openSUSE Commits
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
February 2015
- 1 participants
- 1390 discussions
Hello community,
here is the log from the commit of package live555 for openSUSE:Factory checked in at 2015-02-06 10:17:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/live555 (Old)
and /work/SRC/openSUSE:Factory/.live555.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "live555"
Changes:
--------
--- /work/SRC/openSUSE:Factory/live555/live555.changes 2014-11-03 13:11:14.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.live555.new/live555.changes 2015-02-06 10:17:08.000000000 +0100
@@ -1,0 +2,128 @@
+Sat Jan 31 13:00:25 UTC 2015 - aloisio(a)gmx.com
+
+- fixed paths in live555.pc
+- update to version 2015.01.27:
+ * Fixed a bug in "MPEG2TransportStreamFromESSource" that could
+ sometimes cause an abort if more than one Elementary Stream
+ Source were multiplexed into a single Transport Stream.
+ (Thanks to Marc Palau for reporting this issue.)
+- version 2015.01.19:
+ * Fixed an obscure bug in "RTSPClient" that might conceivably
+ have caused a crash if it received a completely empty RTSP
+ response.
+- version 2015.01.04:
+ * Updated "config.iphone-simulator" to work with the latest Xcode.
+ (Thanks to Braden Ackerman.)
+ * In the "BasicUsageEnvironment" implementation, renamed
+ "EventTime" to "_EventTime" to avoid a reported naming conflict.
+- version 2014.12.17:
+ * Updated "RTSPServerSupportingHTTPStreaming" to make sure that
+ the data stream source gets closed when it's no longer needed.
+- version 2014.12.16:
+ * Changed the FD_SETSIZE check (introduced in version 2014.12.11)
+ so that it's not done in Windows (because in Windows,
+ FD_SETSIZE has different semantics).
+ (Thanks to Deanna Earley for reporting this.)
+- version 2014.12.13:
+ * Updated the H.264/H.265 parsing code in "H264or5VideoStreamFramer"
+ to be a little smarter about how it computes a file's frame rate
+ (when streaming a 'raw' H.264 or H.265 file).
+ (Thanks to Michel Promonet for inspiring this.)
+ * Updated "config.iphoneos" to work with the latest Xcode.
+ (Thanks to Braden Ackerman.)
+- version 2014.12.11:
+ * Changed our implementation of "setBackgroundHandling()" and
+ "moveBackgroundHandling()" in "BasicTaskScheduler" to check for
+ (and disallow) socket numbers >= FD_SETSIZE, because <sys/select.h>
+ has a bug (at least, in most systems) that causes buffer overflow
+ in this case. (Thanks to Michel Promonet for pointing this out.)
+- version 2014.12.09:
+ * Needed to make the "QuickTimeFileSink" constructor and destructor
+ protected: to allow subclassing.
+- version 2014.12.08:
+ * Fixed a bug in parsing 'absolute' RTSP "Range:" headers with no end
+ time. (Thanks to Ken Chow for reporting this.)
+ * Added a new option "-K" to "openRTSP, to tell the client to
+ periodically send "OPTIONS" requests as 'keep-alives' for buggy
+ servers that don't use incoming RTCP "RR" packets to indicate client
+ liveness. (Thanks to Peter Schlaile for this suggestion.)
+ * Added a new 'protected' virtual member function "noteRecordedFrame()"
+ to "QuickTimeFileSink". This function is called whenever a frame is
+ recorded to the output file. The default implementation of this
+ virtual function does nothing, but subclasses can redefine it if
+ they wish.
+- version 2014.11.28:
+ * When "RTSPClient" parses a RTSP response, we first skip over any
+ blank lines that may be at the start of the response. This can
+ happen if the previous response (e.g., to a "DESCRIBE") contained
+ extra whitespace. (Thanks to ilwoo Nam for giving an example of
+ a server that exhibited this behavior.)
+- version 2014.11.12:
+ * We had forgotten to initialize the "RTSPClient" member variable
+ "fAllowBasicAuthentication" that we introduced in the previous
+ version.
+- version 2014.11.07:
+ * Added a new "RTSPClient" member function "disallowBasicAuthentication()"
+ that you can call if you don't want a RTSP client to perform 'basic'
+ authentication (whcih involves sending the username and password over
+ the network), even if the server asks for this.
+ (Thanks to Tomasz Pala for this suggestion.)
+ * Updated the debugging printout code in "RTCP.cpp" to identify all
+ known RTCP payload types, even if we don't currently handle them.
+ We also - when doing debugging printout - parse and print out
+ the contents of SDES RTCP packets.
+- version 2014.11.01:
+ * Updated "RTSPClient" so that it reuses "fCurrentAuthenticator"
+ if we previously updated it with data from a "WWW-Authenticate:"
+ response, even if a non_NULL "authenticator" parameter was
+ passed as a parameter to the command. This reduces the number
+ of authetication exchanges that take place if the server asks
+ for authentication on more than one command in a RTSP session.
+ (Thanks to Tomasz Pala for this suggestion.)
+ * Updated "DigestAuthenticator" to allow for the possibility of
+ "username" or "password" being NULL.
+ * Updated the "RTSPServer" implementation to add an access check
+ before the first "SETUP" (the one that doesn't include a
+ session id), because it's possible, in principle, for a client
+ to send such a "SETUP" without first sending a "DESCRIBE".
+ Therefore, we need to perform access checks on both commands.
+- version 2014.10.28:
+ * Added support for the VP9 video RTP payload format (sending and
+ receiving), including the demultiplexing and streaming of a VP9
+ video track from a Matroska-format file.
+ * Made "VP8VideoRTPSource" more robust against a bad first-byte
+ header field in the payload.
+- version 2014.10.21:
+ * Increased the max output packet size for "MultiFramedRTPSink"
+ and "RTCPInstance" from 1448 to 1456, because we had a report
+ of problems when proxying incoming JPEG/RTP packets of this
+ size (and because 1456 bytes still gives a packet size of no
+ more than 1500 bytes when we add
+ in IP, UDP, and UMTP headers).
+- version 2014.10.20:
+ * Increased the RTSP request and response buffer sizes from 10000
+ to 20000 bytes, because we saw a RTSP stream (VP8 video) that
+ had an extremely large "configuration=" string that was hiting
+ the previous limit.
+- version 2014.10.16:
+ * Fixed the "RTSPServer" implementation to handle a rare race
+ condition that could cause a "ServerMediaSession" object to
+ be deleted while it was being used to implement "DESCRIBE".
+ (Thanks to Michel Promonet for reporting this.)
+- version 2014.10.07:
+ * Fixed a bug in the "MultiFramedRTPSource" implementation where
+ we weren't properly checking the size of incoming RTP packets
+ that have the "CC" field (i.e., number of "CSRC" fields) non-zero.
+ * Updated "Groupsock::output()" to be a virtual function.
+ (This makes it possible to implement "Groupsock" subclasses that
+ implement 'bump-in-the-stack' protocols (such as SRT(C)P) below
+ RTP/RTCP.)
+- version 2014.10.03:
+ * Fixed a problem in the "timestampString()" routine that occurs
+ if "time_t" is 64 bits, but we're on a 32-bit machine.
+ (Thanks to Deanna Earley for reporting this.)
+ * Updated the debugging output code in "RTCP.cpp" to make it
+ clearer that SDES and APP packets are not invalid; just not
+ (yet) handled by us.
+
+-------------------------------------------------------------------
Old:
----
live.2014.09.22.tar.gz
New:
----
live.2015.01.27.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ live555.spec ++++++
--- /var/tmp/diff_new_pack.yUKMO4/_old 2015-02-06 10:17:09.000000000 +0100
+++ /var/tmp/diff_new_pack.yUKMO4/_new 2015-02-06 10:17:09.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package live555
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2013 Dominique Leuenberger, Amsterdam, The Netherlands
#
# All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@
Name: live555
-Version: 2014.09.22
+Version: 2015.01.27
Release: 1.2
Summary: LIVE555 Streaming Media
License: LGPL-2.1
@@ -40,8 +40,8 @@
Summary: LIVE555 Streaming Media
Group: Development/Languages/C and C++
# Actually, live555 is a devel package only. Headers, code and a static lib is all there is.
-Provides: live555 = %{version}
-Obsoletes: live555 < %{version}
+Provides: %{name} = %{version}
+Obsoletes: %{name} < %{version}
%description devel
This code forms a set of C++ libraries for multimedia streaming,
@@ -53,13 +53,15 @@
%patch0 -p1
%build
+export CFLAGS="%{optflags}"
+export CPPFLAGS="%{optflags}"
./genMakefiles linux
make %{?_smp_mflags}
%install
install -d -m 755 %{buildroot}%{_libdir}/live
install -d -m 755 %{buildroot}%{_includedir}
-find . -type f -name "*.a" -exec install {} %{buildroot}%{_libdir}/live \;
+find . -type f -name "*.a" -exec install -m 644 {} %{buildroot}%{_libdir}/live \;
for fld in liveMedia groupsock BasicUsageEnvironment UsageEnvironment; do
install -d -m 755 %{buildroot}%{_includedir}/$fld
cp -rL $fld/include/* %{buildroot}%{_includedir}/$fld
@@ -76,8 +78,8 @@
Name: live555
Description: Multimedia streaming libraries
Version: %{version}
-Libs: -L${libdir} -lliveMedia -lUsageEnvironment -lgroupsock -lBasicUsageEnvironment
-Cflags: -I${includedir} -I${includedir}/liveMedia -I${includedir}/UsageEnvironment -I${includedir}/groupsock -I${includedir}/BasicUsageEnvironment
+Libs: -L${libdir}/live -lliveMedia -lUsageEnvironment -lgroupsock -lBasicUsageEnvironment
+Cflags: -I${includedir}/liveMedia -I${includedir}/UsageEnvironment -I${includedir}/groupsock -I${includedir}/BasicUsageEnvironment
EOF
%files devel
++++++ live.2014.09.22.tar.gz -> live.2015.01.27.tar.gz ++++++
++++ 6454 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package patchinfo.3399 for openSUSE:13.1:Update checked in at 2015-02-06 10:16:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.3399 (Old)
and /work/SRC/openSUSE:13.1:Update/.patchinfo.3399.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.3399"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="3399">
<issue id="903359" tracker="bnc">Temporary migration name is not cleaned up after migration</issue>
<issue id="910681" tracker="bnc">VUL-0: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown</issue>
<issue id="905465" tracker="bnc">VUL-0: CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode hypercall argument translation</issue>
<issue id="906996" tracker="bnc">VUL-0: CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation</issue>
<issue id="903970" tracker="bnc">VUL-0: CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86 emulation of far branches</issue>
<issue id="901317" tracker="bnc">increase limit domUloader to 32MB</issue>
<issue id="900292" tracker="bnc">xl tries to save core files to missing /var/xen/dump directory</issue>
<issue id="905467" tracker="bnc">VUL-0: CVE-2014-8867: XSA-112: xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor</issue>
<issue id="906439" tracker="bnc">VUL-0: CVE-2014-9030: XSA-113: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling</issue>
<issue id="903967" tracker="bnc">VUL-0: CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU update hypercalls</issue>
<issue id="866902" tracker="bnc">Xen save/restore of HVM guests cuts off disk and networking</issue>
<issue id="826717" tracker="bnc">VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts</issue>
<issue id="903357" tracker="bnc">Corrupted save/restore test leaves orphaned data in xenstore</issue>
<issue id="882089" tracker="bnc">Windows 2012 R2 fails to boot up with greater than 60 vcpus</issue>
<issue id="889526" tracker="bnc">VUL-0: CVE-2014-5146,CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu operations are not preemptible</issue>
<issue id="903850" tracker="bnc">VUL-0: Xen: guest user mode triggerable VM exits not handled by hypervisor</issue>
<issue id="CVE-2014-5146" tracker="cve" />
<issue id="CVE-2014-8594" tracker="cve" />
<issue id="CVE-2014-8595" tracker="cve" />
<issue id="CVE-2015-0361" tracker="cve" />
<issue id="CVE-2014-9030" tracker="cve" />
<issue id="CVE-2014-5149" tracker="cve" />
<issue id="CVE-2014-8866" tracker="cve" />
<issue id="CVE-2013-3495" tracker="cve" />
<issue id="CVE-2014-9065" tracker="cve" />
<issue id="CVE-2014-8867" tracker="cve" />
<issue id="CVE-2014-9066" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>charlesa</packager>
<description>
The virtualization software XEN was updated to version 4.3.3 and also
to fix bugs and security issues.
Security issues fixed:
CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown
CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation
CVE-2014-9030: XSA-113: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling
CVE-2014-8867: XSA-112: xen: Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor
CVE-2014-8866: XSA-111: xen: Excessive checking in compatibility mode hypercall argument translation
CVE-2014-8595: XSA-110: xen: Missing privilege level checks in x86 emulation of far branches
CVE-2014-8594: XSA-109: xen: Insufficient restrictions on certain MMU update hypercalls
CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts
CVE-2014-5146, CVE-2014-5149: xen: XSA-97 Long latency virtual-mmu operations are not preemptible
Bugs fixed:
- bnc#903357 - Corrupted save/restore test leaves orphaned data
in xenstore
- bnc#903359 - Temporary migration name is not cleaned up after
migration
- bnc#903850 - VUL-0: Xen: guest user mode triggerable VM exits not
handled by hypervisor
- bnc#866902 - L3: Xen save/restore of HVM guests cuts off disk
and networking
- bnc#901317 - L3: increase limit domUloader to 32MB
domUloader.py
- bnc#882089 - Windows 2012 R2 fails to boot up with greater than
60 vcpus
- bsc#900292 - xl: change default dump directory
- Update to Xen 4.3.3
</description>
<reboot_needed/>
<summary>Security update for xen</summary>
</patchinfo>
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package xen for openSUSE:13.1:Update checked in at 2015-02-06 10:16:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/xen (Old)
and /work/SRC/openSUSE:13.1:Update/.xen.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.ugaTG1/_old 2015-02-06 10:16:59.000000000 +0100
+++ /var/tmp/diff_new_pack.ugaTG1/_new 2015-02-06 10:16:59.000000000 +0100
@@ -1 +1 @@
-<link package='xen.3332' cicount='copy' />
+<link package='xen.3399' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package gnuplot for openSUSE:Factory checked in at 2015-02-06 10:16:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnuplot (Old)
and /work/SRC/openSUSE:Factory/.gnuplot.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnuplot"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnuplot/gnuplot.changes 2015-01-25 21:14:38.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.gnuplot.new/gnuplot.changes 2015-02-06 10:16:34.000000000 +0100
@@ -1,0 +2,7 @@
+Sat Jan 31 12:54:31 UTC 2015 - alinm.elena(a)gmail.com
+
+- for versions greater than 13.1 we shall build against qt5
+ * cleaned up various rpmlint warning
+ * got rid of configure options obsoleted
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnuplot.spec ++++++
--- /var/tmp/diff_new_pack.EbDEUw/_old 2015-02-06 10:16:35.000000000 +0100
+++ /var/tmp/diff_new_pack.EbDEUw/_new 2015-02-06 10:16:35.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package gnuplot
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,11 @@
%bcond_without h3d_gridbox
-
+%if %{suse_version} > 1310
+%define qtver 5
+%else
+%define qtver 4
+%endif
Name: gnuplot
BuildRequires: ImageMagick
BuildRequires: automake
@@ -28,17 +32,24 @@
BuildRequires: gd-devel
BuildRequires: gtk2-devel
BuildRequires: libjpeg-devel
-BuildRequires: libqt4-devel >= 4.5
+BuildRequires: libqt5-linguist-devel
BuildRequires: netpbm
BuildRequires: pango-devel
BuildRequires: readline-devel
-%if %suse_version <= 1140
-BuildRequires: zziplib
+%if %qtver >= 5
+BuildRequires: pkgconfig(Qt5Core)
+BuildRequires: pkgconfig(Qt5Gui)
+BuildRequires: pkgconfig(Qt5Network)
+BuildRequires: pkgconfig(Qt5PrintSupport)
+BuildRequires: pkgconfig(Qt5Svg)
+%else
+BuildRequires: libqt4-devel >= 4.5
%endif
BuildRequires: latex2html
BuildRequires: texlive-latex
BuildRequires: texlive-tex4ht
BuildRequires: texlive-ucs
+BuildRequires: zziplib
%if %suse_version >= 1220
BuildRequires: makeinfo
%endif
@@ -51,24 +62,17 @@
BuildRequires: tex(pdftex.def)
BuildRequires: tex(subfigure.sty)
%endif
-BuildRequires: xorg-x11
-BuildRequires: xorg-x11-devel
-%if %suse_version > 1130
-BuildRequires: wxWidgets-devel
-%else
-BuildRequires: wxGTK-devel
-%endif
+BuildRequires: fdupes
BuildRequires: libpng-devel
BuildRequires: lua-devel
-%if 0%{?suse_version} > 1110
BuildRequires: plotutils-devel
-%else
-BuildRequires: plotutils
-%endif
+BuildRequires: wxWidgets-devel
+BuildRequires: xorg-x11
+BuildRequires: xorg-x11-devel
Url: http://www.gnuplot.info/
Version: 5.0.0
Release: 0
-Summary: GNUplot a Function Plotting Utility
+Summary: Function Plotting Utility and more
License: SUSE-Gnuplot and GPL-2.0+
Group: Productivity/Graphics/Visualization/Graph
# http://sourceforge.net/projects/gnuplot/files/gnuplot/4.6.4/gnuplot-4.6.4.t…
@@ -102,10 +106,8 @@
%define _x11inc %{_includedir}
%define _appdef %{_x11data}/app-defaults
%endif
-%if %suse_version > 1130
%define _use_internal_dependency_generator 0
%define __find_requires %wx_requires
-%endif
%description
GNUplot is a command line driven interactive function plotting utility.
@@ -119,9 +121,7 @@
Requires: %{name}
Requires(post): %install_info_prereq
Requires(postun): %install_info_prereq
-%if 0%{?suse_version} >= 1120
BuildArch: noarch
-%endif
%description doc
GNUplot documentation files including the man and info pages. GNUplot
@@ -144,6 +144,7 @@
%patch1 -p 0 -b .x11ovf
%build
+
SECSVGA="-DSVGA_IS_SECURE=1"
export CPPFLAGS="-I%{_x11inc} -I%{_includedir}/gd -DAppDefDir=\\\"%{_appdef}\\\""
export CPPFLAGS="$CPPFLAGS -DGNUPLOT_LIB_DEFAULT=\\\"%{_docdir}/%{name}/demo\\\""
@@ -157,8 +158,17 @@
done
autoreconf -fi
+# sed -i "s;bin/uic;bin/uic-qt5;g" ./configure
+# sed -i "s;bin/moc;bin/moc-qt5;g" ./configure
+# sed -i "s;bin/rcc;bin/rcc-qt5;g" ./configure
+# sed -i "s;bin/lrelease;bin/lrelease-qt5;g" ./configure
+# sed -i "s;UIC=uic;UIC=uic-qt5;g" ./configure
+# sed -i "s;MOC=moc;MOC=moc-qt5;g" ./configure
+# sed -i "s;RCC=rcc;RCC=rcc-qt5;g" ./configure
+# sed -i "s;LRELEASE=lrelease;LRELEASE=lrelease-qt5;g" ./configure
+
%configure \
- --with-gcc \
+ --enable-stats \
--with-x \
--x-includes=%{_x11inc} \
--x-libraries=%{_x11lib}\
@@ -177,18 +187,17 @@
--enable-h3d-gridbox \
%endif
--enable-backwards-compatibility\
- --with-zlib \
--with-gd \
- --enable-thin-splines \
--without-row-help \
--with-kpsexpand \
- --with-plot=%{_libdir} \
- --enable-qt
-%if %suse_version <= 1140
- make %{?_smp_mflags} RCC=/usr/bin/rcc LRELEASE=/usr/bin/lrelease
+ --with-qt=qt%{qtver}
+
+%if %{qtver} >= 5
+ make %{?_smp_mflags} UIC=/usr/bin/uic-qt5 MOC=/usr/bin/moc-qt5 RCC=/usr/bin/rcc-qt5 LRELEASE=/usr/bin/lrelease-qt5
%else
make %{?_smp_mflags}
%endif
+
pushd docs/
make srcdir=. clean all html pdf gpcard.ps info
pushd psdoc/
@@ -239,6 +248,7 @@
install -m 0444 lisp/gnuplot*.el* %{buildroot}/%{_datadir}/emacs/site-lisp/
mv %{buildroot}/%{_mandir}/man1/gnuplot-ja.1 %{buildroot}/%{_mandir}/ja/man1/gnuplot.1
rm -f %{buildroot}/%{_docdir}/gnuplot/demo/Makefile*
+ %fdupes -s %{buildroot}
%post doc
%install_info --info-dir=.%{_infodir} .%{_infodir}/%{name}.info.gz
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package numactl for openSUSE:Factory checked in at 2015-02-06 10:16:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/numactl (Old)
and /work/SRC/openSUSE:Factory/.numactl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "numactl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/numactl/numactl.changes 2015-01-21 21:54:21.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.numactl.new/numactl.changes 2015-02-06 10:16:10.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Jan 27 11:07:47 UTC 2015 - trenn(a)suse.de
+
+- Change license from GPL-2.0+ to GPL-2.0
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ numactl.spec ++++++
--- /var/tmp/diff_new_pack.ynzBct/_old 2015-02-06 10:16:11.000000000 +0100
+++ /var/tmp/diff_new_pack.ynzBct/_new 2015-02-06 10:16:11.000000000 +0100
@@ -20,7 +20,7 @@
Name: numactl
Summary: NUMA Policy Control
-License: GPL-2.0+
+License: GPL-2.0
Group: System/Management
Version: 2.0.10
Release: 0
@@ -52,7 +52,7 @@
%package -n libnuma-devel
Summary: NUMA Policy Control
-License: GPL-2.0+
+License: GPL-2.0
Group: Development/Languages/C and C++
Requires: libnuma1 = %{version}
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package libvirt for openSUSE:13.1:Update checked in at 2015-02-06 10:08:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/libvirt (Old)
and /work/SRC/openSUSE:13.1:Update/.libvirt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _link ++++++
--- /var/tmp/diff_new_pack.sZlAxm/_old 2015-02-06 10:08:32.000000000 +0100
+++ /var/tmp/diff_new_pack.sZlAxm/_new 2015-02-06 10:08:32.000000000 +0100
@@ -1 +1 @@
-<link package='libvirt.3348' cicount='copy' />
+<link package='libvirt.3472' cicount='copy' />
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package libvirt.3472 for openSUSE:13.1:Update checked in at 2015-02-06 10:08:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/libvirt.3472 (Old)
and /work/SRC/openSUSE:13.1:Update/.libvirt.3472.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt.3472"
Changes:
--------
New Changes file:
--- /dev/null 2014-12-25 22:38:16.200041506 +0100
+++ /work/SRC/openSUSE:13.1:Update/.libvirt.3472.new/libvirt.changes 2015-02-06 10:08:30.000000000 +0100
@@ -0,0 +1,2432 @@
+-------------------------------------------------------------------
+Wed Jan 28 12:04:09 MST 2015 - jfehlig(a)suse.com
+
+- CVE-2015-0236: libvirt: access control bypass
+ 03c3c0c8-CVE-2015-0236.patch, b347c0c2-CVE-2015-0236.patch
+ bsc#914693
+
+-------------------------------------------------------------------
+Fri Dec 19 17:31:47 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2014-8136: libvirt: local denial of service in qemu driver
+ 2bdcd29c-CVE-2014-8136.patch
+ bsc#910862
+
+-------------------------------------------------------------------
+Mon Nov 10 22:15:12 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2014-7823: dumpxml: security hole with migratable flag
+ b1674ad5-CVE-2014-7823.patch
+ bsc#904176
+
+-------------------------------------------------------------------
+Thu Oct 2 09:52:27 MDT 2014 - jfehlig(a)suse.com
+
+- CVE-2014-3657: Fix domain deadlock
+ fc22b2e7-CVE-2014-3657.patch
+ bsc#899484
+
+-------------------------------------------------------------------
+Thu Sep 18 22:54:52 MDT 2014 - jfehlig(a)suse.com
+
+- CVE-2014-3633: Use correct definition when looking up disk in
+ qemu blkiotune
+ 3e745e8f-CVE-2014-3633.patch
+ bsc#897783
+
+-------------------------------------------------------------------
+Tue May 20 15:13:22 MDT 2014 - jfehlig(a)suse.com
+
+- spec: libvirt-daemon package owns /etc/libvirt, not libvirt-client
+ bnc#878056
+
+-------------------------------------------------------------------
+Mon May 5 16:47:43 MDT 2014 - jfehlig(a)suse.com
+
+- CVE-2014-0179: Don't expand entities when parsing XML
+ d6b27d3e-CVE-2014-0179.patch
+ bnc#873705
+
+-------------------------------------------------------------------
+Wed Apr 30 07:07:52 UTC 2014 - rhafer(a)suse.com
+
+- Fix migration with QEMU 1.6 (bnc#875694)
+ QEMU 1.6.0 introduced new migration status: setup
+ Libvirt does not expect such string in QMP and refuses to migrate
+ with error "unexpected migration status in setup"
+ d35ae41-bnc875694.patch
+
+-------------------------------------------------------------------
+Fri Apr 18 14:35:48 MDT 2014 - jfehlig(a)suse.com
+
+- libvirtd: notify systemd when ready to accept connections
+ bnc#873103, bnc#871154
+
+-------------------------------------------------------------------
+Fri Mar 21 12:16:25 MDT 2014 - jfehlig(a)suse.com
+
+- Rename patch to include CVE number
+ 484cc321-fix-spice-migration.patch -> 484cc321-CVE-2013-7336.patch
+
+-------------------------------------------------------------------
+Tue Mar 18 10:50:21 UTC 2014 - cbosdonnat(a)suse.com
+
+- Backport libvirt-guests fixes
+ 4e7fc83-bnc852005.patch, 68954fb-bnc852005.patch,
+ ba79e38-bnc852005.patch
+ bnc#852005
+
+-------------------------------------------------------------------
+Tue Mar 4 17:34:36 UTC 2014 - cbosdonnat(a)suse.com
+
+- CVE-2013-6456: unsafe usage of paths under /proc/$PID/root
+ 1754c7f-CVE-2013-6456.patch
+ 1cadeaf-CVE-2013-6456.patch
+ 2c2bec9-CVE-2013-6456.patch
+ 4dd3a7d-CVE-2013-6456.patch
+ 5fc590a-CVE-2013-6456.patch
+ 7a44af9-CVE-2013-6456.patch
+ 7c72ef6-CVE-2013-6456.patch
+ 7fba01c-CVE-2013-6456.patch
+ a537827-CVE-2013-6456.patch
+ aebbcdd-CVE-2013-6456.patch
+ c321bfc-CVE-2013-6456.patch
+ c364897-CVE-2013-6456.patch
+ c3eb12c-CVE-2013-6456.patch
+ d24e6b8-CVE-2013-6456.patch
+ bnc#857490
+- avoid short reads while chasing backing chain. This commit is
+ needed by one of the patches fixing the CVE.
