&groupid, "%d", (int)getgid()) < 0) + goto cleanup; #if WITH_SELINUX if (getcon(&con) < 0) { @@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void if (!(ret = virIdentityNew())) goto cleanup; - if (username && - virIdentitySetAttr(ret, + if (virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_USER_NAME, username) < 0) goto error; - if (groupname && - virIdentitySetAttr(ret, + if (virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_USER_ID, + userid) < 0) + goto error; + if (virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, groupname) < 0) goto error; + if (virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_GROUP_ID, + groupid) < 0) + goto error; if (seccontext && virIdentitySetAttr(ret, VIR_IDENTITY_ATTR_SELINUX_CONTEXT, @@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void cleanup: VIR_FREE(username); + VIR_FREE(userid); VIR_FREE(groupname); + VIR_FREE(groupid); VIR_FREE(seccontext); VIR_FREE(processid); return ret; Index: libvirt-1.1.2/src/util/viridentity.h =================================================================== --- libvirt-1.1.2.orig/src/util/viridentity.h +++ libvirt-1.1.2/src/util/viridentity.h @@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr; typedef enum { VIR_IDENTITY_ATTR_UNIX_USER_NAME, + VIR_IDENTITY_ATTR_UNIX_USER_ID, VIR_IDENTITY_ATTR_UNIX_GROUP_NAME, + VIR_IDENTITY_ATTR_UNIX_GROUP_ID, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, VIR_IDENTITY_ATTR_SASL_USER_NAME, ++++++ e1459c1f-nic-devid.patch ++++++ commit e1459c1fe88068f231bad254733b29287c28d517 Author: Stefan Bader <stefan.bader(a)canonical.com> Date: Wed Jan 8 11:39:19 2014 +0100 libxl: Fix devid init in libxlMakeNicList This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96 "libxl: Allow libxl to set NIC devid". However assigning devid's before calling libxlMakeNic does not work as that is calling libxl_device_nic_init which sets it back to -1. Right now auto-assignment only works in the hotplug case. But even if that would be fixed at some point (if that is possible at all), this would add a weird dependency between Xen and libvirt versions. The change here should accept any auto-assignment that makes it into libxl_device_nic_init. My understanding is that a caller always is allowed to make the devid choice itself. And assuming libxlMakeNicList is only used on domain creation, a sequential numbering should be ok. Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com> Index: libvirt-1.1.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_conf.c +++ libvirt-1.1.2/src/libxl/libxl_conf.c @@ -878,6 +878,13 @@ libxlMakeNicList(virDomainDefPtr def, l for (i = 0; i < nnics; i++) { if (libxlMakeNic(def, l_nics[i], &x_nics[i])) goto error; + /* + * The devid (at least right now) will not get initialized by + * libxl in the setup case but is required for starting the + * device-model. + */ + if (x_nics[i].devid < 0) + x_nics[i].devid = i; } d_config->nics = x_nics; ++++++ e350826c-python-fix-fd-passing.patch ++++++ commit e350826c653b20dd271ab99075d2f224c7451356 Author: Marian Neagul <marian(a)info.uvt.ro> Date: Tue Oct 22 16:03:39 2013 +0100 python: Fix Create*WithFiles filefd passing Commit d76227be added functions virDomainCreateWithFiles and virDomainCreateXMLWithFiles, but there was a little piece missing in python bindings. This patch fixes proper passing of file descriptors in the overwrites of these functions. Index: libvirt-1.1.2/python/libvirt-override.c =================================================================== --- libvirt-1.1.2.orig/python/libvirt-override.c +++ libvirt-1.1.2/python/libvirt-override.c @@ -7149,6 +7149,10 @@ libvirt_virDomainCreateXMLWithFiles(PyOb if (libvirt_intUnwrap(pyfd, &fd) < 0) goto cleanup; + + files[i] = fd; + + files[i] = fd; } LIBVIRT_BEGIN_ALLOW_THREADS; ++++++ e4697b92-CVE-2013-4311.patch ++++++ commit e4697b92abaad16e8e6b41a1e55be9b084d48d5a Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Mon Sep 23 12:46:25 2013 +0100 Fix typo in identity code which is pre-requisite for CVE-2013-4311 The fix for CVE-2013-4311 had a pre-requisite enhancement to the identity code commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Thu Aug 22 16:00:01 2013 +0100 Also store user & group ID values in virIdentity This had a typo which caused the group ID to overwrite the user ID string. This meant any checks using this would have the wrong ID value. This only affected the ACL code, not the initial polkit auth. It also leaked memory. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.1.2/src/rpc/virnetserverclient.c @@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetS goto cleanup; if (!(groupname = virGetGroupName(gid))) goto cleanup; - if (virAsprintf(&userid, "%d", (int)gid) < 0) + if (virAsprintf(&groupid, "%d", (int)gid) < 0) goto cleanup; if (virAsprintf(&processid, "%llu", (unsigned long long)pid) < 0) ++++++ e65667c0-CVE-2013-4311.patch ++++++ commit e65667c0c6e016d42abea077e31628ae43f57b74 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Aug 28 15:22:05 2013 +0100 Ensure system identity includes process start time The polkit access driver will want to use the process start time field. This was already set for network identities, but not for the system identity. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/src/util/viridentity.c =================================================================== --- libvirt-1.1.2.orig/src/util/viridentity.c +++ libvirt-1.1.2/src/util/viridentity.c @@ -35,6 +35,7 @@ #include "virthread.h" #include "virutil.h" #include "virstring.h" +#include "virprocess.h" #define VIR_FROM_THIS VIR_FROM_IDENTITY @@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void security_context_t con; #endif char *processid = NULL; + unsigned long long timestamp; + char *processtime = NULL; if (virAsprintf(&processid, "%llu", (unsigned long long)getpid()) < 0) goto cleanup; + if (virProcessGetStartTime(getpid(), &timestamp) < 0) + goto cleanup; + + if (timestamp != 0 && + virAsprintf(&processtime, "%llu", timestamp) < 0) + goto cleanup; + if (!(username = virGetUserName(getuid()))) goto cleanup; if (virAsprintf(&userid, "%d", (int)getuid()) < 0) @@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, processid) < 0) goto error; + if (processtime && + virIdentitySetAttr(ret, + VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, + processtime) < 0) + goto error; cleanup: VIR_FREE(username); @@ -206,6 +221,7 @@ cleanup: VIR_FREE(groupid); VIR_FREE(seccontext); VIR_FREE(processid); + VIR_FREE(processtime); return ret; error: ++++++ e7f400a1-CVE-2013-4296.patch ++++++ commit e7f400a110e2e3673b96518170bfea0855dd82c0 Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Tue Sep 3 16:52:06 2013 +0100 Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) The 'stats' variable was not initialized to NULL, so if some early validation of the RPC call fails, it is possible to jump to the 'cleanup' label and VIR_FREE an uninitialized pointer. This is a security flaw, since the API can be called from a readonly connection which can trigger the validation checks. This was introduced in release v0.9.1 onwards by commit 158ba8730e44b7dd07a21ab90499996c5dec080a Author: Daniel P. Berrange <berrange(a)redhat.com> Date: Wed Apr 13 16:21:35 2011 +0100 Merge all returns paths from dispatcher into single path Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> Index: libvirt-1.1.2/daemon/remote.c =================================================================== --- libvirt-1.1.2.orig/daemon/remote.c +++ libvirt-1.1.2/daemon/remote.c @@ -1146,7 +1146,7 @@ remoteDispatchDomainMemoryStats(virNetSe remote_domain_memory_stats_ret *ret) { virDomainPtr dom = NULL; - struct _virDomainMemoryStat *stats; + struct _virDomainMemoryStat *stats = NULL; int nr_stats; size_t i; int rv = -1; ++++++ ed327dfc-CVE-2014-1447.patch ++++++ commit ed327dfcf4216c1412501b13367b5370de740a22 Author: Jiri Denemark <jdenemar(a)redhat.com> Date: Thu Jan 9 22:26:40 2014 +0100 Don't crash if a connection closes early https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug. (cherry picked from commit 173c2914734eb5c32df6d35a82bf503e12261bcf) Index: libvirt-1.1.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.1.2/src/rpc/virnetserverclient.c @@ -1533,9 +1533,22 @@ cleanup: int virNetServerClientStartKeepAlive(virNetServerClientPtr client) { - int ret; + int ret = -1; + virObjectLock(client); + + /* The connection might have been closed before we got here and thus the + * keepalive object could have been removed too. + */ + if (!client->sock) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("connection not open")); + goto cleanup; + } + ret = virKeepAliveStart(client->keepalive, 0, 0); + +cleanup: virObjectUnlock(client); return ret; } ++++++ f8c1cb90-CVE-2013-6436.patch ++++++ commit f8c1cb90213508c4f32549023b0572ed774e48aa Author: Martin Kletzander <mkletzan(a)redhat.com> Date: Mon Dec 9 11:15:11 2013 +0100 CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters The function doesn't check whether the request is made for active or inactive domain. Thus when the domain is not running it still tries accessing non-existing cgroups (priv->cgroup, which is NULL). I re-made the function in order for it to work the same way it's qemu counterpart does. Reproducer: 1) Define an LXC domain 2) Do 'virsh memtune <domain>' Backtrace: Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)): #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764 #1 0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705 #2 0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804 #3 0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8) at util/vircgroup.c:1962 #4 0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0, params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826 #5 0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0, params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137 #6 0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, ret=0x7fffd4002420) at remote.c:1895 #7 0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0, ret=0x7fffd4002420) at remote_dispatch.h:4050 #8 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) at rpc/virnetserverprogram.c:435 #9 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0) at rpc/virnetserverprogram.c:305 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0, prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00) at rpc/virnetserver.c:186 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com> Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -795,22 +795,36 @@ lxcDomainGetMemoryParameters(virDomainPt int *nparams, unsigned int flags) { - size_t i; + virCapsPtr caps = NULL; + virDomainDefPtr vmdef = NULL; virDomainObjPtr vm = NULL; + virLXCDomainObjPrivatePtr priv = NULL; + virLXCDriverPtr driver = dom->conn->privateData; unsigned long long val; int ret = -1; - virLXCDomainObjPrivatePtr priv; + size_t i; - virCheckFlags(0, -1); + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; - if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0) + if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0 || + !(caps = virLXCDriverGetCapabilities(driver, false)) || + virDomainLiveConfigHelperMethod(caps, driver->xmlopt, + vm, &flags, &vmdef) < 0) goto cleanup; + if (flags & VIR_DOMAIN_AFFECT_LIVE && + !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("cgroup memory controller is not mounted")); + goto cleanup; + } + if ((*nparams) == 0) { /* Current number of memory parameters supported by cgroups */ *nparams = LXC_NB_MEM_PARAM; @@ -824,22 +838,34 @@ lxcDomainGetMemoryParameters(virDomainPt switch (i) { case 0: /* fill memory hard limit here */ - if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) + if (flags & VIR_DOMAIN_AFFECT_CONFIG) { + val = vmdef->mem.hard_limit; + val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; + } else if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) { goto cleanup; + } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) goto cleanup; break; case 1: /* fill memory soft limit here */ - if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) + if (flags & VIR_DOMAIN_AFFECT_CONFIG) { + val = vmdef->mem.soft_limit; + val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; + } else if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) { goto cleanup; + } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SOFT_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) goto cleanup; break; case 2: /* fill swap hard limit here */ - if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) + if (flags & VIR_DOMAIN_AFFECT_CONFIG) { + val = vmdef->mem.swap_hard_limit; + val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED; + } else if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) { goto cleanup; + } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) @@ -860,6 +886,7 @@ lxcDomainGetMemoryParameters(virDomainPt cleanup: if (vm) virObjectUnlock(vm); + virObjectUnref(caps); return ret; } ++++++ fb5a3190-CVE-2014-0028.patch ++++++ commit fb5a3190c6409897744a244c6e0d5e2d52d34b39 Author: Eric Blake <eblake(a)redhat.com> Date: Tue Jan 14 10:29:34 2014 -0700 event: filter global events by domain:getattr ACL [CVE-2014-0028] Ever since ACL filtering was added in commit 7639736 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08 (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: Eric Blake <eblake(a)redhat.com> (cherry picked from commit f9f56340539d609cdc2e9d4ab812b9f146c3f100) Conflicts: src/conf/object_event.c - not backporting event refactoring src/conf/object_event_private.h - likewise src/conf/network_event.c - not backporting network events src/conf/network_event.h - likewise src/network/bridge_driver.c - likewise src/access/viraccessperm.h - likewise src/remote/remote_protocol.x - likewise src/conf/domain_event.c - includes code that upstream has in object_event src/conf/domain_event.h - context src/libxl/libxl_driver.c - context src/lxc/lxc_driver.c - context src/remote/remote_driver.c - context, not backporting network events src/test/test_driver.c - context, not backporting network events src/uml/uml_driver.c - context src/xen/xen_driver.c - context Index: libvirt-1.1.2/src/access/viraccessperm.h =================================================================== --- libvirt-1.1.2.orig/src/access/viraccessperm.h +++ libvirt-1.1.2/src/access/viraccessperm.h @@ -1,7 +1,7 @@ /* * viraccessperm.h: access control permissions * - * Copyright (C) 2012-2013 Red Hat, Inc. + * Copyright (C) 2012-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -47,7 +47,7 @@ typedef enum { /** * @desc: List domains - * @message: Listing domains requires authorization + * @message: Listing domains or using domain events requires authorization * @anonymous: 1 */ VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS, Index: libvirt-1.1.2/src/conf/domain_event.c =================================================================== --- libvirt-1.1.2.orig/src/conf/domain_event.c +++ libvirt-1.1.2/src/conf/domain_event.c @@ -32,6 +32,20 @@ #define VIR_FROM_THIS VIR_FROM_NONE +/** + * virObjectEventCallbackFilter: + * @conn: the connection pointer + * @event: the event about to be dispatched + * @opaque: opaque data registered with the filter + * + * Callback to do final filtering for a reason not tracked directly by + * virObjectEventStateRegisterID(). Return