+ d697b0f3-storage-avoid-short-reads.patch
+
+-------------------------------------------------------------------
+Wed Jan 22 15:12:21 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2013-6458: qemu: Fix job usage in several APIs
+ 17db7e28-CVE-2013-6458.patch, 54cb7f05-CVE-2013-6458.patch,
+ bcb9a035-CVE-2013-6458.patch, 939b0818-CVE-2013-6458.patch,
+ 82daa87f-CVE-2013-6458.patch
+ bnc#857492
+
+-------------------------------------------------------------------
+Wed Jan 22 14:49:40 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2014-1447: Prevent libvirtd crash if a connection closes
+ early
+ ed327dfc-CVE-2014-1447.patch, 2842b103-CVE-2014-1447.patch
+ bnc#858817
+
+-------------------------------------------------------------------
+Wed Jan 22 14:40:21 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2013-6457: avoid crashing libvirtd when calling
+ `virsh numatune' on inactive Xen libxl domain
+ 52c40003-CVE-2013-6457.patch
+ bnc#858824
+
+-------------------------------------------------------------------
+Wed Jan 22 14:33:55 MST 2014 - jfehlig(a)suse.com
+
+- CVE-2014-0028: filter global events by domain:getattr ACL
+ fb5a3190-CVE-2014-0028.patch
+ bnc#859051
+
+-------------------------------------------------------------------
+Wed Jan 22 10:02:06 MST 2014 - jfehlig(a)suse.com
+
+- Add CAP_SYS_PACCT capability to libvirtd AppArmor profile
+ Modified install-apparmor-profiles.patch
+ bnc#817407
+
+--------------------------------------------------------------------
+Mon Jan 20 18:29:29 MST 2014 - jfehlig(a)suse.com
+
+- Following the upstream pattern, introduce the
+ daemon-config-network subpackage to handle defining the default
+ network
+ bnc#859041
+
+-------------------------------------------------------------------
+Thu Jan 9 18:01:04 MST 2014 - jfehlig(a)suse.com
+
+- Fix initialization of emulated NICs
+ Added 7c98d1c1-nic-type.patch
+ Replaced libxl-hvm-nic.patch with upstream
+ e1459c1f-nic-devid.patch
+ bnc#857271
+
+-------------------------------------------------------------------
+Wed Jan 8 11:16:47 MST 2014 - jfehlig(a)suse.com
+
+- Fix potential segfault in libxl driver when domain create fails
+ b03eba13-libxl-segfault-fix.patch
+ bnc#857271
+
+-------------------------------------------------------------------
+Fri Dec 20 09:04:45 MST 2013 - jfehlig(a)suse.com
+
+- CVE-2013-6436: Fix crashes in lxc memtune code, one of which
+ results in DoS
+ f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch
+ bnc#854486
+
+-------------------------------------------------------------------
+Thu Dec 12 21:00:32 UTC 2013 - cbosdonnat(a)suse.com
+
+- Backported upstream patch to fix LXC container failing start.
+ bnc#855239
+
+-------------------------------------------------------------------
+Mon Dec 9 13:07:29 MST 2013 - jfehlig(a)suse.com
+
+- Building with polkit support requires polkit-devel
+ bnc#854144
+
+-------------------------------------------------------------------
+Fri Dec 6 10:52:56 MST 2013 - jfehlig(a)suse.com
+
+- More adjustments to the spec file to fix package dependency
+ issues
+ bnc#848918
+
+-------------------------------------------------------------------
+Tue Nov 26 14:46:21 MST 2013 - jfehlig(a)suse.com
+
+- Allow execution of libvirt hook scripts in /etc/libvirt/hooks/
+ in libvirtd AppArmor profile
+
++++ 2235 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.libvirt.3472.new/libvirt.changes
New:
----
03c3c0c8-CVE-2015-0236.patch
1754c7f-CVE-2013-6456.patch
17db7e28-CVE-2013-6458.patch
1cadeaf-CVE-2013-6456.patch
2842b103-CVE-2014-1447.patch
2bdcd29c-CVE-2014-8136.patch
2c2bec9-CVE-2013-6456.patch
2dba0323-CVE-2013-4297.patch
3e2f27e1-CVE-2013-4400.patch
3e745e8f-CVE-2014-3633.patch
484cc321-CVE-2013-7336.patch
4dd3a7d-CVE-2013-6456.patch
4e7fc83-bnc852005.patch
52c40003-CVE-2013-6457.patch
54cb7f05-CVE-2013-6458.patch
57687fd6-CVE-2013-4401.patch
5a0ea4b7-CVE-2013-4400.patch
5fc590a-CVE-2013-6456.patch
68954fb-bnc852005.patch
79552754-libvirtd-chardev-crash.patch
7a44af9-CVE-2013-6456.patch
7c72ef6-CVE-2013-6456.patch
7c98d1c1-nic-type.patch
7fba01c-CVE-2013-6456.patch
8294aa0c-CVE-2013-4399.patch
82daa87f-CVE-2013-6458.patch
843bdb2f-CVE-2013-4400.patch
8c3586ea-CVE-2013-4400.patch
922b7fda-CVE-2013-4311.patch
939b0818-CVE-2013-6458.patch
97973ebb-LXC-threading-error.patch
9faf3f29-LXC-memtune.patch
a537827-CVE-2013-6456.patch
ae53e5d1-CVE-2013-4400.patch
aebbcdd-CVE-2013-6456.patch
b03eba13-libxl-segfault-fix.patch
b1674ad5-CVE-2014-7823.patch
b347c0c2-CVE-2015-0236.patch
b7fcc799a-CVE-2013-4400.patch
ba79e38-bnc852005.patch
baselibs.conf
bcb9a035-CVE-2013-6458.patch
bd773e74-lxc-terminate-machine.patch
c321bfc-CVE-2013-6456.patch
c364897-CVE-2013-6456.patch
c3eb12c-CVE-2013-6456.patch
clone.patch
d24e6b8-CVE-2013-6456.patch
d35ae41-bnc875694.patch
d697b0f3-storage-avoid-short-reads.patch
d6b27d3e-CVE-2014-0179.patch
db7a5688-CVE-2013-4311.patch
e1459c1f-nic-devid.patch
e350826c-python-fix-fd-passing.patch
e4697b92-CVE-2013-4311.patch
e65667c0-CVE-2013-4311.patch
e7f400a1-CVE-2013-4296.patch
ed327dfc-CVE-2014-1447.patch
f8c1cb90-CVE-2013-6436.patch
fb5a3190-CVE-2014-0028.patch
fc22b2e7-CVE-2014-3657.patch
fix-pci-attach-xen-driver.patch
install-apparmor-profiles.patch
libvirt-1.1.2.tar.bz2
libvirt-guests-init-script.patch
libvirt-suse-netcontrol.patch
libvirt.changes
libvirt.spec
libvirtd-defaults.patch
libvirtd-init-script.patch
libvirtd-relocation-server.fw
libvirtd.init
libxl-hvm-vnc.patch
support-managed-pci-xen-driver.patch
suse-qemu-conf.patch
systemd-service-xen.patch
virtlockd-init-script.patch
xen-name-for-devid.patch
xen-pv-cdrom.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
++++ 1892 lines (skipped)
++++++ 03c3c0c8-CVE-2015-0236.patch ++++++
commit 03c3c0c874c84dfa51ef17556062b095c6e1c0a3
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Tue Jan 20 17:01:01 2015 +0100
CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it.
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -5485,7 +5485,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect
if (fd < 0)
goto cleanup;
- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
+ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
goto cleanup;
ret = qemuDomainDefFormatXML(driver, def, flags);
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -4498,6 +4498,7 @@ enum remote_procedure {
* @generate: both
* @priority: high
* @acl: domain:read
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
*/
REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
++++++ 1754c7f-CVE-2013-6456.patch ++++++
>From 77ddbad2a9272239a09673c5d6993793308514e9 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 17:45:08 +0000
Subject: [PATCH 12/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC block hostdev hotplug
Rewrite lxcDomainAttachDeviceHostdevStorageLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 1754c7f0ab1407dcf7c89636a35711dd9b1febe1)
---
src/lxc/lxc_driver.c | 66 ++++++++++++++--------------------------------------
1 file changed, 18 insertions(+), 48 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3492,11 +3492,7 @@ lxcDomainAttachDeviceHostdevStorageLive(
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainHostdevDefPtr def = dev->data.hostdev;
int ret = -1;
- char *dst = NULL;
- char *vroot = NULL;
struct stat sb;
- bool created = false;
- mode_t mode = 0;
if (!def->source.caps.u.storage.block) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -3524,51 +3520,29 @@ lxcDomainAttachDeviceHostdevStorageLive(
goto cleanup;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
- if (virAsprintf(&dst, "%s/%s",
- vroot,
- def->source.caps.u.storage.block) < 0)
- goto cleanup;
-
if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs+1) < 0)
goto cleanup;
- if (lxcContainerSetupHostdevCapsMakePath(dst) < 0) {
- virReportSystemError(errno,
- _("Unable to create directory for device %s"),
- dst);
- goto cleanup;
- }
-
- mode = 0700 | S_IFBLK;
-
- VIR_DEBUG("Creating dev %s (%d,%d)",
- def->source.caps.u.storage.block,
- major(sb.st_rdev), minor(sb.st_rdev));
- if (mknod(dst, mode, sb.st_rdev) < 0) {
- virReportSystemError(errno,
- _("Unable to create device %s"),
- dst);
- goto cleanup;
- }
- created = true;
-
- if (lxcContainerChown(vm->def, dst) < 0)
- goto cleanup;
-
- if (virSecurityManagerSetHostdevLabel(driver->securityManager,
- vm->def, def, vroot) < 0)
- goto cleanup;
-
- if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
- VIR_CGROUP_DEVICE_RW |
- VIR_CGROUP_DEVICE_MKNOD) != 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot allow device %s for domain %s"),
- def->source.caps.u.storage.block, vm->def->name);
+ if (virCgroupAllowDevice(priv->cgroup,
+ 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ VIR_CGROUP_DEVICE_RWM) < 0)
+ goto cleanup;
+
+ if (lxcDomainAttachDeviceMknod(driver,
+ 0700 | S_IFBLK,
+ sb.st_rdev,
+ vm,
+ dev,
+ def->source.caps.u.storage.block) < 0) {
+ if (virCgroupDenyDevice(priv->cgroup,
+ 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ VIR_CGROUP_DEVICE_RWM) < 0)
+ VIR_WARN("cannot deny device %s for domain %s",
+ def->source.caps.u.storage.block, vm->def->name);
goto cleanup;
}
@@ -3578,10 +3552,6 @@ lxcDomainAttachDeviceHostdevStorageLive(
cleanup:
virDomainAuditHostdev(vm, def, "attach", ret == 0);
- if (dst && created && ret < 0)
- unlink(dst);
- VIR_FREE(dst);
- VIR_FREE(vroot);
return ret;
}
++++++ 17db7e28-CVE-2013-6458.patch ++++++
commit 17db7e28a1ec77382bb8fa96205ef2cf6deefa88
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Thu Dec 19 22:10:04 2013 +0100
qemu: Do not access stale data in virDomainBlockStats
CVE-2013-6458
https://bugzilla.redhat.com/show_bug.cgi?id=1043069
When virDomainDetachDeviceFlags is called concurrently to
virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
finds a disk in vm->def before getting a job on a domain and uses the
disk pointer after getting the job. However, the domain in unlocked
while waiting on a job condition and thus data behind the disk pointer
may disappear. This happens when thread 1 runs
virDomainDetachDeviceFlags and enters monitor to actually remove the
disk. Then another thread starts running virDomainBlockStats, finds the
disk in vm->def, and while it's waiting on the job condition (owned by
the first thread), the first thread finishes the disk removal. When the
second thread gets the job, the memory pointed to be the disk pointer is
already gone.
That said, every API that is going to begin a job should do that before
fetching data from vm->def.
(cherry picked from commit db86da5ca2109e4006c286a09b6c75bfe10676ad)
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -8946,34 +8946,29 @@ qemuDomainBlockStats(virDomainPtr dom,
if (virDomainBlockStatsEnsureACL(dom->conn, vm->def) < 0)
goto cleanup;
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("domain is not running"));
- goto cleanup;
+ goto endjob;
}
if ((idx = virDomainDiskIndexByName(vm->def, path, false)) < 0) {
virReportError(VIR_ERR_INVALID_ARG,
_("invalid path: %s"), path);
- goto cleanup;
+ goto endjob;
}
disk = vm->def->disks[idx];
if (!disk->info.alias) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("missing disk device alias name for %s"), disk->dst);
- goto cleanup;
+ goto endjob;
}
priv = vm->privateData;
- if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
- goto cleanup;
-
- if (!virDomainObjIsActive(vm)) {
- virReportError(VIR_ERR_OPERATION_INVALID,
- "%s", _("domain is not running"));
- goto endjob;
- }
qemuDomainObjEnterMonitor(driver, vm);
ret = qemuMonitorGetBlockStatsInfo(priv->mon,
++++++ 1cadeaf-CVE-2013-6456.patch ++++++
>From a06bdfcb446f182e490f70422a8431c3bcb2c801 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 17:47:39 +0000
Subject: [PATCH 13/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC chardev hostdev hotplug
Rewrite lxcDomainAttachDeviceHostdevMiscLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 1cadeafcaa422844a27ef622e2a7041d0235bcb3)
---
src/lxc/lxc_driver.c | 66 ++++++++++++++--------------------------------------
1 file changed, 18 insertions(+), 48 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3564,11 +3564,7 @@ lxcDomainAttachDeviceHostdevMiscLive(vir
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainHostdevDefPtr def = dev->data.hostdev;
int ret = -1;
- char *dst = NULL;
- char *vroot = NULL;
struct stat sb;
- bool created = false;
- mode_t mode = 0;
if (!def->source.caps.u.misc.chardev) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
@@ -3596,51 +3592,29 @@ lxcDomainAttachDeviceHostdevMiscLive(vir
goto cleanup;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
- if (virAsprintf(&dst, "%s/%s",
- vroot,
- def->source.caps.u.misc.chardev) < 0)
+ if (virCgroupAllowDevice(priv->cgroup,
+ 'c',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ VIR_CGROUP_DEVICE_RWM) < 0)
goto cleanup;
if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs+1) < 0)
goto cleanup;
- if (lxcContainerSetupHostdevCapsMakePath(dst) < 0) {
- virReportSystemError(errno,
- _("Unable to create directory for device %s"),
- dst);
- goto cleanup;
- }
-
- mode = 0700 | S_IFCHR;
-
- VIR_DEBUG("Creating dev %s (%d,%d)",
- def->source.caps.u.misc.chardev,
- major(sb.st_rdev), minor(sb.st_rdev));
- if (mknod(dst, mode, sb.st_rdev) < 0) {
- virReportSystemError(errno,
- _("Unable to create device %s"),
- dst);
- goto cleanup;
- }
- created = true;
-
- if (lxcContainerChown(vm->def, dst) < 0)
- goto cleanup;
-
- if (virSecurityManagerSetHostdevLabel(driver->securityManager,
- vm->def, def, vroot) < 0)
- goto cleanup;
-
- if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
- VIR_CGROUP_DEVICE_RW |
- VIR_CGROUP_DEVICE_MKNOD) != 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot allow device %s for domain %s"),
- def->source.caps.u.misc.chardev, vm->def->name);
+ if (lxcDomainAttachDeviceMknod(driver,
+ 0700 | S_IFBLK,
+ sb.st_rdev,
+ vm,
+ dev,
+ def->source.caps.u.misc.chardev) < 0) {
+ if (virCgroupDenyDevice(priv->cgroup,
+ 'c',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ VIR_CGROUP_DEVICE_RWM) < 0)
+ VIR_WARN("cannot deny device %s for domain %s",
+ def->source.caps.u.storage.block, vm->def->name);
goto cleanup;
}
@@ -3650,10 +3624,6 @@ lxcDomainAttachDeviceHostdevMiscLive(vir
cleanup:
virDomainAuditHostdev(vm, def, "attach", ret == 0);
- if (dst && created && ret < 0)
- unlink(dst);
- VIR_FREE(dst);
- VIR_FREE(vroot);
return ret;
}
++++++ 2842b103-CVE-2014-1447.patch ++++++
commit 2842b103b1cd5d0872050a164b758967eb2e4be4
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Mon Jan 13 15:46:24 2014 +0100
Really don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577
When writing commit 173c291, I missed the fact virNetServerClientClose
unlocks the client object before actually clearing client->sock and thus
it is possible to hit a window when client->keepalive is NULL while
client->sock is not NULL. I was thinking client->sock == NULL was a
better check for a closed connection but apparently we have to go with
client->keepalive == NULL to actually fix the crash.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
(cherry picked from commit 066c8ef6c18bc1faf8b3e10787b39796a7a06cc0)
Index: libvirt-1.1.2/src/rpc/virnetserverclient.c
===================================================================
--- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c
+++ libvirt-1.1.2/src/rpc/virnetserverclient.c
@@ -1540,7 +1540,7 @@ virNetServerClientStartKeepAlive(virNetS
/* The connection might have been closed before we got here and thus the
* keepalive object could have been removed too.
*/
- if (!client->sock) {
+ if (!client->keepalive) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("connection not open"));
goto cleanup;
++++++ 2bdcd29c-CVE-2014-8136.patch ++++++
commit 2bdcd29c713dfedd813c89f56ae98f6f3898313d
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Mon Dec 8 19:25:21 2014 +0100
qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
Avoid leaving the domain locked on a failed ACL check in
qemuDomainMigratePerform() and qemuDomainMigrateFinish2().
Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -10095,8 +10095,10 @@ qemuDomainMigratePerform(virDomainPtr do
if (!(vm = qemuDomObjFromDomain(dom)))
goto cleanup;
- if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0)
+ if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0) {
+ virObjectUnlock(vm);
goto cleanup;
+ }
if (flags & VIR_MIGRATE_PEER2PEER) {
dconnuri = uri;
@@ -10142,8 +10144,10 @@ qemuDomainMigrateFinish2(virConnectPtr d
goto cleanup;
}
- if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0)
+ if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0) {
+ virObjectUnlock(vm);
goto cleanup;
+ }
/* Do not use cookies in v2 protocol, since the cookie
* length was not sufficiently large, causing failures
++++++ 2c2bec9-CVE-2013-6456.patch ++++++
>From b272b572cc013e1e0a9aadc22b9690ee097a2bb8 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Tue, 4 Feb 2014 17:41:22 +0000
Subject: [PATCH 04/14] Fix reset of cgroup when detaching USB device from LXC
guests
When detaching a USB device from an LXC guest we must remove
the device from the cgroup ACL. Unfortunately we were telling
the cgroup code to use the guest /dev path, not the host /dev
path, and the guest device node had already been unlinked.
This was, however, fortunate since the code passed &priv->cgroup
instead of priv->cgroup, so would have crash if the device node
were accessible.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 2c2bec94d27ccd070bee18a6113b1cfea6d80126)
---
src/lxc/lxc_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3908,7 +3908,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL
}
if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
- def->source.subsys.u.usb.device, vroot)))
+ def->source.subsys.u.usb.device, NULL)))
goto cleanup;
VIR_DEBUG("Unlinking %s", dst);
@@ -3922,7 +3922,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL
if (virUSBDeviceFileIterate(usb,
virLXCTeardownHostUsbDeviceCgroup,
- &priv->cgroup) < 0)
+ priv->cgroup) < 0)
VIR_WARN("cannot deny device %s for domain %s",
dst, vm->def->name);
++++++ 2dba0323-CVE-2013-4297.patch ++++++
commit 2dba0323ff0cec31bdcea9dd3b2428af297401f2
Author: Michal Privoznik <mprivozn(a)redhat.com>
Date: Tue Sep 3 18:56:06 2013 +0200
virFileNBDDeviceAssociate: Avoid use of uninitialized variable
The @qemunbd variable can be used uninitialized.
Index: libvirt-1.1.2/src/util/virfile.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virfile.c
+++ libvirt-1.1.2/src/util/virfile.c
@@ -732,7 +732,7 @@ int virFileNBDDeviceAssociate(const char
char **dev)
{
char *nbddev;
- char *qemunbd;
+ char *qemunbd = NULL;
virCommandPtr cmd = NULL;
int ret = -1;
const char *fmtstr = NULL;
++++++ 3e2f27e1-CVE-2013-4400.patch ++++++
commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Thu Oct 10 13:09:08 2013 +0100
Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
The libvirt.so library has far too many library deps to allow
linking against it from setuid programs. Those libraries can
do stuff in __attribute__((constructor) functions which is
not setuid safe.
The virt-login-shell needs to link directly against individual
files that it uses, with all library deps turned off except
for libxml2 and libselinux.
Create a libvirt-setuid-rpc-client.la library which is linked
to by virt-login-shell. A config-post.h file allows this library
to disable all external deps except libselinux and libxml2.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/Makefile.am
+++ libvirt-1.1.2/Makefile.am
@@ -31,6 +31,7 @@ XML_EXAMPLES = \
test/*.xml storage/*.xml)))
EXTRA_DIST = \
+ config-post.h \
ChangeLog-old \
libvirt.spec libvirt.spec.in \
mingw-libvirt.spec.in \
Index: libvirt-1.1.2/config-post.h
===================================================================
--- /dev/null
+++ libvirt-1.1.2/config-post.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Since virt-login-shell will be setuid, we must do everything
+ * we can to avoid linking to other libraries. Many of them do
+ * unsafe things in functions marked __atttribute__((constructor)).
+ * The only way avoid to avoid such deps is to re-compile the
+ * functions with the code in question disabled, and for that we
+ * must override the main config.h rules. Hence this file :-(
+ */
+
+#ifdef LIBVIRT_SETUID_RPC_CLIENT
+# undef HAVE_LIBDEVMAPPER_H
+# undef HAVE_LIBNL
+# undef HAVE_LIBNL3
+# undef HAVE_LIBSASL2
+# undef WITH_CAPNG
+# undef WITH_CURL
+# undef WITH_DTRACE_PROBES
+# undef WITH_GNUTLS
+# undef WITH_MACVTAP
+# undef WITH_NUMACTL
+# undef WITH_SASL
+# undef WITH_SSH2
+# undef WITH_VIRTUALPORT
+# undef WITH_YAJL
+# undef WITH_YAJL2
+#endif
Index: libvirt-1.1.2/configure.ac
===================================================================
--- libvirt-1.1.2.orig/configure.ac
+++ libvirt-1.1.2/configure.ac
@@ -20,6 +20,7 @@ AC_INIT([libvirt], [1.1.2], [libvir-list
AC_CONFIG_SRCDIR([src/libvirt.c])
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
+AH_BOTTOM([#include <config-post.h>])
AC_CONFIG_MACRO_DIR([m4])
dnl Make automake keep quiet about wildcards & other GNUmake-isms
AM_INIT_AUTOMAKE([-Wno-portability tar-ustar])
Index: libvirt-1.1.2/daemon/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/daemon/Makefile.am
+++ libvirt-1.1.2/daemon/Makefile.am
@@ -18,6 +18,7 @@
INCLUDES = \
-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
+ -I$(top_srcdir) \
-I$(top_builddir)/include -I$(top_srcdir)/include \
-I$(top_builddir)/src -I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
Index: libvirt-1.1.2/examples/domain-events/events-c/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/examples/domain-events/events-c/Makefile.am
+++ libvirt-1.1.2/examples/domain-events/events-c/Makefile.am
@@ -15,7 +15,8 @@
## <http://www.gnu.org/licenses/>.
INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib
+ -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
+ -I$(top_srcdir)
noinst_PROGRAMS = event-test
event_test_CFLAGS = $(WARN_CFLAGS)
event_test_SOURCES = event-test.c
Index: libvirt-1.1.2/examples/hellolibvirt/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/examples/hellolibvirt/Makefile.am
+++ libvirt-1.1.2/examples/hellolibvirt/Makefile.am
@@ -14,7 +14,7 @@
## License along with this library. If not, see
## <http://www.gnu.org/licenses/>.
-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include
+INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
noinst_PROGRAMS = hellolibvirt
hellolibvirt_CFLAGS = $(WARN_CFLAGS)
hellolibvirt_SOURCES = hellolibvirt.c
Index: libvirt-1.1.2/examples/openauth/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/examples/openauth/Makefile.am
+++ libvirt-1.1.2/examples/openauth/Makefile.am
@@ -14,7 +14,7 @@
## License along with this library. If not, see
## <http://www.gnu.org/licenses/>.
-INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include
+INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir)
noinst_PROGRAMS = openauth
openauth_CFLAGS = $(WARN_CFLAGS)
openauth_SOURCES = openauth.c
Index: libvirt-1.1.2/gnulib/lib/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/gnulib/lib/Makefile.am
+++ libvirt-1.1.2/gnulib/lib/Makefile.am
@@ -27,4 +27,4 @@ noinst_LTLIBRARIES =
include gnulib.mk
-INCLUDES = $(GETTEXT_CPPFLAGS)
+INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS)
Index: libvirt-1.1.2/python/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/python/Makefile.am
+++ libvirt-1.1.2/python/Makefile.am
@@ -20,6 +20,7 @@ INCLUDES = \
$(PYTHON_INCLUDES) \
-I$(top_builddir)/gnulib/lib \
-I$(top_srcdir)/gnulib/lib \
+ -I$(top_srcdir) \
-I$(top_builddir)/src \
-I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
Index: libvirt-1.1.2/src/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/src/Makefile.am
+++ libvirt-1.1.2/src/Makefile.am
@@ -21,6 +21,7 @@
# that actually use them. Also keep GETTEXT_CPPFLAGS at the end.
INCLUDES = -I../gnulib/lib \
-I$(top_srcdir)/gnulib/lib \
+ -I$(top_srcdir) \
-I../include \
-I$(top_srcdir)/include \
-I$(top_srcdir)/src/util \
@@ -1917,6 +1918,77 @@ libvirt_lxc_la_LDFLAGS = \
libvirt_lxc_la_CFLAGS = $(AM_CFLAGS)
libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD)
+# Since virt-login-shell will be setuid, we must do everything
+# we can to avoid linking to other libraries. Many of them do
+# unsafe things in functions marked __atttribute__((constructor)).
+# This library is built to include the bare minimum required to
+# have a RPC client for local UNIX socket access only. We use
+# the ../config-post.h header to disable all external deps that
+# we don't want
+if WITH_LXC
+noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la
+
+libvirt_setuid_rpc_client_la_SOURCES = \
+ util/viralloc.c \
+ util/virbitmap.c \
+ util/virbuffer.c \
+ util/vircommand.c \
+ util/virconf.c \
+ util/virerror.c \
+ util/virevent.c \
+ util/vireventpoll.c \
+ util/virfile.c \
+ util/virhash.c \
+ util/virhashcode.c \
+ util/virjson.c \
+ util/virlog.c \
+ util/virobject.c \
+ util/virpidfile.c \
+ util/virprocess.c \
+ util/virrandom.c \
+ util/virsocketaddr.c \
+ util/virstoragefile.c \
+ util/virstring.c \
+ util/virtime.c \
+ util/virthread.c \
+ util/virtypedparam.c \
+ util/viruri.c \
+ util/virutil.c \
+ util/viruuid.c \
+ conf/domain_event.c \
+ rpc/virnetsocket.c \
+ rpc/virnetsocket.h \
+ rpc/virnetmessage.h \
+ rpc/virnetmessage.c \
+ rpc/virkeepalive.c \
+ rpc/virkeepalive.h \
+ rpc/virnetclient.c \
+ rpc/virnetclientprogram.c \
+ rpc/virnetclientstream.c \
+ rpc/virnetprotocol.c \
+ remote/remote_driver.c \
+ remote/remote_protocol.c \
+ remote/qemu_protocol.c \
+ remote/lxc_protocol.c \
+ datatypes.c \
+ libvirt.c \
+ libvirt-lxc.c \
+ $(NULL)
+
+libvirt_setuid_rpc_client_la_LDFLAGS = \
+ $(AM_LDFLAGS) \
+ $(LIBXML_LIBS) \
+ $(SELINUX_LIBS) \
+ $(NULL)
+libvirt_setuid_rpc_client_la_CFLAGS = \
+ -DLIBVIRT_SETUID_RPC_CLIENT \
+ -I$(top_srcdir)/src/conf \
+ -I$(top_srcdir)/src/rpc \
+ $(AM_CFLAGS) \
+ $(SELINUX_CFLAGS) \
+ $(NULL)
+endif WITH_LXC
+
lockdriverdir = $(libdir)/libvirt/lock-driver
lockdriver_LTLIBRARIES =
Index: libvirt-1.1.2/src/libvirt.c
===================================================================
--- libvirt-1.1.2.orig/src/libvirt.c
+++ libvirt-1.1.2/src/libvirt.c
@@ -446,40 +446,46 @@ virGlobalInit(void)
goto error;
/*
+ * Note we must avoid everything except 'remote' driver
+ * for virt-login-shell usage
+ */
+#ifndef LIBVIRT_SETUID_RPC_CLIENT
+ /*
* Note that the order is important: the first ones have a higher
* priority when calling virConnectOpen.
*/
-#ifdef WITH_TEST
+# ifdef WITH_TEST
if (testRegister() == -1)
goto error;
-#endif
-#ifdef WITH_OPENVZ
+# endif
+# ifdef WITH_OPENVZ
if (openvzRegister() == -1)
goto error;
-#endif
-#ifdef WITH_VMWARE
+# endif
+# ifdef WITH_VMWARE
if (vmwareRegister() == -1)
goto error;
-#endif
-#ifdef WITH_PHYP
+# endif
+# ifdef WITH_PHYP
if (phypRegister() == -1)
goto error;
-#endif
-#ifdef WITH_ESX
+# endif
+# ifdef WITH_ESX
if (esxRegister() == -1)
goto error;
-#endif
-#ifdef WITH_HYPERV
+# endif
+# ifdef WITH_HYPERV
if (hypervRegister() == -1)
goto error;
-#endif
-#ifdef WITH_XENAPI
+# endif
+# ifdef WITH_XENAPI
if (xenapiRegister() == -1)
goto error;
-#endif
-#ifdef WITH_PARALLELS
+# endif
+# ifdef WITH_PARALLELS
if (parallelsRegister() == -1)
goto error;
+# endif
#endif
#ifdef WITH_REMOTE
if (remoteRegister() == -1)
Index: libvirt-1.1.2/tools/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/tools/Makefile.am
+++ libvirt-1.1.2/tools/Makefile.am
@@ -149,6 +149,11 @@ virt_host_validate_CFLAGS = \
$(COVERAGE_CFLAGS) \
$(NULL)
+# Since virt-login-shell will be setuid, we must do everything
+# we can to avoid linking to other libraries. Many of them do
+# unsafe things in functions marked __atttribute__((constructor)).
+# This we statically link to a library containing only the minimal
+# libvirt client code, not libvirt.so itself.
virt_login_shell_SOURCES = \
virt-login-shell.c
@@ -159,11 +164,11 @@ virt_login_shell_LDFLAGS = \
virt_login_shell_LDADD = \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
- ../src/libvirt.la \
- ../src/libvirt-lxc.la \
+ ../src/libvirt-setuid-rpc-client.la \
../gnulib/lib/libgnu.la
virt_login_shell_CFLAGS = \
+ -DLIBVIRT_SETUID_RPC_CLIENT \
$(WARN_CFLAGS) \
$(PIE_CFLAGS) \
$(COVERAGE_CFLAGS)
++++++ 3e745e8f-CVE-2014-3633.patch ++++++
commit 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Thu Sep 11 16:35:53 2014 +0200
CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
Live definition was used to look up the disk index while persistent one
was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
correct def and report a nice error.
Unfortunately it's accessible via read-only connection, though it can
only crash libvirtd in the cases where the guest is hot-plugging disks
without reflecting those changes to the persistent definition. So
avoiding hotplug, or doing hotplug where persistent is always modified
alongside live definition, will avoid the out-of-bounds access.
Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
Reported-by: Luyao Huang <lhuang(a)redhat.com>
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14873,9 +14873,13 @@ qemuDomainGetBlockIoTune(virDomainPtr do
}
if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
- int idx = virDomainDiskIndexByName(vm->def, disk, true);
- if (idx < 0)
+ int idx = virDomainDiskIndexByName(persistentDef, disk, true);
+ if (idx < 0) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("disk '%s' was not found in the domain config"),
+ disk);
goto endjob;
+ }
reply = persistentDef->disks[idx]->blkdeviotune;
}
++++++ 484cc321-CVE-2013-7336.patch ++++++
commit b6ea7abcf72d7d0aaf90e17aa8e8e88db8f778ea
Author: Martin Kletzander <mkletzan(a)redhat.com>
Date: Fri Sep 20 16:40:20 2013 +0200
qemu: Fix seamless SPICE migration
Since the wait is done during migration (still inside
QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
in order to prohibit all other jobs from interfering in the meantime.
This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
waiting on the monitor condition and after GetSpiceMigrationStatus
mangled its internal data, the daemon crashed.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886
(cherry picked from commit 484cc3217b73b865f00bf42a9c12187b37200699)
Index: libvirt-1.1.2/src/qemu/qemu_migration.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_migration.c
+++ libvirt-1.1.2/src/qemu/qemu_migration.c
@@ -1598,7 +1598,10 @@ qemuMigrationWaitForSpice(virQEMUDriverP
/* Poll every 50ms for progress & to allow cancellation */
struct timespec ts = { .tv_sec = 0, .tv_nsec = 50 * 1000 * 1000ull };
- qemuDomainObjEnterMonitor(driver, vm);
+ if (qemuDomainObjEnterMonitorAsync(driver, vm,
+ QEMU_ASYNC_JOB_MIGRATION_OUT) < 0)
+ return -1;
+
if (qemuMonitorGetSpiceMigrationStatus(priv->mon,
&spice_migrated) < 0) {
qemuDomainObjExitMonitor(driver, vm);
++++++ 4dd3a7d-CVE-2013-6456.patch ++++++
>From eae2a2ada81c5828991bb1b9438f7556a7e51ce8 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 15:59:20 +0000
Subject: [PATCH 10/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC disk hotplug
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 4dd3a7d5bc44980135a1b11810ba9aeab42a4a59)
---
src/lxc/lxc_driver.c | 185 +++++++++++++++++++++++++++++++++++++++------------
1 file changed, 141 insertions(+), 44 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3059,6 +3059,115 @@ cleanup:
}
+struct lxcDomainAttachDeviceMknodData {
+ virLXCDriverPtr driver;
+ mode_t mode;
+ dev_t dev;
+ virDomainObjPtr vm;
+ virDomainDeviceDefPtr def;
+ char *file;
+};
+
+static int
+lxcDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ struct lxcDomainAttachDeviceMknodData *data = opaque;
+ int ret = -1;
+
+ virSecurityManagerPostFork(data->driver->securityManager);
+
+ if (virFileMakeParentPath(data->file) < 0) {
+ virReportSystemError(errno,
+ _("Unable to create %s"), data->file);
+ goto cleanup;
+ }
+
+ /* Yes, the device name we're creating may not
+ * actually correspond to the major:minor number
+ * we're using, but we've no other option at this
+ * time. Just have to hope that containerized apps
+ * don't get upset that the major:minor is different
+ * to that normally implied by the device name
+ */
+ VIR_DEBUG("Creating dev %s (%d,%d)",
+ data->file, major(data->dev), minor(data->dev));
+ if (mknod(data->file, data->mode, data->dev) < 0) {
+ virReportSystemError(errno,
+ _("Unable to create device %s"),
+ data->file);
+ goto cleanup;
+ }
+
+ if (lxcContainerChown(data->vm->def, data->file) < 0)
+ goto cleanup;
+
+ /* Labelling normally operates on src, but we need
+ * to actually label the dst here, so hack the config */
+ switch (data->def->type) {
+ case VIR_DOMAIN_DEVICE_DISK: {
+ virDomainDiskDefPtr def = data->def->data.disk;
+ char *tmpsrc = def->src;
+ def->src = data->file;
+ if (virSecurityManagerSetImageLabel(data->driver->securityManager,
+ data->vm->def, def) < 0) {
+ def->src = tmpsrc;
+ goto cleanup;
+ }
+ def->src = tmpsrc;
+ } break;
+
+ default:
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unexpected device type %d"),
+ data->def->type);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (ret < 0)
+ unlink(data->file);
+ return ret;
+}
+
+
+static int
+lxcDomainAttachDeviceMknod(virLXCDriverPtr driver,
+ mode_t mode,
+ dev_t dev,
+ virDomainObjPtr vm,
+ virDomainDeviceDefPtr def,
+ char *file)
+{
+ virLXCDomainObjPrivatePtr priv = vm->privateData;
+ struct lxcDomainAttachDeviceMknodData data;
+
+ memset(&data, 0, sizeof(data));
+
+ data.driver = driver;
+ data.mode = mode;
+ data.dev = dev;
+ data.vm = vm;
+ data.def = def;
+ data.file = file;
+
+ if (virSecurityManagerPreFork(driver->securityManager) < 0)
+ return -1;
+
+ if (virProcessRunInMountNamespace(priv->initpid,
+ lxcDomainAttachDeviceMknodHelper,
+ &data) < 0) {
+ virSecurityManagerPostFork(driver->securityManager);
+ return -1;
+ }
+
+ virSecurityManagerPostFork(driver->securityManager);
+ return 0;
+}
+
+
static int
lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
virDomainObjPtr vm,
@@ -3067,11 +3176,9 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainDiskDefPtr def = dev->data.disk;
int ret = -1;
- char *dst = NULL;
struct stat sb;
- bool created = false;
- mode_t mode = 0;
- char *tmpsrc = def->src;
+ char *file = NULL;
+ int perms;
if (!priv->initpid) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
@@ -3115,51 +3222,44 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
goto cleanup;
}
- if (virAsprintf(&dst, "/proc/%llu/root/dev/%s",
- (unsigned long long)priv->initpid, def->dst) < 0)
- goto cleanup;
-
- if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
- goto cleanup;
-
- mode = 0700 | S_IFBLK;
-
- /* Yes, the device name we're creating may not
- * actually correspond to the major:minor number
- * we're using, but we've no other option at this
- * time. Just have to hope that containerized apps
- * don't get upset that the major:minor is different
- * to that normally implied by the device name
- */
- VIR_DEBUG("Creating dev %s (%d,%d) from %s",
- dst, major(sb.st_rdev), minor(sb.st_rdev), def->src);
- if (mknod(dst, mode, sb.st_rdev) < 0) {
- virReportSystemError(errno,
- _("Unable to create device %s"),
- dst);
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("devices cgroup isn't mounted"));
goto cleanup;
}
- if (lxcContainerChown(vm->def, dst) < 0)
- goto cleanup;
-
- created = true;
-
- /* Labelling normally operates on src, but we need
- * to actally label the dst here, so hack the config */
- def->src = dst;
- if (virSecurityManagerSetImageLabel(driver->securityManager,
- vm->def, def) < 0)
- goto cleanup;
-
- if (virCgroupAllowDevicePath(priv->cgroup, def->src,
- (def->readonly ?
- VIR_CGROUP_DEVICE_READ :
- VIR_CGROUP_DEVICE_RW) |
- VIR_CGROUP_DEVICE_MKNOD) != 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("cannot allow device %s for domain %s"),
- def->src, vm->def->name);
+ perms = (def->readonly ?
+ VIR_CGROUP_DEVICE_READ :
+ VIR_CGROUP_DEVICE_RW) |
+ VIR_CGROUP_DEVICE_MKNOD;
+
+ if (virCgroupAllowDevice(priv->cgroup,
+ 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ perms) < 0)
+ goto cleanup;
+
+ if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks + 1) < 0)
+ goto cleanup;
+
+ if (virAsprintf(&file,
+ "/dev/%s", def->dst) < 0)
+ goto cleanup;
+
+ if (lxcDomainAttachDeviceMknod(driver,
+ 0700 | S_IFBLK,
+ sb.st_rdev,
+ vm,
+ dev,
+ file) < 0) {
+ if (virCgroupDenyDevice(priv->cgroup,
+ 'b',
+ major(sb.st_rdev),
+ minor(sb.st_rdev),
+ perms) < 0)
+ VIR_WARN("cannot deny device %s for domain %s",
+ def->src, vm->def->name);
goto cleanup;
}
@@ -3168,10 +3268,8 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
ret = 0;
cleanup:
- def->src = tmpsrc;
virDomainAuditDisk(vm, NULL, def->src, "attach", ret == 0);
- if (dst && created && ret < 0)
- unlink(dst);
+ VIR_FREE(file);
return ret;
}
++++++ 4e7fc83-bnc852005.patch ++++++
>From 4e7fc8305a53676ba2362bfaa8ca05c4851b7e12 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn(a)redhat.com>
Date: Fri, 21 Feb 2014 12:46:08 +0100
Subject: [PATCH] libvirt-guests: Wait for libvirtd to initialize
I've noticed that in some cases systemd was quick enough and even
if libvirt-guests.service is marked to be started after the
libvirtd.service my guests were not resumed as
libvirt-guests.sh failed to connect. This is because of a
simple fact: systemd correctly starts libvirt-guests after it
execs libvirtd. However, the daemon is not able to accept
connections right from the start. It's doing some
initialization which may take ages. This problem is not limited
to systemd only, indeed. Any init system that is able to startup
services in parallel (e.g. OpenRC) may run into this situation.
The fix is to try connecting not only once, but continuously a few
times with a small sleep in between tries.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tools/libvirt-guests.sh.in | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
Index: libvirt-1.1.2/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-1.1.2.orig/tools/libvirt-guests.sh.in
+++ libvirt-1.1.2/tools/libvirt-guests.sh.in
@@ -37,6 +37,8 @@ SHUTDOWN_TIMEOUT=300
PARALLEL_SHUTDOWN=0
START_DELAY=0
BYPASS_CACHE=0
+CONNECT_RETRIES=10
+RETRIES_SLEEP=1
test -f "$sysconfdir"/sysconfig/libvirt-guests &&
. "$sysconfdir"/sysconfig/libvirt-guests
@@ -87,12 +89,17 @@ test_connect()
{
uri=$1
- run_virsh "$uri" connect 2>/dev/null
- if [ $? -ne 0 ]; then
- eval_gettext "Can't connect to \$uri. Skipping."
- echo
- return 1
- fi
+ for ((i = 0; i < ${CONNECT_RETRIES}; i++)); do
+ run_virsh "$uri" connect 2>/dev/null
+ if [ $? -eq 0 ]; then
+ return 0;
+ fi
+ sleep ${RETRIES_SLEEP}
+ eval_gettext "Unable to connect to libvirt currently. Retrying .. \$i"
+ done
+ eval_gettext "Can't connect to \$uri. Skipping."
+ echo
+ return 1
}
# list_guests URI PERSISTENT
++++++ 52c40003-CVE-2013-6457.patch ++++++
commit 52c40003805f1702f103095dc5c3d00cf38e7a82
Author: Dario Faggioli <dario.faggioli(a)citrix.com>
Date: Fri Dec 20 16:29:47 2013 +0100
libxl: avoid crashing if calling `virsh numatune' on inactive domain
by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
happens, without having initialized the nodemap, and hence crashing after some
invalid free()-s:
# ./daemon/libvirtd -v
*** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
/lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
/home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
/home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
/home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
/home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
/home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
/home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
/home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
/lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
/lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]
Signed-off-by: Dario Faggili <dario.faggioli(a)citrix.com>
Cc: Jim Fehlig <jfehlig(a)suse.com>
Cc: Ian Jackson <Ian.Jackson(a)eu.citrix.com>
(cherry picked from commit f9ee91d35510ccbc6fc42cef8864b291b2d220f4)
Conflicts:
src/libxl/libxl_driver.c
Index: libvirt-1.1.2/src/libxl/libxl_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_driver.c
+++ libvirt-1.1.2/src/libxl/libxl_driver.c
@@ -4682,6 +4682,8 @@ libxlDomainGetNumaParameters(virDomainPt
* the filtering on behalf of older clients that can't parse it. */
flags &= ~VIR_TYPED_PARAM_STRING_OKAY;
+ libxl_bitmap_init(&nodemap);
+
libxlDriverLock(driver);
vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
libxlDriverUnlock(driver);
@@ -4703,8 +4705,6 @@ libxlDomainGetNumaParameters(virDomainPt
priv = vm->privateData;
- libxl_bitmap_init(&nodemap);
-
if ((*nparams) == 0) {
*nparams = LIBXL_NUMA_NPARAM;
ret = 0;
++++++ 54cb7f05-CVE-2013-6458.patch ++++++
commit 54cb7f05ec5c822bb786833367dc80327648f2c0
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Fri Dec 20 14:50:02 2013 +0100
qemu: Avoid using stale data in virDomainGetBlockInfo
CVE-2013-6458
Generally, every API that is going to begin a job should do that before
fetching data from vm->def. However, qemuDomainGetBlockInfo does not
know whether it will have to start a job or not before checking vm->def.
To avoid using disk alias that might have been freed while we were
waiting for a job, we use its copy. In case the disk was removed in the
meantime, we will fail with "cannot find statistics for device '...'"
error message.
(cherry picked from commit b799259583bd65c0b2f5042e6c3ff19637ade881)
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -9706,10 +9706,12 @@ cleanup:
}
-static int qemuDomainGetBlockInfo(virDomainPtr dom,
- const char *path,
- virDomainBlockInfoPtr info,
- unsigned int flags) {
+static int
+qemuDomainGetBlockInfo(virDomainPtr dom,
+ const char *path,
+ virDomainBlockInfoPtr info,
+ unsigned int flags)
+{
virQEMUDriverPtr driver = dom->conn->privateData;
virDomainObjPtr vm;
int ret = -1;
@@ -9721,6 +9723,7 @@ static int qemuDomainGetBlockInfo(virDom
int idx;
int format;
virQEMUDriverConfigPtr cfg = NULL;
+ char *alias = NULL;
virCheckFlags(0, -1);
@@ -9827,13 +9830,16 @@ static int qemuDomainGetBlockInfo(virDom
virDomainObjIsActive(vm)) {
qemuDomainObjPrivatePtr priv = vm->privateData;
+ if (VIR_STRDUP(alias, disk->info.alias) < 0)
+ goto cleanup;
+
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_QUERY) < 0)
goto cleanup;
if (virDomainObjIsActive(vm)) {
qemuDomainObjEnterMonitor(driver, vm);
ret = qemuMonitorGetBlockExtent(priv->mon,
- disk->info.alias,
+ alias,
&info->allocation);
qemuDomainObjExitMonitor(driver, vm);
} else {
@@ -9847,6 +9853,7 @@ static int qemuDomainGetBlockInfo(virDom
}
cleanup:
+ VIR_FREE(alias);
virStorageFileFreeMetadata(meta);
VIR_FORCE_CLOSE(fd);
if (vm)
++++++ 57687fd6-CVE-2013-4401.patch ++++++
commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Thu Oct 3 16:37:57 2013 +0100
Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
The virConnectDomainXMLToNative API should require 'connect:write'
not 'connect:read', since it will trigger execution of the QEMU
binaries listed in the XML.
Also make virConnectDomainXMLFromNative API require a full
read-write connection and 'connect:write' permission. Although the
current impl doesn't trigger execution of QEMU, we should not
rely on that impl detail from an API permissioning POV.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/libvirt.c
===================================================================
--- libvirt-1.1.2.orig/src/libvirt.c
+++ libvirt-1.1.2/src/libvirt.c
@@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC
virDispatchError(NULL);
return NULL;
}
+ if (conn->flags & VIR_CONNECT_RO) {
+ virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__);
+ goto error;
+ }
virCheckNonNullArgGoto(nativeFormat, error);
virCheckNonNullArgGoto(nativeConfig, error);
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -3812,13 +3812,13 @@ enum remote_procedure {
/**
* @generate: both
- * @acl: connect:read
+ * @acl: connect:write
*/
REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135,
/**
* @generate: both
- * @acl: connect:read
+ * @acl: connect:write
*/
REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136,
++++++ 5a0ea4b7-CVE-2013-4400.patch ++++++
commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Mon Oct 21 15:36:11 2013 -0600
build: fix linking virt-login-shell
After commit 3e2f27e1, I've noticed build failures of virt-login-shell
when libapparmor-devel is installed on the build host
CCLD virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
reference to `aa_change_profile'
collect2: error: ld returned 1 exit status
I was about to commit an easy fix under the build-breaker rule
(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
makes sense (build-fix-2.patch).
Should I just stick with the simple fix, or is something along the lines
of patch 2 preferred?
Regards,
Jim
>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig(a)suse.com>
Date: Mon, 21 Oct 2013 15:30:02 -0600
Subject: [PATCH] build: fix virt-login-shell build with apparmor
With libapparmor-devel installed, virt-login-shell fails to link
CCLD virt-login-shell
../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
collect2: error: ld returned 1 exit status
Fix by linking libvirt_setuid_rpc_client with previously determined
SECDRIVER_LIBS in src/Makefile.am. While at it, introduce SECDRIVER_CFLAGS
and use both throughout src/Makefile.am where it makes sense.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
Index: libvirt-1.1.2/src/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/src/Makefile.am
+++ libvirt-1.1.2/src/Makefile.am
@@ -49,11 +49,14 @@ nodist_conf_DATA =
THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD)
+SECDRIVER_CFLAGS =
SECDRIVER_LIBS =
if WITH_SECDRIVER_SELINUX
+SECDRIVER_CFLAGS += $(SELINUX_CFLAGS)
SECDRIVER_LIBS += $(SELINUX_LIBS)
endif
if WITH_SECDRIVER_APPARMOR
+SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS)
SECDRIVER_LIBS += $(APPARMOR_LIBS)
endif
@@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES =
libvirt_setuid_rpc_client_la_LDFLAGS = \
$(AM_LDFLAGS) \
$(LIBXML_LIBS) \
- $(SELINUX_LIBS) \
+ $(SECDRIVER_LIBS) \
$(NULL)
libvirt_setuid_rpc_client_la_CFLAGS = \
-DLIBVIRT_SETUID_RPC_CLIENT \
-I$(top_srcdir)/src/conf \
-I$(top_srcdir)/src/rpc \
$(AM_CFLAGS) \
- $(SELINUX_CFLAGS) \
+ $(SECDRIVER_CFLAGS) \
$(NULL)
endif WITH_LXC
@@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \
$(GNUTLS_LIBS) \
$(SASL_LIBS) \
$(SSH2_LIBS)\
+ $(SECDRIVER_LIBS) \
$(AM_LDFLAGS) \
$(CYGWIN_EXTRA_LDFLAGS) \
$(MINGW_EXTRA_LDFLAGS)
@@ -2410,12 +2414,7 @@ if WITH_BLKID
libvirt_lxc_CFLAGS += $(BLKID_CFLAGS)
libvirt_lxc_LDADD += $(BLKID_LIBS)
endif
-if WITH_SECDRIVER_SELINUX
-libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS)
-endif
-if WITH_SECDRIVER_APPARMOR
-libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS)
-endif
+libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS)
endif
endif
EXTRA_DIST += $(LXC_CONTROLLER_SOURCES)
++++++ 5fc590a-CVE-2013-6456.patch ++++++
>From f639b2d17ce935b650bb2aca7bdd8d727cab8b02 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 17:58:36 +0000
Subject: [PATCH 14/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC hotunplug code
Rewrite multiple hotunplug functions to to use the
virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with an absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 5fc590ad9f4071350a8df4d567ba88baacc8334d)
---
src/lxc/lxc_driver.c | 79 ++++++++++++++++++++++++++--------------------------
1 file changed, 39 insertions(+), 40 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3176,6 +3176,39 @@ lxcDomainAttachDeviceMknod(virLXCDriverP
static int
+lxcDomainAttachDeviceUnlinkHelper(pid_t pid ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ const char *path = opaque;
+
+ VIR_DEBUG("Unlinking %s", path);
+ if (unlink(path) < 0 && errno != ENOENT) {
+ virReportSystemError(errno,
+ _("Unable to remove device %s"), path);
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
+lxcDomainAttachDeviceUnlink(virDomainObjPtr vm,
+ char *file)
+{
+ virLXCDomainObjPrivatePtr priv = vm->privateData;
+
+ if (virProcessRunInMountNamespace(priv->initpid,
+ lxcDomainAttachDeviceUnlinkHelper,
+ file) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
virDomainObjPtr vm,
virDomainDeviceDefPtr dev)
@@ -3766,8 +3799,7 @@ lxcDomainDetachDeviceDiskLive(virDomainO
def = vm->def->disks[idx];
- if (virAsprintf(&dst, "/proc/%llu/root/dev/%s",
- (unsigned long long)priv->initpid, def->dst) < 0)
+ if (virAsprintf(&dst, "/dev/%s", def->dst) < 0)
goto cleanup;
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
@@ -3776,11 +3808,8 @@ lxcDomainDetachDeviceDiskLive(virDomainO
goto cleanup;
}
- VIR_DEBUG("Unlinking %s (backed by %s)", dst, def->src);
- if (unlink(dst) < 0 && errno != ENOENT) {
+ if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) {
virDomainAuditDisk(vm, def->src, NULL, "detach", false);
- virReportSystemError(errno,
- _("Unable to remove device %s"), dst);
goto cleanup;
}
virDomainAuditDisk(vm, def->src, NULL, "detach", true);
@@ -3875,7 +3904,6 @@ lxcDomainDetachDeviceHostdevUSBLive(virL
virDomainHostdevDefPtr def = NULL;
int idx, ret = -1;
char *dst = NULL;
- char *vroot;
virUSBDevicePtr usb = NULL;
if ((idx = virDomainHostdevFind(vm->def,
@@ -3886,12 +3914,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virL
goto cleanup;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
- if (virAsprintf(&dst, "%s/dev/bus/usb/%03d/%03d",
- vroot,
+ if (virAsprintf(&dst, "/dev/bus/usb/%03d/%03d",
def->source.subsys.u.usb.bus,
def->source.subsys.u.usb.device) < 0)
goto cleanup;
@@ -3906,11 +3929,8 @@ lxcDomainDetachDeviceHostdevUSBLive(virL
def->source.subsys.u.usb.device, NULL)))
goto cleanup;
- VIR_DEBUG("Unlinking %s", dst);
- if (unlink(dst) < 0 && errno != ENOENT) {
+ if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) {
virDomainAuditHostdev(vm, def, "detach", false);
- virReportSystemError(errno,
- _("Unable to remove device %s"), dst);
goto cleanup;
}
virDomainAuditHostdev(vm, def, "detach", true);
@@ -3944,7 +3964,6 @@ lxcDomainDetachDeviceHostdevStorageLive(
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainHostdevDefPtr def = NULL;
int idx, ret = -1;
- char *dst = NULL;
if (!priv->initpid) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
@@ -3961,22 +3980,14 @@ lxcDomainDetachDeviceHostdevStorageLive(
goto cleanup;
}
- if (virAsprintf(&dst, "/proc/%llu/root/%s",
- (unsigned long long)priv->initpid,
- def->source.caps.u.storage.block) < 0)
- goto cleanup;
-
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("devices cgroup isn't mounted"));
goto cleanup;
}
- VIR_DEBUG("Unlinking %s", dst);
- if (unlink(dst) < 0 && errno != ENOENT) {
+ if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.storage.block) < 0) {
virDomainAuditHostdev(vm, def, "detach", false);
- virReportSystemError(errno,
- _("Unable to remove device %s"), dst);
goto cleanup;
}
virDomainAuditHostdev(vm, def, "detach", true);
@@ -3991,7 +4002,6 @@ lxcDomainDetachDeviceHostdevStorageLive(
ret = 0;
cleanup:
- VIR_FREE(dst);
return ret;
}
@@ -4003,7 +4013,6 @@ lxcDomainDetachDeviceHostdevMiscLive(vir
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainHostdevDefPtr def = NULL;
int idx, ret = -1;
- char *dst = NULL;
if (!priv->initpid) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
@@ -4020,22 +4029,14 @@ lxcDomainDetachDeviceHostdevMiscLive(vir
goto cleanup;
}
- if (virAsprintf(&dst, "/proc/%llu/root/%s",
- (unsigned long long)priv->initpid,
- def->source.caps.u.misc.chardev) < 0)
- goto cleanup;
-
if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("devices cgroup isn't mounted"));
goto cleanup;
}
- VIR_DEBUG("Unlinking %s", dst);
- if (unlink(dst) < 0 && errno != ENOENT) {
+ if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.misc.chardev) < 0) {
virDomainAuditHostdev(vm, def, "detach", false);
- virReportSystemError(errno,
- _("Unable to remove device %s"), dst);
goto cleanup;
}
virDomainAuditHostdev(vm, def, "detach", true);
@@ -4050,7 +4051,6 @@ lxcDomainDetachDeviceHostdevMiscLive(vir
ret = 0;
cleanup:
- VIR_FREE(dst);
return ret;
}
++++++ 68954fb-bnc852005.patch ++++++
>From 68954fb25c4a75c5c2c213f57927eb188cca2239 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn(a)redhat.com>
Date: Fri, 21 Feb 2014 13:06:42 +0100
Subject: [PATCH] virNetServerRun: Notify systemd that we're accepting clients
Systemd does not forget about the cases, where client service needs to
wait for daemon service to initialize and start accepting new clients.