false if @event must not + * be sent to @conn. + */ +typedef bool (*virObjectEventCallbackFilter)(virConnectPtr conn, + virDomainEventPtr event, + void *opaque); + struct _virDomainMeta { int id; char *name; @@ -68,6 +82,8 @@ struct _virDomainEventCallback { int eventID; virConnectPtr conn; virDomainMetaPtr dom; + virObjectEventCallbackFilter filter; + void *filter_opaque; virConnectDomainEventGenericCallback cb; void *opaque; virFreeCallback freecb; @@ -337,6 +353,9 @@ virDomainEventCallbackListPurgeMarked(vi * virDomainEventCallbackListAddID: * @conn: pointer to the connection * @cbList: the list + * @dom: optional domain to filter on + * @filter optional last-ditch filter callback + * @filter_opaque: opaque data to pass to @filter * @eventID: the event ID * @callback: the callback to add * @opaque: opaque data tio pass to callback @@ -348,6 +367,8 @@ static int virDomainEventCallbackListAddID(virConnectPtr conn, virDomainEventCallbackListPtr cbList, virDomainPtr dom, + virObjectEventCallbackFilter filter, + void *filter_opaque, int eventID, virConnectDomainEventGenericCallback callback, void *opaque, @@ -394,6 +415,8 @@ virDomainEventCallbackListAddID(virConne memcpy(event->dom->uuid, dom->uuid, VIR_UUID_BUFLEN); event->dom->id = dom->id; } + event->filter = filter; + event->filter_opaque = filter_opaque; /* Make space on list */ if (VIR_REALLOC_N(cbList->callbacks, cbList->count + 1) < 0) @@ -433,6 +456,8 @@ error: * virDomainEventCallbackListAdd: * @conn: pointer to the connection * @cbList: the list + * @filter optional last-ditch filter callback + * @filter_opaque: opaque data to pass to @filter * @callback: the callback to add * @opaque: opaque data tio pass to callback * @@ -441,11 +466,14 @@ error: static int virDomainEventCallbackListAdd(virConnectPtr conn, virDomainEventCallbackListPtr cbList, + virObjectEventCallbackFilter filter, + void *filter_opaque, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) { return virDomainEventCallbackListAddID(conn, cbList, NULL, + filter, filter_opaque, VIR_DOMAIN_EVENT_ID_LIFECYCLE, VIR_DOMAIN_EVENT_CALLBACK(callback), opaque, freecb, NULL); @@ -673,6 +701,32 @@ static virDomainEventPtr virDomainEventN return event; } + +/** + * virDomainEventFilter: + * @conn: pointer to the connection + * @event: the event to check + * @opaque: opaque data holding ACL filter to use + * + * Internal function to run ACL filtering before dispatching an event + */ +static bool +virDomainEventFilter(virConnectPtr conn, virDomainEventPtr event, + void *opaque) +{ + virDomainDef dom; + virDomainObjListFilter filter = opaque; + + /* For now, we just create a virDomainDef with enough contents to + * satisfy what viraccessdriverpolkit.c references. This is a bit + * fragile, but I don't know of anything better. */ + dom.name = event->dom.name; + memcpy(dom.uuid, event->dom.uuid, VIR_UUID_BUFLEN); + + return (filter)(conn, &dom); +} + + virDomainEventPtr virDomainEventNew(int id, const char *name, const unsigned char *uuid, int type, int detail) @@ -1374,6 +1428,9 @@ static int virDomainEventDispatchMatchCa if (cb->eventID != event->eventID) return 0; + if (cb->filter && !(cb->filter)(cb->conn, event, cb->filter_opaque)) + return 0; + if (cb->dom) { /* Deliberately ignoring 'id' for matching, since that * will cause problems when a domain switches between @@ -1503,6 +1560,7 @@ virDomainEventStateFlush(virDomainEventS * virDomainEventStateRegister: * @conn: connection to associate with callback * @state: domain event state + * @filter: optional ACL filter to limit which events can be sent * @callback: function to remove from event * @opaque: data blob to pass to callback * @freecb: callback to free @opaque @@ -1515,6 +1573,7 @@ virDomainEventStateFlush(virDomainEventS int virDomainEventStateRegister(virConnectPtr conn, virDomainEventStatePtr state, + virDomainObjListFilter filter, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) @@ -1535,7 +1594,8 @@ virDomainEventStateRegister(virConnectPt } ret = virDomainEventCallbackListAdd(conn, state->callbacks, - callback, opaque, freecb); + filter ? virDomainEventFilter : NULL, + filter, callback, opaque, freecb); if (ret == -1 && state->callbacks->count == 0 && @@ -1554,6 +1614,7 @@ cleanup: * virDomainEventStateRegisterID: * @conn: connection to associate with callback * @state: domain event state + * @filter: optional ACL filter to limit which events can be sent * @eventID: ID of the event type to register for * @cb: function to remove from event * @opaque: data blob to pass to callback @@ -1568,6 +1629,7 @@ cleanup: int virDomainEventStateRegisterID(virConnectPtr conn, virDomainEventStatePtr state, + virDomainObjListFilter filter, virDomainPtr dom, int eventID, virConnectDomainEventGenericCallback cb, @@ -1590,8 +1652,9 @@ virDomainEventStateRegisterID(virConnect goto cleanup; } - ret = virDomainEventCallbackListAddID(conn, state->callbacks, - dom, eventID, cb, opaque, freecb, + ret = virDomainEventCallbackListAddID(conn, state->callbacks, dom, + filter ? virDomainEventFilter : NULL, + filter, eventID, cb, opaque, freecb, callbackID); if (ret == -1 && Index: libvirt-1.1.2/src/conf/domain_event.h =================================================================== --- libvirt-1.1.2.orig/src/conf/domain_event.h +++ libvirt-1.1.2/src/conf/domain_event.h @@ -1,7 +1,7 @@ /* * domain_event.h: domain event queue processing helpers * - * Copyright (C) 2012 Red Hat, Inc. + * Copyright (C) 2012-2014 Red Hat, Inc. * Copyright (C) 2008 VirtualIron * * This library is free software; you can redistribute it and/or @@ -149,19 +149,21 @@ virDomainEventStateQueue(virDomainEventS ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); int virDomainEventStateRegister(virConnectPtr conn, virDomainEventStatePtr state, + virDomainObjListFilter filter, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4); int virDomainEventStateRegisterID(virConnectPtr conn, virDomainEventStatePtr state, + virDomainObjListFilter filter, virDomainPtr dom, int eventID, virConnectDomainEventGenericCallback cb, void *opaque, virFreeCallback freecb, int *callbackID) - ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5); + ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6); int virDomainEventStateDeregister(virConnectPtr conn, virDomainEventStatePtr state, Index: libvirt-1.1.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_driver.c +++ libvirt-1.1.2/src/libxl/libxl_driver.c @@ -4202,6 +4202,7 @@ libxlConnectDomainEventRegister(virConne libxlDriverLock(driver); ret = virDomainEventStateRegister(conn, driver->domainEventState, + virConnectDomainEventRegisterCheckACL, callback, opaque, freecb); libxlDriverUnlock(driver); @@ -4879,6 +4880,7 @@ libxlConnectDomainEventRegisterAny(virCo libxlDriverLock(driver); if (virDomainEventStateRegisterID(conn, driver->domainEventState, + virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_driver.c +++ libvirt-1.1.2/src/lxc/lxc_driver.c @@ -1295,6 +1295,7 @@ lxcConnectDomainEventRegister(virConnect ret = virDomainEventStateRegister(conn, driver->domainEventState, + virConnectDomainEventRegisterCheckACL, callback, opaque, freecb); return ret; @@ -1335,6 +1336,7 @@ lxcConnectDomainEventRegisterAny(virConn if (virDomainEventStateRegisterID(conn, driver->domainEventState, + virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.1.2/src/qemu/qemu_driver.c @@ -9875,6 +9875,7 @@ qemuConnectDomainEventRegister(virConnec if (virDomainEventStateRegister(conn, driver->domainEventState, + virConnectDomainEventRegisterCheckACL, callback, opaque, freecb) < 0) goto cleanup; @@ -9923,6 +9924,7 @@ qemuConnectDomainEventRegisterAny(virCon if (virDomainEventStateRegisterID(conn, driver->domainEventState, + virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/remote/remote_driver.c =================================================================== --- libvirt-1.1.2.orig/src/remote/remote_driver.c +++ libvirt-1.1.2/src/remote/remote_driver.c @@ -4292,7 +4292,7 @@ static int remoteConnectDomainEventRegis remoteDriverLock(priv); - if ((count = virDomainEventStateRegister(conn, priv->domainEventState, + if ((count = virDomainEventStateRegister(conn, priv->domainEventState, NULL, callback, opaque, freecb)) < 0) { virReportError(VIR_ERR_RPC, "%s", _("adding cb to list")); goto done; @@ -5078,7 +5078,7 @@ static int remoteConnectDomainEventRegis remoteDriverLock(priv); if ((count = virDomainEventStateRegisterID(conn, - priv->domainEventState, + priv->domainEventState, NULL, dom, eventID, callback, opaque, freecb, &callbackID)) < 0) { Index: libvirt-1.1.2/src/remote/remote_protocol.x =================================================================== --- libvirt-1.1.2.orig/src/remote/remote_protocol.x +++ libvirt-1.1.2/src/remote/remote_protocol.x @@ -1952,7 +1952,7 @@ struct remote_node_device_destroy_args { /* * Events Register/Deregister: - * It would seem rpcgen does not like both args, and ret + * It would seem rpcgen does not like both args and ret * to be null. It will not generate the prototype otherwise. * Pass back a redundant boolean to force prototype generation. */ @@ -3606,7 +3606,8 @@ enum remote_procedure { /** * @generate: none * @priority: high - * @acl: connect:read + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER = 105, @@ -4038,7 +4039,8 @@ enum remote_procedure { /** * @generate: none * @priority: high - * @acl: connect:read + * @acl: connect:search_domains + * @aclfilter: domain:getattr */ REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY = 167, Index: libvirt-1.1.2/src/test/test_driver.c =================================================================== --- libvirt-1.1.2.orig/src/test/test_driver.c +++ libvirt-1.1.2/src/test/test_driver.c @@ -5628,7 +5628,7 @@ testConnectDomainEventRegister(virConnec testDriverLock(driver); ret = virDomainEventStateRegister(conn, - driver->domainEventState, + driver->domainEventState, NULL, callback, opaque, freecb); testDriverUnlock(driver); @@ -5666,7 +5666,7 @@ testConnectDomainEventRegisterAny(virCon testDriverLock(driver); if (virDomainEventStateRegisterID(conn, - driver->domainEventState, + driver->domainEventState, NULL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/uml/uml_driver.c =================================================================== --- libvirt-1.1.2.orig/src/uml/uml_driver.c +++ libvirt-1.1.2/src/uml/uml_driver.c @@ -2618,6 +2618,7 @@ umlConnectDomainEventRegister(virConnect umlDriverLock(driver); ret = virDomainEventStateRegister(conn, driver->domainEventState, + virConnectDomainEventRegisterCheckACL, callback, opaque, freecb); umlDriverUnlock(driver); @@ -2660,6 +2661,7 @@ umlConnectDomainEventRegisterAny(virConn umlDriverLock(driver); if (virDomainEventStateRegisterID(conn, driver->domainEventState, + virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/vbox/vbox_tmpl.c =================================================================== --- libvirt-1.1.2.orig/src/vbox/vbox_tmpl.c +++ libvirt-1.1.2/src/vbox/vbox_tmpl.c @@ -7265,7 +7265,7 @@ static int vboxConnectDomainEventRegiste * later you can iterate over them */ - ret = virDomainEventStateRegister(conn, data->domainEvents, + ret = virDomainEventStateRegister(conn, data->domainEvents, NULL, callback, opaque, freecb); VIR_DEBUG("virDomainEventStateRegister (ret = %d) (conn: %p, " "callback: %p, opaque: %p, " @@ -7357,7 +7357,7 @@ static int vboxConnectDomainEventRegiste * later you can iterate over them */ - if (virDomainEventStateRegisterID(conn, data->domainEvents, + if (virDomainEventStateRegisterID(conn, data->domainEvents, NULL, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; Index: libvirt-1.1.2/src/xen/xen_driver.c =================================================================== --- libvirt-1.1.2.orig/src/xen/xen_driver.c +++ libvirt-1.1.2/src/xen/xen_driver.c @@ -2306,6 +2306,7 @@ xenUnifiedConnectDomainEventRegister(vir } ret = virDomainEventStateRegister(conn, priv->domainEvents, + virConnectDomainEventRegisterCheckACL, callback, opaque, freefunc); xenUnifiedUnlock(priv); @@ -2363,6 +2364,7 @@ xenUnifiedConnectDomainEventRegisterAny( } if (virDomainEventStateRegisterID(conn, priv->domainEvents, + virConnectDomainEventRegisterAnyCheckACL, dom, eventID, callback, opaque, freefunc, &ret) < 0) ret = -1; ++++++ fix-pci-attach-xen-driver.patch ++++++ Fix PCI device attach in xend driver When attaching PCI device using the xend driver, the 'device_create' RPC is called, which is not sufficient to fully prepare/configure the device for attachment to a domain. In the xen tools, xm pci-attach uses the 'device_configure' RPC. This patch changes the xend driver to always call 'device_configure' for PCI devices to be consistent with the usage in the xen tools. Index: libvirt-1.1.2/src/xen/xend_internal.c =================================================================== --- libvirt-1.1.2.orig/src/xen/xend_internal.c +++ libvirt-1.1.2/src/xen/xend_internal.c @@ -2206,6 +2206,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr virBuffer buf = VIR_BUFFER_INITIALIZER; char class[8], ref[80]; char *target = NULL; + int new_dev; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); @@ -2304,8 +2305,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr } sexpr = virBufferContentAndReset(&buf); + new_dev = virDomainXMLDevID(conn, minidef, dev, class, ref, sizeof(ref)); - if (virDomainXMLDevID(conn, minidef, dev, class, ref, sizeof(ref))) { + /* always call 'device_configure' for pci device */ + if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && + dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && + dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { + ret = xend_op(conn, def->name, "op", "device_configure", + "config", sexpr, "dev", ref, NULL); + goto cleanup; + } + + if (new_dev) { /* device doesn't exist, define it */ ret = xend_op(conn, def->name, "op", "device_create", "config", sexpr, NULL); ++++++ install-apparmor-profiles.patch ++++++ Index: libvirt-1.1.2/examples/apparmor/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/apparmor/Makefile.am +++ libvirt-1.1.2/examples/apparmor/Makefile.am @@ -14,8 +14,45 @@ ## License along with this library. If not, see ## <http://www.gnu.org/licenses/>. -EXTRA_DIST= \ - TEMPLATE \ - libvirt-qemu \ - usr.lib.libvirt.virt-aa-helper \ - usr.sbin.libvirtd +EXTRA_DIST= \ + TEMPLATE \ + libvirt-qemu.in \ + usr.lib.libvirt.virt-aa-helper.in \ + usr.sbin.libvirtd.in + +if WITH_SECDRIVER_APPARMOR + +libvirt-qemu: libvirt-qemu.in + sed \ + -e 's![@]libdir[@]!$(libdir)!g' \ + < $< > $@-t + mv $@-t $@ + +usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in + sed \ + -e 's![@]libdir[@]!$(libdir)!g' \ + < $< > $@-t + mv $@-t $@ + +usr.sbin.libvirtd: usr.sbin.libvirtd.in + sed \ + -e 's![@]libdir[@]!