Setting a dependency in client is not enough as systemd doesn't know
when the daemon has initialized itself and started accepting new
clients. However, it offers a mechanism to solve this. The daemon needs
to call a special systemd function by which the daemon tells "I'm ready
to accept new clients". This is exactly what we need with
libvirtd-guests (client) and libvirtd (daemon). So now, with this
change, libvirt-guests.service is invoked not any sooner than
libvirtd.service calls the systemd notify function.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
configure.ac | 2 ++
daemon/libvirtd.service.in | 1 +
m4/virt-systemd-daemon.m4 | 34 ++++++++++++++++++++++++++++++++++
src/Makefile.am | 4 ++--
src/libvirt_private.syms | 1 +
src/rpc/virnetserver.c | 5 +++++
src/util/virsystemd.c | 12 ++++++++++++
src/util/virsystemd.h | 2 ++
8 files changed, 59 insertions(+), 2 deletions(-)
create mode 100644 m4/virt-systemd-daemon.m4
Index: libvirt-1.1.2/configure.ac
===================================================================
--- libvirt-1.1.2.orig/configure.ac
+++ libvirt-1.1.2/configure.ac
@@ -181,6 +181,7 @@ LIBVIRT_CHECK_SANLOCK
LIBVIRT_CHECK_SASL
LIBVIRT_CHECK_SELINUX
LIBVIRT_CHECK_SSH2
+LIBVIRT_CHECK_SYSTEMD_DAEMON
LIBVIRT_CHECK_UDEV
LIBVIRT_CHECK_YAJL
@@ -2616,6 +2617,7 @@ LIBVIRT_RESULT_SANLOCK
LIBVIRT_RESULT_SASL
LIBVIRT_RESULT_SELINUX
LIBVIRT_RESULT_SSH2
+LIBVIRT_RESULT_SYSTEMD_DAEMON
LIBVIRT_RESULT_UDEV
LIBVIRT_RESULT_YAJL
AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
Index: libvirt-1.1.2/daemon/libvirtd.service.in
===================================================================
--- libvirt-1.1.2.orig/daemon/libvirtd.service.in
+++ libvirt-1.1.2/daemon/libvirtd.service.in
@@ -11,6 +11,7 @@ After=dbus.service
After=iscsid.service
[Service]
+Type=notify
EnvironmentFile=-/etc/sysconfig/libvirtd
ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
Index: libvirt-1.1.2/m4/virt-systemd-daemon.m4
===================================================================
--- /dev/null
+++ libvirt-1.1.2/m4/virt-systemd-daemon.m4
@@ -0,0 +1,34 @@
+dnl The libsystemd-daemon.so library
+dnl
+dnl Copyright (C) 2012-2013 Red Hat, Inc.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_CHECK_SYSTEMD_DAEMON],[
+ LIBVIRT_CHECK_PKG([SYSTEMD_DAEMON], [libsystemd-daemon], [0.27.1])
+
+ old_CFLAGS="$CFLAGS"
+ old_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $SYSTEMD_DAEMON_CFLAGS"
+ LIBS="$LIBS $SYSTEMD_DAEMON_LIBS"
+ AC_CHECK_FUNCS([sd_notify])
+ CFLAGS="$old_CFLAGS"
+ LIBS="$old_LIBS"
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SYSTEMD_DAEMON],[
+ LIBVIRT_RESULT_LIB([SYSTEMD_DAEMON])
+])
Index: libvirt-1.1.2/src/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/src/Makefile.am
+++ libvirt-1.1.2/src/Makefile.am
@@ -906,11 +906,11 @@ libvirt_util_la_SOURCES = \
libvirt_util_la_CFLAGS = $(CAPNG_CFLAGS) $(YAJL_CFLAGS) $(LIBNL_CFLAGS) \
$(AM_CFLAGS) $(AUDIT_CFLAGS) $(DEVMAPPER_CFLAGS) \
$(DBUS_CFLAGS) $(LDEXP_LIBM) $(NUMACTL_CFLAGS) \
- -I$(top_srcdir)/src/conf
+ $(SYSTEMD_DAEMON_CFLAGS) -I$(top_srcdir)/src/conf
libvirt_util_la_LIBADD = $(CAPNG_LIBS) $(YAJL_LIBS) $(LIBNL_LIBS) \
$(THREAD_LIBS) $(AUDIT_LIBS) $(DEVMAPPER_LIBS) \
$(LIB_CLOCK_GETTIME) $(DBUS_LIBS) $(MSCOM_LIBS) $(LIBXML_LIBS) \
- $(SECDRIVER_LIBS) $(NUMACTL_LIBS)
+ $(SECDRIVER_LIBS) $(NUMACTL_LIBS) $(SYSTEMD_DAEMON_LIBS)
noinst_LTLIBRARIES += libvirt_conf.la
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -1946,6 +1946,7 @@ virSystemdCreateMachine;
virSystemdMakeMachineName;
virSystemdMakeScopeName;
virSystemdMakeSliceName;
+virSystemdNotifyStartup;
virSystemdTerminateMachine;
Index: libvirt-1.1.2/src/rpc/virnetserver.c
===================================================================
--- libvirt-1.1.2.orig/src/rpc/virnetserver.c
+++ libvirt-1.1.2/src/rpc/virnetserver.c
@@ -38,6 +38,7 @@
#include "virnetservermdns.h"
#include "virdbus.h"
#include "virstring.h"
+#include "virsystemd.h"
#ifndef SA_SIGINFO
# define SA_SIGINFO 0
@@ -1085,6 +1086,10 @@ void virNetServerRun(virNetServerPtr srv
goto cleanup;
}
+ /* We are accepting connections now. Notify systemd
+ * so it can start dependent services. */
+ virSystemdNotifyStartup();
+
VIR_DEBUG("srv=%p quit=%d", srv, srv->quit);
while (!srv->quit) {
/* A shutdown timeout is specified, so check
Index: libvirt-1.1.2/src/util/virsystemd.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virsystemd.c
+++ libvirt-1.1.2/src/util/virsystemd.c
@@ -21,6 +21,10 @@
#include <config.h>
+#ifdef WITH_SYSTEMD_DAEMON
+# include <systemd/sd-daemon.h>
+#endif
+
#include "virsystemd.h"
#include "virdbus.h"
#include "virstring.h"
@@ -305,3 +309,11 @@ cleanup:
VIR_FREE(machinename);
return ret;
}
+
+void
+virSystemdNotifyStartup(void)
+{
+#ifdef WITH_SYSTEMD_DAEMON
+ sd_notify(0, "READY=1");
+#endif
+}
Index: libvirt-1.1.2/src/util/virsystemd.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virsystemd.h
+++ libvirt-1.1.2/src/util/virsystemd.h
@@ -46,4 +46,6 @@ int virSystemdTerminateMachine(const cha
const char *drivername,
bool privileged);
+void virSystemdNotifyStartup(void);
+
#endif /* __VIR_SYSTEMD_H__ */
++++++ 79552754-libvirtd-chardev-crash.patch ++++++
commit 795527548fea79902ea4ce32747e069944cf3e61
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Thu Sep 26 08:12:39 2013 +0200
conf: Don't crash on invalid chardev source definition of RNGs and other
Since commit 297c99a5 an invalid source definition XML of a character
device that is used as backend for RNG devices, smartcards and redirdevs
causes crash of the daemon when parsing such a definition.
The device types mentioned above are not a part of a regular character
device but are backends for other types. Thus when parsing such device
NULL is passed as the argument @chr_def. Later when checking the
validity of the definition @chr_def was dereferenced when parsing a UNIX
socket backend with missing path of the socket and crashed the daemon.
Sample offending configuration:
<devices>
...
<rng model='virtio'>
<backend model='egd' type='unix'>
<source mode='bind' service='1024'/>
</backend>
</rng>
</devices>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196
Index: libvirt-1.1.2/src/conf/domain_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_conf.c
+++ libvirt-1.1.2/src/conf/domain_conf.c
@@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC
case VIR_DOMAIN_CHR_TYPE_UNIX:
/* path can be auto generated */
if (!path &&
- chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) {
+ (!chr_def ||
+ chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Missing source path attribute for char device"));
goto error;
Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
===================================================================
--- /dev/null
+++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml
@@ -0,0 +1,27 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu>
+ <os>
+ <type arch='i686' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <memballoon model='virtio'/>
+ <rng model='virtio'>
+ <backend model='egd' type='unix'>
+ <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1012196 -->
+ <source mode='connect' host='1.2.3.4' service='1234'/>
+ </backend>
+ </rng>
+ </devices>
+</domain>
Index: libvirt-1.1.2/tests/qemuxml2argvtest.c
===================================================================
--- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c
+++ libvirt-1.1.2/tests/qemuxml2argvtest.c
@@ -973,6 +973,8 @@ mymain(void)
QEMU_CAPS_OBJECT_RNG_RANDOM);
DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG,
QEMU_CAPS_OBJECT_RNG_EGD);
+ DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE,
+ QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD);
DO_TEST("virtio-rng-ccw",
QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
++++++ 7a44af9-CVE-2013-6456.patch ++++++
>From 8ee7bd55c2a27f1e1e995f078b639bfbb5a1f462 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Tue, 4 Feb 2014 16:21:12 +0000
Subject: [PATCH 01/14] Don't block use of USB with containers
virDomainDefCompatibleDevice blocks use of USB if no USB
controller is present. This is not correct for containers
since devices can be assigned directly regardless of any
controllers.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 7a44af963ef75c487f874bc91613ad45e5b167e9)
---
src/conf/domain_conf.c | 1 +
1 file changed, 1 insertion(+)
Index: libvirt-1.1.2/src/conf/domain_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_conf.c
+++ libvirt-1.1.2/src/conf/domain_conf.c
@@ -16996,6 +16996,7 @@ virDomainDefCompatibleDevice(virDomainDe
virDomainDeviceDefPtr dev)
{
if (!virDomainDefHasUSB(def) &&
+ STRNEQ(def->os.type, "exe") &&
virDomainDeviceIsUSB(dev)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Device configuration is not compatible: "
++++++ 7c72ef6-CVE-2013-6456.patch ++++++
>From f7b4d314c734908ca4f45e74aac10e7c2d711918 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 13:11:23 +0000
Subject: [PATCH 08/14] Add helper for running code in separate namespaces
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you can't change the mount
namespace of a thread. This implies that callbacks have to be careful
about what code they run due to async safety rules.
Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n(a)gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
Signed-off-by: Daniel Berrange <berrange(a)redhat.com>
Signed-off-by: Eric Blake <eblake(a)redhat.com>
(cherry picked from commit 7c72ef6f555f1f9844d51be2f38f078bc908652c)
---
src/libvirt_private.syms | 1 +
src/util/virprocess.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++
src/util/virprocess.h | 11 +++++
3 files changed, 118 insertions(+)
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -1807,6 +1807,7 @@ virProcessGetNamespaces;
virProcessGetStartTime;
virProcessKill;
virProcessKillPainfully;
+virProcessRunInMountNamespace;
virProcessSetAffinity;
virProcessSetMaxFiles;
virProcessSetMaxMemLock;
Index: libvirt-1.1.2/src/util/virprocess.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virprocess.c
+++ libvirt-1.1.2/src/util/virprocess.c
@@ -46,6 +46,7 @@
#include "virlog.h"
#include "virutil.h"
#include "virstring.h"
+#include "vircommand.h"
#define VIR_FROM_THIS VIR_FROM_NONE
@@ -847,3 +848,108 @@ int virProcessGetStartTime(pid_t pid,
return 0;
}
#endif
+
+
+#ifdef HAVE_SETNS
+static int virProcessNamespaceHelper(int errfd,
+ pid_t pid,
+ virProcessNamespaceCallback cb,
+ void *opaque)
+{
+ char *path;
+ int fd = -1;
+ int ret = -1;
+
+ if (virAsprintf(&path, "/proc/%llu/ns/mnt", (unsigned long long)pid) < 0)
+ goto cleanup;
+
+ if ((fd = open(path, O_RDONLY)) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Kernel does not provide mount namespace"));
+ goto cleanup;
+ }
+
+ if (setns(fd, 0) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Unable to enter mount namespace"));
+ goto cleanup;
+ }
+
+ ret = cb(pid, opaque);
+
+ cleanup:
+ if (ret < 0) {
+ virErrorPtr err = virGetLastError();
+ if (err) {
+ size_t len = strlen(err->message) + 1;
+ ignore_value(safewrite(errfd, err->message, len));
+ }
+ }
+ VIR_FREE(path);
+ VIR_FORCE_CLOSE(fd);
+ return ret;
+}
+
+/* Run cb(opaque) in the mount namespace of pid. Return -1 with error
+ * message raised if we fail to run the child, if the child dies from
+ * a signal, or if the child has status 1; otherwise return the exit
+ * status of the child. The callback will be run in a child process
+ * so must be careful to only use async signal safe functions.
+ */
+int
+virProcessRunInMountNamespace(pid_t pid,
+ virProcessNamespaceCallback cb,
+ void *opaque)
+{
+ int ret = -1;
+ pid_t child = -1;
+ int errfd[2] = { -1, -1 };
+
+ if (pipe(errfd) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Cannot create pipe for child"));
+ return -1;
+ }
+
+ ret = virFork(&child);
+
+ if (ret < 0 || child < 0) {
+ if (child == 0)
+ _exit(1);
+
+ /* parent */
+ virProcessAbort(child);
+ goto cleanup;
+ }
+
+ if (child == 0) {
+ VIR_FORCE_CLOSE(errfd[0]);
+ ret = virProcessNamespaceHelper(errfd[1], pid,
+ cb, opaque);
+ VIR_FORCE_CLOSE(errfd[1]);
+ _exit(ret < 0 ? 1 : 0);
+ } else {
+ char *buf = NULL;
+ VIR_FORCE_CLOSE(errfd[1]);
+
+ ignore_value(virFileReadHeaderFD(errfd[0], 1024, &buf));
+ ret = virProcessWait(child, NULL);
+ VIR_FREE(buf);
+ }
+
+cleanup:
+ VIR_FORCE_CLOSE(errfd[0]);
+ VIR_FORCE_CLOSE(errfd[1]);
+ return ret;
+}
+#else /* !HAVE_SETNS */
+int
+virProcessRunInMountNamespace(pid_t pid ATTRIBUTE_UNUSED,
+ virProcessNamespaceCallback cb ATTRIBUTE_UNUSED,
+ void *opaque ATTRIBUTE_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("Mount namespaces are not available on this platform"));
+ return -1;
+}
+#endif
Index: libvirt-1.1.2/src/util/virprocess.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virprocess.h
+++ libvirt-1.1.2/src/util/virprocess.h
@@ -60,4 +60,15 @@ int virProcessSetNamespaces(size_t nfdli
int virProcessSetMaxMemLock(pid_t pid, unsigned long long bytes);
int virProcessSetMaxProcesses(pid_t pid, unsigned int procs);
int virProcessSetMaxFiles(pid_t pid, unsigned int files);
+
+/* Callback to run code within the mount namespace tied to the given
+ * pid. This function must use only async-signal-safe functions, as
+ * it gets run after a fork of a multi-threaded process. The return
+ * value of this function is passed to _exit(), except that a
+ * negative value is treated as an error. */
+typedef int (*virProcessNamespaceCallback)(pid_t pid, void *opaque);
+
+int virProcessRunInMountNamespace(pid_t pid,
+ virProcessNamespaceCallback cb,
+ void *opaque);
#endif /* __VIR_PROCESS_H__ */
++++++ 7c98d1c1-nic-type.patch ++++++
commit 7c98d1c153da5810ed4dcaa6be177df369b7d4bd
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Mon Jan 6 11:37:20 2014 -0700
libxl: Fix initialization of nictype in libxl_device_nic
As pointed out by the Xen folks [1], HVM nics should always be set
to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests
LIBXL_NIC_TYPE_VIF via model='netfront'. The current logic in
libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if
a model is specified that is not 'netfront', which breaks PXE booting
configurations where no model is specified (i.e. use the hypervisor
default).
Reported-by: Stefan Bader <stefan.bader(a)canonical.com>
[1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html
Index: libvirt-1.1.2/src/libxl/libxl_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_conf.c
+++ libvirt-1.1.2/src/libxl/libxl_conf.c
@@ -815,8 +815,12 @@ error:
}
int
-libxlMakeNic(virDomainNetDefPtr l_nic, libxl_device_nic *x_nic)
+libxlMakeNic(virDomainDefPtr def,
+ virDomainNetDefPtr l_nic,
+ libxl_device_nic *x_nic)
{
+ bool ioemu_nic = STREQ(def->os.type, "hvm");
+
/* TODO: Where is mtu stored?
*
* x_nics[i].mtu = 1492;
@@ -826,12 +830,16 @@ libxlMakeNic(virDomainNetDefPtr l_nic, l
virMacAddrGetRaw(&l_nic->mac, x_nic->mac);
- if (l_nic->model && !STREQ(l_nic->model, "netfront")) {
- if (VIR_STRDUP(x_nic->model, l_nic->model) < 0)
- return -1;
+ if (ioemu_nic)
x_nic->nictype = LIBXL_NIC_TYPE_VIF_IOEMU;
- } else {
+ else
x_nic->nictype = LIBXL_NIC_TYPE_VIF;
+
+ if (l_nic->model) {
+ if (VIR_STRDUP(x_nic->model, l_nic->model) < 0)
+ return -1;
+ if (STREQ(l_nic->model, "netfront"))
+ x_nic->nictype = LIBXL_NIC_TYPE_VIF;
}
if (VIR_STRDUP(x_nic->ifname, l_nic->ifname) < 0)
@@ -868,7 +876,7 @@ libxlMakeNicList(virDomainDefPtr def, l
return -1;
for (i = 0; i < nnics; i++) {
- if (libxlMakeNic(l_nics[i], &x_nics[i]))
+ if (libxlMakeNic(def, l_nics[i], &x_nics[i]))
goto error;
}
Index: libvirt-1.1.2/src/libxl/libxl_conf.h
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_conf.h
+++ libvirt-1.1.2/src/libxl/libxl_conf.h
@@ -126,7 +126,9 @@ libxlMakeCapabilities(libxl_ctx *ctx);
int
libxlMakeDisk(virDomainDiskDefPtr l_dev, libxl_device_disk *x_dev);
int
-libxlMakeNic(virDomainNetDefPtr l_nic, libxl_device_nic *x_nic);
+libxlMakeNic(virDomainDefPtr def,
+ virDomainNetDefPtr l_nic,
+ libxl_device_nic *x_nic);
int
libxlMakeVfb(libxlDriverPrivatePtr driver,
virDomainGraphicsDefPtr l_vfb, libxl_device_vfb *x_vfb);
++++++ 7fba01c-CVE-2013-6456.patch ++++++
>From a6e9270ec79924fabd5a872984bb5d38eaf3df8a Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 16:34:19 +0000
Subject: [PATCH 11/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC USB hotplug
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit 7fba01c15c1f886b4235825692b4c13e88dd9f7b)
---
src/lxc/lxc_driver.c | 73 ++++++++++++++++------------------------------------
1 file changed, 22 insertions(+), 51 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3117,6 +3117,13 @@ lxcDomainAttachDeviceMknodHelper(pid_t p
def->src = tmpsrc;
} break;
+ case VIR_DOMAIN_DEVICE_HOSTDEV: {
+ virDomainHostdevDefPtr def = data->def->data.hostdev;
+ if (virSecurityManagerSetHostdevLabel(data->driver->securityManager,
+ data->vm->def, def, NULL) < 0)
+ goto cleanup;
+ } break;
+
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected device type %d"),
@@ -3411,13 +3418,8 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
virLXCDomainObjPrivatePtr priv = vm->privateData;
virDomainHostdevDefPtr def = dev->data.hostdev;
int ret = -1;
- char *vroot = NULL;
char *src = NULL;
- char *dstdir = NULL;
- char *dstfile = NULL;
struct stat sb;
- mode_t mode;
- bool created = false;
virUSBDevicePtr usb = NULL;
if (virDomainHostdevFind(vm->def, def, NULL) >= 0) {
@@ -3426,27 +3428,13 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
return -1;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
- if (virAsprintf(&dstdir, "%s/dev/bus/usb/%03d",
- vroot,
- def->source.subsys.u.usb.bus) < 0)
- goto cleanup;
-
- if (virAsprintf(&dstfile, "%s/%03d",
- dstdir,
- def->source.subsys.u.usb.device) < 0)
- goto cleanup;
-
if (virAsprintf(&src, "/dev/bus/usb/%03d/%03d",
def->source.subsys.u.usb.bus,
def->source.subsys.u.usb.device) < 0)
goto cleanup;
if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
- def->source.subsys.u.usb.device, vroot)))
+ def->source.subsys.u.usb.device, NULL)))
goto cleanup;
if (stat(src, &sb) < 0) {
@@ -3462,53 +3450,36 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
goto cleanup;
}
- mode = 0700 | S_IFCHR;
-
if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs + 1) < 0)
goto cleanup;
- if (virFileMakePath(dstdir) < 0) {
- virReportSystemError(errno,
- _("Unable to create %s"), dstdir);
- goto cleanup;
- }
-
- VIR_DEBUG("Creating dev %s (%d,%d)",
- dstfile, major(sb.st_rdev), minor(sb.st_rdev));
- if (mknod(dstfile, mode, sb.st_rdev) < 0) {
- virReportSystemError(errno,
- _("Unable to create device %s"),
- dstfile);
- goto cleanup;
- }
- created = true;
-
- if (lxcContainerChown(vm->def, dstfile) < 0)
- goto cleanup;
-
- if (virSecurityManagerSetHostdevLabel(driver->securityManager,
- vm->def, def, vroot) < 0)
- goto cleanup;
-
if (virUSBDeviceFileIterate(usb,
virLXCSetupHostUsbDeviceCgroup,
priv->cgroup) < 0)
goto cleanup;
+ if (lxcDomainAttachDeviceMknod(driver,
+ 0700 | S_IFCHR,
+ sb.st_rdev,
+ vm,
+ dev,
+ src) < 0) {
+ if (virUSBDeviceFileIterate(usb,
+ virLXCTeardownHostUsbDeviceCgroup,
+ priv->cgroup) < 0)
+ VIR_WARN("cannot deny device %s for domain %s",
+ src, vm->def->name);
+ goto cleanup;
+ }
+
vm->def->hostdevs[vm->def->nhostdevs++] = def;
ret = 0;
cleanup:
virDomainAuditHostdev(vm, def, "attach", ret == 0);
- if (ret < 0 && created)
- unlink(dstfile);
-
virUSBDeviceFree(usb);
VIR_FREE(src);
- VIR_FREE(dstfile);
- VIR_FREE(dstdir);
- VIR_FREE(vroot);
return ret;
}
++++++ 8294aa0c-CVE-2013-4399.patch ++++++
commit 8294aa0c1750dcb49d6345cd9bd97bf421580d8b
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Fri Sep 27 15:46:07 2013 +0100
Fix crash in libvirtd when events are registered & ACLs active
When a client disconnects from libvirtd, all event callbacks
must be removed. This involves running the public API
virConnectDomainEventDeregisterAny
This code does not run in normal API dispatch context, so no
identity was set. The result was that the access control drivers
denied the attempt to deregister callbacks. The callbacks thus
continued to trigger after the client was free'd causing fairly
predictable use of free memory & a crash.
This can be triggered by any client with readonly access when
the ACL drivers are active.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/daemon/remote.c
===================================================================
--- libvirt-1.1.2.orig/daemon/remote.c
+++ libvirt-1.1.2/daemon/remote.c
@@ -666,8 +666,11 @@ void remoteClientFreeFunc(void *data)
/* Deregister event delivery callback */
if (priv->conn) {
+ virIdentityPtr sysident = virIdentityGetSystem();
size_t i;
+ virIdentitySetCurrent(sysident);
+
for (i = 0; i < VIR_DOMAIN_EVENT_ID_LAST; i++) {
if (priv->domainEventCallbackID[i] != -1) {
VIR_DEBUG("Deregistering to relay remote events %zu", i);
@@ -678,6 +681,9 @@ void remoteClientFreeFunc(void *data)
}
virConnectClose(priv->conn);
+
+ virIdentitySetCurrent(NULL);
+ virObjectUnref(sysident);
}
VIR_FREE(priv);
++++++ 82daa87f-CVE-2013-6458.patch ++++++
commit 82daa87f6a020ba2d1274b300f8e95f903fbe0f8
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Fri Dec 20 15:41:04 2013 +0100
qemu: Fix job usage in virDomainGetBlockIoTune
CVE-2013-6458
Every API that is going to begin a job should do that before fetching
data from vm->def.
(cherry picked from commit 3b56425938e2f97208d5918263efa0d6439e4ecd)
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14851,12 +14851,6 @@ qemuDomainGetBlockIoTune(virDomainPtr do
goto cleanup;
}
- device = qemuDiskPathToAlias(vm, disk, NULL);
-
- if (!device) {
- goto cleanup;
- }
-
if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
goto cleanup;
@@ -14864,6 +14858,11 @@ qemuDomainGetBlockIoTune(virDomainPtr do
&persistentDef) < 0)
goto endjob;
+ device = qemuDiskPathToAlias(vm, disk, NULL);
+ if (!device) {
+ goto endjob;
+ }
+
if (flags & VIR_DOMAIN_AFFECT_LIVE) {
priv = vm->privateData;
qemuDomainObjEnterMonitor(driver, vm);
++++++ 843bdb2f-CVE-2013-4400.patch ++++++
commit 843bdb2f8a3364637cda2911624149525188843f
Author: Jim Fehlig <jfehlig(a)suse.com>
Date: Mon Oct 21 23:12:22 2013 -0600
build: fix build of virt-login-shell on systems with older gnutls
On systems where gnutls uses libgcrypt, I'm seeing the following
build failure
libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
...
Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h
Index: libvirt-1.1.2/config-post.h
===================================================================
--- libvirt-1.1.2.orig/config-post.h
+++ libvirt-1.1.2/config-post.h
@@ -34,6 +34,7 @@
# undef WITH_CURL
# undef WITH_DTRACE_PROBES
# undef WITH_GNUTLS
+# undef WITH_GNUTLS_GCRYPT
# undef WITH_MACVTAP
# undef WITH_NUMACTL
# undef WITH_SASL
++++++ 8c3586ea-CVE-2013-4400.patch ++++++
commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Oct 9 10:59:36 2013 +0100
Only allow 'stderr' log output when running setuid (CVE-2013-4400)
We must not allow file/syslog/journald log outputs when running
setuid since they can be abused to do bad things. In particular
the 'file' output can be used to overwrite files.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/util/virlog.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virlog.c
+++ libvirt-1.1.2/src/util/virlog.c
@@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit
* Multiple output can be defined in a single @output, they just need to be
* separated by spaces.
*
+ * If running in setuid mode, then only the 'stderr' output will
+ * be allowed
+ *
* Returns the number of output parsed and installed or -1 in case of error
*/
int
@@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs)
virLogPriority prio;
int ret = -1;
int count = 0;
+ bool isSUID = virIsSUID();
if (cur == NULL)
return -1;
@@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs)
if (virLogAddOutputToStderr(prio) == 0)
count++;
} else if (STREQLEN(cur, "syslog", 6)) {
+ if (isSUID)
+ goto cleanup;
cur += 6;
if (*cur != ':')
goto cleanup;
@@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs)
VIR_FREE(name);
#endif /* HAVE_SYSLOG_H */
} else if (STREQLEN(cur, "file", 4)) {
+ if (isSUID)
+ goto cleanup;
cur += 4;
if (*cur != ':')
goto cleanup;
@@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs)
VIR_FREE(name);
VIR_FREE(abspath);
} else if (STREQLEN(cur, "journald", 8)) {
+ if (isSUID)
+ goto cleanup;
cur += 8;
#if USE_JOURNALD
if (virLogAddOutputToJournald(prio) == 0)
++++++ 922b7fda-CVE-2013-4311.patch ++++++
commit 922b7fda77b094dbf022d625238262ea05335666
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Aug 28 15:25:40 2013 +0100
Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.
To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.