$(libdir)!g' \ + < $< > $@-t + mv $@-t $@ + +install-data-local: libvirt-qemu usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper + $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt + $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions + $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu + +uninstall-local:: + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null +++ libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,41 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include <tunables/global> + +@libdir@/libvirt/virt-aa-helper { + #include <abstractions/base> + + # needed for searching directories + capability dac_override, + capability dac_read_search, + + # needed for when disk is on a network filesystem + network inet, + + @{PROC}/[0-9]** r, + deny @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, + + # for hostdev + /sys/devices/ r, + /sys/devices/** r, + + @libdir@/libvirt/virt-aa-helper mr, + /sbin/apparmor_parser Ux, + + /etc/apparmor.d/libvirt/* r, + /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, + + # for backingstore -- allow access to non-hidden files in @{HOME} as well + # as storage pools + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + audit deny @{HOME}/bin/ rw, + audit deny @{HOME}/bin/** mrwkl, + @{HOME}/ r, + @{HOME}/** r, + /var/lib/libvirt/images/ r, + /var/lib/libvirt/images/** r, + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== --- libvirt-1.1.2.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 -#include <tunables/global> - -/usr/lib/libvirt/virt-aa-helper { - #include <abstractions/base> - - # needed for searching directories - capability dac_override, - capability dac_read_search, - - # needed for when disk is on a network filesystem - network inet, - - deny @{PROC}/[0-9]*/mounts r, - @{PROC}/filesystems r, - - # for hostdev - /sys/devices/ r, - /sys/devices/** r, - - /usr/lib/libvirt/virt-aa-helper mr, - /sbin/apparmor_parser Ux, - - /etc/apparmor.d/libvirt/* r, - /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, - - # for backingstore -- allow access to non-hidden files in @{HOME} as well - # as storage pools - audit deny @{HOME}/.* mrwkl, - audit deny @{HOME}/.*/ rw, - audit deny @{HOME}/.*/** mrwkl, - audit deny @{HOME}/bin/ rw, - audit deny @{HOME}/bin/** mrwkl, - @{HOME}/ r, - @{HOME}/** r, - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-1.1.2.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 -#include <tunables/global> -@{LIBVIRT}="libvirt" - -/usr/sbin/libvirtd { - #include <abstractions/base> - - capability kill, - capability net_admin, - capability net_raw, - capability setgid, - capability sys_admin, - capability sys_module, - capability sys_ptrace, - capability sys_nice, - capability sys_chroot, - capability setuid, - capability dac_override, - capability dac_read_search, - capability fowner, - capability chown, - capability setpcap, - capability mknod, - capability fsetid, - - network inet stream, - network inet dgram, - network inet6 stream, - network inet6 dgram, - - # Very lenient profile for libvirtd since we want to first focus on confining - # the guests. Guests will have a very restricted profile. - /** rwmkl, - - /bin/* Ux, - /sbin/* Ux, - /usr/bin/* Ux, - /usr/sbin/* Ux, - - # force the use of virt-aa-helper - audit deny /sbin/apparmor_parser rwxl, - audit deny /etc/apparmor.d/libvirt/** wxl, - audit deny /sys/kernel/security/apparmor/features rwxl, - audit deny /sys/kernel/security/apparmor/matching rwxl, - audit deny /sys/kernel/security/apparmor/.* rwxl, - /sys/kernel/security/apparmor/profiles r, - /usr/lib/libvirt/* PUxr, - - # allow changing to our UUID-based named profiles - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null +++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in @@ -0,0 +1,62 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include <tunables/global> +@{LIBVIRT}="libvirt" + +/usr/sbin/libvirtd { + #include <abstractions/base> + + capability kill, + capability net_admin, + capability net_raw, + capability setgid, + capability sys_admin, + capability sys_module, + capability sys_ptrace, + capability sys_pacct, + capability sys_nice, + capability sys_chroot, + capability setuid, + capability dac_override, + capability dac_read_search, + capability fowner, + capability chown, + capability setpcap, + capability mknod, + capability fsetid, + capability ipc_lock, + + network inet stream, + network inet dgram, + network inet6 stream, + network inet6 dgram, + network packet dgram, + + # Very lenient profile for libvirtd since we want to first focus on confining + # the guests. Guests will have a very restricted profile. + /** rwmkl, + + /bin/* Ux, + /sbin/* Ux, + /usr/bin/* Ux, + /usr/sbin/* Ux, + /usr/lib/xen/bin/* Ux, + /usr/lib64/xen/bin/* Ux, + /usr/lib/PolicyKit/polkit-read-auth-helper Px, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, + audit deny /etc/apparmor.d/libvirt/** wxl, + audit deny /sys/kernel/security/apparmor/features rwxl, + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + /etc/libvirt/hooks/* rix, + /etc/xen/scripts/* rix, + @libdir@/libvirt/* Pxr, + @libdir@/libvirt/libvirt_parthelper Ux, + @libdir@/libvirt/libvirt_iohelper Ux, + + # allow changing to our UUID-based named profiles + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} Index: libvirt-1.1.2/examples/apparmor/libvirt-qemu =================================================================== --- libvirt-1.1.2.orig/examples/apparmor/libvirt-qemu +++ /dev/null @@ -1,129 +0,0 @@ -# Last Modified: Fri Mar 9 14:43:22 2012 - - #include <abstractions/base> - #include <abstractions/consoles> - #include <abstractions/nameservice> - - # required for reading disk images - capability dac_override, - capability dac_read_search, - capability chown, - - network inet stream, - network inet6 stream, - - /dev/net/tun rw, - /dev/kvm rw, - /dev/ptmx rw, - /dev/kqemu rw, - @{PROC}/*/status r, - - # For hostdev access. The actual devices will be added dynamically - /sys/bus/usb/devices/ r, - /sys/devices/*/*/usb[0-9]*/** r, - - # WARNING: this gives the guest direct access to host hardware and specific - # portions of shared memory. This is required for sound using ALSA with kvm, - # but may constitute a security risk. If your environment does not require - # the use of sound in your VMs, feel free to comment out or prepend 'deny' to - # the rules for files in /dev. - /{dev,run}/shm r, - /{dev,run}/shmpulse-shm* r, - /{dev,run}/shmpulse-shm* rwk, - /dev/snd/* rw, - capability ipc_lock, - # 'kill' is not required for sound and is a security risk. Do not enable - # unless you absolutely need it. - deny capability kill, - - # Uncomment the following if you need access to /dev/fb* - #/dev/fb* rw, - - /etc/pulse/client.conf r, - @{HOME}/.pulse-cookie rwk, - owner /root/.pulse-cookie rwk, - owner /root/.pulse/ rw, - owner /root/.pulse/* rw, - /usr/share/alsa/** r, - owner /tmp/pulse-*/ rw, - owner /tmp/pulse-*/* rw, - /var/lib/dbus/machine-id r, - - # access to firmware's etc - /usr/share/kvm/** r, - /usr/share/qemu/** r, - /usr/share/bochs/** r, - /usr/share/openbios/** r, - /usr/share/openhackware/** r, - /usr/share/proll/** r, - /usr/share/vgabios/** r, - /usr/share/seabios/** r, - - # access PKI infrastructure - /etc/pki/libvirt-vnc/** r, - - # the various binaries - /usr/bin/kvm rmix, - /usr/bin/qemu rmix, - /usr/bin/qemu-system-arm rmix, - /usr/bin/qemu-system-cris rmix, - /usr/bin/qemu-system-i386 rmix, - /usr/bin/qemu-system-m68k rmix, - /usr/bin/qemu-system-microblaze rmix, - /usr/bin/qemu-system-microblazeel rmix, - /usr/bin/qemu-system-mips rmix, - /usr/bin/qemu-system-mips64 rmix, - /usr/bin/qemu-system-mips64el rmix, - /usr/bin/qemu-system-mipsel rmix, - /usr/bin/qemu-system-ppc rmix, - /usr/bin/qemu-system-ppc64 rmix, - /usr/bin/qemu-system-ppcemb rmix, - /usr/bin/qemu-system-sh4 rmix, - /usr/bin/qemu-system-sh4eb rmix, - /usr/bin/qemu-system-sparc rmix, - /usr/bin/qemu-system-sparc64 rmix, - /usr/bin/qemu-system-x86_64 rmix, - /usr/bin/qemu-alpha rmix, - /usr/bin/qemu-arm rmix, - /usr/bin/qemu-armeb rmix, - /usr/bin/qemu-cris rmix, - /usr/bin/qemu-i386 rmix, - /usr/bin/qemu-m68k rmix, - /usr/bin/qemu-microblaze rmix, - /usr/bin/qemu-microblazeel rmix, - /usr/bin/qemu-mips rmix, - /usr/bin/qemu-mipsel rmix, - /usr/bin/qemu-ppc rmix, - /usr/bin/qemu-ppc64 rmix, - /usr/bin/qemu-ppc64abi32 rmix, - /usr/bin/qemu-sh4 rmix, - /usr/bin/qemu-sh4eb rmix, - /usr/bin/qemu-sparc rmix, - /usr/bin/qemu-sparc64 rmix, - /usr/bin/qemu-sparc32plus rmix, - /usr/bin/qemu-sparc64 rmix, - /usr/bin/qemu-x86_64 rmix, - - # for save and resume - /bin/dash rmix, - /bin/dd rmix, - /bin/cat rmix, - - /usr/libexec/qemu-bridge-helper Cx, - # child profile for bridge helper process - profile /usr/libexec/qemu-bridge-helper { - #include <abstractions/base> - - capability setuid, - capability setgid, - capability setpcap, - capability net_admin, - - network inet stream, - - /dev/net/tun rw, - /etc/qemu/** r, - owner @{PROC}/*/status r, - - /usr/libexec/qemu-bridge-helper rmix, - } Index: libvirt-1.1.2/examples/apparmor/libvirt-qemu.in =================================================================== --- /dev/null +++ libvirt-1.1.2/examples/apparmor/libvirt-qemu.in @@ -0,0 +1,132 @@ +# Last Modified: Fri Mar 9 14:43:22 2012 + + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/nameservice> + + # required for reading disk images + capability dac_override, + capability dac_read_search, + capability chown, + capability setgid, + + network inet stream, + network inet6 stream, + + /dev/net/tun rw, + /dev/kvm rw, + /dev/ptmx rw, + /dev/kqemu rw, + @{PROC}/*/status r, + + # For hostdev access. The actual devices will be added dynamically + /sys/bus/usb/devices/ r, + /sys/devices/*/*/usb[0-9]*/** r, + + # WARNING: this gives the guest direct access to host hardware and specific + # portions of shared memory. This is required for sound using ALSA with kvm, + # but may constitute a security risk. If your environment does not require + # the use of sound in your VMs, feel free to comment out or prepend 'deny' to + # the rules for files in /dev. + /{dev,run}/shm r, + /{dev,run}/shmpulse-shm* r, + /{dev,run}/shmpulse-shm* rwk, + /dev/snd/* rw, + capability ipc_lock, + # 'kill' is not required for sound and is a security risk. Do not enable + # unless you absolutely need it. + deny capability kill, + + # Uncomment the following if you need access to /dev/fb* + #/dev/fb* rw, + + /etc/pulse/client.conf r, + @{HOME}/.pulse-cookie rwk, + owner /root/.pulse-cookie rwk, + owner /root/.pulse/ rw, + owner /root/.pulse/* rw, + /usr/share/alsa/** r, + owner /tmp/pulse-*/ rw, + owner /tmp/pulse-*/* rw, + /var/lib/dbus/machine-id r, + + # access to firmware's etc + /usr/share/kvm/** r, + /usr/share/qemu/** r, + /usr/share/qemu-kvm/** r, + /usr/share/bochs/** r, + /usr/share/openbios/** r, + /usr/share/openhackware/** r, + /usr/share/proll/** r, + /usr/share/vgabios/** r, + /usr/share/seabios/** r, + + # access PKI infrastructure + /etc/pki/libvirt-vnc/** r, + + # the various binaries + /usr/bin/kvm rmix, + /usr/bin/qemu rmix, + /usr/bin/qemu-kvm rmix, + /usr/bin/qemu-system-arm rmix, + /usr/bin/qemu-system-cris rmix, + /usr/bin/qemu-system-i386 rmix, + /usr/bin/qemu-system-m68k rmix, + /usr/bin/qemu-system-microblaze rmix, + /usr/bin/qemu-system-microblazeel rmix, + /usr/bin/qemu-system-mips rmix, + /usr/bin/qemu-system-mips64 rmix, + /usr/bin/qemu-system-mips64el rmix, + /usr/bin/qemu-system-mipsel rmix, + /usr/bin/qemu-system-ppc rmix, + /usr/bin/qemu-system-ppc64 rmix, + /usr/bin/qemu-system-ppcemb rmix, + /usr/bin/qemu-system-sh4 rmix, + /usr/bin/qemu-system-sh4eb rmix, + /usr/bin/qemu-system-sparc rmix, + /usr/bin/qemu-system-sparc64 rmix, + /usr/bin/qemu-system-x86_64 rmix, + /usr/bin/qemu-alpha rmix, + /usr/bin/qemu-arm rmix, + /usr/bin/qemu-armeb rmix, + /usr/bin/qemu-cris rmix, + /usr/bin/qemu-i386 rmix, + /usr/bin/qemu-m68k rmix, + /usr/bin/qemu-microblaze rmix, + /usr/bin/qemu-microblazeel rmix, + /usr/bin/qemu-mips rmix, + /usr/bin/qemu-mipsel rmix, + /usr/bin/qemu-ppc rmix, + /usr/bin/qemu-ppc64 rmix, + /usr/bin/qemu-ppc64abi32 rmix, + /usr/bin/qemu-sh4 rmix, + /usr/bin/qemu-sh4eb rmix, + /usr/bin/qemu-sparc rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-sparc32plus rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-x86_64 rmix, + + # for save and resume + /bin/dash rmix, + /bin/dd rmix, + /bin/cat rmix, + + @libdir@/qemu-bridge-helper Cx, + # child profile for bridge helper process + profile @libdir@/qemu-bridge-helper { + #include <abstractions/base> + + capability setuid, + capability setgid, + capability setpcap, + capability net_admin, + + network inet stream, + + /dev/net/tun rw, + /etc/qemu/** r, + owner @{PROC}/*/status r, + + @libdir@/qemu-bridge-helper rmix, + } ++++++ libvirt-guests-init-script.patch ++++++ Adjust libvirt-guests init files to conform to SUSE standards Index: libvirt-1.1.2/tools/libvirt-guests.init.in =================================================================== --- libvirt-1.1.2.orig/tools/libvirt-guests.init.in +++ libvirt-1.1.2/tools/libvirt-guests.init.in @@ -3,15 +3,15 @@ # the following is the LSB init header # ### BEGIN INIT INFO -# Provides: libvirt-guests -# Required-Start: libvirtd -# Required-Stop: libvirtd -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 +# Provides: libvirt-guests +# Required-Start: $network $remote_fs libvirtd +# Required-Stop: $network $remote_fs libvirtd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 4 6 # Short-Description: suspend/resume libvirt guests on shutdown/boot -# Description: This is a script for suspending active libvirt guests -# on shutdown and resuming them on next boot -# See http://libvirt.org +# Description: This is a script for suspending active libvirt guests +# on shutdown and resuming them on next boot +# See http://libvirt.org ### END INIT INFO # the following is chkconfig init header Index: libvirt-1.1.2/tools/libvirt-guests.sh.in =================================================================== --- libvirt-1.1.2.orig/tools/libvirt-guests.sh.in +++ libvirt-1.1.2/tools/libvirt-guests.sh.in @@ -16,14 +16,13 @@ # License along with this library. If not, see # <http://www.gnu.org/licenses/>. +. /etc/rc.status +rc_reset + sysconfdir="@sysconfdir@" localstatedir="@localstatedir@" libvirtd="@sbindir@"/libvirtd -# Source function library. -test ! -r "$sysconfdir"/rc.d/init.d/functions || - . "$sysconfdir"/rc.d/init.d/functions - # Source gettext library. # Make sure this file is recognized as having translations: _("dummy") . "@bindir@"/gettext.sh @@ -44,9 +43,11 @@ test -f "$sysconfdir"/sysconfig/libvirt- . "$sysconfdir"/sysconfig/libvirt-guests LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests -VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests - -RETVAL=0 +if [ -d "$localstatedir"/lock/subsys ]; then + VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests +else + VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests +fi # retval COMMAND ARGUMENTS... # run command with arguments and convert non-zero return value to 1 and set @@ -54,7 +55,7 @@ RETVAL=0 retval() { "$@" if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 else return 0 @@ -83,6 +84,25 @@ run_virsh_c() { ( export LC_ALL=C; run_virsh "$@" ) } +await_daemon_up() +{ + uri=$1 + i=1 + rets=10 + run_virsh $uri list > /dev/null 2>&1 + while [ $? -ne 0 -a $i -lt $rets ]; do + sleep 1 + echo -n . + i=$(($i + 1)) + run_virsh $uri list > /dev/null 2>&1 + done + if [ $i -eq $rets ]; then + echo $"libvirt-guests unable to connect to URI: $uri" + return 1 + fi + return 0 +} + # test_connect URI # check if URI is reachable test_connect() @@ -114,7 +134,7 @@ list_guests() { list=$(run_virsh_c "$uri" list --uuid $persistent) if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 fi @@ -140,7 +160,7 @@ guest_is_on() { guest_running=false id=$(run_virsh "$uri" domid "$uuid") if [ $? -ne 0 ]; then - RETVAL=1 + rc_failed 1 return 1 fi @@ -188,6 +208,12 @@ start() { test_connect "$uri" || continue + await_daemon_up $uri + if [ $? -ne 0 ]; then + echo $"Ignoring guests on $uri URI, can't connect" + continue + fi + eval_gettext "Resuming guests on \$uri URI..."; echo for guest in $list; do name=$(guest_name "$uri" "$guest") @@ -401,7 +427,7 @@ shutdown_guests_parallel() timeout=$(($timeout - 1)) if [ $timeout -le 0 ]; then eval_gettext "Timeout expired while shutting down domains"; echo - RETVAL=1 + rc_failed 1 return fi else @@ -429,7 +455,7 @@ stop() { if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0" echo - RETVAL=6 + rc_failed 6 return fi fi @@ -477,14 +503,14 @@ stop() { if [ $? -ne 0 ]; then eval_gettext "Failed to list persistent guests on \$uri" echo - RETVAL=1 + rc_failed 1 set +f return fi else gettext "Failed to list transient guests" echo - RETVAL=1 + rc_failed 1 set +f return fi @@ -543,14 +569,13 @@ gueststatus() { rh_status() { if [ -f "$LISTFILE" ]; then gettext "stopped, with saved guests"; echo - RETVAL=3 + rc_failed 3 else if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then gettext "started"; echo - RETVAL=0 else gettext "stopped, with no saved guests"; echo - RETVAL=3 + rc_failed 3 fi fi } @@ -595,4 +620,4 @@ case "$1" in usage ;; esac -exit $RETVAL +rc_exit Index: libvirt-1.1.2/tools/libvirt-guests.sysconf =================================================================== --- libvirt-1.1.2.orig/tools/libvirt-guests.sysconf +++ libvirt-1.1.2/tools/libvirt-guests.sysconf @@ -1,19 +1,29 @@ +## Path: System/Virtualization/libvirt-guests + +## Type: string +## Default: default # URIs to check for running guests # example: URIS='default xen:/// vbox+tcp://host/system lxc:///' -#URIS=default +URIS=default +## Type: string +## Default: start # action taken on host boot # - start all guests which were running on shutdown are started on boot # regardless on their autostart settings # - ignore libvirt-guests init script won't start any guest on boot, however, # guests marked as autostart will still be automatically started by # libvirtd -#ON_BOOT=start +ON_BOOT=start +## Type: integer +## Default: 0 # Number of seconds to wait between each guest start. Set to 0 to allow # parallel startup. -#START_DELAY=0 +START_DELAY=0 +## Type: string +## Default: suspend # action taken on host shutdown # - suspend all running guests are suspended using virsh managedsave # - shutdown all running guests are asked to shutdown. Please be careful with @@ -22,12 +32,16 @@ # which just needs a long time to shutdown. When setting # ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a # value suitable for your guests. -#ON_SHUTDOWN=suspend +ON_SHUTDOWN=suspend +## Type: integer +## Default: 0 # If set to non-zero, shutdown will suspend guests concurrently. Number of # guests on shutdown at any time will not exceed number set in this variable. -#PARALLEL_SHUTDOWN=0 +PARALLEL_SHUTDOWN=0 +## Type: integer +## Default: 300 # Number of seconds we're willing to wait for a guest to shut down. If parallel # shutdown is enabled, this timeout applies as a timeout for shutting down all # guests on a single URI defined in the variable URIS. If this is 0, then there @@ -35,7 +49,9 @@ # request). The default value is 300 seconds (5 minutes). #SHUTDOWN_TIMEOUT=300 +## Type: integer +## Default: 0 # If non-zero, try to bypass the file system cache when saving and # restoring guests, even though this may give slower operation for # some file systems. -#BYPASS_CACHE=0 +BYPASS_CACHE=0 ++++++ libvirt-suse-netcontrol.patch ++++++ Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac @@ -174,6 +174,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF +LIBVIRT_CHECK_NETCONTROL LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS @@ -2298,11 +2299,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi -dnl The interface driver depends on the netcf library or udev library -case $with_interface:$with_netcf:$with_udev in +dnl The interface driver depends on the netcf library, netcontrol library, or +dnl udev library +case $with_interface:$with_netcf:$with_netcontrol:$with_udev in check:*yes*) with_interface=yes ;; check:no:no) with_interface=no ;; - yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf or udev support]) ;; + yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf, netcontrol, or udev support]) ;; esac if test "$with_interface" = "yes" ; then @@ -2610,6 +2612,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF +LIBVIRT_RESULT_NETCONTROL LIBVIRT_RESULT_NUMACTL LIBVIRT_RESULT_OPENWSMAN LIBVIRT_RESULT_PCIACCESS Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -754,6 +754,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif +if WITH_NETCONTROL +INTERFACE_DRIVER_SOURCES += \ + interface/interface_backend_netcf.c +endif if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c @@ -1314,11 +1318,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else +if WITH_NETCONTROL +libvirt_driver_interface_la_CFLAGS += $(NETCONTROL_CFLAGS) +libvirt_driver_interface_la_LIBADD += $(NETCONTROL_LIBS) +else if WITH_UDEV libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS) libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS) endif endif +endif if WITH_DRIVER_MODULES libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la libvirt_driver_interface_la_LDFLAGS += -module -avoid-version Index: libvirt-1.1.2/tools/virsh.c =================================================================== --- libvirt-1.1.2.orig/tools/virsh.c +++ libvirt-1.1.2/tools/virsh.c @@ -2864,6 +2864,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE vshPrint(ctl, " Interface"); # if defined(WITH_NETCF) vshPrint(ctl, " netcf"); +# elif defined(WITH_NETCONTROL) + vshPrint(ctl, " netcontrol"); # elif defined(WITH_UDEV) vshPrint(ctl, " udev"); # endif Index: libvirt-1.1.2/src/interface/interface_backend_netcf.c =================================================================== --- libvirt-1.1.2.orig/src/interface/interface_backend_netcf.c +++ libvirt-1.1.2/src/interface/interface_backend_netcf.c @@ -23,7 +23,12 @@ #include <config.h> -#include <netcf.h> +#ifdef WITH_NETCONTROL +# include <netcontrol/netcf.h> +# include <netcontrol/logger.h> +#else +# include <netcf.h> +#endif #include "virerror.h" #include "datatypes.h" @@ -54,6 +59,38 @@ static void interfaceDriverUnlock(struct virMutexUnlock(&driver->lock); } +#ifdef WITH_NETCONTROL +static void +interface_nc_log_driver(const char *category, + int priority, + const char *func, + const char *file, + long long line, + const char *msg, + size_t len ATTRIBUTE_UNUSED) +{ + int vp; + + switch(priority) { + case NC_LOG_FATAL: + case NC_LOG_ERROR: + vp = VIR_LOG_ERROR; + break; + case NC_LOG_WARN: + vp = VIR_LOG_WARN; + break; + case NC_LOG_INFO: + vp = VIR_LOG_INFO; + break; + case NC_LOG_DEBUG: + default: + vp = VIR_LOG_DEBUG; + break; + } + virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg); +} +#endif + /* * Get a minimal virInterfaceDef containing enough metadata * for access control checks to be performed. Currently @@ -164,6 +201,10 @@ static virDrvOpenStatus netcfInterfaceOp goto mutex_error; } +#ifdef WITH_NETCONTROL + nc_logger_redirect_to(interface_nc_log_driver); +#endif + /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { Index: libvirt-1.1.2/src/interface/interface_driver.c =================================================================== --- libvirt-1.1.2.orig/src/interface/interface_driver.c +++ libvirt-1.1.2/src/interface/interface_driver.c @@ -28,8 +28,15 @@ interfaceRegister(void) { if (netcfIfaceRegister() == 0) return 0; #endif /* WITH_NETCF */ +#ifdef WITH_NETCONTROL + /* Attempt to load the netcontrol based backend, which is a slightly + patched netcf backend */ + if (netcfIfaceRegister() == 0) + return 0; +#endif /* WITH_NETCONTROL */ #if WITH_UDEV - /* If there's no netcf or it failed to load, register the udev backend */ + /* If there's no netcf or netcontrol, or it failed to load, register the + udev backend */ if (udevIfaceRegister() == 0) return 0; #endif /* WITH_UDEV */ Index: libvirt-1.1.2/m4/virt-netcontrol.m4 =================================================================== --- /dev/null +++ libvirt-1.1.2/m4/virt-netcontrol.m4 @@ -0,0 +1,35 @@ +dnl The libnetcontrol library +dnl +dnl Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_CHECK_NETCONTROL],[ + LIBVIRT_CHECK_PKG([NETCONTROL], [netcontrol], [0.2.0]) + + if test "$with_netcontrol" = "yes" ; then + old_CFLAGS="$CFLAGS" + old_LIBS="$CFLAGS" + CFLAGS="$CFLAGS $NETCONTROL_CFLAGS" + LIBS="$LIBS $NETCONTROL_LIBS" + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + fi +]) + +AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[ + LIBVIRT_RESULT_LIB([NETCONTROL]) +]) ++++++ libvirtd-defaults.patch ++++++ Index: libvirt-1.1.2/daemon/libvirtd.conf =================================================================== --- libvirt-1.1.2.orig/daemon/libvirtd.conf +++ libvirt-1.1.2/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. # -# This is enabled by default, uncomment this to disable it -#listen_tls = 0 +# This is disabled by default, uncomment this to enable it +#listen_tls = 1 # Listen for unencrypted TCP connections on the public TCP/IP port. # NB, must pass the --listen flag to the libvirtd process for this to Index: libvirt-1.1.2/daemon/libvirtd-config.c =================================================================== --- libvirt-1.1.2.orig/daemon/libvirtd-config.c +++ libvirt-1.1.2/daemon/libvirtd-config.c @@ -222,7 +222,7 @@ daemonConfigNew(bool privileged ATTRIBUT if (VIR_ALLOC(data) < 0) return NULL; - data->listen_tls = 1; + data->listen_tls = 0; data->listen_tcp = 0; if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 || ++++++ libvirtd-init-script.patch ++++++ Adjust libvirtd sysconfig file to conform to SUSE standards Index: libvirt-1.1.2/daemon/libvirtd.sysconf =================================================================== --- libvirt-1.1.2.orig/daemon/libvirtd.sysconf +++ libvirt-1.1.2/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + +## Type: string +## Default: /etc/libvirt/libvirtd.conf # Override the default config file # NOTE: This setting is no longer honoured if using # systemd. Set '--config /etc/libvirt/libvirtd.conf' # in LIBVIRTD_ARGS instead. -#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf +LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf -# Listen for TCP/IP connections -# NB. must setup TLS/SSL keys prior to using this -#LIBVIRTD_ARGS="--listen" +## Type: string +## Default: --listen +# Arguments to pass to libvirtd +LIBVIRTD_ARGS="--listen" +## Type: string +## Default: none # Override Kerberos service keytab for SASL/GSSAPI #KRB5_KTNAME=/etc/libvirt/krb5.tab +## Type: string +## Default: none # Override the QEMU/SDL default audio driver probing when # starting virtual machines using SDL graphics # @@ -20,5 +29,7 @@ # #SDL_AUDIODRIVER=pulse -# Override the maximum number of opened files -#LIBVIRTD_NOFILES_LIMIT=2048 +## Type: integer +## Default: 2048 +## Override the maximum number of opened files +LIBVIRTD_NOFILES_LIMIT=2048 ++++++ libvirtd-relocation-server.fw ++++++ ## Name: Libvirtd Relocation Server ## Description: Enables libvirtd plain relocation service TCP="49152:49215" ++++++ libvirtd.init ++++++ #!/bin/sh # the following is the LSB init header see # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge… # ### BEGIN INIT INFO # Provides: libvirtd # Required-Start: $network $remote_fs # Should-Start: xend cgconfig # Default-Start: 3 5 # Required-Stop: $network $remote_fs # Should-Stop: xend cgconfig # Default-Stop: 0 1 2 4 6 # Short-Description: daemon for libvirt virtualization API # Description: This is a daemon for managing QEMU guest instances # and libvirt virtual networks # See http://libvirt.org ### END INIT INFO LIBVIRTD_BIN=/usr/sbin/libvirtd LIBVIRTD_PIDFILE=/var/run/libvirtd.pid test -x $LIBVIRTD_BIN || { echo "$LIBVIRD_BIN not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } . /etc/rc.status rc_reset test -f /etc/sysconfig/libvirtd && . /etc/sysconfig/libvirtd LIBVIRTD_CONFIG_ARGS= if [ -n "$LIBVIRTD_CONFIG" ] then LIBVIRTD_CONFIG_ARGS="--config $LIBVIRTD_CONFIG" fi case "$1" in start) if [ -e $LIBVIRTD_PIDFILE ]; then if checkproc $LIBVIRTD_BIN ; then echo -n "libvirtd is already running." rc_status -v exit else echo "Removing stale PID file $LIBVIRTD_PIDFILE." rm -f $LIBVIRTD_PIDFILE fi fi echo -n "Starting libvirtd " mkdir -p /var/cache/libvirt rm -rf /var/cache/libvirt/* # LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled # automatically if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then ulimit -n "$LIBVIRTD_NOFILES_LIMIT" fi startproc $LIBVIRTD_BIN --daemon $LIBVIRTD_CONFIG_ARGS $LIBVIRTD_ARGS rc_status -v ;; stop) echo -n "Shutting down libvirtd " rm -rf /var/cache/libvirt/* killproc -TERM $LIBVIRTD_BIN > /dev/null 2>&1 rm -f $LIBVIRTD_PIDFILE rc_status -v ;; try-restart) $0 status >/dev/null && $0 restart rc_status ;; restart) $0 stop $0 start rc_status ;; reload) killproc -HUP $LIBVIRTD_BIN rc_status -v ;; status) echo -n "Checking status of libvirtd " checkproc $LIBVIRTD_BIN rc_status -v ;; *) echo "Usage: $0 {start|stop|restart|try-restart|reload|status}" rc_failed 2 rc_exit ;; esac rc_exit ++++++ libxl-hvm-vnc.patch ++++++ Index: libvirt-1.1.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_conf.c +++ libvirt-1.1.2/src/libxl/libxl_conf.c @@ -524,6 +524,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de } static int +libxlFixupDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config) +{ + libxl_domain_build_info *b_info = &d_config->b_info; + int hvm = STREQ(def->os.type, "hvm"); + libxl_device_vfb vfb; + + if (!hvm) + return 0; + + if (d_config->num_vfbs) { + vfb = d_config->vfbs[0]; + if (libxl_defbool_val(vfb.vnc.enable)) + memcpy(&b_info->u.hvm.vnc, &vfb.vnc, sizeof(libxl_vnc_info)); + else if (libxl_defbool_val(vfb.sdl.enable)) + memcpy(&b_info->u.hvm.sdl, &vfb.sdl, sizeof(libxl_sdl_info)); + else + return -1; + } + + return 0; +} + + +static int libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config) { virDomainDefPtr def = vm->def; @@ -1040,6 +1064,9 @@ libxlBuildDomainConfig(libxlDriverPrivat if (libxlMakeVfbList(driver, def, d_config) < 0) return -1; + if (libxlFixupDomBuildInfo(def, d_config) < 0) + return -1; + d_config->on_reboot = def->onReboot; d_config->on_poweroff = def->onPoweroff; d_config->on_crash = def->onCrash; ++++++ support-managed-pci-xen-driver.patch ++++++ >From 5aeda96eafd230af55343e7ef835e081ded484aa Mon Sep 17 00:00:00 2001 From: Chunyan Liu <cyliu(a)suse.com> Date: Fri, 25 Jan 2013 17:37:14 +0800 Subject: [PATCH] support managed pci devices in xen driver --- src/xenxs/xen_sxpr.c | 22 ++++++++-------------- src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 15 deletions(-) Index: libvirt-1.1.2/src/xenxs/xen_sxpr.c =================================================================== --- libvirt-1.1.2.orig/src/xenxs/xen_sxpr.c +++ libvirt-1.1.2/src/xenxs/xen_sxpr.c @@ -993,6 +993,7 @@ xenParseSxprPCI(virDomainDefPtr def, int busID; int slotID; int funcID; + bool managed; node = cur->u.s.car; if (!sexpr_lookup(node, "dev")) @@ -1040,11 +1041,13 @@ xenParseSxprPCI(virDomainDefPtr def, goto error; } + managed = sexpr_int(node, "dev/opts/managed"); + if (!