This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
Signed-off-by: Colin Walters <walters(a)redhat.com>
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/configure.ac
===================================================================
--- libvirt-1.1.2.orig/configure.ac
+++ libvirt-1.1.2/configure.ac
@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
if test "x$PKCHECK_PATH" != "x" ; then
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+ AC_MSG_CHECKING([whether pkcheck supports uid value])
+ pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
+ if test "x$pkcheck_supports_uid" = "xtrue"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
+ else
+ AC_MSG_RESULT([no])
+ fi
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
[use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
Index: libvirt-1.1.2/daemon/remote.c
===================================================================
--- libvirt-1.1.2.orig/daemon/remote.c
+++ libvirt-1.1.2/daemon/remote.c
@@ -2738,10 +2738,12 @@ remoteDispatchAuthPolkit(virNetServerPtr
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
+ bool supportsuid = false;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+ static bool polkitInsecureWarned;
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2763,14 +2765,28 @@ remoteDispatchAuthPolkit(virNetServerPtr
goto authfail;
}
+ if (timestamp == 0) {
+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
+ (long long)callerPid);
+ goto authfail;
+ }
+
VIR_INFO("Checking PID %lld running as %d",
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
- if (timestamp != 0) {
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = true;
+# endif
+ if (supportsuid) {
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+ (long long) callerPid, timestamp, (unsigned long) callerUid);
} else {
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
}
virCommandAddArg(cmd, "--allow-user-interaction");
Index: libvirt-1.1.2/libvirt.spec.in
===================================================================
--- libvirt-1.1.2.orig/libvirt.spec.in
+++ libvirt-1.1.2/libvirt.spec.in
@@ -508,8 +508,7 @@ BuildRequires: cyrus-sasl-devel
%endif
%if %{with_polkit}
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
-# Only need the binary, not -devel
-BuildRequires: polkit >= 0.93
+BuildRequires: polkit-devel >= 0.93
%else
BuildRequires: PolicyKit-devel >= 0.6
%endif
Index: libvirt-1.1.2/src/access/viraccessdriverpolkit.c
===================================================================
--- libvirt-1.1.2.orig/src/access/viraccessdriverpolkit.c
+++ libvirt-1.1.2/src/access/viraccessdriverpolkit.c
@@ -72,8 +72,12 @@ static char *
virAccessDriverPolkitFormatProcess(const char *actionid)
{
virIdentityPtr identity = virIdentityGetCurrent();
- const char *process = NULL;
+ const char *callerPid = NULL;
+ const char *callerTime = NULL;
+ const char *callerUid = NULL;
char *ret = NULL;
+ bool supportsuid = false;
+ static bool polkitInsecureWarned;
if (!identity) {
virAccessError(VIR_ERR_ACCESS_DENIED,
@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const
actionid);
return NULL;
}
- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
goto cleanup;
- if (!process) {
+ if (!callerPid) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process ID available"));
goto cleanup;
}
-
- if (VIR_STRDUP(ret, process) < 0)
+ if (!callerTime) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process start time available"));
+ goto cleanup;
+ }
+ if (!callerUid) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX caller UID available"));
goto cleanup;
+ }
+
+#ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = true;
+#endif
+ if (supportsuid) {
+ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
+ goto cleanup;
+ } else {
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
+ goto cleanup;
+ }
cleanup:
virObjectUnref(identity);
++++++ 939b0818-CVE-2013-6458.patch ++++++
commit 939b0818c223cd6e7a59dcf94c8117dfc5df2604
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Fri Dec 20 15:08:06 2013 +0100
qemu: Fix job usage in qemuDomainBlockCopy
Every API that is going to begin a job should do that before fetching
data from vm->def.
(cherry picked from commit ff5f30b6bfa317f2a4c33f69289baf4e887eb048)
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14216,7 +14216,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
virQEMUDriverPtr driver = conn->privateData;
qemuDomainObjPrivatePtr priv;
char *device = NULL;
- virDomainDiskDefPtr disk;
+ virDomainDiskDefPtr disk = NULL;
int ret = -1;
int idx;
struct stat st;
@@ -14231,29 +14231,32 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
priv = vm->privateData;
cfg = virQEMUDriverGetConfig(driver);
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+ goto cleanup;
+
if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("domain is not running"));
- goto cleanup;
+ goto endjob;
}
device = qemuDiskPathToAlias(vm, path, &idx);
if (!device) {
- goto cleanup;
+ goto endjob;
}
disk = vm->def->disks[idx];
if (disk->mirror) {
virReportError(VIR_ERR_BLOCK_COPY_ACTIVE,
_("disk '%s' already in active block copy job"),
disk->dst);
- goto cleanup;
+ goto endjob;
}
if (!(virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DRIVE_MIRROR) &&
virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKJOB_ASYNC))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("block copy is not supported with this QEMU binary"));
- goto cleanup;
+ goto endjob;
}
if (vm->persistent) {
/* XXX if qemu ever lets us start a new domain with mirroring
@@ -14262,17 +14265,9 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
* this on persistent domains. */
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("domain is not transient"));
- goto cleanup;
- }
-
- if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
- goto cleanup;
-
- if (!virDomainObjIsActive(vm)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("domain is not running"));
goto endjob;
}
+
if (qemuDomainDetermineDiskChain(driver, disk, false) < 0)
goto endjob;
@@ -14362,7 +14357,7 @@ qemuDomainBlockCopy(virDomainObjPtr vm,
endjob:
if (need_unlink && unlink(dest))
VIR_WARN("unable to unlink just-created %s", dest);
- if (ret < 0)
+ if (ret < 0 && disk)
disk->mirrorFormat = VIR_STORAGE_FILE_NONE;
VIR_FREE(mirror);
if (qemuDomainObjEndJob(driver, vm) == 0) {
++++++ 97973ebb-LXC-threading-error.patch ++++++
>From 97973ebb7a64a3be6710ddd38d124307991ad7cb Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Tue, 8 Oct 2013 14:35:01 +0100
Subject: [PATCH] Initialize threading & error layer in LXC controller
In Fedora 20, libvirt_lxc crashes immediately at startup with a
trace
#0 0x00007f0cddb653ec in free () from /lib64/libc.so.6
#1 0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
#2 0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
#3 0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
#4 0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
#5 0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352
Normally virInitialize calls virErrorInitialize and
virThreadInitialize, but we don't link to libvirt.so
in libvirt_lxc, and nor did we ever call the error
or thread initializers.
I have absolutely no idea how this has ever worked, let alone
what caused it to stop working in Fedora 20.
In addition not all code paths from virLogSetFromEnv will
ensure virLogInitialize is called correctly, which is another
possible crash scenario.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 4 +++-
src/util/virlog.c | 6 ++++++
2 files changed, 9 insertions(+), 1 deletion(-)
Index: libvirt-1.1.2/src/lxc/lxc_controller.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_controller.c
+++ libvirt-1.1.2/src/lxc/lxc_controller.c
@@ -2250,7 +2250,9 @@ int main(int argc, char *argv[])
if (setlocale(LC_ALL, "") == NULL ||
bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
- textdomain(PACKAGE) == NULL) {
+ textdomain(PACKAGE) == NULL ||
+ virThreadInitialize() < 0 ||
+ virErrorInitialize() < 0) {
fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
exit(EXIT_FAILURE);
}
Index: libvirt-1.1.2/src/util/virlog.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virlog.c
+++ libvirt-1.1.2/src/util/virlog.c
@@ -547,6 +547,9 @@ virLogDefineFilter(const char *match,
virCheckFlags(VIR_LOG_STACK_TRACE, -1);
+ if (virLogInitialize() < 0)
+ return -1;
+
if ((match == NULL) || (priority < VIR_LOG_DEBUG) ||
(priority > VIR_LOG_ERROR))
return -1;
@@ -662,6 +665,9 @@ virLogDefineOutput(virLogOutputFunc f,
virCheckFlags(0, -1);
+ if (virLogInitialize() < 0)
+ return -1;
+
if (f == NULL)
return -1;
++++++ 9faf3f29-LXC-memtune.patch ++++++
commit 9faf3f2950aed1643ab7564afcb4c693c77f71b5
Author: Martin Kletzander <mkletzan(a)redhat.com>
Date: Mon Dec 9 11:15:12 2013 +0100
Fix crash in lxcDomainSetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain. Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).
I re-made the function in order for it to work the same way it's qemu
counterpart does.
Reproducer:
1) Define an LXC domain
2) Do 'virsh memtune <domain> --hard-limit 133T'
Backtrace:
Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
#0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
#1 0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
at util/vircgroup.c:669
#2 0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
#3 0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
#4 0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
at util/vircgroup.c:1944
#5 0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
#6 0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
#7 0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
at remote_dispatch.h:7621
#8 0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
ret=0x7fffe40b84f0) at remote_dispatch.h:7591
#9 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
at rpc/virnetserverprogram.c:435
#10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
at rpc/virnetserverprogram.c:305
#11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
#12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
at rpc/virnetserver.c:186
#13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
#14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
#15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
#16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -743,12 +743,24 @@ lxcDomainSetMemoryParameters(virDomainPt
int nparams,
unsigned int flags)
{
- size_t i;
+ virCapsPtr caps = NULL;
+ virDomainDefPtr vmdef = NULL;
virDomainObjPtr vm = NULL;
+ virLXCDomainObjPrivatePtr priv = NULL;
+ virLXCDriverConfigPtr cfg = NULL;
+ virLXCDriverPtr driver = dom->conn->privateData;
+ unsigned long long hard_limit;
+ unsigned long long soft_limit;
+ unsigned long long swap_hard_limit;
+ bool set_hard_limit = false;
+ bool set_soft_limit = false;
+ bool set_swap_hard_limit = false;
+ int rc;
int ret = -1;
- virLXCDomainObjPrivatePtr priv;
- virCheckFlags(0, -1);
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+ VIR_DOMAIN_AFFECT_CONFIG, -1);
+
if (virTypedParamsValidate(params, nparams,
VIR_DOMAIN_MEMORY_HARD_LIMIT,
VIR_TYPED_PARAM_ULLONG,
@@ -763,29 +775,97 @@ lxcDomainSetMemoryParameters(virDomainPt
goto cleanup;
priv = vm->privateData;
+ cfg = virLXCDriverGetConfig(driver);
- if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0)
+ if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0 ||
+ !(caps = virLXCDriverGetCapabilities(driver, false)) ||
+ virDomainLiveConfigHelperMethod(caps, driver->xmlopt,
+ vm, &flags, &vmdef) < 0)
goto cleanup;
- ret = 0;
- for (i = 0; i < nparams; i++) {
- virTypedParameterPtr param = ¶ms[i];
+ if (flags & VIR_DOMAIN_AFFECT_LIVE &&
+ !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("cgroup memory controller is not mounted"));
+ goto cleanup;
+ }
- if (STREQ(param->field, VIR_DOMAIN_MEMORY_HARD_LIMIT)) {
- if (virCgroupSetMemoryHardLimit(priv->cgroup, params[i].value.ul) < 0)
- ret = -1;
- } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SOFT_LIMIT)) {
- if (virCgroupSetMemorySoftLimit(priv->cgroup, params[i].value.ul) < 0)
- ret = -1;
- } else if (STREQ(param->field, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT)) {
- if (virCgroupSetMemSwapHardLimit(priv->cgroup, params[i].value.ul) < 0)
- ret = -1;
+#define VIR_GET_LIMIT_PARAMETER(PARAM, VALUE) \
+ if ((rc = virTypedParamsGetULLong(params, nparams, PARAM, &VALUE)) < 0) \
+ goto cleanup; \
+ \
+ if (rc == 1) \
+ set_ ## VALUE = true;
+
+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, swap_hard_limit)
+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_HARD_LIMIT, hard_limit)
+ VIR_GET_LIMIT_PARAMETER(VIR_DOMAIN_MEMORY_SOFT_LIMIT, soft_limit)
+
+#undef VIR_GET_LIMIT_PARAMETER
+
+ /* Swap hard limit must be greater than hard limit.
+ * Note that limit of 0 denotes unlimited */
+ if (set_swap_hard_limit || set_hard_limit) {
+ unsigned long long mem_limit = vm->def->mem.hard_limit;
+ unsigned long long swap_limit = vm->def->mem.swap_hard_limit;
+
+ if (set_swap_hard_limit)
+ swap_limit = swap_hard_limit;
+
+ if (set_hard_limit)
+ mem_limit = hard_limit;
+
+ if (virCompareLimitUlong(mem_limit, swap_limit) > 0) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("memory hard_limit tunable value must be lower "
+ "than or equal to swap_hard_limit"));
+ goto cleanup;
}
}
+#define LXC_SET_MEM_PARAMETER(FUNC, VALUE) \
+ if (set_ ## VALUE) { \
+ if (flags & VIR_DOMAIN_AFFECT_LIVE) { \
+ if ((rc = FUNC(priv->cgroup, VALUE)) < 0) { \
+ virReportSystemError(-rc, _("unable to set memory %s tunable"), \
+ #VALUE); \
+ \
+ goto cleanup; \
+ } \
+ vm->def->mem.VALUE = VALUE; \
+ } \
+ \
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) \
+ vmdef->mem.VALUE = VALUE; \
+ }
+
+ /* Soft limit doesn't clash with the others */
+ LXC_SET_MEM_PARAMETER(virCgroupSetMemorySoftLimit, soft_limit);
+
+ /* set hard limit before swap hard limit if decreasing it */
+ if (virCompareLimitUlong(vm->def->mem.hard_limit, hard_limit) > 0) {
+ LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit);
+ /* inhibit changing the limit a second time */
+ set_hard_limit = false;
+ }
+
+ LXC_SET_MEM_PARAMETER(virCgroupSetMemSwapHardLimit, swap_hard_limit);
+
+ /* otherwise increase it after swap hard limit */
+ LXC_SET_MEM_PARAMETER(virCgroupSetMemoryHardLimit, hard_limit);
+
+#undef LXC_SET_MEM_PARAMETER
+
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG &&
+ virDomainSaveConfig(cfg->configDir, vmdef) < 0)
+ goto cleanup;
+
+ ret = 0;
cleanup:
if (vm)
virObjectUnlock(vm);
+ virObjectUnref(caps);
+ virObjectUnref(cfg);
return ret;
}
++++++ a537827-CVE-2013-6456.patch ++++++
>From 5ef86f41148af71aefca9c7ad31926ca179c185b Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Tue, 4 Feb 2014 16:46:28 +0000
Subject: [PATCH 03/14] Record hotplugged USB device in LXC live guest config
After hotplugging a USB device, the LXC driver forgot
to add the device def to the virDomainDefPtr.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit a537827d15516f2b59afb23ce2d50b8a88d7f090)
---
src/lxc/lxc_driver.c | 5 +++++
1 file changed, 5 insertions(+)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3374,6 +3374,9 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
mode = 0700 | S_IFCHR;
+ if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs + 1) < 0)
+ goto cleanup;
+
if (virFileMakePath(dstdir) < 0) {
virReportSystemError(errno,
_("Unable to create %s"), dstdir);
@@ -3402,6 +3405,8 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
priv->cgroup) < 0)
goto cleanup;
+ vm->def->hostdevs[vm->def->nhostdevs++] = def;
+
ret = 0;
cleanup:
++++++ ae53e5d1-CVE-2013-4400.patch ++++++
commit ae53e5d10e434e07079d7e3ba11ec654ba6a256e
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Oct 9 10:52:39 2013 +0100
Add helpers for getting env vars in a setuid environment
Care must be taken accessing env variables when running
setuid. Introduce a virGetEnvAllowSUID for env vars which
are safe to use in a setuid environment, and another
virGetEnvBlockSUID for vars which are not safe. Also add
a virIsSUID helper method for any other non-env var code
to use.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -2042,6 +2042,8 @@ virFindFCHostCapableVport;
virFormatIntDecimal;
virGetDeviceID;
virGetDeviceUnprivSGIO;
+virGetEnvAllowSUID;
+virGetEnvBlockSUID;
virGetFCHostNameByWWN;
virGetGroupID;
virGetGroupList;
@@ -2060,6 +2062,7 @@ virIndexToDiskName;
virIsCapableFCHost;
virIsCapableVport;
virIsDevMapperDevice;
+virIsSUID;
virManageVport;
virParseNumber;
virParseOwnershipIds;
Index: libvirt-1.1.2/src/util/virutil.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virutil.c
+++ libvirt-1.1.2/src/util/virutil.c
@@ -2116,3 +2116,42 @@ cleanup:
return rc;
}
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is unsafe to
+ * use when running setuid. If running setuid, a NULL
+ * value will be returned
+ */
+const char *virGetEnvBlockSUID(const char *name)
+{
+ return secure_getenv(name);
+}
+
+
+/**
+ * virGetEnvBlockSUID:
+ * @name: the environment variable name
+ *
+ * Obtain an environment variable which is safe to
+ * use when running setuid. The value will be returned
+ * even when running setuid
+ */
+const char *virGetEnvAllowSUID(const char *name)
+{
+ return getenv(name);
+}
+
+
+/**
+ * virIsSUID:
+ * Return a true value if running setuid. Does not
+ * check for elevated capabilities bits.
+ */
+bool virIsSUID(void)
+{
+ return getuid() != geteuid();
+}
Index: libvirt-1.1.2/src/util/virutil.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virutil.h
+++ libvirt-1.1.2/src/util/virutil.h
@@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long l
int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr);
+const char *virGetEnvBlockSUID(const char *name);
+const char *virGetEnvAllowSUID(const char *name);
+bool virIsSUID(void);
+
#endif /* __VIR_UTIL_H__ */
++++++ aebbcdd-CVE-2013-6456.patch ++++++
>From 21368274a9aa91e8a5f0addb3a6bba8dad91e334 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake(a)redhat.com>
Date: Mon, 23 Dec 2013 22:55:51 -0700
Subject: [PATCH 09/14] CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in
LXC shutdown/reboot code
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot. Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's namespace.
Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n(a)gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
Signed-off-by: Eric Blake <eblake(a)redhat.com>
(cherry picked from commit aebbcdd33c8c18891f0bdbbf8924599a28152c9c)
---
src/lxc/lxc_driver.c | 38 ++++++++++++++++++++------------------
src/util/virinitctl.c | 26 ++++++++++----------------
src/util/virinitctl.h | 5 ++---
3 files changed, 32 insertions(+), 37 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -2739,12 +2739,20 @@ lxcConnectListAllDomains(virConnectPtr c
static int
+lxcDomainInitctlCallback(pid_t pid ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ int *command = opaque;
+ return virInitctlSetRunLevel(*command);
+}
+
+
+static int
lxcDomainShutdownFlags(virDomainPtr dom,
unsigned int flags)
{
virLXCDomainObjPrivatePtr priv;
virDomainObjPtr vm;
- char *vroot = NULL;
int ret = -1;
int rc;
@@ -2771,16 +2779,14 @@ lxcDomainShutdownFlags(virDomainPtr dom,
goto cleanup;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
if (flags == 0 ||
(flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) {
- if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF,
- vroot)) < 0) {
+ int command = VIR_INITCTL_RUNLEVEL_POWEROFF;
+
+ if ((rc = virProcessRunInMountNamespace(priv->initpid,
+ lxcDomainInitctlCallback,
+ &command)) < 0)
goto cleanup;
- }
if (rc == 0 && flags != 0 &&
((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
@@ -2806,7 +2812,6 @@ lxcDomainShutdownFlags(virDomainPtr dom,
ret = 0;
cleanup:
- VIR_FREE(vroot);
if (vm)
virObjectUnlock(vm);
return ret;
@@ -2818,13 +2823,13 @@ lxcDomainShutdown(virDomainPtr dom)
return lxcDomainShutdownFlags(dom, 0);
}
+
static int
lxcDomainReboot(virDomainPtr dom,
unsigned int flags)
{
virLXCDomainObjPrivatePtr priv;
virDomainObjPtr vm;
- char *vroot = NULL;
int ret = -1;
int rc;
@@ -2851,16 +2856,14 @@ lxcDomainReboot(virDomainPtr dom,
goto cleanup;
}
- if (virAsprintf(&vroot, "/proc/%llu/root",
- (unsigned long long)priv->initpid) < 0)
- goto cleanup;
-
if (flags == 0 ||
(flags & VIR_DOMAIN_REBOOT_INITCTL)) {
- if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_REBOOT,
- vroot)) < 0) {
+ int command = VIR_INITCTL_RUNLEVEL_REBOOT;
+
+ if ((rc = virProcessRunInMountNamespace(priv->initpid,
+ lxcDomainInitctlCallback,
+ &command)) < 0)
goto cleanup;
- }
if (rc == 0 && flags != 0 &&
((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
@@ -2886,7 +2889,6 @@ lxcDomainReboot(virDomainPtr dom,
ret = 0;
cleanup:
- VIR_FREE(vroot);
if (vm)
virObjectUnlock(vm);
return ret;
Index: libvirt-1.1.2/src/util/virinitctl.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virinitctl.c
+++ libvirt-1.1.2/src/util/virinitctl.c
@@ -111,16 +111,18 @@ struct virInitctlRequest {
# endif
/*
- * Send a message to init to change the runlevel
+ * Send a message to init to change the runlevel. This function is
+ * asynchronous-signal-safe (thus safe to use after fork of a
+ * multithreaded parent) - which is good, because it should only be
+ * used after forking and entering correct namespace.
*
* Returns 1 on success, 0 if initctl does not exist, -1 on error
*/
-int virInitctlSetRunLevel(virInitctlRunLevel level,
- const char *vroot)
+int
+virInitctlSetRunLevel(virInitctlRunLevel level)
{
struct virInitctlRequest req;
int fd = -1;
- char *path = NULL;
int ret = -1;
memset(&req, 0, sizeof(req));
@@ -131,36 +133,28 @@ int virInitctlSetRunLevel(virInitctlRunL
/* Yes it is an 'int' field, but wants a numeric character. Go figure */
req.runlevel = '0' + level;
- if (vroot) {
- if (virAsprintf(&path, "%s/%s", vroot, VIR_INITCTL_FIFO) < 0)
- return -1;
- } else {
- if (VIR_STRDUP(path, VIR_INITCTL_FIFO) < 0)
- return -1;
- }
-
- if ((fd = open(path, O_WRONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY)) < 0) {
+ if ((fd = open(VIR_INITCTL_FIFO,
+ O_WRONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY)) < 0) {
if (errno == ENOENT) {
ret = 0;
goto cleanup;
}
virReportSystemError(errno,
_("Cannot open init control %s"),
- path);
+ VIR_INITCTL_FIFO);
goto cleanup;
}
if (safewrite(fd, &req, sizeof(req)) != sizeof(req)) {
virReportSystemError(errno,
_("Failed to send request to init control %s"),
- path);
+ VIR_INITCTL_FIFO);
goto cleanup;
}
ret = 1;
cleanup:
- VIR_FREE(path);
VIR_FORCE_CLOSE(fd);
return ret;
}
Index: libvirt-1.1.2/src/util/virinitctl.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virinitctl.h
+++ libvirt-1.1.2/src/util/virinitctl.h
@@ -1,7 +1,7 @@
/*
* virinitctl.h: API for talking to init systems via initctl
*
- * Copyright (C) 2012 Red Hat, Inc.
+ * Copyright (C) 2012-2014 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -37,7 +37,6 @@ enum virInitctlRunLevel {
VIR_INITCTL_RUNLEVEL_LAST
};
-int virInitctlSetRunLevel(virInitctlRunLevel level,
- const char *vroot);
+int virInitctlSetRunLevel(virInitctlRunLevel level);
#endif
++++++ b03eba13-libxl-segfault-fix.patch ++++++
commit b03eba137616a9c48921c017d9c1142a47020dc2
Author: Bamvor Jian Zhang <bjzhang(a)suse.com>
Date: Fri Dec 20 15:14:42 2013 +0800
libxl: fix segfault when domain create fail
there is a segfault in libxl logging in libxl_ctx_free when domain
create fail. because the log output handler vmessage is freed by
xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove.
move xtl_logger_destroy after libxl_ctx_free could fix this bug.
Signed-off-by: Bamvor Jian Zhang <bjzhang(a)suse.com>
Index: libvirt-1.1.2/src/libxl/libxl_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_driver.c
+++ libvirt-1.1.2/src/libxl/libxl_driver.c
@@ -472,11 +472,10 @@ libxlDomainObjPrivateDispose(void *obj)
virChrdevFree(priv->devs);
+ libxl_ctx_free(priv->ctx);
xtl_logger_destroy(priv->logger);
if (priv->logger_file)
VIR_FORCE_FCLOSE(priv->logger_file);
-
- libxl_ctx_free(priv->ctx);
}
static void
++++++ b1674ad5-CVE-2014-7823.patch ++++++
commit 520ecab4ca09859d4de39cad7ae2e34272e0437e
Author: Eric Blake <eblake(a)redhat.com>
Date: Fri Oct 31 22:14:07 2014 -0600
CVE-2014-7823: dumpxml: security hole with migratable flag
Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
the qemu implementation of virDomainGetXMLDesc, the use of the
flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
prior to calling qemuDomainFormatXML. However, the use of
VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
clients only. This patch treats the migratable flag as requiring
the same permissions, rather than analyzing what might break if
migratable xml no longer includes secret information.
Fortunately, the information leak is low-risk: all that is gated
by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
but VNC passwords are already weak (FIPS forbids their use, and
on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
password sent in plaintext over the network deserves what they
get). SPICE offers better security than VNC, and all other
secrets are properly protected by use of virSecret associations
rather than direct output in domain XML.
* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
Tighten rules on use of migratable flag.
* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
(cherry picked from commit b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b)
Conflicts:
src/libvirt-domain.c - file split from older src/libvirt.c; context with older virLibConnError
Signed-off-by: Eric Blake <eblake(a)redhat.com>
Index: libvirt-1.1.2/src/libvirt.c
===================================================================
--- libvirt-1.1.2.orig/src/libvirt.c
+++ libvirt-1.1.2/src/libvirt.c
@@ -4562,7 +4562,8 @@ virDomainGetXMLDesc(virDomainPtr domain,
conn = domain->conn;
- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) {
+ if ((conn->flags & VIR_CONNECT_RO) &&
+ (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) {
virLibConnError(VIR_ERR_OPERATION_DENIED, "%s",
_("virDomainGetXMLDesc with secure flag"));
goto error;
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -2979,6 +2979,7 @@ enum remote_procedure {
* @generate: both
* @acl: domain:read
* @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE
*/
REMOTE_PROC_DOMAIN_GET_XML_DESC = 14,
++++++ b347c0c2-CVE-2015-0236.patch ++++++
commit b347c0c2a321ec5c20aae214927949832a288c5a
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Tue Jan 20 17:01:01 2015 +0100
CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
appropriate permission for it. Found via code inspection while fixing
permissions for save images.
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -12934,7 +12934,7 @@ static char *qemuDomainSnapshotGetXMLDes
if (!(vm = qemuDomObjFromSnapshot(snapshot)))
goto cleanup;
- if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0)
+ if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0)
goto cleanup;
if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot)))
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -4170,6 +4170,7 @@ enum remote_procedure {
* @generate: both
* @priority: high
* @acl: domain:read
+ * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE
*/
REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186,
++++++ b7fcc799a-CVE-2013-4400.patch ++++++
commit b7fcc799ad5d8f3e55b89b94e599903e3c092467
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Oct 9 15:14:34 2013 +0100
Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
We don't want to inherit any FDs in the new namespace
except for the stdio FDs. Explicitly close them all,
just in case some do not have the close-on-exec flag
set.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/tools/virt-login-shell.c
===================================================================
--- libvirt-1.1.2.orig/tools/virt-login-shell.c
+++ libvirt-1.1.2/tools/virt-login-shell.c
@@ -313,6 +313,18 @@ main(int argc, char **argv)
if (cpid == 0) {
pid_t ccpid;
+ int openmax = sysconf(_SC_OPEN_MAX);
+ int fd;
+ if (openmax < 0) {
+ virReportSystemError(errno, "%s",
+ _("sysconf(_SC_OPEN_MAX) failed"));
+ return EXIT_FAILURE;
+ }
+ for (fd = 3; fd < openmax; fd++) {
+ int tmpfd = fd;
+ VIR_MASS_CLOSE(tmpfd);
+ }
+
/* Fork once because we don't want to affect
* virt-login-shell's namespace itself
*/
++++++ ba79e38-bnc852005.patch ++++++
>From ba79e3879e771417ee90e125d8b38743a867d7d1 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn(a)redhat.com>
Date: Fri, 21 Feb 2014 10:16:36 +0100
Subject: [PATCH] virSystemdCreateMachine: Set dependencies for slices
https://bugzilla.redhat.com/show_bug.cgi?id=1031696
When creating a new domain, we let systemd know about it by calling
CreateMachine() function via dbus. Systemd then creates a scope and
places domain into it. However, later when the host is shutting
down, systemd computes the shutdown order to see what processes can
be shut down in parallel. And since we were not setting
dependencies at all, the slices (and thus domains) were most likely
killed before libvirt-guests.service. So user domains that had to
be saved, shut off, whatever were in fact killed. This problem can
be solved by letting systemd know that scopes we're creating must
not be killed before libvirt-guests.service.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/util/virsystemd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: libvirt-1.1.2/src/util/virsystemd.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virsystemd.c
+++ libvirt-1.1.2/src/util/virsystemd.c
@@ -240,8 +240,10 @@ int virSystemdCreateMachine(const char *
iscontainer ? "container" : "vm",
(unsigned int)pidleader,
rootdir ? rootdir : "",
- 1, "Slice", "s",
- slicename) < 0) {
+ 3,
+ "Slice", "s", slicename,
+ "After", "as", 1, "libvirtd.service",
+ "Before", "as", 1, "libvirt-guests.service") < 0) {
virErrorPtr err = virGetLastError();
if (err->code == VIR_ERR_DBUS_SERVICE &&
STREQ(err->str2, "org.freedesktop.DBus.Error.ServiceUnknown")) {
++++++ baselibs.conf ++++++
libvirt-client
requires -libvirt-<targettype>
libvirt-devel
requires -libvirt-<targettype>
++++++ bcb9a035-CVE-2013-6458.patch ++++++
commit bcb9a035a99cf8389069c401c94605aedccdc4df
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Fri Dec 20 15:04:09 2013 +0100
qemu: Fix job usage in qemuDomainBlockJobImpl
CVE-2013-6458
Every API that is going to begin a job should do that before fetching
data from vm->def.