(dev = virDomainHostdevDefAlloc())) goto error; dev->mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS; - dev->managed = false; + dev->managed = managed ? true : false; dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; dev->source.subsys.u.pci.addr.domain = domainID; dev->source.subsys.u.pci.addr.bus = busID; @@ -1990,11 +1993,15 @@ static void xenFormatSxprPCI(virDomainHostdevDefPtr def, virBufferPtr buf) { - virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x))", + virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x)", def->source.subsys.u.pci.addr.domain, def->source.subsys.u.pci.addr.bus, def->source.subsys.u.pci.addr.slot, def->source.subsys.u.pci.addr.function); + + if (def->managed) + virBufferAddLit(buf, "(opts (managed 1))"); + virBufferAddLit(buf, ")"); } @@ -2013,12 +2020,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP virBufferPtr buf, int detach) { - if (def->managed) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("managed PCI devices not supported with XenD")); - return -1; - } - virBufferAddLit(buf, "(pci "); xenFormatSxprPCI(def, buf); if (detach) @@ -2073,12 +2074,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def, for (i = 0; i < def->nhostdevs; i++) { if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { - if (def->hostdevs[i]->managed) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("managed PCI devices not supported with XenD")); - return -1; - } - xenFormatSxprPCI(def->hostdevs[i], buf); } } Index: libvirt-1.1.2/src/xenxs/xen_xm.c =================================================================== --- libvirt-1.1.2.orig/src/xenxs/xen_xm.c +++ libvirt-1.1.2/src/xenxs/xen_xm.c @@ -802,6 +802,8 @@ xenParseXM(virConfPtr conf, int xendConf int busID; int slotID; int funcID; + char *opt; + int managed = 0; domain[0] = bus[0] = slot[0] = func[0] = '\0'; @@ -811,6 +813,11 @@ xenParseXM(virConfPtr conf, int xendConf /* pci=['0000:00:1b.0','0000:00:13.0'] */ if (!(key = list->str)) goto skippci; + + opt = strchr(key, ','); + if (opt) + opt++; + if (!(nextkey = strchr(key, ':'))) goto skippci; @@ -859,10 +866,30 @@ xenParseXM(virConfPtr conf, int xendConf if (virStrToLong_i(func, NULL, 16, &funcID) < 0) goto skippci; + if (opt) { + char opt_managed[2]; + char *data; + + opt_managed[0] = '\0'; + data = strchr(opt, '='); + data++; + + if (STRPREFIX(opt, "managed=")) { + if (virStrncpy(opt_managed, data, 1, sizeof(opt_managed)) == NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("managed option %s too big for destination"), + data); + goto skippci; + } + } + if (virStrToLong_i(opt_managed, NULL, 10, &managed) < 0) + goto skippci; + } + if (!(hostdev = virDomainHostdevDefAlloc())) goto cleanup; - hostdev->managed = false; + hostdev->managed = managed ? true : false; hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI; hostdev->source.subsys.u.pci.addr.domain = domainID; hostdev->source.subsys.u.pci.addr.bus = busID; ++++++ suse-qemu-conf.patch ++++++ Index: libvirt-1.1.2/src/qemu/qemu.conf =================================================================== --- libvirt-1.1.2.orig/src/qemu/qemu.conf +++ libvirt-1.1.2/src/qemu/qemu.conf @@ -175,7 +175,16 @@ # a special value; security_driver can be set to that value in # isolation, but it cannot appear in a list of drivers. # +# SUSE Note: +# Currently, Apparmor is the default security framework in SUSE +# distros. If Apparmor is enabled on the host, libvirtd is +# generously confined but users must opt-in to confine qemu +# instances. Change this to 'apparmor' to enable Apparmor +# confinement of qemu instances. +# #security_driver = "selinux" +# security_driver = "apparmor" +security_driver = "none" # If set to non-zero, then the default security labeling # will make guests confined. If set to zero, then guests @@ -371,6 +380,15 @@ #allow_disk_format_probing = 1 +# SUSE note: +# Many lock managers, sanlock included, will kill the resources +# they protect when terminated. E.g. the sanlock daemon will kill +# any virtual machines for which it holds disk leases when the +# daemon is stopped or restarted. Administrators must be vigilant +# when enabling a lock manager since simply updating the manager +# may cause it to be restarted, potentially killing the resources +# it protects. +# # To enable 'Sanlock' project based locking of the file # content (to prevent two VMs writing to the same # disk), uncomment this ++++++ systemd-service-xen.patch ++++++ Index: libvirt-1.1.2/daemon/libvirtd.service.in =================================================================== --- libvirt-1.1.2.orig/daemon/libvirtd.service.in +++ libvirt-1.1.2/daemon/libvirtd.service.in @@ -9,6 +9,8 @@ Before=libvirt-guests.service After=network.target After=dbus.service After=iscsid.service +Wants=xencommons.service +After=xencommons.service [Service] Type=notify ++++++ virtlockd-init-script.patch ++++++ Adjust virtlockd init files to conform to SUSE standards Index: libvirt-1.1.2/src/locking/virtlockd.sysconf =================================================================== --- libvirt-1.1.2.orig/src/locking/virtlockd.sysconf +++ libvirt-1.1.2/src/locking/virtlockd.sysconf @@ -1,3 +1,7 @@ +## Path: System/Virtualization/virtlockd + +## Type: string +## Default: "" # # Pass extra arguments to virtlockd #VIRTLOCKD_ARGS= Index: libvirt-1.1.2/src/locking/virtlockd.init.in =================================================================== --- libvirt-1.1.2.orig/src/locking/virtlockd.init.in +++ libvirt-1.1.2/src/locking/virtlockd.init.in @@ -4,11 +4,13 @@ # http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge… # ### BEGIN INIT INFO -# Provides: virtlockd -# Default-Start: 3 4 5 +# Provides: virtlockd +# Required-Start: $network $remote_fs +# Default-Start: 3 4 5 +# Required-Stop: $network $remote_fs # Short-Description: virtual machine lock manager -# Description: This is a daemon for managing locks -# on virtual machine disk images +# Description: This is a daemon for managing locks +# on virtual machine disk images ### END INIT INFO # the following is chkconfig init header @@ -23,35 +25,33 @@ # pidfile: @localstatedir@/run/libvirt/virtlockd.pid # -# Source function library. -. @sysconfdir@/rc.d/init.d/functions +. @sysconfdir@/rc.status +rc_reset SERVICE=virtlockd -PROCESS=virtlockd -PIDFILE=@localstatedir@/run/libvirt/lockd/$SERVICE.pid +PROCESS=@sbindir@/virtlockd +PIDDIR=@localstatedir@/run/libvirt/lockd/ +PIDFILE=$PIDDIR/$SERVICE.pid VIRTLOCKD_ARGS= test -f @sysconfdir@/sysconfig/virtlockd && . @sysconfdir@/sysconfig/virtlockd -RETVAL=0 - start() { - echo -n $"Starting $SERVICE daemon: " - daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $VIRTLOCKD_ARGS + echo -n $"Starting $SERVICE " + test -d $PIDDIR || mkdir -p $PIDDIR + startproc -p $PIDFILE $PROCESS --pid-file $PIDFILE --daemon $VIRTLOCKD_ARGS RETVAL=$? - echo - [ $RETVAL -eq 0 ] && touch @localstatedir@/lock/subsys/$SERVICE + rc_status -v } stop() { - echo -n $"Stopping $SERVICE daemon: " + echo -n $"Stopping $SERVICE " - killproc -p $PIDFILE $PROCESS + killproc -p $PIDFILE $PROCESS > /dev/null 2>&1 RETVAL=$? - echo + rc_status -v if [ $RETVAL -eq 0 ]; then - rm -f @localstatedir@/lock/subsys/$SERVICE rm -f $PIDFILE fi } @@ -65,9 +65,7 @@ reload() { echo -n $"Reloading $SERVICE configuration: " killproc -p $PIDFILE $PROCESS -HUP - RETVAL=$? - echo - return $RETVAL + rc_status } # See how we were called. @@ -76,18 +74,20 @@ case "$1" in $1 ;; status) - status -p $PIDFILE $PROCESS - RETVAL=$? + echo -n "Checking status of $SERVICE " + checkproc $PROCESS + rc_status -v ;; force-reload) reload ;; condrestart|try-restart) - [ -f @localstatedir@/lock/subsys/$SERVICE ] && restart || : + $0 status >/dev/null && restart || : ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart}" - exit 2 + rc_failed 2 + rc_exit ;; esac -exit $RETVAL +rc_exit ++++++ xen-name-for-devid.patch ++++++ Do not search xenstore for disk/network/PCI device IDs Disk, network, and PCI devices can be referenced by name in Xen, e.g. when modifying their configuration or remvoving them. As such, don't search xenstore for a device ID corresponding to these devices. Instead, search the devices contained in the domain definition and use the devices's target name if found. Note that for network devices, the mac address is used for the device name. For PCI devices, the bdf (bus:dev:fun) specifier is used for the device name. This approach allows removing a disk/network/PCI device when domain is inactive. We obviously can't search xenstore when the domain is inactive. Index: libvirt-1.1.2/src/xen/xend_internal.c =================================================================== --- libvirt-1.1.2.orig/src/xen/xend_internal.c +++ libvirt-1.1.2/src/xen/xend_internal.c @@ -70,7 +70,7 @@ #define XEND_RCV_BUF_MAX_LEN (256 * 1024) static int -virDomainXMLDevID(virConnectPtr conn, virDomainDefPtr domain, +virDomainXMLDevID(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainDefPtr domain, virDomainDeviceDefPtr dev, char *class, char *ref, int ref_len); @@ -3314,18 +3314,18 @@ xenDaemonDomainBlockPeek(virConnectPtr c * Returns 0 in case of success, -1 in case of failure. */ static int -virDomainXMLDevID(virConnectPtr conn, +virDomainXMLDevID(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainDefPtr def, virDomainDeviceDefPtr dev, char *class, char *ref, int ref_len) { - xenUnifiedPrivatePtr priv = conn->privateData; - char *xref; - char *tmp; + unsigned int i; if (dev->type == VIR_DOMAIN_DEVICE_DISK) { + if (dev->data.disk->dst == NULL) + return -1; if (dev->data.disk->driverName && STREQ(dev->data.disk->driverName, "tap")) strcpy(class, "tap"); @@ -3335,19 +3335,17 @@ virDomainXMLDevID(virConnectPtr conn, else strcpy(class, "vbd"); - if (dev->data.disk->dst == NULL) - return -1; - xenUnifiedLock(priv); - xref = xenStoreDomainGetDiskID(conn, def->id, - dev->data.disk->dst); - xenUnifiedUnlock(priv); - if (xref == NULL) - return -1; - - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + /* For disks, the device name can be used directly. */ + for (i = 0; i < def->ndisks; i++) { + virDomainDiskDefPtr disk = def->disks[i]; + if (STREQ(dev->data.disk->dst, disk->dst)) { + if (virStrcpy(ref, disk->dst, ref_len) == NULL) + return -1; + else + return 0; + } + } + return -1; } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { char mac[VIR_MAC_STRING_BUFLEN]; virDomainNetDefPtr netdef = dev->data.net; @@ -3355,16 +3353,22 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "vif"); - xenUnifiedLock(priv); - xref = xenStoreDomainGetNetworkID(conn, def->id, mac); - xenUnifiedUnlock(priv); - if (xref == NULL) - return -1; - - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + /* For nics, the mac address can be used directly. */ + for (i = 0; i < def->nnets; i++) { + char dst_mac[30]; + virDomainNetDefPtr dst_net = def->nets[i]; + snprintf(dst_mac, sizeof(dst_mac), "%02x:%02x:%02x:%02x:%02x:%02x", + dst_net->mac.addr[0], dst_net->mac.addr[1], + dst_net->mac.addr[2], dst_net->mac.addr[3], + dst_net->mac.addr[4], dst_net->mac.addr[5]); + if (STREQ(mac, dst_mac)) { + if (virStrcpy(ref, dst_mac, ref_len) == NULL) + return -1; + else + return 0; + } + } + return -1; } else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV && dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) { @@ -3380,17 +3384,44 @@ virDomainXMLDevID(virConnectPtr conn, strcpy(class, "pci"); - xenUnifiedLock(priv); - xref = xenStoreDomainGetPCIID(conn, def->id, bdf); - xenUnifiedUnlock(priv); - VIR_FREE(bdf); - if (xref == NULL) - return -1; + /* For PCI devices, the device BFD can be used directly. */ + for (i = 0 ; i < def->nhostdevs ; i++) { + char *dst_bdf; + virDomainHostdevDefPtr hostdev = def->hostdevs[i]; + + if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) + continue; + if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) + continue; + + if (virAsprintf(&dst_bdf, "%04x:%02x:%02x.%0x", + hostdev->source.subsys.u.pci.addr.domain, + hostdev->source.subsys.u.pci.addr.bus, + hostdev->source.subsys.u.pci.addr.slot, + hostdev->source.subsys.u.pci.addr.function) < 0) { + virReportOOMError(); + VIR_FREE(bdf); + return -1; + } - tmp = virStrcpy(ref, xref, ref_len); - VIR_FREE(xref); - if (tmp == NULL) - return -1; + if (STREQ(bdf, dst_bdf)) { + if (virStrcpy(ref, dst_bdf, ref_len) == NULL) { + virReportOOMError(); + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return -1; + } + else { + VIR_FREE(dst_bdf); + VIR_FREE(bdf); + return 0; + } + } + VIR_FREE(dst_bdf); + } + + VIR_FREE(bdf); + return -1; } else { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("hotplug of device type not supported")); ++++++ xen-pv-cdrom.patch ++++++ Index: libvirt-1.1.2/src/xenxs/xen_sxpr.c =================================================================== --- libvirt-1.1.2.orig/src/xenxs/xen_sxpr.c +++ libvirt-1.1.2/src/xenxs/xen_sxpr.c @@ -327,7 +327,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, const struct sexpr *root, - int hvm, + int hvm ATTRIBUTE_UNUSED, int xendConfigVersion) { const struct sexpr *cur, *node; @@ -378,7 +378,6 @@ xenParseSxprDisks(virDomainDefPtr def, /* There is a case without the uname to the CD-ROM device */ offset = strchr(dst, ':'); if (!offset || - !hvm || STRNEQ(offset, ":cdrom")) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("domain information incomplete, vbd has no src")); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit zenity for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package zenity for openSUSE:Factory checked in at 2014-05-02 14:11:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zenity (Old) and /work/SRC/openSUSE:Factory/.zenity.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "zenity" Changes: -------- --- /work/SRC/openSUSE:Factory/zenity/zenity.changes 2014-01-15 16:27:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.zenity.new/zenity.changes 2014-05-02 14:11:05.000000000 +0200 @@ -1,0 +2,15 @@ +Tue Apr 29 17:23:41 UTC 2014 - dimstar(a)opensuse.org + +- Update to version 3.12.1: + + User docs: Make page ID the same as file name. + + Updated FSF's address. + + Add user help for --listen (bgo#711396). + + Man page points to nonexisting doc (bgo#667711). + + zenity --text-info should have an auto scroll option + (bgo#600533). + + Need ability to specify default answer in --question dialog + (bgo#534935). + + List box doesn't expand to fill window (bgo#702535). + + Updated translations. + +------------------------------------------------------------------- Old: ---- zenity-3.10.2.tar.xz New: ---- zenity-3.12.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zenity.spec ++++++ --- /var/tmp/diff_new_pack.RhC0CN/_old 2014-05-02 14:11:06.000000000 +0200 +++ /var/tmp/diff_new_pack.RhC0CN/_new 2014-05-02 14:11:06.000000000 +0200 @@ -17,14 +17,14 @@ Name: zenity -Version: 3.10.2 +Version: 3.12.1 Release: 0 Summary: GNOME Command Line Dialog Utility License: LGPL-2.1+ Group: System/GUI/GNOME Url: http://www.gnome.org/ # Tarball created from git tag 3.10.2 using make dist (no published tarball) -Source: %{name}-%{version}.tar.xz +Source: http://download.gnome.org/sources/zenity/3.12/%{name}-%{version}.tar.xz BuildRequires: fdupes BuildRequires: intltool BuildRequires: translation-update-upstream ++++++ zenity-3.10.2.tar.xz -> zenity-3.12.1.tar.xz ++++++ ++++ 66756 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit yast2-auth-client for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package yast2-auth-client for openSUSE:Factory checked in at 2014-05-02 14:10:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-auth-client (Old) and /work/SRC/openSUSE:Factory/.yast2-auth-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-auth-client" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-auth-client/yast2-auth-client.changes 2014-04-25 16:12:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-auth-client.new/yast2-auth-client.changes 2014-05-02 14:10:07.