(cherry picked from commit f93d2caa070f6197ab50d372d286018b0ba6bbd8)
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -14030,16 +14030,25 @@ qemuDomainBlockJobImpl(virDomainObjPtr v
goto cleanup;
}
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("domain is not running"));
+ goto endjob;
+ }
+
device = qemuDiskPathToAlias(vm, path, &idx);
if (!device)
- goto cleanup;
+ goto endjob;
disk = vm->def->disks[idx];
if (mode == BLOCK_JOB_PULL && disk->mirror) {
virReportError(VIR_ERR_BLOCK_COPY_ACTIVE,
_("disk '%s' already in active block copy job"),
disk->dst);
- goto cleanup;
+ goto endjob;
}
if (mode == BLOCK_JOB_ABORT &&
(flags & VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT) &&
@@ -14047,15 +14056,6 @@ qemuDomainBlockJobImpl(virDomainObjPtr v
virReportError(VIR_ERR_OPERATION_INVALID,
_("pivot of disk '%s' requires an active copy job"),
disk->dst);
- goto cleanup;
- }
-
- if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
- goto cleanup;
-
- if (!virDomainObjIsActive(vm)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("domain is not running"));
goto endjob;
}
++++++ bd773e74-lxc-terminate-machine.patch ++++++
commit bd773e74f0d1d1b9ebbfcaa645178316b4f2265c
Author: Cédric Bosdonnat <cbosdonnat(a)suse.com>
Date: Mon Sep 30 16:46:29 2013 +0200
LXC: workaround machined uncleaned data with containers running systemd.
The problem is described by [0] but its effect on libvirt is that
starting a container with a full distro running systemd after having
stopped it simply fails.
The container cleanup now calls the machined Terminate function to make
sure that everything is in order for the next run.
[0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -1940,8 +1940,10 @@ virSysinfoSetup;
# util/virsystemd.h
virSystemdCreateMachine;
+virSystemdMakeMachineName;
virSystemdMakeScopeName;
virSystemdMakeSliceName;
+virSystemdTerminateMachine;
# util/virthread.h
Index: libvirt-1.1.2/src/lxc/lxc_process.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_process.c
+++ libvirt-1.1.2/src/lxc/lxc_process.c
@@ -50,6 +50,7 @@
#include "virstring.h"
#include "viratomic.h"
#include "virprocess.h"
+#include "virsystemd.h"
#define VIR_FROM_THIS VIR_FROM_LXC
@@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCD
virCgroupFree(&priv->cgroup);
}
+ /* Get machined to terminate the machine as it may not have cleaned it
+ * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for
+ * the bug we are working around here.
+ */
+ virSystemdTerminateMachine(vm->def->name, "lxc", true);
+
+
/* now that we know it's stopped call the hook if present */
if (virHookPresent(VIR_HOOK_DRIVER_LXC)) {
char *xml = virDomainDefFormat(vm->def, 0);
Index: libvirt-1.1.2/src/util/virsystemd.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virsystemd.c
+++ libvirt-1.1.2/src/util/virsystemd.c
@@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char
return virBufferContentAndReset(&buf);
}
+char *virSystemdMakeMachineName(const char *name,
+ const char *drivername,
+ bool privileged)
+{
+ char *machinename = NULL;
+ char *username = NULL;
+ if (privileged) {
+ if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0)
+ goto cleanup;
+ } else {
+ if (!(username = virGetUserName(geteuid())))
+ goto cleanup;
+ if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0)
+ goto cleanup;
+ }
+
+cleanup:
+ VIR_FREE(username);
+
+ return machinename;
+}
/**
* virSystemdCreateMachine:
@@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char *
DBusConnection *conn;
char *machinename = NULL;
char *creatorname = NULL;
- char *username = NULL;
char *slicename = NULL;
if (!virDBusHasSystemBus())
@@ -150,15 +170,8 @@ int virSystemdCreateMachine(const char *
conn = virDBusGetSystemBus();
- if (privileged) {
- if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0)
- goto cleanup;
- } else {
- if (!(username = virGetUserName(geteuid())))
- goto cleanup;
- if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0)
- goto cleanup;
- }
+ if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged)))
+ goto cleanup;
if (virAsprintf(&creatorname, "libvirt-%s", drivername) < 0)
goto cleanup;
@@ -241,8 +254,52 @@ int virSystemdCreateMachine(const char *
ret = 0;
cleanup:
- VIR_FREE(username);
VIR_FREE(creatorname);
VIR_FREE(machinename);
return ret;
}
+
+int virSystemdTerminateMachine(const char *name,
+ const char *drivername,
+ bool privileged)
+{
+ int ret;
+ DBusConnection *conn;
+ char *machinename = NULL;
+
+ if(!virDBusHasSystemBus())
+ return -2;
+
+ conn = virDBusGetSystemBus();
+
+ ret = -1;
+ if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged)))
+ goto cleanup;
+
+ /*
+ * The systemd DBus API we're invoking has the
+ * following signature
+ *
+ * TerminateMachine(in s name);
+ *
+ * @name a host unique name for the machine. shows up
+ * in 'ps' listing & similar
+ */
+
+ VIR_DEBUG("Attempting to terminate machine via systemd");
+ if (virDBusCallMethod(conn,
+ NULL,
+ "org.freedesktop.machine1",
+ "/org/freedesktop/machine1",
+ "org.freedesktop.machine1.Manager",
+ "TerminateMachine",
+ "s",
+ machinename) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(machinename);
+ return ret;
+}
Index: libvirt-1.1.2/src/util/virsystemd.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virsystemd.h
+++ libvirt-1.1.2/src/util/virsystemd.h
@@ -29,6 +29,10 @@ char *virSystemdMakeScopeName(const char
const char *slicename);
char *virSystemdMakeSliceName(const char *partition);
+char *virSystemdMakeMachineName(const char *name,
+ const char *drivername,
+ bool privileged);
+
int virSystemdCreateMachine(const char *name,
const char *drivername,
bool privileged,
@@ -38,4 +42,8 @@ int virSystemdCreateMachine(const char *
bool iscontainer,
const char *partition);
+int virSystemdTerminateMachine(const char *name,
+ const char *drivername,
+ bool privileged);
+
#endif /* __VIR_SYSTEMD_H__ */
Index: libvirt-1.1.2/tests/virsystemdtest.c
===================================================================
--- libvirt-1.1.2.orig/tests/virsystemdtest.c
+++ libvirt-1.1.2/tests/virsystemdtest.c
@@ -51,6 +51,18 @@ static int testCreateContainer(const voi
return 0;
}
+static int testTerminateContainer(const void *opaque ATTRIBUTE_UNUSED)
+{
+ if (virSystemdTerminateMachine("demo",
+ "lxc",
+ true) < 0) {
+ fprintf(stderr, "%s", "Failed to terminate LXC machine\n");
+ return -1;
+ }
+
+ return 0;
+}
+
static int testCreateMachine(const void *opaque ATTRIBUTE_UNUSED)
{
unsigned char uuid[VIR_UUID_BUFLEN] = {
@@ -74,6 +86,18 @@ static int testCreateMachine(const void
return 0;
}
+static int testTerminateMachine(const void *opaque ATTRIBUTE_UNUSED)
+{
+ if (virSystemdTerminateMachine("demo",
+ "qemu",
+ false) < 0) {
+ fprintf(stderr, "%s", "Failed to terminate KVM machine\n");
+ return -1;
+ }
+
+ return 0;
+}
+
static int testCreateNoSystemd(const void *opaque ATTRIBUTE_UNUSED)
{
unsigned char uuid[VIR_UUID_BUFLEN] = {
@@ -177,8 +201,12 @@ mymain(void)
if (virtTestRun("Test create container ", 1, testCreateContainer, NULL) < 0)
ret = -1;
+ if (virtTestRun("Test terminate container ", 1, testTerminateContainer, NULL) < 0)
+ ret = -1;
if (virtTestRun("Test create machine ", 1, testCreateMachine, NULL) < 0)
ret = -1;
+ if (virtTestRun("Test terminate machine ", 1, testTerminateMachine, NULL) < 0)
+ ret = -1;
if (virtTestRun("Test create no systemd ", 1, testCreateNoSystemd, NULL) < 0)
ret = -1;
if (virtTestRun("Test create bad systemd ", 1, testCreateBadSystemd, NULL) < 0)
++++++ c321bfc-CVE-2013-6456.patch ++++++
>From 4f2282e9e1bb55b56b929a38512a6ef3e4319c44 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Thu, 30 Jan 2014 17:06:39 +0000
Subject: [PATCH 07/14] Add virFileMakeParentPath helper function
Add a helper function which takes a file path and ensures
that all directory components leading up to the file exist.
IOW, it strips the filename part of the path and passes
the result to virFileMakePath.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit c321bfc5c37c603af349dacf531bb03c91b0755e)
---
src/libvirt_private.syms | 1 +
src/util/virfile.c | 29 +++++++++++++++++++++++++++++
src/util/virfile.h | 1 +
3 files changed, 31 insertions(+)
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -1378,6 +1378,7 @@ virFileIsLink;
virFileLinkPointsTo;
virFileLock;
virFileLoopDeviceAssociate;
+virFileMakeParentPath;
virFileMakePath;
virFileMakePathWithMode;
virFileMatchesNameSuffix;
Index: libvirt-1.1.2/src/util/virfile.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virfile.c
+++ libvirt-1.1.2/src/util/virfile.c
@@ -2093,6 +2093,35 @@ cleanup:
return ret;
}
+
+int
+virFileMakeParentPath(const char *path)
+{
+ char *p;
+ char *tmp;
+ int ret = -1;
+
+ VIR_DEBUG("path=%s", path);
+
+ if (VIR_STRDUP(tmp, path) < 0) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ if ((p = strrchr(tmp, '/')) == NULL) {
+ errno = EINVAL;
+ goto cleanup;
+ }
+ *p = '\0';
+
+ ret = virFileMakePathHelper(tmp, 0777);
+
+ cleanup:
+ VIR_FREE(tmp);
+ return ret;
+}
+
+
/* Build up a fully qualified path for a config file to be
* associated with a persistent guest or network */
char *
Index: libvirt-1.1.2/src/util/virfile.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virfile.h
+++ libvirt-1.1.2/src/util/virfile.h
@@ -187,6 +187,7 @@ int virDirCreate(const char *path, mode_
int virFileMakePath(const char *path) ATTRIBUTE_RETURN_CHECK;
int virFileMakePathWithMode(const char *path,
mode_t mode) ATTRIBUTE_RETURN_CHECK;
+int virFileMakeParentPath(const char *path) ATTRIBUTE_RETURN_CHECK;
char *virFileBuildPath(const char *dir,
const char *name,
++++++ c364897-CVE-2013-6456.patch ++++++
>From e2a0b1a6b4f1c2f25957cc81ba93a13f247b9221 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Tue, 4 Feb 2014 16:43:18 +0000
Subject: [PATCH 02/14] Fix path used for USB device attach with LXC
The LXC code missed the 'usb' component out of the path
/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
setup cgroups for the device. This was in fact lucky
because the call to virLXCSetupHostUsbDeviceCgroup
was also mistakenly passing '&priv->cgroup' instead of
just 'priv->cgroup'. So once the path is fixed, libvirtd
would then crash trying to access the bogus virCgroupPtr
pointer. This would have been a security issue, were it
not for the bogus path preventing the pointer reference
being reached.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit c3648972222d4eb056e6e667c193ba56a7aa3557)
---
src/lxc/lxc_driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3334,7 +3334,7 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
(unsigned long long)priv->initpid) < 0)
goto cleanup;
- if (virAsprintf(&dstdir, "%s/dev/bus/%03d",
+ if (virAsprintf(&dstdir, "%s/dev/bus/usb/%03d",
vroot,
def->source.subsys.u.usb.bus) < 0)
goto cleanup;
@@ -3399,7 +3399,7 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
if (virUSBDeviceFileIterate(usb,
virLXCSetupHostUsbDeviceCgroup,
- &priv->cgroup) < 0)
+ priv->cgroup) < 0)
goto cleanup;
ret = 0;
++++++ c3eb12c-CVE-2013-6456.patch ++++++
>From 703a3af08166a705d1df031b897c98a411e3da67 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Wed, 5 Feb 2014 17:48:03 +0000
Subject: [PATCH 06/14] Move check for cgroup devices ACL upfront in LXC
hotplug
The check for whether the cgroup devices ACL is available is
done quite late during LXC hotplug - in fact after the device
node is already created in the container in some cases. Better
to do it upfront so we fail immediately.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit c3eb12cace868884393d35c23278653634d81c70)
---
src/lxc/lxc_driver.c | 36 ++++++++++++------------------------
1 file changed, 12 insertions(+), 24 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3077,6 +3077,12 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
goto cleanup;
}
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("devices cgroup isn't mounted"));
+ goto cleanup;
+ }
+
if (def->type != VIR_DOMAIN_DISK_TYPE_BLOCK) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("Can't setup disk for non-block device"));
@@ -3144,12 +3150,6 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
vm->def, def) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->src,
(def->readonly ?
VIR_CGROUP_DEVICE_READ :
@@ -3345,12 +3345,6 @@ lxcDomainAttachDeviceHostdevSubsysUSBLiv
def->source.subsys.u.usb.device) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,
def->source.subsys.u.usb.device, vroot)))
goto cleanup;
@@ -3498,12 +3492,6 @@ lxcDomainAttachDeviceHostdevStorageLive(
vm->def, def, vroot) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.storage.block,
VIR_CGROUP_DEVICE_RW |
VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3606,12 +3594,6 @@ lxcDomainAttachDeviceHostdevMiscLive(vir
vm->def, def, vroot) < 0)
goto cleanup;
- if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
- _("devices cgroup isn't mounted"));
- goto cleanup;
- }
-
if (virCgroupAllowDevicePath(priv->cgroup, def->source.caps.u.misc.chardev,
VIR_CGROUP_DEVICE_RW |
VIR_CGROUP_DEVICE_MKNOD) != 0) {
@@ -3687,6 +3669,12 @@ lxcDomainAttachDeviceHostdevLive(virLXCD
return -1;
}
+ if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("devices cgroup isn't mounted"));
+ return -1;
+ }
+
switch (dev->data.hostdev->mode) {
case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS:
return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev);
++++++ clone.patch ++++++
Index: src/lxc/lxc_container.c
===================================================================
--- src/lxc/lxc_container.c.orig
+++ src/lxc/lxc_container.c
@@ -144,6 +144,7 @@ int lxcContainerHasReboot(void)
int cmd, v;
int status;
char *tmp;
+ int stacksize = getpagesize() * 4;
if (virFileReadAll("/proc/sys/kernel/ctrl-alt-del", 10, &buf) < 0)
return -1;
@@ -160,12 +161,19 @@ int lxcContainerHasReboot(void)
VIR_FREE(buf);
cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF;
- if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0)
+#ifdef __ia64__
+ stacksize *= 2;
+#endif
+ if (VIR_ALLOC_N(stack, stacksize) < 0)
return -1;
- childStack = stack + (getpagesize() * 4);
+ childStack = stack + stacksize;
+#ifdef __ia64__
+ cpid = __clone2(lxcContainerRebootChild, childStack, stacksize, flags, &cmd);
+#else
cpid = clone(lxcContainerRebootChild, childStack, flags, &cmd);
+#endif
VIR_FREE(stack);
if (cpid < 0) {
virReportSystemError(errno, "%s",
@@ -1893,7 +1901,11 @@ int lxcContainerStart(virDomainDefPtr de
cflags |= CLONE_NEWNET;
}
+#ifdef __ia64__
+ pid = __clone2(lxcContainerChild, stacktop, stacksize, cflags, &args);
+#else
pid = clone(lxcContainerChild, stacktop, cflags, &args);
+#endif
VIR_FREE(stack);
VIR_DEBUG("clone() completed, new container PID is %d", pid);
@@ -1919,6 +1931,7 @@ int lxcContainerAvailable(int features)
int cpid;
char *childStack;
char *stack;
+ int stacksize = getpagesize() * 4;
if (features & LXC_CONTAINER_FEATURE_USER)
flags |= CLONE_NEWUSER;
@@ -1926,14 +1939,21 @@ int lxcContainerAvailable(int features)
if (features & LXC_CONTAINER_FEATURE_NET)
flags |= CLONE_NEWNET;
- if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) {
+#ifdef __ia64__
+ stacksize *= 2;
+#endif
+ if (VIR_ALLOC_N(stack, stacksize) < 0) {
VIR_DEBUG("Unable to allocate stack");
return -1;
}
- childStack = stack + (getpagesize() * 4);
+ childStack = stack + stacksize;
+#ifdef __ia64__
+ cpid = __clone2(lxcContainerDummyChild, childStack, stacksize, flags, NULL);
+#else
cpid = clone(lxcContainerDummyChild, childStack, flags, NULL);
+#endif
VIR_FREE(stack);
if (cpid < 0) {
char ebuf[1024] ATTRIBUTE_UNUSED;
++++++ d24e6b8-CVE-2013-6456.patch ++++++
>From c54afa41704e0e05829b9d373600ea194068ecbb Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Date: Wed, 5 Feb 2014 11:01:09 +0000
Subject: [PATCH 05/14] Disks are always block devices, never character devices
The LXC disk hotplug code was allowing block or character devices
to be given as disk. A disk is always a block device.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
(cherry picked from commit d24e6b8b1eb87daa6ee467b76cf343725468949c)
---
src/lxc/lxc_driver.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -3100,9 +3100,9 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
goto cleanup;
}
- if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) {
+ if (!S_ISBLK(sb.st_mode)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("Disk source %s must be a character/block device"),
+ _("Disk source %s must be a block device"),
def->src);
goto cleanup;
}
@@ -3114,11 +3114,7 @@ lxcDomainAttachDeviceDiskLive(virLXCDriv
if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
goto cleanup;
- mode = 0700;
- if (S_ISCHR(sb.st_mode))
- mode |= S_IFCHR;
- else
- mode |= S_IFBLK;
+ mode = 0700 | S_IFBLK;
/* Yes, the device name we're creating may not
* actually correspond to the major:minor number
++++++ d35ae41-bnc875694.patch ++++++
commit d35ae4143d11f45856ae002fcd419da0eb9bba9f
Author: Michael Avdienko <whitearchey(a)gmail.com>
Date: Fri Nov 15 20:47:43 2013 +0900
Fix migration with QEMU 1.6
QEMU 1.6.0 introduced new migration status: setup
Libvirt does not expect such string in QMP and refuses to migrate with error
"unexpected migration status in setup"
This patch fixes it.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Index: libvirt-1.1.2/src/qemu/qemu_migration.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_migration.c
+++ libvirt-1.1.2/src/qemu/qemu_migration.c
@@ -1653,6 +1653,10 @@ qemuMigrationUpdateJobStatus(virQEMUDriv
_("%s: %s"), job, _("is not active"));
break;
+ case QEMU_MONITOR_MIGRATION_STATUS_SETUP:
+ ret = 0;
+ break;
+
case QEMU_MONITOR_MIGRATION_STATUS_ACTIVE:
priv->job.info.fileTotal = priv->job.status.disk_total;
priv->job.info.fileRemaining = priv->job.status.disk_remaining;
Index: libvirt-1.1.2/src/qemu/qemu_monitor.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_monitor.c
+++ libvirt-1.1.2/src/qemu/qemu_monitor.c
@@ -109,7 +109,7 @@ VIR_ONCE_GLOBAL_INIT(qemuMonitor)
VIR_ENUM_IMPL(qemuMonitorMigrationStatus,
QEMU_MONITOR_MIGRATION_STATUS_LAST,
- "inactive", "active", "completed", "failed", "cancelled")
+ "inactive", "active", "completed", "failed", "cancelled", "setup")
VIR_ENUM_IMPL(qemuMonitorMigrationCaps,
QEMU_MONITOR_MIGRATION_CAPS_LAST,
Index: libvirt-1.1.2/src/qemu/qemu_monitor.h
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_monitor.h
+++ libvirt-1.1.2/src/qemu/qemu_monitor.h
@@ -396,6 +396,7 @@ enum {
QEMU_MONITOR_MIGRATION_STATUS_COMPLETED,
QEMU_MONITOR_MIGRATION_STATUS_ERROR,
QEMU_MONITOR_MIGRATION_STATUS_CANCELLED,
+ QEMU_MONITOR_MIGRATION_STATUS_SETUP,
QEMU_MONITOR_MIGRATION_STATUS_LAST
};
++++++ d697b0f3-storage-avoid-short-reads.patch ++++++
>From d697b0f383a23a94d7415b0e02b025eda46ad534 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake(a)redhat.com>
Date: Tue, 5 Nov 2013 10:30:56 -0700
Subject: [PATCH] storage: avoid short reads while chasing backing chain
Our backing file chain code was not very robust to an ill-timed
EINTR, which could lead to a short read causing us to randomly
treat metadata differently than usual. But the existing
virFileReadLimFD forces an error if we don't read the entire
file, even though we only care about the header of the file.
So add a new virFile function that does what we want.
* src/util/virfile.h (virFileReadHeaderFD): New prototype.
* src/util/virfile.c (virFileReadHeaderFD): New function.
* src/libvirt_private.syms (virfile.h): Export it.
* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
(virStorageFileProbeFormatFromFD): Use it.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
(cherry picked from commit 5327fad4f292e4f3f84884ffe158c492bf00519c)
Conflicts:
src/util/virstoragefile.c: buffer signedness
---
src/libvirt_private.syms | 1 +
src/util/virfile.c | 21 +++++++++++++++++++++
src/util/virfile.h | 9 ++++++---
src/util/virstoragefile.c | 10 ++--------
4 files changed, 30 insertions(+), 11 deletions(-)
Index: libvirt-1.1.2/src/libvirt_private.syms
===================================================================
--- libvirt-1.1.2.orig/src/libvirt_private.syms
+++ libvirt-1.1.2/src/libvirt_private.syms
@@ -1386,6 +1386,7 @@ virFileOpenAs;
virFileOpenTty;
virFilePrintf;
virFileReadAll;
+virFileReadHeaderFD;
virFileReadLimFD;
virFileResolveAllLinks;
virFileResolveLink;
Index: libvirt-1.1.2/src/util/virfile.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virfile.c
+++ libvirt-1.1.2/src/util/virfile.c
@@ -1153,6 +1153,27 @@ saferead_lim(int fd, size_t max_len, siz
return NULL;
}
+
+/* A wrapper around saferead_lim that merely stops reading at the
+ * specified maximum size. */
+int
+virFileReadHeaderFD(int fd, int maxlen, char **buf)
+{
+ size_t len;
+ char *s;
+
+ if (maxlen <= 0) {
+ errno = EINVAL;
+ return -1;
+ }
+ s = saferead_lim(fd, maxlen, &len);
+ if (s == NULL)
+ return -1;
+ *buf = s;
+ return len;
+}
+
+
/* A wrapper around saferead_lim that maps a failure due to
exceeding the maximum size limitation to EOVERFLOW. */
int
Index: libvirt-1.1.2/src/util/virfile.h
===================================================================
--- libvirt-1.1.2.orig/src/util/virfile.h
+++ libvirt-1.1.2/src/util/virfile.h
@@ -122,9 +122,12 @@ int virFileNBDDeviceAssociate(const char
int virFileDeleteTree(const char *dir);
-int virFileReadLimFD(int fd, int maxlen, char **buf) ATTRIBUTE_RETURN_CHECK;
-
-int virFileReadAll(const char *path, int maxlen, char **buf) ATTRIBUTE_RETURN_CHECK;
+int virFileReadHeaderFD(int fd, int maxlen, char **buf)
+ ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(3);
+int virFileReadLimFD(int fd, int maxlen, char **buf)
+ ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(3);
+int virFileReadAll(const char *path, int maxlen, char **buf)
+ ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
int virFileWriteStr(const char *path, const char *str, mode_t mode)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;
Index: libvirt-1.1.2/src/util/virstoragefile.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virstoragefile.c
+++ libvirt-1.1.2/src/util/virstoragefile.c
@@ -788,10 +788,7 @@ virStorageFileGetMetadataInternal(const
goto cleanup;
}
- if (VIR_ALLOC_N(buf, len) < 0)
- goto cleanup;
-
- if ((len = read(fd, buf, len)) < 0) {
+ if ((len = virFileReadHeaderFD(fd, len, (char **)&buf)) < 0) {
virReportSystemError(errno, _("cannot read header '%s'"), path);
goto cleanup;
}
@@ -934,15 +931,12 @@ virStorageFileProbeFormatFromFD(const ch
return VIR_STORAGE_FILE_DIR;
}
- if (VIR_ALLOC_N(head, len) < 0)
- return -1;
-
if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
virReportSystemError(errno, _("cannot set to start of '%s'"), path);
goto cleanup;
}
- if ((len = read(fd, head, len)) < 0) {
+ if ((len = virFileReadHeaderFD(fd, len, (char **)&head)) < 0) {
virReportSystemError(errno, _("cannot read header '%s'"), path);
goto cleanup;
}
++++++ d6b27d3e-CVE-2014-0179.patch ++++++
commit d6b27d3e4c40946efa79e91d134616b41b1666c4
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Tue Apr 15 11:20:29 2014 +0100
LSN-2014-0003: Don't expand entities when parsing XML
If the XML_PARSE_NOENT flag is passed to libxml2, then any
entities in the input document will be fully expanded. This
allows the user to read arbitrary files on the host machine
by creating an entity pointing to a local file. Removing
the XML_PARSE_NOENT flag means that any entities are left
unchanged by the parser, or expanded to "" by the XPath
APIs.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/util/virxml.c
===================================================================
--- libvirt-1.1.2.orig/src/util/virxml.c
+++ libvirt-1.1.2/src/util/virxml.c
@@ -746,11 +746,11 @@ virXMLParseHelper(int domcode,
if (filename) {
xml = xmlCtxtReadFile(pctxt, filename, NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NONET |
XML_PARSE_NOWARNING);
} else {
xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL,
- XML_PARSE_NOENT | XML_PARSE_NONET |
+ XML_PARSE_NONET |
XML_PARSE_NOWARNING);
}
if (!xml)
++++++ db7a5688-CVE-2013-4311.patch ++++++
commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Thu Aug 22 16:00:01 2013 +0100
Also store user & group ID values in virIdentity
Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/rpc/virnetserverclient.c
===================================================================
--- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c
+++ libvirt-1.1.2/src/rpc/virnetserverclient.c
@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetS
char *processid = NULL;
char *processtime = NULL;
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
#if WITH_SASL
char *saslname = NULL;
#endif
@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetS
if (!(username = virGetUserName(uid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)uid) < 0)
+ goto cleanup;
if (!(groupname = virGetGroupName(gid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)gid) < 0)
+ goto cleanup;
if (virAsprintf(&processid, "%llu",
(unsigned long long)pid) < 0)
goto cleanup;
@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetS
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
+ if (userid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
if (groupname &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (groupid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (processid &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetS
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(processid);
VIR_FREE(processtime);
VIR_FREE(seccontext);
Index: libvirt-1.1.2/src/util/viridentity.c
===================================================================
--- libvirt-1.1.2.orig/src/util/viridentity.c
+++ libvirt-1.1.2/src/util/viridentity.c
@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr
virIdentityPtr virIdentityGetSystem(void)
{
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
char *seccontext = NULL;
virIdentityPtr ret = NULL;
#if WITH_SELINUX
@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void
if (!(username = virGetUserName(getuid())))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+ goto cleanup;
+
if (!(groupname = virGetGroupName(getgid())))
goto cleanup;
+ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
+ goto cleanup;
#if WITH_SELINUX
if (getcon(&con) < 0) {
@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void
if (!(ret = virIdentityNew()))
goto cleanup;
- if (username &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
- if (groupname &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (seccontext &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
return ret;
Index: libvirt-1.1.2/src/util/viridentity.h
===================================================================
--- libvirt-1.1.2.orig/src/util/viridentity.h
+++ libvirt-1.1.2/src/util/viridentity.h
@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
typedef enum {
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
VIR_IDENTITY_ATTR_SASL_USER_NAME,
++++++ e1459c1f-nic-devid.patch ++++++
commit e1459c1fe88068f231bad254733b29287c28d517
Author: Stefan Bader <stefan.bader(a)canonical.com>
Date: Wed Jan 8 11:39:19 2014 +0100
libxl: Fix devid init in libxlMakeNicList
This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96
"libxl: Allow libxl to set NIC devid". However assigning devid's
before calling libxlMakeNic does not work as that is calling
libxl_device_nic_init which sets it back to -1.
Right now auto-assignment only works in the hotplug case. But even if
that would be fixed at some point (if that is possible at all), this
would add a weird dependency between Xen and libvirt versions.
The change here should accept any auto-assignment that makes it into
libxl_device_nic_init. My understanding is that a caller always is
allowed to make the devid choice itself. And assuming libxlMakeNicList
is only used on domain creation, a sequential numbering should be ok.
Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com>
Index: libvirt-1.1.2/src/libxl/libxl_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_conf.c
+++ libvirt-1.1.2/src/libxl/libxl_conf.c
@@ -878,6 +878,13 @@ libxlMakeNicList(virDomainDefPtr def, l
for (i = 0; i < nnics; i++) {
if (libxlMakeNic(def, l_nics[i], &x_nics[i]))
goto error;
+ /*
+ * The devid (at least right now) will not get initialized by
+ * libxl in the setup case but is required for starting the
+ * device-model.
+ */
+ if (x_nics[i].devid < 0)
+ x_nics[i].devid = i;
}
d_config->nics = x_nics;
++++++ e350826c-python-fix-fd-passing.patch ++++++
commit e350826c653b20dd271ab99075d2f224c7451356
Author: Marian Neagul <marian(a)info.uvt.ro>
Date: Tue Oct 22 16:03:39 2013 +0100
python: Fix Create*WithFiles filefd passing
Commit d76227be added functions virDomainCreateWithFiles and
virDomainCreateXMLWithFiles, but there was a little piece missing in
python bindings. This patch fixes proper passing of file descriptors
in the overwrites of these functions.
Index: libvirt-1.1.2/python/libvirt-override.c
===================================================================
--- libvirt-1.1.2.orig/python/libvirt-override.c
+++ libvirt-1.1.2/python/libvirt-override.c
@@ -7149,6 +7149,10 @@ libvirt_virDomainCreateXMLWithFiles(PyOb
if (libvirt_intUnwrap(pyfd, &fd) < 0)
goto cleanup;
+
+ files[i] = fd;
+
+ files[i] = fd;
}
LIBVIRT_BEGIN_ALLOW_THREADS;
++++++ e4697b92-CVE-2013-4311.patch ++++++
commit e4697b92abaad16e8e6b41a1e55be9b084d48d5a
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Mon Sep 23 12:46:25 2013 +0100
Fix typo in identity code which is pre-requisite for CVE-2013-4311
The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code
commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Thu Aug 22 16:00:01 2013 +0100
Also store user & group ID values in virIdentity
This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/rpc/virnetserverclient.c
===================================================================
--- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c
+++ libvirt-1.1.2/src/rpc/virnetserverclient.c
@@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetS
goto cleanup;
if (!(groupname = virGetGroupName(gid)))
goto cleanup;
- if (virAsprintf(&userid, "%d", (int)gid) < 0)
+ if (virAsprintf(&groupid, "%d", (int)gid) < 0)
goto cleanup;
if (virAsprintf(&processid, "%llu",
(unsigned long long)pid) < 0)
++++++ e65667c0-CVE-2013-4311.patch ++++++
commit e65667c0c6e016d42abea077e31628ae43f57b74
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Aug 28 15:22:05 2013 +0100
Ensure system identity includes process start time
The polkit access driver will want to use the process start
time field. This was already set for network identities, but
not for the system identity.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/src/util/viridentity.c
===================================================================
--- libvirt-1.1.2.orig/src/util/viridentity.c
+++ libvirt-1.1.2/src/util/viridentity.c
@@ -35,6 +35,7 @@
#include "virthread.h"
#include "virutil.h"
#include "virstring.h"
+#include "virprocess.h"
#define VIR_FROM_THIS VIR_FROM_IDENTITY
@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void
security_context_t con;
#endif
char *processid = NULL;
+ unsigned long long timestamp;
+ char *processtime = NULL;
if (virAsprintf(&processid, "%llu",
(unsigned long long)getpid()) < 0)
goto cleanup;
+ if (virProcessGetStartTime(getpid(), ×tamp) < 0)
+ goto cleanup;
+
+ if (timestamp != 0 &&
+ virAsprintf(&processtime, "%llu", timestamp) < 0)
+ goto cleanup;
+
if (!(username = virGetUserName(getuid())))
goto cleanup;
if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
processid) < 0)
goto error;
+ if (processtime &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+ processtime) < 0)
+ goto error;
cleanup:
VIR_FREE(username);
@@ -206,6 +221,7 @@ cleanup:
VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
+ VIR_FREE(processtime);
return ret;
error:
++++++ e7f400a1-CVE-2013-4296.patch ++++++
commit e7f400a110e2e3673b96518170bfea0855dd82c0
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Tue Sep 3 16:52:06 2013 +0100
Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
The 'stats' variable was not initialized to NULL, so if some
early validation of the RPC call fails, it is possible to jump
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
This is a security flaw, since the API can be called from a
readonly connection which can trigger the validation checks.
This was introduced in release v0.9.1 onwards by
commit 158ba8730e44b7dd07a21ab90499996c5dec080a
Author: Daniel P. Berrange <berrange(a)redhat.com>
Date: Wed Apr 13 16:21:35 2011 +0100
Merge all returns paths from dispatcher into single path
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
Index: libvirt-1.1.2/daemon/remote.c
===================================================================
--- libvirt-1.1.2.orig/daemon/remote.c
+++ libvirt-1.1.2/daemon/remote.c
@@ -1146,7 +1146,7 @@ remoteDispatchDomainMemoryStats(virNetSe
remote_domain_memory_stats_ret *ret)
{
virDomainPtr dom = NULL;
- struct _virDomainMemoryStat *stats;
+ struct _virDomainMemoryStat *stats = NULL;
int nr_stats;
size_t i;
int rv = -1;
++++++ ed327dfc-CVE-2014-1447.patch ++++++
commit ed327dfcf4216c1412501b13367b5370de740a22
Author: Jiri Denemark <jdenemar(a)redhat.com>
Date: Thu Jan 9 22:26:40 2014 +0100
Don't crash if a connection closes early
https://bugzilla.redhat.com/show_bug.cgi?id=1047577
When a client closes its connection to libvirtd early during
virConnectOpen, more specifically just after making
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
the result, libvirtd may crash due to a race in keep-alive
initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
call, the daemon's event loop delegates it to a worker thread. In case
the event loop detects EOF on the connection and calls
virNetServerClientClose before the worker thread starts to handle
REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
disposed by the time virNetServerClientStartKeepAlive gets called from
remoteDispatchConnectSupportsFeature. Because the flow is common for
both authenticated and read-only connections, even unprivileged clients
may cause the daemon to crash.
To avoid the crash, virNetServerClientStartKeepAlive needs to check if
the connection is still open before starting keep-alive protocol.
Every libvirt release since 0.9.8 is affected by this bug.
(cherry picked from commit 173c2914734eb5c32df6d35a82bf503e12261bcf)
Index: libvirt-1.1.2/src/rpc/virnetserverclient.c
===================================================================
--- libvirt-1.1.2.orig/src/rpc/virnetserverclient.c
+++ libvirt-1.1.2/src/rpc/virnetserverclient.c
@@ -1533,9 +1533,22 @@ cleanup:
int
virNetServerClientStartKeepAlive(virNetServerClientPtr client)
{
- int ret;
+ int ret = -1;
+
virObjectLock(client);
+
+ /* The connection might have been closed before we got here and thus the
+ * keepalive object could have been removed too.
+ */
+ if (!client->sock) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("connection not open"));
+ goto cleanup;
+ }
+
ret = virKeepAliveStart(client->keepalive, 0, 0);
+
+cleanup:
virObjectUnlock(client);
return ret;
}
++++++ f8c1cb90-CVE-2013-6436.patch ++++++
commit f8c1cb90213508c4f32549023b0572ed774e48aa
Author: Martin Kletzander <mkletzan(a)redhat.com>
Date: Mon Dec 9 11:15:11 2013 +0100
CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters
The function doesn't check whether the request is made for active or
inactive domain. Thus when the domain is not running it still tries
accessing non-existing cgroups (priv->cgroup, which is NULL).
I re-made the function in order for it to work the same way it's qemu
counterpart does.
Reproducer:
1) Define an LXC domain
2) Do 'virsh memtune <domain>'
Backtrace:
Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
#0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
#1 0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
#2 0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
#3 0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
at util/vircgroup.c:1962
#4 0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
#5 0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
#6 0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
ret=0x7fffd4002420) at remote.c:1895
#7 0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
ret=0x7fffd4002420) at remote_dispatch.h:4050
#8 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
at rpc/virnetserverprogram.c:435
#9 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
at rpc/virnetserverprogram.c:305
#10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
#11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
at rpc/virnetserver.c:186
#12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
#13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
#14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
#15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -795,22 +795,36 @@ lxcDomainGetMemoryParameters(virDomainPt
int *nparams,
unsigned int flags)
{
- size_t i;
+ virCapsPtr caps = NULL;
+ virDomainDefPtr vmdef = NULL;
virDomainObjPtr vm = NULL;
+ virLXCDomainObjPrivatePtr priv = NULL;
+ virLXCDriverPtr driver = dom->conn->privateData;
unsigned long long val;
int ret = -1;
- virLXCDomainObjPrivatePtr priv;
+ size_t i;
- virCheckFlags(0, -1);
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+ VIR_DOMAIN_AFFECT_CONFIG, -1);
if (!(vm = lxcDomObjFromDomain(dom)))
goto cleanup;
priv = vm->privateData;
- if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0)
+ if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0 ||
+ !(caps = virLXCDriverGetCapabilities(driver, false)) ||
+ virDomainLiveConfigHelperMethod(caps, driver->xmlopt,
+ vm, &flags, &vmdef) < 0)
goto cleanup;
+ if (flags & VIR_DOMAIN_AFFECT_LIVE &&
+ !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("cgroup memory controller is not mounted"));
+ goto cleanup;
+ }
+
if ((*nparams) == 0) {
/* Current number of memory parameters supported by cgroups */
*nparams = LXC_NB_MEM_PARAM;
@@ -824,22 +838,34 @@ lxcDomainGetMemoryParameters(virDomainPt
switch (i) {
case 0: /* fill memory hard limit here */
- if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0)
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
+ val = vmdef->mem.hard_limit;
+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
+ } else if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) {
goto cleanup;
+ }
if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_HARD_LIMIT,
VIR_TYPED_PARAM_ULLONG, val) < 0)
goto cleanup;
break;
case 1: /* fill memory soft limit here */
- if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0)
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
+ val = vmdef->mem.soft_limit;
+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
+ } else if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) {
goto cleanup;
+ }
if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SOFT_LIMIT,
VIR_TYPED_PARAM_ULLONG, val) < 0)
goto cleanup;
break;
case 2: /* fill swap hard limit here */
- if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0)
+ if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
+ val = vmdef->mem.swap_hard_limit;
+ val = val ? val : VIR_DOMAIN_MEMORY_PARAM_UNLIMITED;
+ } else if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) {
goto cleanup;
+ }
if (virTypedParameterAssign(param,
VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT,
VIR_TYPED_PARAM_ULLONG, val) < 0)
@@ -860,6 +886,7 @@ lxcDomainGetMemoryParameters(virDomainPt
cleanup:
if (vm)
virObjectUnlock(vm);
+ virObjectUnref(caps);
return ret;
}
++++++ fb5a3190-CVE-2014-0028.patch ++++++
commit fb5a3190c6409897744a244c6e0d5e2d52d34b39
Author: Eric Blake <eblake(a)redhat.com>
Date: Tue Jan 14 10:29:34 2014 -0700
event: filter global events by domain:getattr ACL [CVE-2014-0028]
Ever since ACL filtering was added in commit 7639736 (v1.1.1), a
user could still use event registration to obtain access to a
domain that they could not normally access via virDomainLookup*
or virConnectListAllDomains and friends. We already have the
framework in the RPC generator for creating the filter, and
previous cleanup patches got us to the point that we can now
wire the filter through the entire object event stack.
Furthermore, whether or not domain:getattr is honored, use of
global events is a form of obtaining a list of networks, which
is covered by connect:search_domains added in a93cd08 (v1.1.0).
Ideally, we'd have a way to enforce connect:search_domains when
doing global registrations while omitting that check on a
per-domain registration. But this patch just unconditionally
requires connect:search_domains, even when no list could be
obtained, based on the following observations:
1. Administrators are unlikely to grant domain:getattr for one
or all domains while still denying connect:search_domains - a
user that is able to manage domains will want to be able to
manage them efficiently, but efficient management includes being
able to list the domains they can access. The idea of denying
connect:search_domains while still granting access to individual
domains is therefore not adding any real security, but just
serves as a layer of obscurity to annoy the end user.
2. In the current implementation, domain events are filtered
on the client; the server has no idea if a domain filter was
requested, and must therefore assume that all domain event
requests are global. Even if we fix the RPC protocol to
allow for server-side filtering for newer client/server combos,
making the connect:serach_domains ACL check conditional on
whether the domain argument was NULL won't benefit older clients.
Therefore, we choose to document that connect:search_domains
is a pre-requisite to any domain event management.
Network events need the same treatment, with the obvious
change of using connect:search_networks and network:getattr.
* src/access/viraccessperm.h
(VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
(VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
effect of the permission.
* src/conf/domain_event.h (virDomainEventStateRegister)
(virDomainEventStateRegisterID): Add new parameter.
* src/conf/network_event.h (virNetworkEventStateRegisterID):
Likewise.
* src/conf/object_event_private.h (virObjectEventStateRegisterID):
Likewise.
* src/conf/object_event.c (_virObjectEventCallback): Track a filter.
(virObjectEventDispatchMatchCallback): Use filter.
(virObjectEventCallbackListAddID): Register filter.
* src/conf/domain_event.c (virDomainEventFilter): New function.
(virDomainEventStateRegister, virDomainEventStateRegisterID):
Adjust callers.
* src/conf/network_event.c (virNetworkEventFilter): New function.
(virNetworkEventStateRegisterID): Adjust caller.
* src/remote/remote_protocol.x
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
(REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
filter, and require connect:search_domains instead of weaker
connect:read.
* src/test/test_driver.c (testConnectDomainEventRegister)
(testConnectDomainEventRegisterAny)
(testConnectNetworkEventRegisterAny): Update callers.
* src/remote/remote_driver.c (remoteConnectDomainEventRegister)
(remoteConnectDomainEventRegisterAny): Likewise.
* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
(xenUnifiedConnectDomainEventRegisterAny): Likewise.
* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
(libxlConnectDomainEventRegisterAny): Likewise.
* src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
(qemuConnectDomainEventRegisterAny): Likewise.
* src/uml/uml_driver.c (umlConnectDomainEventRegister)
(umlConnectDomainEventRegisterAny): Likewise.
* src/network/bridge_driver.c
(networkConnectNetworkEventRegisterAny): Likewise.
* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
(lxcConnectDomainEventRegisterAny): Likewise.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
(cherry picked from commit f9f56340539d609cdc2e9d4ab812b9f146c3f100)
Conflicts:
src/conf/object_event.c - not backporting event refactoring
src/conf/object_event_private.h - likewise
src/conf/network_event.c - not backporting network events
src/conf/network_event.h - likewise
src/network/bridge_driver.c - likewise
src/access/viraccessperm.h - likewise
src/remote/remote_protocol.x - likewise
src/conf/domain_event.c - includes code that upstream has in object_event
src/conf/domain_event.h - context
src/libxl/libxl_driver.c - context
src/lxc/lxc_driver.c - context
src/remote/remote_driver.c - context, not backporting network events
src/test/test_driver.c - context, not backporting network events
src/uml/uml_driver.c - context
src/xen/xen_driver.c - context
Index: libvirt-1.1.2/src/access/viraccessperm.h
===================================================================
--- libvirt-1.1.2.orig/src/access/viraccessperm.h
+++ libvirt-1.1.2/src/access/viraccessperm.h
@@ -1,7 +1,7 @@
/*
* viraccessperm.h: access control permissions
*
- * Copyright (C) 2012-2013 Red Hat, Inc.
+ * Copyright (C) 2012-2014 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -47,7 +47,7 @@ typedef enum {
/**
* @desc: List domains
- * @message: Listing domains requires authorization
+ * @message: Listing domains or using domain events requires authorization
* @anonymous: 1
*/
VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS,
Index: libvirt-1.1.2/src/conf/domain_event.c
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_event.c
+++ libvirt-1.1.2/src/conf/domain_event.c
@@ -32,6 +32,20 @@
#define VIR_FROM_THIS VIR_FROM_NONE
+/**
+ * virObjectEventCallbackFilter:
+ * @conn: the connection pointer
+ * @event: the event about to be dispatched
+ * @opaque: opaque data registered with the filter
+ *
+ * Callback to do final filtering for a reason not tracked directly by
+ * virObjectEventStateRegisterID(). Return false if @event must not
+ * be sent to @conn.
+ */
+typedef bool (*virObjectEventCallbackFilter)(virConnectPtr conn,
+ virDomainEventPtr event,
+ void *opaque);
+
struct _virDomainMeta {
int id;
char *name;
@@ -68,6 +82,8 @@ struct _virDomainEventCallback {
int eventID;
virConnectPtr conn;
virDomainMetaPtr dom;
+ virObjectEventCallbackFilter filter;
+ void *filter_opaque;
virConnectDomainEventGenericCallback cb;
void *opaque;
virFreeCallback freecb;
@@ -337,6 +353,9 @@ virDomainEventCallbackListPurgeMarked(vi
* virDomainEventCallbackListAddID:
* @conn: pointer to the connection
* @cbList: the list
+ * @dom: optional domain to filter on
+ * @filter optional last-ditch filter callback
+ * @filter_opaque: opaque data to pass to @filter
* @eventID: the event ID
* @callback: the callback to add
* @opaque: opaque data tio pass to callback
@@ -348,6 +367,8 @@ static int
virDomainEventCallbackListAddID(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
virDomainPtr dom,
+ virObjectEventCallbackFilter filter,
+ void *filter_opaque,
int eventID,
virConnectDomainEventGenericCallback callback,
void *opaque,
@@ -394,6 +415,8 @@ virDomainEventCallbackListAddID(virConne
memcpy(event->dom->uuid, dom->uuid, VIR_UUID_BUFLEN);
event->dom->id = dom->id;
}
+ event->filter = filter;
+ event->filter_opaque = filter_opaque;
/* Make space on list */
if (VIR_REALLOC_N(cbList->callbacks, cbList->count + 1) < 0)
@@ -433,6 +456,8 @@ error:
* virDomainEventCallbackListAdd:
* @conn: pointer to the connection
* @cbList: the list
+ * @filter optional last-ditch filter callback
+ * @filter_opaque: opaque data to pass to @filter
* @callback: the callback to add
* @opaque: opaque data tio pass to callback
*
@@ -441,11 +466,14 @@ error:
static int
virDomainEventCallbackListAdd(virConnectPtr conn,
virDomainEventCallbackListPtr cbList,
+ virObjectEventCallbackFilter filter,
+ void *filter_opaque,
virConnectDomainEventCallback callback,
void *opaque,
virFreeCallback freecb)
{
return virDomainEventCallbackListAddID(conn, cbList, NULL,
+ filter, filter_opaque,
VIR_DOMAIN_EVENT_ID_LIFECYCLE,
VIR_DOMAIN_EVENT_CALLBACK(callback),
opaque, freecb, NULL);
@@ -673,6 +701,32 @@ static virDomainEventPtr virDomainEventN
return event;
}
+
+/**
+ * virDomainEventFilter:
+ * @conn: pointer to the connection
+ * @event: the event to check
+ * @opaque: opaque data holding ACL filter to use
+ *
+ * Internal function to run ACL filtering before dispatching an event
+ */
+static bool
+virDomainEventFilter(virConnectPtr conn, virDomainEventPtr event,
+ void *opaque)
+{
+ virDomainDef dom;
+ virDomainObjListFilter filter = opaque;
+
+ /* For now, we just create a virDomainDef with enough contents to
+ * satisfy what viraccessdriverpolkit.c references. This is a bit
+ * fragile, but I don't know of anything better. */
+ dom.name = event->dom.name;
+ memcpy(dom.uuid, event->dom.uuid, VIR_UUID_BUFLEN);
+
+ return (filter)(conn, &dom);
+}
+
+
virDomainEventPtr virDomainEventNew(int id, const char *name,
const unsigned char *uuid,
int type, int detail)
@@ -1374,6 +1428,9 @@ static int virDomainEventDispatchMatchCa
if (cb->eventID != event->eventID)
return 0;
+ if (cb->filter && !(cb->filter)(cb->conn, event, cb->filter_opaque))
+ return 0;
+
if (cb->dom) {
/* Deliberately ignoring 'id' for matching, since that
* will cause problems when a domain switches between
@@ -1503,6 +1560,7 @@ virDomainEventStateFlush(virDomainEventS
* virDomainEventStateRegister:
* @conn: connection to associate with callback
* @state: domain event state
+ * @filter: optional ACL filter to limit which events can be sent
* @callback: function to remove from event
* @opaque: data blob to pass to callback
* @freecb: callback to free @opaque
@@ -1515,6 +1573,7 @@ virDomainEventStateFlush(virDomainEventS
int
virDomainEventStateRegister(virConnectPtr conn,
virDomainEventStatePtr state,
+ virDomainObjListFilter filter,
virConnectDomainEventCallback callback,
void *opaque,
virFreeCallback freecb)
@@ -1535,7 +1594,8 @@ virDomainEventStateRegister(virConnectPt
}
ret = virDomainEventCallbackListAdd(conn, state->callbacks,
- callback, opaque, freecb);
+ filter ? virDomainEventFilter : NULL,
+ filter, callback, opaque, freecb);
if (ret == -1 &&
state->callbacks->count == 0 &&
@@ -1554,6 +1614,7 @@ cleanup:
* virDomainEventStateRegisterID:
* @conn: connection to associate with callback
* @state: domain event state
+ * @filter: optional ACL filter to limit which events can be sent
* @eventID: ID of the event type to register for
* @cb: function to remove from event
* @opaque: data blob to pass to callback
@@ -1568,6 +1629,7 @@ cleanup:
int
virDomainEventStateRegisterID(virConnectPtr conn,
virDomainEventStatePtr state,
+ virDomainObjListFilter filter,
virDomainPtr dom,
int eventID,
virConnectDomainEventGenericCallback cb,
@@ -1590,8 +1652,9 @@ virDomainEventStateRegisterID(virConnect
goto cleanup;
}
- ret = virDomainEventCallbackListAddID(conn, state->callbacks,
- dom, eventID, cb, opaque, freecb,
+ ret = virDomainEventCallbackListAddID(conn, state->callbacks, dom,
+ filter ? virDomainEventFilter : NULL,
+ filter, eventID, cb, opaque, freecb,
callbackID);
if (ret == -1 &&
Index: libvirt-1.1.2/src/conf/domain_event.h
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_event.h
+++ libvirt-1.1.2/src/conf/domain_event.h
@@ -1,7 +1,7 @@
/*
* domain_event.h: domain event queue processing helpers
*
- * Copyright (C) 2012 Red Hat, Inc.
+ * Copyright (C) 2012-2014 Red Hat, Inc.
* Copyright (C) 2008 VirtualIron
*
* This library is free software; you can redistribute it and/or
@@ -149,19 +149,21 @@ virDomainEventStateQueue(virDomainEventS
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
int virDomainEventStateRegister(virConnectPtr conn,
virDomainEventStatePtr state,
+ virDomainObjListFilter filter,
virConnectDomainEventCallback callback,
void *opaque,
virFreeCallback freecb)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(4);
int virDomainEventStateRegisterID(virConnectPtr conn,
virDomainEventStatePtr state,
+ virDomainObjListFilter filter,
virDomainPtr dom,
int eventID,
virConnectDomainEventGenericCallback cb,
void *opaque,
virFreeCallback freecb,
int *callbackID)
- ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(5);
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6);
int
virDomainEventStateDeregister(virConnectPtr conn,
virDomainEventStatePtr state,
Index: libvirt-1.1.2/src/libxl/libxl_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_driver.c
+++ libvirt-1.1.2/src/libxl/libxl_driver.c
@@ -4202,6 +4202,7 @@ libxlConnectDomainEventRegister(virConne
libxlDriverLock(driver);
ret = virDomainEventStateRegister(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb);
libxlDriverUnlock(driver);
@@ -4879,6 +4880,7 @@ libxlConnectDomainEventRegisterAny(virCo
libxlDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterAnyCheckACL,
dom, eventID, callback, opaque,
freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/lxc/lxc_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/lxc/lxc_driver.c
+++ libvirt-1.1.2/src/lxc/lxc_driver.c
@@ -1295,6 +1295,7 @@ lxcConnectDomainEventRegister(virConnect
ret = virDomainEventStateRegister(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb);
return ret;
@@ -1335,6 +1336,7 @@ lxcConnectDomainEventRegisterAny(virConn
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/qemu/qemu_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu_driver.c
+++ libvirt-1.1.2/src/qemu/qemu_driver.c
@@ -9875,6 +9875,7 @@ qemuConnectDomainEventRegister(virConnec
if (virDomainEventStateRegister(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb) < 0)
goto cleanup;
@@ -9923,6 +9924,7 @@ qemuConnectDomainEventRegisterAny(virCon
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/remote/remote_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_driver.c
+++ libvirt-1.1.2/src/remote/remote_driver.c
@@ -4292,7 +4292,7 @@ static int remoteConnectDomainEventRegis
remoteDriverLock(priv);
- if ((count = virDomainEventStateRegister(conn, priv->domainEventState,
+ if ((count = virDomainEventStateRegister(conn, priv->domainEventState, NULL,
callback, opaque, freecb)) < 0) {
virReportError(VIR_ERR_RPC, "%s", _("adding cb to list"));
goto done;
@@ -5078,7 +5078,7 @@ static int remoteConnectDomainEventRegis
remoteDriverLock(priv);
if ((count = virDomainEventStateRegisterID(conn,
- priv->domainEventState,
+ priv->domainEventState, NULL,
dom, eventID,
callback, opaque, freecb,
&callbackID)) < 0) {
Index: libvirt-1.1.2/src/remote/remote_protocol.x
===================================================================
--- libvirt-1.1.2.orig/src/remote/remote_protocol.x
+++ libvirt-1.1.2/src/remote/remote_protocol.x
@@ -1952,7 +1952,7 @@ struct remote_node_device_destroy_args {
/*
* Events Register/Deregister:
- * It would seem rpcgen does not like both args, and ret
+ * It would seem rpcgen does not like both args and ret
* to be null. It will not generate the prototype otherwise.
* Pass back a redundant boolean to force prototype generation.