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Apr 30 14:40:16 UTC 2014 - ckornacker(a)suse.com + +- Don't enable sssd if no domains are configured (bnc#870905) +- 3.1.13 + +------------------------------------------------------------------- Old: ---- yast2-auth-client-3.1.12.tar.bz2 New: ---- yast2-auth-client-3.1.13.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-auth-client.spec ++++++ --- /var/tmp/diff_new_pack.9D9bw6/_old 2014-05-02 14:10:08.000000000 +0200 +++ /var/tmp/diff_new_pack.9D9bw6/_new 2014-05-02 14:10:08.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.1.12 +Version: 3.1.13 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-auth-client-3.1.12.tar.bz2 -> yast2-auth-client-3.1.13.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.1.12/package/yast2-auth-client.changes new/yast2-auth-client-3.1.13/package/yast2-auth-client.changes --- old/yast2-auth-client-3.1.12/package/yast2-auth-client.changes 2014-04-23 09:58:42.000000000 +0200 +++ new/yast2-auth-client-3.1.13/package/yast2-auth-client.changes 2014-05-01 16:03:48.000000000 +0200 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Apr 30 14:40:16 UTC 2014 - ckornacker(a)suse.com + +- Don't enable sssd if no domains are configured (bnc#870905) +- 3.1.13 + +------------------------------------------------------------------- Wed Apr 16 10:14:23 UTC 2014 - varkoly(a)suse.com - 3.1.12 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.1.12/package/yast2-auth-client.spec new/yast2-auth-client-3.1.13/package/yast2-auth-client.spec --- old/yast2-auth-client-3.1.12/package/yast2-auth-client.spec 2014-04-23 09:58:42.000000000 +0200 +++ new/yast2-auth-client-3.1.13/package/yast2-auth-client.spec 2014-05-01 16:03:48.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-auth-client -Version: 3.1.12 +Version: 3.1.13 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-auth-client-3.1.12/src/modules/AuthClient.rb new/yast2-auth-client-3.1.13/src/modules/AuthClient.rb --- old/yast2-auth-client-3.1.12/src/modules/AuthClient.rb 2014-04-23 09:58:42.000000000 +0200 +++ new/yast2-auth-client-3.1.13/src/modules/AuthClient.rb 2014-05-01 16:03:48.000000000 +0200 @@ -111,7 +111,7 @@ # Writes the clients authentication configuration. # @return true or false def Write - if ! @auth['sssd'] + if ! @auth['sssd_conf']['sssd'].has_key?("domains") # Nothing to do return true end -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit xml-commons for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package xml-commons for openSUSE:Factory checked in at 2014-05-02 14:05:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xml-commons (Old) and /work/SRC/openSUSE:Factory/.xml-commons.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xml-commons" Changes: -------- --- /work/SRC/openSUSE:Factory/xml-commons/xml-commons.changes 2013-09-12 21:43:40.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.xml-commons.new/xml-commons.changes 2014-05-02 14:05:49.000000000 +0200 @@ -1,0 +2,11 @@ +Thu May 1 14:58:20 UTC 2014 - darin(a)darins.net + +- suppress bytecode check on SLE +- add missing links and alternative + +------------------------------------------------------------------- +Mon Apr 28 09:40:14 UTC 2014 - schwab(a)linux-m68k.org + +- Fix update-alternatives arguments to match what is actually packaged + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xml-commons-apis-bootstrap.spec ++++++ --- /var/tmp/diff_new_pack.Xl15OZ/_old 2014-05-02 14:05:50.000000000 +0200 +++ /var/tmp/diff_new_pack.Xl15OZ/_new 2014-05-02 14:05:50.000000000 +0200 @@ -2,7 +2,7 @@ # # spec file for package xml-commons-apis-bootstrap # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ xml-commons.spec ++++++ --- /var/tmp/diff_new_pack.Xl15OZ/_old 2014-05-02 14:05:50.000000000 +0200 +++ /var/tmp/diff_new_pack.Xl15OZ/_new 2014-05-02 14:05:50.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package xml-commons # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2000-2008, JPackage Project # All rights reserved. # @@ -346,6 +346,9 @@ popd %install +%if 0%{?suse_version} == 1110 +export NO_BRP_CHECK_BYTECODE_VERSION=true +%endif # Jars install -d -m 755 $RPM_BUILD_ROOT%{_javadir} @@ -502,6 +505,12 @@ ln -sf %{_sysconfdir}/alternatives/xml-xread %{buildroot}%{_bindir}/xml-xread touch %{buildroot}%{_sysconfdir}/alternatives/xml-xparse ln -sf %{_sysconfdir}/alternatives/xml-xparse %{buildroot}%{_bindir}/xml-xparse +touch %{buildroot}%{_sysconfdir}/alternatives/jaxp11.jar +ln -sf %{_sysconfdir}/alternatives/jaxp11.jar %{buildroot}%{_javadir}/jaxp11.jar +touch %{buildroot}%{_sysconfdir}/alternatives/jaxp12.jar +ln -sf %{_sysconfdir}/alternatives/jaxp12.jar %{buildroot}%{_javadir}/jaxp12.jar +touch %{buildroot}%{_sysconfdir}/alternatives/jaxp13.jar +ln -sf %{_sysconfdir}/alternatives/jaxp13.jar %{buildroot}%{_javadir}/jaxp13.jar %{__chmod} 755 $RPM_BUILD_ROOT%{_bindir}* @@ -568,9 +577,9 @@ %{_sbindir}/update-alternatives --install %{_bindir}/xml-resolver xml-resolver %{_bindir}/xml-resolver10 10000 \ --slave %{_bindir}/xml-xread xml-xread %{_bindir}/xml-xread10 \ --slave %{_bindir}/xml-xparse xml-xparse %{_bindir}/xml-xparse10 \ ---slave %{_mandir}/man1/xml-resolver.1.bz2 xml-resolver.1.bz2 %{_mandir}/man1/xml-resolver10.1.bz2 \ ---slave %{_mandir}/man1/xml-xread.1.bz2 xml-xread.1.bz2 %{_mandir}/man1/xml-xread10.1.bz2 \ ---slave %{_mandir}/man1/xml-xparse.1.bz2 xml-xparse.1.bz2 %{_mandir}/man1/xml-xparse10.1.bz2 +--slave %{_mandir}/man1/xml-resolver.1%ext_man xml-resolver.1%ext_man %{_mandir}/man1/xml-resolver10.1%ext_man \ +--slave %{_mandir}/man1/xml-xread.1%ext_man xml-xread.1%ext_man %{_mandir}/man1/xml-xread10.1%ext_man \ +--slave %{_mandir}/man1/xml-xparse.1%ext_man xml-xparse.1%ext_man %{_mandir}/man1/xml-xparse10.1%ext_man %{_sbindir}/update-alternatives --install %{_javadir}/xml-commons-resolver.jar xml-commons-resolver %{_javadir}/xml-commons-resolver10.jar 10000 %postun resolver10 @@ -583,9 +592,9 @@ %{_sbindir}/update-alternatives --install %{_bindir}/xml-resolver xml-resolver %{_bindir}/xml-resolver11 10100 \ --slave %{_bindir}/xml-xread xml-xread %{_bindir}/xml-xread11 \ --slave %{_bindir}/xml-xparse xml-xparse %{_bindir}/xml-xparse11 \ ---slave %{_mandir}/man1/xml-resolver.1.bz2 xml-resolver.1.bz2 %{_mandir}/man1/xml-resolver11.1.bz2 \ ---slave %{_mandir}/man1/xml-xread.1.bz2 xml-xread.1.bz2 %{_mandir}/man1/xml-xread11.1.bz2 \ ---slave %{_mandir}/man1/xml-xparse.1.bz2 xml-xparse.1.bz2 %{_mandir}/man1/xml-xparse11.1.bz2 +--slave %{_mandir}/man1/xml-resolver.1%ext_man xml-resolver.1%ext_man %{_mandir}/man1/xml-resolver11.1%ext_man \ +--slave %{_mandir}/man1/xml-xread.1%ext_man xml-xread.1%ext_man %{_mandir}/man1/xml-xread11.1%ext_man \ +--slave %{_mandir}/man1/xml-xparse.1%ext_man xml-xparse.1%ext_man %{_mandir}/man1/xml-xparse11.1%ext_man %{_sbindir}/update-alternatives --install %{_javadir}/xml-commons-resolver.jar xml-commons-resolver %{_javadir}/xml-commons-resolver11.jar 10100 %postun resolver11 @@ -654,9 +663,9 @@ %{_sbindir}/update-alternatives --install %{_bindir}/xml-resolver xml-resolver %{_bindir}/xml-resolver12 10200 \ --slave %{_bindir}/xml-xread xml-xread %{_bindir}/xml-xread12 \ --slave %{_bindir}/xml-xparse xml-xparse %{_bindir}/xml-xparse12 \ ---slave %{_mandir}/man1/xml-resolver.1.bz2 xml-resolver.1.bz2 %{_mandir}/man1/xml-resolver12.1.bz2 \ ---slave %{_mandir}/man1/xml-xread.1.bz2 xml-xread.1.bz2 %{_mandir}/man1/xml-xread12.1.bz2 \ ---slave %{_mandir}/man1/xml-xparse.1.bz2 xml-xparse.1.bz2 %{_mandir}/man1/xml-xparse12.1.bz2 +--slave %{_mandir}/man1/xml-resolver.1%ext_man xml-resolver.1%ext_man %{_mandir}/man1/xml-resolver12.1%ext_man \ +--slave %{_mandir}/man1/xml-xread.1%ext_man xml-xread.1%ext_man %{_mandir}/man1/xml-xread12.1%ext_man \ +--slave %{_mandir}/man1/xml-xparse.1%ext_man xml-xparse.1%ext_man %{_mandir}/man1/xml-xparse12.1%ext_man %{_sbindir}/update-alternatives --install %{_javadir}/xml-commons-resolver.jar xml-commons-resolver %{_javadir}/xml-commons-resolver12.jar 10200 %postun resolver12 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit vm-install for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package vm-install for openSUSE:Factory checked in at 2014-05-02 14:04:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vm-install (Old) and /work/SRC/openSUSE:Factory/.vm-install.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vm-install" Changes: -------- --- /work/SRC/openSUSE:Factory/vm-install/vm-install.changes 2014-04-13 13:21:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vm-install.new/vm-install.changes 2014-05-02 14:04:15.000000000 +0200 @@ -1,0 +2,14 @@ +Wed Apr 30 21:12:14 MDT 2014 - carnold(a)suse.com + +- bnc#875416 - vm-install --use-xl: libxl: error: libxl.c:319: + libxl__domain_rename: domain with name "SLE-12-Server-Beta5" + already exists. +- Updated language files + +------------------------------------------------------------------- +Wed Apr 16 16:43:14 MDT 2014 - carnold(a)suse.com + +- s390x: Fix index error in parsing bridges +- Version 0.8.15 + +------------------------------------------------------------------- Old: ---- vm-install-0.8.14.tar.bz2 New: ---- vm-install-0.8.16.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vm-install.spec ++++++ --- /var/tmp/diff_new_pack.bFI5Id/_old 2014-05-02 14:04:16.000000000 +0200 +++ /var/tmp/diff_new_pack.bFI5Id/_new 2014-05-02 14:04:16.000000000 +0200 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: vm-install %if %suse_version <= 1230 %define with_vminstall_as_default_installer 1 @@ -27,12 +26,12 @@ %endif # For directory ownership: BuildRequires: yast2 -Version: 0.8.14 +Version: 0.8.16 Release: 0 Summary: Tool to Define a Virtual Machine and Install Its Operating System License: GPL-2.0 Group: System/Emulators/PC -Source0: %{name}-0.8.14.tar.bz2 +Source0: %{name}-0.8.16.tar.bz2 Source1: vm-install.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %ix86 x86_64 s390x ++++++ vm-install-0.8.14.tar.bz2 -> vm-install-0.8.16.tar.bz2 ++++++ ++++ 22070 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit virt-manager for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package virt-manager for openSUSE:Factory checked in at 2014-05-02 14:03:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/virt-manager (Old) and /work/SRC/openSUSE:Factory/.virt-manager.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "virt-manager" Changes: -------- --- /work/SRC/openSUSE:Factory/virt-manager/virt-manager.changes 2014-04-26 06:06:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.virt-manager.new/virt-manager.changes 2014-05-02 14:03:55.000000000 +0200 @@ -1,0 +2,39 @@ +Thu May 1 16:24:54 MDT 2014 - carnold(a)suse.com + +- Dropped patch as libvirt has fix for issue + virtman-shutdown-with-acpi-button.patch + +------------------------------------------------------------------- +Wed Apr 30 07:24:54 MDT 2014 - carnold(a)suse.com + +- Upstream bug fixes + 535fb6f6-hide-scrollbar-until-something-scrollable.patch + 535fe0c2-fix-screenshot-with-qxl-spice.patch + 535feaca-fix-storage-when-directory-name-contains-whitespace.patch + 535ff0b7-fix-install-when-one-package-is-already-installed.patch + 536152fe-fix-error-detecting-OS-in-show-all-list.patch + 536154d8-show-error-if-launching-delete-dialog-fails.patch + 53615662-call-path_exists-before-getting-storage-volume.patch + +------------------------------------------------------------------- +Tue Apr 29 11:37:12 MDT 2014 - carnold(a)suse.com + +- s390x: Set the correct emulator + virtinst-set-qemu-emulator.patch + +------------------------------------------------------------------- +Mon Apr 28 15:21:58 MDT 2014 - carnold(a)suse.com + +- Content file on media changed again. Update suse detection code. + virtinst-detect-suse-distros.patch + +------------------------------------------------------------------- +Thu Apr 24 16:52:58 MDT 2014 - carnold(a)suse.com + +- bnc#874772 - virt-manager: Unable to complete install: 'xmlDesc + in virDomainCreateXML must not be NULL' + virtinst-pvgrub2-bootloader.patch +- KVM: Use /usr/bin/qemu-system-x86_64 as the default emulator + virtinst-set-qemu-emulator.patch + +------------------------------------------------------------------- Old: ---- virtman-shutdown-with-acpi-button.patch New: ---- 535fb6f6-hide-scrollbar-until-something-scrollable.patch 535fe0c2-fix-screenshot-with-qxl-spice.patch 535feaca-fix-storage-when-directory-name-contains-whitespace.patch 535ff0b7-fix-install-when-one-package-is-already-installed.patch 536152fe-fix-error-detecting-OS-in-show-all-list.patch 536154d8-show-error-if-launching-delete-dialog-fails.patch 53615662-call-path_exists-before-getting-storage-volume.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ virt-manager.spec ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:56.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:56.000000000 +0200 @@ -53,6 +53,13 @@ Patch16: 534eafe4-avoid-useless-errors-when-connection-closes.patch Patch17: 5350d9cc-display-error-on-empty-installation-URL.patch Patch18: 535584ed-fix-target-validation-when-editing-device.patch +Patch19: 535fb6f6-hide-scrollbar-until-something-scrollable.patch +Patch20: 535fe0c2-fix-screenshot-with-qxl-spice.patch +Patch21: 535feaca-fix-storage-when-directory-name-contains-whitespace.patch +Patch22: 535ff0b7-fix-install-when-one-package-is-already-installed.patch +Patch23: 536152fe-fix-error-detecting-OS-in-show-all-list.patch +Patch24: 536154d8-show-error-if-launching-delete-dialog-fails.patch +Patch25: 53615662-call-path_exists-before-getting-storage-volume.patch Patch50: virtman-desktop.patch Patch51: virtman-cdrom.patch Patch52: virtman-kvm.patch @@ -71,7 +78,6 @@ Patch67: virtman-libvirtd-not-running.patch Patch68: virtman-stable-os-support.patch Patch69: virtman-add-s390x-arch-support.patch -Patch70: virtman-shutdown-with-acpi-button.patch Patch151: virtinst-storage-ocfs2.patch Patch152: virtinst-qed.patch Patch153: virtinst-support-suse-distros.patch @@ -189,6 +195,13 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 +%patch25 -p1 %patch50 -p1 %patch51 -p1 %patch52 -p1 @@ -207,7 +220,6 @@ %patch67 -p1 %patch68 -p1 %patch69 -p1 -%patch70 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 ++++++ 535fb6f6-hide-scrollbar-until-something-scrollable.patch ++++++ Subject: serialcon: Hide scrollbar until there's something to scroll From: Cole Robinson crobinso(a)redhat.com Fri Apr 25 19:13:44 2014 -0400 Date: Tue Apr 29 10:28:06 2014 -0400: Git: 02f49be9e2f58032a7c124ea77d7983834dc80b6 Index: virt-manager-1.0.1/virtManager/serialcon.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/serialcon.py +++ virt-manager-1.0.1/virtManager/serialcon.py @@ -378,6 +378,14 @@ class vmmSerialConsole(vmmGObject): self.box.append_page(self.error_label, Gtk.Label("")) self.box.show_all() + scrollbar.hide() + scrollbar.get_adjustment().connect( + "changed", self._scrollbar_adjustment_changed, scrollbar) + + def _scrollbar_adjustment_changed(self, adjustment, scrollbar): + scrollbar.set_visible( + adjustment.get_upper() > adjustment.get_page_size()) + def _cleanup(self): self.console.cleanup() self.console = None ++++++ 535fe0c2-fix-screenshot-with-qxl-spice.patch ++++++ Subject: snapshots: Fix screenshot with qxl+spice (bz 1089780) From: Cole Robinson crobinso(a)redhat.com Tue Apr 29 13:26:26 2014 -0400 Date: Tue Apr 29 13:26:26 2014 -0400: Git: 2272166844f84943342fc097af927a09737ee57f Index: virt-manager-1.0.1/virtManager/snapshots.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/snapshots.py +++ virt-manager-1.0.1/virtManager/snapshots.py @@ -379,6 +379,11 @@ class vmmSnapshotPage(vmmGObjectUI): return try: + # Perform two screenshots, because qemu + qxl has a bug where + # screenshot generally only shows the data from the previous + # screenshot request: + # https://bugs.launchpad.net/qemu/+bug/1314293 + self._take_screenshot() mime, sdata = self._take_screenshot() except: logging.exception("Error taking screenshot") ++++++ 535feaca-fix-storage-when-directory-name-contains-whitespace.patch ++++++ Subject: Fix using storage when the directory name contains whitespace (bz 1091384) From: Cole Robinson crobinso(a)redhat.com Tue Apr 29 14:09:14 2014 -0400 Date: Tue Apr 29 14:09:14 2014 -0400: Git: feadd98fed045ec40d5d5cf8250c7b05517eb9c9 diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py index 370996c..3d5aed8 100644 --- a/virtinst/diskbackend.py +++ b/virtinst/diskbackend.py @@ -137,13 +137,14 @@ def manage_path(conn, path): return vol, pool, path_is_pool dirname = os.path.dirname(path) - poolname = StoragePool.find_free_name( - conn, os.path.basename(dirname) or "pool") + poolname = os.path.basename(dirname).replace(" ", "_") + if not poolname: + poolname = "dirpool" + poolname = StoragePool.find_free_name(conn, poolname) logging.debug("Attempting to build pool=%s target=%s", poolname, dirname) poolxml = StoragePool(conn) - poolxml.name = poolxml.find_free_name( - conn, os.path.basename(dirname) or "dirpool") + poolxml.name = poolname poolxml.type = poolxml.TYPE_DIR poolxml.target_path = dirname pool = poolxml.install(build=False, create=True, autostart=True) ++++++ 535ff0b7-fix-install-when-one-package-is-already-installed.patch ++++++ Subject: packageutils: Fix install when one package is already installed (bz 1090181) From: Cole Robinson crobinso(a)redhat.com Tue Apr 29 14:34:31 2014 -0400 Date: Tue Apr 29 14:34:31 2014 -0400: Git: 15449eb12601ec1b88aa6d8ee52986ef5ab41ae2 Index: virt-manager-1.0.1/virtManager/packageutils.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/packageutils.py +++ virt-manager-1.0.1/virtManager/packageutils.py @@ -53,7 +53,12 @@ def check_packagekit(parent, errbox, pac return try: - packagekit_install(parent, packages) + for package in packages[:]: + if packagekit_isinstalled(package): + packages.remove(package) + + if packages: + packagekit_install(parent, packages) except Exception, e: # PackageKit frontend should report an error for us, so just log # the actual error @@ -63,6 +68,16 @@ def check_packagekit(parent, errbox, pac return True +def packagekit_isinstalled(package): + bus = Gio.bus_get_sync(Gio.BusType.SESSION, None) + pk_control = Gio.DBusProxy.new_sync(bus, 0, None, + "org.freedesktop.PackageKit", + "/org/freedesktop/PackageKit", + "org.freedesktop.PackageKit.Query", None) + + return pk_control.IsInstalled("(ss)", package, "") + + def packagekit_install(parent, package_list): bus = Gio.bus_get_sync(Gio.BusType.SESSION, None) pk_control = Gio.DBusProxy.new_sync(bus, 0, None, ++++++ 536152fe-fix-error-detecting-OS-in-show-all-list.patch ++++++ Subject: create: Fix error when detecting OS in 'show all' list From: Cole Robinson crobinso(a)redhat.com Wed Apr 30 15:46:06 2014 -0400 Date: Wed Apr 30 15:46:06 2014 -0400: Git: 3d49bbe6494ac1fa9305c019df1db81371a89385 The will be free'd when the widget is repopulated, so don't access stale data. Index: virt-manager-1.0.1/virtManager/create.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/create.py +++ virt-manager-1.0.1/virtManager/create.py @@ -1181,6 +1181,7 @@ class vmmCreate(vmmGObjectUI): type_row = self._selected_os_row() if not type_row: return + old_type = type_row[0] self.show_all_os = True self.populate_os_type_model() @@ -1188,7 +1189,7 @@ class vmmCreate(vmmGObjectUI): os_type_list = self.widget("install-os-type") os_type_model = os_type_list.get_model() for idx in range(len(os_type_model)): - if os_type_model[idx][0] == type_row[0]: + if os_type_model[idx][0] == old_type: os_type_list.set_active(idx) break ++++++ 536154d8-show-error-if-launching-delete-dialog-fails.patch ++++++ Subject: engine: Show error if launching delete dialog fails From: Cole Robinson crobinso(a)redhat.com Wed Apr 30 15:54:00 2014 -0400 Date: Wed Apr 30 15:54:00 2014 -0400: Git: f35438a01bbf3ba54b4e448d14e7981110a74f08 Index: virt-manager-1.0.1/virtManager/engine.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/engine.py +++ virt-manager-1.0.1/virtManager/engine.py @@ -1176,6 +1176,9 @@ class vmmEngine(vmmGObject): conn = self._lookup_conn(uri) vm = conn.get_vm(uuid) - if not self.delete_dialog: - self.delete_dialog = vmmDeleteDialog() - self.delete_dialog.show(vm, src.topwin) + try: + if not self.delete_dialog: + self.delete_dialog = vmmDeleteDialog() + self.delete_dialog.show(vm, src.topwin) + except Exception, e: + src.err.show_err(_("Error launching delete dialog: %s") % str(e)) ++++++ 53615662-call-path_exists-before-getting-storage-volume.patch ++++++ Subject: connection: Call path_exists before getting storage volume (bz 1092739) From: Cole Robinson crobinso(a)redhat.com Wed Apr 30 16:00:34 2014 -0400 Date: Wed Apr 30 16:00:34 2014 -0400: Git: 5c28a00d3e28ba7446f323a31ac47a194eb200b1 path_exists will check to ensure the volume actually survives a pool refresh, incase it was deleted behind libvirt's back. This makes the delete dialog happier at least. Index: virt-manager-1.0.1/virtManager/connection.py =================================================================== --- virt-manager-1.0.1.orig/virtManager/connection.py +++ virt-manager-1.0.1/virtManager/connection.py @@ -751,6 +751,10 @@ class vmmConnection(vmmGObject): return self.get_pool_by_name("default") def get_vol_by_path(self, path): + # path_exists will handle stuff like refreshing a busted pool + if not virtinst.VirtualDisk.path_exists(self.get_backend(), path): + return None + for pool in self.pools.values(): for vol in pool.get_volumes().values(): if vol.get_target_path() == path: ++++++ virtinst-detect-suse-distros.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- virt-manager-1.0.1.orig/virtinst/urlfetcher.py +++ virt-manager-1.0.1/virtinst/urlfetcher.py -@@ -303,6 +303,81 @@ def _distroFromTreeinfo(fetcher, arch, v +@@ -303,6 +303,85 @@ def _distroFromTreeinfo(fetcher, arch, v return ob @@ -33,19 +33,24 @@ + for line in lines: + if line.startswith("LABEL "): + distribution = line.split(' ', 1) -+ if line.startswith("VERSION "): ++ elif line.startswith("DISTRO "): ++ distro_distro = line.rsplit(',', 1) ++ elif line.startswith("VERSION "): + distro_version = line.split(' ', 1) -+ if line.startswith("SUMMARY "): ++ elif line.startswith("SUMMARY "): + distro_summary = line.split(' ', 1) -+ if line.startswith("BASEARCHS "): ++ elif line.startswith("BASEARCHS "): + distro_arch = line.split(' ', 1) -+ if line.startswith("DEFAULTBASE "): ++ elif line.startswith("DEFAULTBASE "): + distro_arch = line.split(' ', 1) + if distribution and distro_version and distro_arch: + break + -+ if not distribution and distro_summary: -+ distribution = distro_summary ++ if not distribution: ++ if distro_summary: ++ distribution = distro_summary ++ elif distro_distro: ++ distribution = distro_distro + if distro_arch: + arch = distro_arch[1].strip() + else: @@ -56,6 +61,7 @@ + elif cbuf.find("s390x") != -1: + arch = "s390x" + ++ dclass = GenericDistro + if distribution: + if re.match(".*SUSE Linux Enterprise Server*", distribution[1]) or \ + re.match(".*SUSE SLES*", distribution[1]): @@ -70,8 +76,6 @@ + dclass = OpensuseDistro + if distro_version is None: + distro_version = ['VERSION', '13.1'] -+ else: -+ dclass = GenericDistro + + ob = dclass(fetcher, arch, vmtype) + if dclass != GenericDistro: @@ -84,7 +88,7 @@ def getDistroStore(guest, fetcher): stores = [] -@@ -319,6 +394,10 @@ def getDistroStore(guest, fetcher): +@@ -319,6 +398,10 @@ def getDistroStore(guest, fetcher): if dist: return dist @@ -95,7 +99,7 @@ # FIXME: This 'distro ==' doesn't cut it. 'distro' is from our os # dictionary, so would look like 'fedora9' or 'rhel5', so this needs # to be a bit more intelligent -@@ -815,12 +894,11 @@ class SLDistro(RHELDistro): +@@ -815,12 +898,11 @@ class SLDistro(RHELDistro): class SuseDistro(Distro): name = "SUSE" @@ -109,7 +113,7 @@ Distro.__init__(self, *args, **kwargs) if re.match(r'i[4-9]86', self.arch): self.arch = 'i386' -@@ -831,22 +909,44 @@ class SuseDistro(Distro): +@@ -831,22 +913,44 @@ class SuseDistro(Distro): oldkern += "64" oldinit += "64" @@ -164,7 +168,7 @@ return True def _get_method_arg(self): -@@ -867,6 +967,27 @@ class SuseDistro(Distro): +@@ -867,6 +971,27 @@ class SuseDistro(Distro): return name return self.os_variant ++++++ virtinst-detect-windows-media.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- virt-manager-1.0.1.orig/virtinst/urlfetcher.py +++ virt-manager-1.0.1/virtinst/urlfetcher.py -@@ -379,6 +379,24 @@ def _distroFromContent(fetcher, arch, vm +@@ -383,6 +383,24 @@ def _distroFromContent(fetcher, arch, vm return ob @@ -27,7 +27,7 @@ def getDistroStore(guest, fetcher): stores = [] logging.debug("Finding distro store for location=%s", fetcher.location) -@@ -398,6 +416,10 @@ def getDistroStore(guest, fetcher): +@@ -402,6 +420,10 @@ def getDistroStore(guest, fetcher): if dist: return dist @@ -38,7 +38,7 @@ # FIXME: This 'distro ==' doesn't cut it. 'distro' is from our os # dictionary, so would look like 'fedora9' or 'rhel5', so this needs # to be a bit more intelligent -@@ -1144,6 +1166,13 @@ class ALTLinuxDistro(Distro): +@@ -1148,6 +1170,13 @@ class ALTLinuxDistro(Distro): logging.debug("Regex didn't match, not a %s distro", self.name) return False ++++++ virtinst-pvgrub2-bootloader.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -2,31 +2,46 @@ =================================================================== --- virt-manager-1.0.1.orig/virtinst/guest.py +++ virt-manager-1.0.1/virtinst/guest.py -@@ -331,7 +331,16 @@ class Guest(XMLBuilder): - this.) - @type disk_boot: C{bool} - """ -- osblob_install = install and not disk_boot -+ boot_pvgrub2 = False -+ if install == False and self.os.is_xenpv(): +@@ -348,8 +348,18 @@ class Guest(XMLBuilder): + if (not install and + self.os.is_xenpv() and + not self.os.kernel): +- self.bootloader = "/usr/bin/pygrub" +- self.os.clear() + os_ver = self._get_os_variant() + if os_ver == "sles12" or os_ver == "sled12": -+ boot_pvgrub2 = True + self.installer._install_kernel = "/usr/lib/grub2/x86_64-xen/grub.xen" + self.installer._install_initrd = None + self.installer.extraargs = None ++ # alter_bootconfig won't update the osxml unless it thinks ++ # we are in an install phase. Add force_update param to call ++ self.installer.alter_bootconfig(self, True, self.os, True) + logging.info("Using grub.xen to boot guest") -+ osblob_install = (install or boot_pvgrub2) and not disk_boot - if osblob_install and not self.installer.has_install_phase(): - return None - -@@ -348,7 +357,8 @@ class Guest(XMLBuilder): - if (not install and - self.os.is_xenpv() and - not self.os.kernel): -- self.bootloader = "/usr/bin/pygrub" -+ if boot_pvgrub2 is False: ++ else: + self.bootloader = "/usr/bin/pygrub" - self.os.clear() ++ self.os.clear() return self.get_xml_config() + +Index: virt-manager-1.0.1/virtinst/installer.py +=================================================================== +--- virt-manager-1.0.1.orig/virtinst/installer.py ++++ virt-manager-1.0.1/virtinst/installer.py +@@ -111,7 +111,7 @@ class Installer(object): + dev.validate() + return dev + +- def alter_bootconfig(self, guest, isinstall, bootconfig): ++ def alter_bootconfig(self, guest, isinstall, bootconfig, force_update=False): + """ + Generate the portion of the guest xml that determines boot devices + and parameters. (typically the <os></os> block) +@@ -122,7 +122,7 @@ class Installer(object): + 'post-install' phase. + @type isinstall: C{bool} + """ +- if isinstall and not self.has_install_phase(): ++ if isinstall and not force_update and not self.has_install_phase(): + return + + bootorder = self._build_boot_order(isinstall, guest) ++++++ virtinst-set-qemu-emulator.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -10,20 +10,32 @@ import logging import urlgrabber.progress as progress -@@ -724,12 +725,13 @@ class Guest(XMLBuilder): +@@ -724,14 +725,22 @@ class Guest(XMLBuilder): self.emulator = None return - if self.emulator: -+ preferred_emulator = "/usr/lib/xen/bin/qemu-system-i386" ++ if self.conn.is_qemu(): ++ if self.os.arch == "s390x": ++ preferred_emulator = "/usr/bin/qemu-system-s390x" ++ else: ++ preferred_emulator = "/usr/bin/qemu-system-x86_64" ++ else: ++ preferred_emulator = "/usr/lib/xen/bin/qemu-system-i386" + if self.emulator and self.emulator == preferred_emulator: return - if self.os.is_hvm() and self.type == "xen": +- if self.os.is_hvm() and self.type == "xen": - if self.conn.caps.host.cpu.arch == "x86_64": - self.emulator = "/usr/lib64/xen/bin/qemu-dm" -+ if os.path.exists(preferred_emulator): -+ self.emulator = preferred_emulator - else: - self.emulator = "/usr/lib/xen/bin/qemu-dm" +- else: +- self.emulator = "/usr/lib/xen/bin/qemu-dm" ++ if os.path.exists(preferred_emulator): ++ self.emulator = preferred_emulator ++ elif self.os.is_hvm() and self.type == "xen": ++ self.emulator = "/usr/lib/xen/bin/qemu-dm" ++ elif not self.emulator: ++ self.emulator = "/usr/bin/qemu-kvm" + def _set_cpu_defaults(self): + self.cpu.set_topology_defaults(self.vcpus) ++++++ virtman-autoyast-support.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -37,7 +37,7 @@ # Get previous type_row = self._selected_os_row() if not type_row: -@@ -1589,7 +1612,10 @@ class vmmCreate(vmmGObjectUI): +@@ -1590,7 +1613,10 @@ class vmmCreate(vmmGObjectUI): if extra: extraargs += extra if ks: @@ -49,7 +49,7 @@ if extraargs: self.guest.installer.extraargs = extraargs -@@ -1985,6 +2011,7 @@ class vmmCreate(vmmGObjectUI): +@@ -1986,6 +2012,7 @@ class vmmCreate(vmmGObjectUI): dl = self.set_os_val(self.widget("install-os-type"), distro_type) vl = self.set_os_val(self.widget("install-os-version"), distro_var) self.set_distro_labels(dl, vl) ++++++ virtman-libvirtd-not-running.patch ++++++ --- /var/tmp/diff_new_pack.lf0m4t/_old 2014-05-02 14:03:57.000000000 +0200 +++ /var/tmp/diff_new_pack.lf0m4t/_new 2014-05-02 14:03:57.000000000 +0200 @@ -1,6 +1,8 @@ ---- virt-manager-1.0.0/virtManager/packageutils.py.orig 2014-03-13 14:43:07.187281364 -0600 -+++ virt-manager-1.0.0/virtManager/packageutils.py 2014-03-13 14:45:06.847936733 -0600 -@@ -136,8 +136,8 @@ def start_libvirtd(): +Index: virt-manager-1.0.1/virtManager/packageutils.py +=================================================================== +--- virt-manager-1.0.1.orig/virtManager/packageutils.py ++++ virt-manager-1.0.1/virtManager/packageutils.py +@@ -151,8 +151,8 @@ def start_libvirtd(): logging.debug("libvirtd not running, asking system-config-services " "to start it") scs = Gio.DBusProxy.new_sync(bus, 0, None, -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit vdr-plugin-streamdev for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package vdr-plugin-streamdev for openSUSE:Factory checked in at 2014-05-02 14:03:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vdr-plugin-streamdev (Old) and /work/SRC/openSUSE:Factory/.vdr-plugin-streamdev.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vdr-plugin-streamdev" Changes: -------- --- /work/SRC/openSUSE:Factory/vdr-plugin-streamdev/vdr-plugin-streamdev.changes 2011-09-23 12:49:48.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vdr-plugin-streamdev.new/vdr-plugin-streamdev.changes 2014-05-02 14:03:50.000000000 +0200 @@ -2 +2 @@ -Thu May 20 13:17:05 UTC 2010 - lnussel(a)suse.de +Tue Apr 22 10:33:11 UTC 2014 - seife+obs(a)b1-systems.com @@ -4 +4,2 @@ -- change group to Hardware/TV +- patches which fix stuff: + makefile-realpath.patch @@ -7 +8 @@ -Thu Jun 4 09:55:17 CEST 2009 - lnussel(a)suse.de +Sun Mar 30 12:22:43 UTC 2014 - seife+obs(a)b1-systems.com @@ -9 +10 @@ -- split vdr-plugin-streamdev off vdr-plugins +- avoid build date in locale files @@ -10,0 +12,63 @@ +------------------------------------------------------------------- +Sat Mar 29 23:58:55 UTC 2014 - seife+obs(a)b1-systems.com + +- run spec-cleaner +- use PreReq vdr_prereq macro instead of vdrapi requires +- remove vdrapi from package version +- fix permissions of /etc/vdr/plugins + +------------------------------------------------------------------- +Sat Mar 29 17:31:21 UTC 2014 - seife+obs(a)b1-systems.com + +- use plain make instead of baroque vdr_plugin_* macros + +------------------------------------------------------------------- +Wed Dec 4 23:55:40 UTC 2013 - wittemar(a)googlemail.com + +- update to 0.6.1 + +------------------------------------------------------------------- +Mon Mar 11 22:47:29 UTC 2013 - wittemar(a)googlemail.com + +- update to 0.6.0 +- added patch for VDR 1.7.38 + +------------------------------------------------------------------- +Sun May 13 15:25:07 UTC 2012 - wittemar(a)googlemail.com + +- update to 0.5.2 + +------------------------------------------------------------------- +Sun Mar 11 14:19:13 UTC 2012 - wittemar(a)googlemail.com + +- update to current git + +------------------------------------------------------------------- +Sat Dec 10 12:13:05 UTC 2011 - wittemar(a)googlemail.com + +- update to current git + +------------------------------------------------------------------- +Sun Mar 13 22:30:50 UTC 2011 - wittemar(a)googlemail.com + +- update to 0.5.1 + +------------------------------------------------------------------- +Mon Jul 19 15:03:53 UTC 2010 - wittemar(a)googlemail.com + +- update to 0.5.0 + +------------------------------------------------------------------- +Fri Jun 18 23:39:01 UTC 2010 - wittemar(a)googlemail.com + +- update to 0.5.0-rc1 +- split in client- and server-package + +------------------------------------------------------------------- +Sat Oct 24 00:00:00 UTC 2009 - wittemar(a)googlemail.com + +- update to cvs20091024 + +------------------------------------------------------------------- +Sat May 23 00:00:00 UTC 2009 - wittemar(a)googlemail.com +- update to cvs20090523 Old: ---- streamdev-20080716080048.tar.bz2 streamdev-Makefile.diff New: ---- makefile-realpath.patch vdr-streamdev-0.6.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vdr-plugin-streamdev.spec ++++++ --- /var/tmp/diff_new_pack.QfCNPd/_old 2014-05-02 14:03:51.000000000 +0200 +++ /var/tmp/diff_new_pack.QfCNPd/_new 2014-05-02 14:03:51.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package vdr-plugin-streamdev (Version 0.0_CVS20080716080048) +# spec file for package vdr-plugin-streamdev # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,59 +15,73 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild -%define pluginversion 20080716080048 %define pluginname streamdev -%define pluginurl http://streamdev.vdr-developer.org/ -# -%define plugindir %pluginname-%pluginversion -%define plugintarball %pluginname-%pluginversion.tar.bz2 -# -%define pkgversion 0.0_CVS%pluginversion - -Name: vdr-plugin-streamdev -Version: %pkgversion -Release: 1 -Source: %plugintarball -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: VDR %pluginname plugin -License: GPL-2.0+ +%define pluginversion 0.6.1 +Name: vdr-plugin-%{pluginname} +Version: %{pluginversion} +Release: 0 +Summary: The streamdev plugin adds streaming capabilities to your VDR +License: GPL-2.0 Group: Hardware/TV -BuildRequires: gcc-c++ vdr-devel -PreReq: vdr(abi) = %{vdr_apiversion} -Url: %pluginurl -Patch0: streamdev-Makefile.diff -# only needed for packages that used the old naming scheme -Obsoletes: vdr-%pluginname < %pkgversion -# used to be in vdr-plugins -Provides: vdr-plugins:/usr/share/doc/packages/vdr/plugins/%{pluginname} -Conflicts: vdr-plugins <= 0.5 +Url: http://streamdev.vdr-developer.org/ +Source0: vdr-%{pluginname}-%{pluginversion}.tar.bz2 +Patch0: makefile-realpath.patch +BuildRequires: gcc-c++ +BuildRequires: pkg-config +BuildRequires: vdr-devel +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: %{vdr_prereq} +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description +The streamdev plugin adds streaming capabilities to your VDR. It comes in two flavours: VDR-to-VDR streaming using the proprietary VTP protocol and HTTP based streaming which is understood by a couple of software clients. + +%package client +Summary: The streamdev plugin adds streaming capabilities to your VDR +Group: Hardware/TV +PreReq: %{vdr_prereq} + +%description client +The streamdev plugin adds streaming capabilities to your VDR. It comes in two flavours: VDR-to-VDR streaming using the proprietary VTP protocol and HTTP based streaming which is understood by a couple of software clients. This package contains the client-plugin. + +%package server +Summary: The streamdev plugin adds streaming capabilities to your VDR +Group: Hardware/TV +PreReq: %{vdr_prereq} + +%description server +The streamdev plugin adds streaming capabilities to your VDR. It comes in two flavours: VDR-to-VDR streaming using the proprietary VTP protocol and HTTP based streaming which is understood by a couple of software clients. This package contains the server-plugin. -%vdrname %pluginname plugin %prep -%setup -q -n %plugindir -%patch0 -p1 -chmod 644 streamdev/externremux.sh +%setup -q -n %{pluginname}-%{pluginversion} +%patch0 -p 1 %build -%vdr_make +# use msgmerge wrapper +export PATH=%{_datadir}/vdr:$PATH +make %{?_smp_mflags} %install -%vdr_install_plugin %pluginname-client -%vdr_install_plugin %pluginname-server -%vdr_install_plugin_locale -# -%find_lang vdr-%pluginname +make DESTDIR=%{buildroot} install +%{vdr_find_locale_name -n vdr-streamdev-client} +%{vdr_find_locale_name -n vdr-streamdev-server} +mkdir -p %{buildroot}%{vdr_sysconfdir}/plugins/streamdev-server +install -c -m 644 streamdev-server/streamdevhosts.conf %{buildroot}%{_sysconfdir}/vdr/plugins/streamdev-server/streamdevhosts.conf -%clean -rm -rf "${RPM_BUILD_ROOT}" +%files client -f vdr-streamdev-client.files +%defattr(-,root,root) +%{_libdir}/vdr/libvdr-streamdev-client* +%{vdr_dirs} +%doc COPYING HISTORY README CONTRIBUTORS PROTOCOL -%files -f vdr-%pluginname.lang +%files server -f vdr-streamdev-server.files %defattr(-,root,root) -%doc COPYING PROTOCOL README HISTORY streamdev/streamdevhosts.conf streamdev/externremux.sh -%{vdr_libdir}/* +%{_libdir}/vdr/libvdr-streamdev-server* +%{vdr_dirs} +%attr(755,vdr,root) %dir %{vdr_sysconfdir}/plugins +%attr(755,vdr,root) %dir %{vdr_sysconfdir}/plugins/streamdev-server +%config %{_sysconfdir}/vdr/plugins/streamdev-server/streamdevhosts.conf +%doc COPYING HISTORY README CONTRIBUTORS PROTOCOL %changelog ++++++ makefile-realpath.patch ++++++ diff -Naur streamdev-0.6.1.orig/Makefile streamdev-0.6.1/Makefile --- streamdev-0.6.1.orig/Makefile 2013-05-04 12:05:47.000000000 +0200 +++ streamdev-0.6.1/Makefile 2013-12-05 01:34:10.931027335 +0100 @@ -37,8 +37,8 @@ -include $(PLGCFG) ### export all vars for sub-makes, using absolute paths -LIBDIR := $(shell cd $(LIBDIR) >/dev/null 2>&1 && pwd) -LOCDIR := $(shell cd $(LOCDIR) >/dev/null 2>&1 && pwd) +LIBDIR := $(shell realpath $(LIBDIR)) +LOCDIR := $(shell realpath $(LOCDIR)) export unexport PLUGIN -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0

commit vdr-plugin-femon for openSUSE:Factory
by root＠hilbert.suse.de 02 May '14

02 May '14

Hello community, here is the log from the commit of package vdr-plugin-femon for openSUSE:Factory checked in at 2014-05-02 14:03:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vdr-plugin-femon (Old) and /work/SRC/openSUSE:Factory/.vdr-plugin-femon.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "vdr-plugin-femon" Changes: -------- --- /work/SRC/openSUSE:Factory/vdr-plugin-femon/vdr-plugin-femon.changes 2011-09-23 12:49:47.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.vdr-plugin-femon.new/vdr-plugin-femon.changes 2014-05-02 14:03:45.000000000 +0200 @@ -2 +2 @@ -Thu May 20 13:17:04 UTC 2010 - lnussel(a)suse.de +Sat Mar 29 21:39:14 UTC 2014 - seife+obs(a)b1-systems.com @@ -4 +4,3 @@ -- change group to Hardware/TV +- run spec-cleaner +- remove vdrapi from package version +- change from vdrapi requires to PreReq vdr_prereq macro @@ -7 +9 @@ -Thu Jan 21 12:23:43 UTC 2010 - lnussel(a)suse.de +Sat Mar 29 17:24:19 UTC 2014 - seife+obs(a)b1-systems.com @@ -9,3 +11,2 @@ -- new version 1.6.7 - * fixes in h264 parser - * font handling fixes +- use plain make instead of baroque vdr_plugin_* macros +- do not strip libs to fix debuginfo package @@ -14 +15 @@ -Wed May 27 15:49:31 CEST 2009 - lnussel(a)suse.de +Sat Feb 8 16:41:45 UTC 2014 - wagner-thomas(a)gmx.at @@ -16 +17 @@ -- new verion 1.6.6 +- update to 2.0.2 @@ -19 +20 @@ -Wed Dec 17 11:00:56 CET 2008 - lnussel(a)suse.de +Tue Jul 9 17:38:15 UTC 2013 - wittemar(a)googlemail.com @@ -21 +22 @@ -- new version 1.6.5 +- update to 2.0.0 @@ -24 +25 @@ -Fri Dec 5 12:04:27 CET 2008 - lnussel(a)suse.de +Mon Mar 25 23:56:43 UTC 2013 - wittemar(a)googlemail.com @@ -26 +27,76 @@ -- initial package version 1.6.4 +- update to 1.7.19 + +------------------------------------------------------------------- +Sun Apr 15 09:51:22 UTC 2012 - wittemar(a)googlemail.com + +- update to 1.7.17 + +------------------------------------------------------------------- +Thu Mar 29 19:57:13 UTC 2012 - wittemar(a)googlemail.com + +- update to 1.7.16 + +------------------------------------------------------------------- +Tue Mar 13 21:46:06 UTC 2012 - wittemar(a)googlemail.com + +- update to 1.7.15 + +------------------------------------------------------------------- +Sun Feb 26 21:56:49 UTC 2012 - wittemar(a)googlemail.com + +- update to 1.7.13 + +------------------------------------------------------------------- +Wed Jan 18 01:53:34 UTC 2012 - wittemar(a)googlemail.com + +- update to 1.7.12 + +------------------------------------------------------------------- +Wed Dec 7 00:24:49 UTC 2011 - wittemar(a)googlemail.com + +- update to 1.7.11 + +------------------------------------------------------------------- +Thu Sep 22 09:29:42 UTC 2011 - wittemar(a)googlemail.com + +- update to 1.7.10 + +------------------------------------------------------------------- +Sun Mar 13 22:14:05 UTC 2011 - wittemar(a)googlemail.com + +- update to 1.7.9 + +------------------------------------------------------------------- +Sun Sep 19 00:00:00 UTC 2010 - wittemar(a)googlemail.com + +- update to 1.7.8 + +------------------------------------------------------------------- +Fri Mar 05 00:00:00 UTC 2010 - wittemar(a)googlemail.com + +- update to 1.7.7 + +------------------------------------------------------------------- +Mon Feb 01 00:00:00 UTC 2010 - wittemar(a)googlemail.com + +- update to 1.7.6 + +------------------------------------------------------------------- +Fri Oct 23 00:00:00 UTC 2009 - wittemar(a)googlemail.com + +- update to 1.7.5 + +------------------------------------------------------------------- +Fri Oct 23 00:00:00 UTC 2009 - wittemar(a)googlemail.com + +- update to 1.6.7 + +------------------------------------------------------------------- +Mon May 18 00:00:00 UTC 2009 - wittemar(a)googlemail.com + +- update to 1.7.1 + +------------------------------------------------------------------- +Tue May 12 00:00:00 UTC 2009 - wittemar(a)googlemail.com + +- update to 1.6.6 Old: ---- vdr-femon-1.6.7.tgz New: ---- vdr-femon-2.0.2.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vdr-plugin-femon.spec ++++++ --- /var/tmp/diff_new_pack.JN2cfa/_old 2014-05-02 14:03:46.000000000 +0200 +++ /var/tmp/diff_new_pack.JN2cfa/_new 2014-05-02 14:03:46.000000000 +0200 @@ -1,7 +1,8 @@ # -# spec file for package vdr-plugin-femon (Version 1.6.7) +# spec file for package vdr-plugin-femon # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 B1 Systems GmbH, Vohburg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,56 +16,44 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - -%define pluginversion 1.6.7 %define pluginname femon -%define pluginurl http://www.saunalahti.fi/~rahrenbe/vdr/femon/ -# -%define plugindir %pluginname-%pluginversion -%define plugintarball %pluginurl/files/vdr-%pluginname-%pluginversion.tgz -# -%define pkgversion %pluginversion - -Name: vdr-plugin-femon -Version: %pkgversion -Release: 1 -Source: %plugintarball -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: VDR %pluginname plugin -License: GPL-2.0+ +%define pluginversion 2.0.2 +Name: vdr-plugin-%{pluginname} +Version: %{pluginversion} +Release: 0 +Summary: DVB Frontend Status Monitor plugin for VDR +License: GPL-2.0 Group: Hardware/TV -BuildRequires: gcc-c++ vdr-devel -PreReq: vdr(abi) = %{vdr_apiversion} -Url: %pluginurl -# only needef for packages that used the old naming scheme -Obsoletes: vdr-%pluginname < %pkgversion +Url: http://www.saunalahti.fi/~rahrenbe/vdr/femon/ +Source0: vdr-%{pluginname}-%{pluginversion}.tgz +BuildRequires: gcc-c++ +BuildRequires: pkg-config +BuildRequires: vdr-devel +PreReq: %{vdr_prereq} +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -DVB Frontend Status Monitor is a plugin that displays some signal -information parameters of the current tuned channel on OSD. You can -zap through all your channels and the plugin should be monitoring -always the right frontend. The transponder and stream information -are also available in advanced display modes. +DVB Frontend Status Monitor is a plugin that displays some signal information +parameters of the current tuned channel on OSD. You can zap through all your +channels and the plugin should be monitoring always the right frontend. The +transponder and stream information are also available in advanced display modes. %prep -%setup -q -n %plugindir +%setup -q -n %{pluginname}-%{pluginversion} +# fix debuginfo... +sed -i 's#^STRIP = .*#STRIP = /bin/true#' Makefile %build -%vdr_make +make %{?_smp_mflags} %install -%vdr_install_plugin %pluginname -%vdr_install_plugin_locale -# -%find_lang vdr-%pluginname - -%clean -rm -rf "${RPM_BUILD_ROOT}" +make DESTDIR=%{buildroot} install +%{vdr_find_locale} -%files -f vdr-%pluginname.lang +%files -f vdrlocale.files %defattr(-,root,root) +%{_libdir}/vdr/* +%{vdr_dirs} %doc COPYING HISTORY README -%{vdr_libdir}/* %changelog ++++++ vdr-femon-1.6.7.tgz -> vdr-femon-2.0.2.tgz ++++++ ++++ 9503 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-commit+help(a)opensuse.org

1 0