*/
@@ -3606,7 +3606,8 @@ enum remote_procedure {
/**
* @generate: none
* @priority: high
- * @acl: connect:read
+ * @acl: connect:search_domains
+ * @aclfilter: domain:getattr
*/
REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER = 105,
@@ -4038,7 +4039,8 @@ enum remote_procedure {
/**
* @generate: none
* @priority: high
- * @acl: connect:read
+ * @acl: connect:search_domains
+ * @aclfilter: domain:getattr
*/
REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY = 167,
Index: libvirt-1.1.2/src/test/test_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/test/test_driver.c
+++ libvirt-1.1.2/src/test/test_driver.c
@@ -5628,7 +5628,7 @@ testConnectDomainEventRegister(virConnec
testDriverLock(driver);
ret = virDomainEventStateRegister(conn,
- driver->domainEventState,
+ driver->domainEventState, NULL,
callback, opaque, freecb);
testDriverUnlock(driver);
@@ -5666,7 +5666,7 @@ testConnectDomainEventRegisterAny(virCon
testDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
- driver->domainEventState,
+ driver->domainEventState, NULL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/uml/uml_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/uml/uml_driver.c
+++ libvirt-1.1.2/src/uml/uml_driver.c
@@ -2618,6 +2618,7 @@ umlConnectDomainEventRegister(virConnect
umlDriverLock(driver);
ret = virDomainEventStateRegister(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterCheckACL,
callback, opaque, freecb);
umlDriverUnlock(driver);
@@ -2660,6 +2661,7 @@ umlConnectDomainEventRegisterAny(virConn
umlDriverLock(driver);
if (virDomainEventStateRegisterID(conn,
driver->domainEventState,
+ virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/vbox/vbox_tmpl.c
===================================================================
--- libvirt-1.1.2.orig/src/vbox/vbox_tmpl.c
+++ libvirt-1.1.2/src/vbox/vbox_tmpl.c
@@ -7265,7 +7265,7 @@ static int vboxConnectDomainEventRegiste
* later you can iterate over them
*/
- ret = virDomainEventStateRegister(conn, data->domainEvents,
+ ret = virDomainEventStateRegister(conn, data->domainEvents, NULL,
callback, opaque, freecb);
VIR_DEBUG("virDomainEventStateRegister (ret = %d) (conn: %p, "
"callback: %p, opaque: %p, "
@@ -7357,7 +7357,7 @@ static int vboxConnectDomainEventRegiste
* later you can iterate over them
*/
- if (virDomainEventStateRegisterID(conn, data->domainEvents,
+ if (virDomainEventStateRegisterID(conn, data->domainEvents, NULL,
dom, eventID,
callback, opaque, freecb, &ret) < 0)
ret = -1;
Index: libvirt-1.1.2/src/xen/xen_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/xen/xen_driver.c
+++ libvirt-1.1.2/src/xen/xen_driver.c
@@ -2306,6 +2306,7 @@ xenUnifiedConnectDomainEventRegister(vir
}
ret = virDomainEventStateRegister(conn, priv->domainEvents,
+ virConnectDomainEventRegisterCheckACL,
callback, opaque, freefunc);
xenUnifiedUnlock(priv);
@@ -2363,6 +2364,7 @@ xenUnifiedConnectDomainEventRegisterAny(
}
if (virDomainEventStateRegisterID(conn, priv->domainEvents,
+ virConnectDomainEventRegisterAnyCheckACL,
dom, eventID,
callback, opaque, freefunc, &ret) < 0)
ret = -1;
++++++ fc22b2e7-CVE-2014-3657.patch ++++++
commit fc22b2e74890873848b43fffae43025d22053669
Author: Pavel Hrdina <phrdina(a)redhat.com>
Date: Mon Sep 22 18:19:07 2014 +0200
domain_conf: fix domain deadlock
If you use public api virConnectListAllDomains() with second parameter
set to NULL to get only the number of domains you will lock out all
other operations with domains.
Introduced by commit 2c680804.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
Index: libvirt-1.1.2/src/conf/domain_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/conf/domain_conf.c
+++ libvirt-1.1.2/src/conf/domain_conf.c
@@ -18274,7 +18274,7 @@ virDomainListPopulate(void *payload,
/* just count the machines */
if (!data->domains) {
data->ndomains++;
- return;
+ goto cleanup;
}
if (!(dom = virGetDomain(data->conn, vm->def->name, vm->def->uuid))) {
++++++ fix-pci-attach-xen-driver.patch ++++++
Fix PCI device attach in xend driver
When attaching PCI device using the xend driver, the 'device_create'
RPC is called, which is not sufficient to fully prepare/configure
the device for attachment to a domain. In the xen tools, xm pci-attach
uses the 'device_configure' RPC.
This patch changes the xend driver to always call 'device_configure' for
PCI devices to be consistent with the usage in the xen tools.
Index: libvirt-1.1.2/src/xen/xend_internal.c
===================================================================
--- libvirt-1.1.2.orig/src/xen/xend_internal.c
+++ libvirt-1.1.2/src/xen/xend_internal.c
@@ -2206,6 +2206,7 @@ xenDaemonAttachDeviceFlags(virConnectPtr
virBuffer buf = VIR_BUFFER_INITIALIZER;
char class[8], ref[80];
char *target = NULL;
+ int new_dev;
virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1);
@@ -2304,8 +2305,18 @@ xenDaemonAttachDeviceFlags(virConnectPtr
}
sexpr = virBufferContentAndReset(&buf);
+ new_dev = virDomainXMLDevID(conn, minidef, dev, class, ref, sizeof(ref));
- if (virDomainXMLDevID(conn, minidef, dev, class, ref, sizeof(ref))) {
+ /* always call 'device_configure' for pci device */
+ if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
+ dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
+ dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
+ ret = xend_op(conn, def->name, "op", "device_configure",
+ "config", sexpr, "dev", ref, NULL);
+ goto cleanup;
+ }
+
+ if (new_dev) {
/* device doesn't exist, define it */
ret = xend_op(conn, def->name, "op", "device_create",
"config", sexpr, NULL);
++++++ install-apparmor-profiles.patch ++++++
Index: libvirt-1.1.2/examples/apparmor/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/examples/apparmor/Makefile.am
+++ libvirt-1.1.2/examples/apparmor/Makefile.am
@@ -14,8 +14,45 @@
## License along with this library. If not, see
## <http://www.gnu.org/licenses/>.
-EXTRA_DIST= \
- TEMPLATE \
- libvirt-qemu \
- usr.lib.libvirt.virt-aa-helper \
- usr.sbin.libvirtd
+EXTRA_DIST= \
+ TEMPLATE \
+ libvirt-qemu.in \
+ usr.lib.libvirt.virt-aa-helper.in \
+ usr.sbin.libvirtd.in
+
+if WITH_SECDRIVER_APPARMOR
+
+libvirt-qemu: libvirt-qemu.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+usr.sbin.libvirtd: usr.sbin.libvirtd.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+install-data-local: libvirt-qemu usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/
+ $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt
+ $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions
+ $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+
+uninstall-local::
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+
+endif
Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
===================================================================
--- /dev/null
+++ libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,41 @@
+# Last Modified: Fri Aug 19 11:21:48 2011
+#include <tunables/global>
+
+@libdir@/libvirt/virt-aa-helper {
+ #include <abstractions/base>
+
+ # needed for searching directories
+ capability dac_override,
+ capability dac_read_search,
+
+ # needed for when disk is on a network filesystem
+ network inet,
+
+ @{PROC}/[0-9]** r,
+ deny @{PROC}/[0-9]*/mounts r,
+ @{PROC}/filesystems r,
+
+ # for hostdev
+ /sys/devices/ r,
+ /sys/devices/** r,
+
+ @libdir@/libvirt/virt-aa-helper mr,
+ /sbin/apparmor_parser Ux,
+
+ /etc/apparmor.d/libvirt/* r,
+ /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
+
+ # for backingstore -- allow access to non-hidden files in @{HOME} as well
+ # as storage pools
+ audit deny @{HOME}/.* mrwkl,
+ audit deny @{HOME}/.*/ rw,
+ audit deny @{HOME}/.*/** mrwkl,
+ audit deny @{HOME}/bin/ rw,
+ audit deny @{HOME}/bin/** mrwkl,
+ @{HOME}/ r,
+ @{HOME}/** r,
+ /var/lib/libvirt/images/ r,
+ /var/lib/libvirt/images/** r,
+ /var/lib/kvm/images/ r,
+ /var/lib/kvm/images/** r,
+}
Index: libvirt-1.1.2/examples/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-1.1.2.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ /dev/null
@@ -1,38 +0,0 @@
-# Last Modified: Mon Apr 5 15:10:27 2010
-#include <tunables/global>
-
-/usr/lib/libvirt/virt-aa-helper {
- #include <abstractions/base>
-
- # needed for searching directories
- capability dac_override,
- capability dac_read_search,
-
- # needed for when disk is on a network filesystem
- network inet,
-
- deny @{PROC}/[0-9]*/mounts r,
- @{PROC}/filesystems r,
-
- # for hostdev
- /sys/devices/ r,
- /sys/devices/** r,
-
- /usr/lib/libvirt/virt-aa-helper mr,
- /sbin/apparmor_parser Ux,
-
- /etc/apparmor.d/libvirt/* r,
- /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
-
- # for backingstore -- allow access to non-hidden files in @{HOME} as well
- # as storage pools
- audit deny @{HOME}/.* mrwkl,
- audit deny @{HOME}/.*/ rw,
- audit deny @{HOME}/.*/** mrwkl,
- audit deny @{HOME}/bin/ rw,
- audit deny @{HOME}/bin/** mrwkl,
- @{HOME}/ r,
- @{HOME}/** r,
- /var/lib/libvirt/images/ r,
- /var/lib/libvirt/images/** r,
-}
Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-1.1.2.orig/examples/apparmor/usr.sbin.libvirtd
+++ /dev/null
@@ -1,52 +0,0 @@
-# Last Modified: Mon Apr 5 15:03:58 2010
-#include <tunables/global>
-@{LIBVIRT}="libvirt"
-
-/usr/sbin/libvirtd {
- #include <abstractions/base>
-
- capability kill,
- capability net_admin,
- capability net_raw,
- capability setgid,
- capability sys_admin,
- capability sys_module,
- capability sys_ptrace,
- capability sys_nice,
- capability sys_chroot,
- capability setuid,
- capability dac_override,
- capability dac_read_search,
- capability fowner,
- capability chown,
- capability setpcap,
- capability mknod,
- capability fsetid,
-
- network inet stream,
- network inet dgram,
- network inet6 stream,
- network inet6 dgram,
-
- # Very lenient profile for libvirtd since we want to first focus on confining
- # the guests. Guests will have a very restricted profile.
- /** rwmkl,
-
- /bin/* Ux,
- /sbin/* Ux,
- /usr/bin/* Ux,
- /usr/sbin/* Ux,
-
- # force the use of virt-aa-helper
- audit deny /sbin/apparmor_parser rwxl,
- audit deny /etc/apparmor.d/libvirt/** wxl,
- audit deny /sys/kernel/security/apparmor/features rwxl,
- audit deny /sys/kernel/security/apparmor/matching rwxl,
- audit deny /sys/kernel/security/apparmor/.* rwxl,
- /sys/kernel/security/apparmor/profiles r,
- /usr/lib/libvirt/* PUxr,
-
- # allow changing to our UUID-based named profiles
- change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
-
-}
Index: libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
===================================================================
--- /dev/null
+++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in
@@ -0,0 +1,62 @@
+# Last Modified: Fri Aug 19 11:20:36 2011
+#include <tunables/global>
+@{LIBVIRT}="libvirt"
+
+/usr/sbin/libvirtd {
+ #include <abstractions/base>
+
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability sys_admin,
+ capability sys_module,
+ capability sys_ptrace,
+ capability sys_pacct,
+ capability sys_nice,
+ capability sys_chroot,
+ capability setuid,
+ capability dac_override,
+ capability dac_read_search,
+ capability fowner,
+ capability chown,
+ capability setpcap,
+ capability mknod,
+ capability fsetid,
+ capability ipc_lock,
+
+ network inet stream,
+ network inet dgram,
+ network inet6 stream,
+ network inet6 dgram,
+ network packet dgram,
+
+ # Very lenient profile for libvirtd since we want to first focus on confining
+ # the guests. Guests will have a very restricted profile.
+ /** rwmkl,
+
+ /bin/* Ux,
+ /sbin/* Ux,
+ /usr/bin/* Ux,
+ /usr/sbin/* Ux,
+ /usr/lib/xen/bin/* Ux,
+ /usr/lib64/xen/bin/* Ux,
+ /usr/lib/PolicyKit/polkit-read-auth-helper Px,
+
+ # force the use of virt-aa-helper
+ audit deny /sbin/apparmor_parser rwxl,
+ audit deny /etc/apparmor.d/libvirt/** wxl,
+ audit deny /sys/kernel/security/apparmor/features rwxl,
+ audit deny /sys/kernel/security/apparmor/matching rwxl,
+ audit deny /sys/kernel/security/apparmor/.* rwxl,
+ /sys/kernel/security/apparmor/profiles r,
+ /etc/libvirt/hooks/* rix,
+ /etc/xen/scripts/* rix,
+ @libdir@/libvirt/* Pxr,
+ @libdir@/libvirt/libvirt_parthelper Ux,
+ @libdir@/libvirt/libvirt_iohelper Ux,
+
+ # allow changing to our UUID-based named profiles
+ change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+
+}
Index: libvirt-1.1.2/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-1.1.2.orig/examples/apparmor/libvirt-qemu
+++ /dev/null
@@ -1,129 +0,0 @@
-# Last Modified: Fri Mar 9 14:43:22 2012
-
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
-
- # required for reading disk images
- capability dac_override,
- capability dac_read_search,
- capability chown,
-
- network inet stream,
- network inet6 stream,
-
- /dev/net/tun rw,
- /dev/kvm rw,
- /dev/ptmx rw,
- /dev/kqemu rw,
- @{PROC}/*/status r,
-
- # For hostdev access. The actual devices will be added dynamically
- /sys/bus/usb/devices/ r,
- /sys/devices/*/*/usb[0-9]*/** r,
-
- # WARNING: this gives the guest direct access to host hardware and specific
- # portions of shared memory. This is required for sound using ALSA with kvm,
- # but may constitute a security risk. If your environment does not require
- # the use of sound in your VMs, feel free to comment out or prepend 'deny' to
- # the rules for files in /dev.
- /{dev,run}/shm r,
- /{dev,run}/shmpulse-shm* r,
- /{dev,run}/shmpulse-shm* rwk,
- /dev/snd/* rw,
- capability ipc_lock,
- # 'kill' is not required for sound and is a security risk. Do not enable
- # unless you absolutely need it.
- deny capability kill,
-
- # Uncomment the following if you need access to /dev/fb*
- #/dev/fb* rw,
-
- /etc/pulse/client.conf r,
- @{HOME}/.pulse-cookie rwk,
- owner /root/.pulse-cookie rwk,
- owner /root/.pulse/ rw,
- owner /root/.pulse/* rw,
- /usr/share/alsa/** r,
- owner /tmp/pulse-*/ rw,
- owner /tmp/pulse-*/* rw,
- /var/lib/dbus/machine-id r,
-
- # access to firmware's etc
- /usr/share/kvm/** r,
- /usr/share/qemu/** r,
- /usr/share/bochs/** r,
- /usr/share/openbios/** r,
- /usr/share/openhackware/** r,
- /usr/share/proll/** r,
- /usr/share/vgabios/** r,
- /usr/share/seabios/** r,
-
- # access PKI infrastructure
- /etc/pki/libvirt-vnc/** r,
-
- # the various binaries
- /usr/bin/kvm rmix,
- /usr/bin/qemu rmix,
- /usr/bin/qemu-system-arm rmix,
- /usr/bin/qemu-system-cris rmix,
- /usr/bin/qemu-system-i386 rmix,
- /usr/bin/qemu-system-m68k rmix,
- /usr/bin/qemu-system-microblaze rmix,
- /usr/bin/qemu-system-microblazeel rmix,
- /usr/bin/qemu-system-mips rmix,
- /usr/bin/qemu-system-mips64 rmix,
- /usr/bin/qemu-system-mips64el rmix,
- /usr/bin/qemu-system-mipsel rmix,
- /usr/bin/qemu-system-ppc rmix,
- /usr/bin/qemu-system-ppc64 rmix,
- /usr/bin/qemu-system-ppcemb rmix,
- /usr/bin/qemu-system-sh4 rmix,
- /usr/bin/qemu-system-sh4eb rmix,
- /usr/bin/qemu-system-sparc rmix,
- /usr/bin/qemu-system-sparc64 rmix,
- /usr/bin/qemu-system-x86_64 rmix,
- /usr/bin/qemu-alpha rmix,
- /usr/bin/qemu-arm rmix,
- /usr/bin/qemu-armeb rmix,
- /usr/bin/qemu-cris rmix,
- /usr/bin/qemu-i386 rmix,
- /usr/bin/qemu-m68k rmix,
- /usr/bin/qemu-microblaze rmix,
- /usr/bin/qemu-microblazeel rmix,
- /usr/bin/qemu-mips rmix,
- /usr/bin/qemu-mipsel rmix,
- /usr/bin/qemu-ppc rmix,
- /usr/bin/qemu-ppc64 rmix,
- /usr/bin/qemu-ppc64abi32 rmix,
- /usr/bin/qemu-sh4 rmix,
- /usr/bin/qemu-sh4eb rmix,
- /usr/bin/qemu-sparc rmix,
- /usr/bin/qemu-sparc64 rmix,
- /usr/bin/qemu-sparc32plus rmix,
- /usr/bin/qemu-sparc64 rmix,
- /usr/bin/qemu-x86_64 rmix,
-
- # for save and resume
- /bin/dash rmix,
- /bin/dd rmix,
- /bin/cat rmix,
-
- /usr/libexec/qemu-bridge-helper Cx,
- # child profile for bridge helper process
- profile /usr/libexec/qemu-bridge-helper {
- #include <abstractions/base>
-
- capability setuid,
- capability setgid,
- capability setpcap,
- capability net_admin,
-
- network inet stream,
-
- /dev/net/tun rw,
- /etc/qemu/** r,
- owner @{PROC}/*/status r,
-
- /usr/libexec/qemu-bridge-helper rmix,
- }
Index: libvirt-1.1.2/examples/apparmor/libvirt-qemu.in
===================================================================
--- /dev/null
+++ libvirt-1.1.2/examples/apparmor/libvirt-qemu.in
@@ -0,0 +1,132 @@
+# Last Modified: Fri Mar 9 14:43:22 2012
+
+ #include <abstractions/base>
+ #include <abstractions/consoles>
+ #include <abstractions/nameservice>
+
+ # required for reading disk images
+ capability dac_override,
+ capability dac_read_search,
+ capability chown,
+ capability setgid,
+
+ network inet stream,
+ network inet6 stream,
+
+ /dev/net/tun rw,
+ /dev/kvm rw,
+ /dev/ptmx rw,
+ /dev/kqemu rw,
+ @{PROC}/*/status r,
+
+ # For hostdev access. The actual devices will be added dynamically
+ /sys/bus/usb/devices/ r,
+ /sys/devices/*/*/usb[0-9]*/** r,
+
+ # WARNING: this gives the guest direct access to host hardware and specific
+ # portions of shared memory. This is required for sound using ALSA with kvm,
+ # but may constitute a security risk. If your environment does not require
+ # the use of sound in your VMs, feel free to comment out or prepend 'deny' to
+ # the rules for files in /dev.
+ /{dev,run}/shm r,
+ /{dev,run}/shmpulse-shm* r,
+ /{dev,run}/shmpulse-shm* rwk,
+ /dev/snd/* rw,
+ capability ipc_lock,
+ # 'kill' is not required for sound and is a security risk. Do not enable
+ # unless you absolutely need it.
+ deny capability kill,
+
+ # Uncomment the following if you need access to /dev/fb*
+ #/dev/fb* rw,
+
+ /etc/pulse/client.conf r,
+ @{HOME}/.pulse-cookie rwk,
+ owner /root/.pulse-cookie rwk,
+ owner /root/.pulse/ rw,
+ owner /root/.pulse/* rw,
+ /usr/share/alsa/** r,
+ owner /tmp/pulse-*/ rw,
+ owner /tmp/pulse-*/* rw,
+ /var/lib/dbus/machine-id r,
+
+ # access to firmware's etc
+ /usr/share/kvm/** r,
+ /usr/share/qemu/** r,
+ /usr/share/qemu-kvm/** r,
+ /usr/share/bochs/** r,
+ /usr/share/openbios/** r,
+ /usr/share/openhackware/** r,
+ /usr/share/proll/** r,
+ /usr/share/vgabios/** r,
+ /usr/share/seabios/** r,
+
+ # access PKI infrastructure
+ /etc/pki/libvirt-vnc/** r,
+
+ # the various binaries
+ /usr/bin/kvm rmix,
+ /usr/bin/qemu rmix,
+ /usr/bin/qemu-kvm rmix,
+ /usr/bin/qemu-system-arm rmix,
+ /usr/bin/qemu-system-cris rmix,
+ /usr/bin/qemu-system-i386 rmix,
+ /usr/bin/qemu-system-m68k rmix,
+ /usr/bin/qemu-system-microblaze rmix,
+ /usr/bin/qemu-system-microblazeel rmix,
+ /usr/bin/qemu-system-mips rmix,
+ /usr/bin/qemu-system-mips64 rmix,
+ /usr/bin/qemu-system-mips64el rmix,
+ /usr/bin/qemu-system-mipsel rmix,
+ /usr/bin/qemu-system-ppc rmix,
+ /usr/bin/qemu-system-ppc64 rmix,
+ /usr/bin/qemu-system-ppcemb rmix,
+ /usr/bin/qemu-system-sh4 rmix,
+ /usr/bin/qemu-system-sh4eb rmix,
+ /usr/bin/qemu-system-sparc rmix,
+ /usr/bin/qemu-system-sparc64 rmix,
+ /usr/bin/qemu-system-x86_64 rmix,
+ /usr/bin/qemu-alpha rmix,
+ /usr/bin/qemu-arm rmix,
+ /usr/bin/qemu-armeb rmix,
+ /usr/bin/qemu-cris rmix,
+ /usr/bin/qemu-i386 rmix,
+ /usr/bin/qemu-m68k rmix,
+ /usr/bin/qemu-microblaze rmix,
+ /usr/bin/qemu-microblazeel rmix,
+ /usr/bin/qemu-mips rmix,
+ /usr/bin/qemu-mipsel rmix,
+ /usr/bin/qemu-ppc rmix,
+ /usr/bin/qemu-ppc64 rmix,
+ /usr/bin/qemu-ppc64abi32 rmix,
+ /usr/bin/qemu-sh4 rmix,
+ /usr/bin/qemu-sh4eb rmix,
+ /usr/bin/qemu-sparc rmix,
+ /usr/bin/qemu-sparc64 rmix,
+ /usr/bin/qemu-sparc32plus rmix,
+ /usr/bin/qemu-sparc64 rmix,
+ /usr/bin/qemu-x86_64 rmix,
+
+ # for save and resume
+ /bin/dash rmix,
+ /bin/dd rmix,
+ /bin/cat rmix,
+
+ @libdir@/qemu-bridge-helper Cx,
+ # child profile for bridge helper process
+ profile @libdir@/qemu-bridge-helper {
+ #include <abstractions/base>
+
+ capability setuid,
+ capability setgid,
+ capability setpcap,
+ capability net_admin,
+
+ network inet stream,
+
+ /dev/net/tun rw,
+ /etc/qemu/** r,
+ owner @{PROC}/*/status r,
+
+ @libdir@/qemu-bridge-helper rmix,
+ }
++++++ libvirt-guests-init-script.patch ++++++
Adjust libvirt-guests init files to conform to SUSE standards
Index: libvirt-1.1.2/tools/libvirt-guests.init.in
===================================================================
--- libvirt-1.1.2.orig/tools/libvirt-guests.init.in
+++ libvirt-1.1.2/tools/libvirt-guests.init.in
@@ -3,15 +3,15 @@
# the following is the LSB init header
#
### BEGIN INIT INFO
-# Provides: libvirt-guests
-# Required-Start: libvirtd
-# Required-Stop: libvirtd
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
+# Provides: libvirt-guests
+# Required-Start: $network $remote_fs libvirtd
+# Required-Stop: $network $remote_fs libvirtd
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
# Short-Description: suspend/resume libvirt guests on shutdown/boot
-# Description: This is a script for suspending active libvirt guests
-# on shutdown and resuming them on next boot
-# See http://libvirt.org
+# Description: This is a script for suspending active libvirt guests
+# on shutdown and resuming them on next boot
+# See http://libvirt.org
### END INIT INFO
# the following is chkconfig init header
Index: libvirt-1.1.2/tools/libvirt-guests.sh.in
===================================================================
--- libvirt-1.1.2.orig/tools/libvirt-guests.sh.in
+++ libvirt-1.1.2/tools/libvirt-guests.sh.in
@@ -16,14 +16,13 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
+. /etc/rc.status
+rc_reset
+
sysconfdir="@sysconfdir@"
localstatedir="@localstatedir@"
libvirtd="@sbindir@"/libvirtd
-# Source function library.
-test ! -r "$sysconfdir"/rc.d/init.d/functions ||
- . "$sysconfdir"/rc.d/init.d/functions
-
# Source gettext library.
# Make sure this file is recognized as having translations: _("dummy")
. "@bindir@"/gettext.sh
@@ -44,9 +43,11 @@ test -f "$sysconfdir"/sysconfig/libvirt-
. "$sysconfdir"/sysconfig/libvirt-guests
LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests
-VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
-
-RETVAL=0
+if [ -d "$localstatedir"/lock/subsys ]; then
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
+else
+ VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests
+fi
# retval COMMAND ARGUMENTS...
# run command with arguments and convert non-zero return value to 1 and set
@@ -54,7 +55,7 @@ RETVAL=0
retval() {
"$@"
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
else
return 0
@@ -83,6 +84,25 @@ run_virsh_c() {
( export LC_ALL=C; run_virsh "$@" )
}
+await_daemon_up()
+{
+ uri=$1
+ i=1
+ rets=10
+ run_virsh $uri list > /dev/null 2>&1
+ while [ $? -ne 0 -a $i -lt $rets ]; do
+ sleep 1
+ echo -n .
+ i=$(($i + 1))
+ run_virsh $uri list > /dev/null 2>&1
+ done
+ if [ $i -eq $rets ]; then
+ echo $"libvirt-guests unable to connect to URI: $uri"
+ return 1
+ fi
+ return 0
+}
+
# test_connect URI
# check if URI is reachable
test_connect()
@@ -114,7 +134,7 @@ list_guests() {
list=$(run_virsh_c "$uri" list --uuid $persistent)
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -140,7 +160,7 @@ guest_is_on() {
guest_running=false
id=$(run_virsh "$uri" domid "$uuid")
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -188,6 +208,12 @@ start() {
test_connect "$uri" || continue
+ await_daemon_up $uri
+ if [ $? -ne 0 ]; then
+ echo $"Ignoring guests on $uri URI, can't connect"
+ continue
+ fi
+
eval_gettext "Resuming guests on \$uri URI..."; echo
for guest in $list; do
name=$(guest_name "$uri" "$guest")
@@ -401,7 +427,7 @@ shutdown_guests_parallel()
timeout=$(($timeout - 1))
if [ $timeout -le 0 ]; then
eval_gettext "Timeout expired while shutting down domains"; echo
- RETVAL=1
+ rc_failed 1
return
fi
else
@@ -429,7 +455,7 @@ stop() {
if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then
gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0"
echo
- RETVAL=6
+ rc_failed 6
return
fi
fi
@@ -477,14 +503,14 @@ stop() {
if [ $? -ne 0 ]; then
eval_gettext "Failed to list persistent guests on \$uri"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
else
gettext "Failed to list transient guests"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
@@ -543,14 +569,13 @@ gueststatus() {
rh_status() {
if [ -f "$LISTFILE" ]; then
gettext "stopped, with saved guests"; echo
- RETVAL=3
+ rc_failed 3
else
if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then
gettext "started"; echo
- RETVAL=0
else
gettext "stopped, with no saved guests"; echo
- RETVAL=3
+ rc_failed 3
fi
fi
}
@@ -595,4 +620,4 @@ case "$1" in
usage
;;
esac
-exit $RETVAL
+rc_exit
Index: libvirt-1.1.2/tools/libvirt-guests.sysconf
===================================================================
--- libvirt-1.1.2.orig/tools/libvirt-guests.sysconf
+++ libvirt-1.1.2/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt-guests
+
+## Type: string
+## Default: default
# URIs to check for running guests
# example: URIS='default xen:/// vbox+tcp://host/system lxc:///'
-#URIS=default
+URIS=default
+## Type: string
+## Default: start
# action taken on host boot
# - start all guests which were running on shutdown are started on boot
# regardless on their autostart settings
# - ignore libvirt-guests init script won't start any guest on boot, however,
# guests marked as autostart will still be automatically started by
# libvirtd
-#ON_BOOT=start
+ON_BOOT=start
+## Type: integer
+## Default: 0
# Number of seconds to wait between each guest start. Set to 0 to allow
# parallel startup.
-#START_DELAY=0
+START_DELAY=0
+## Type: string
+## Default: suspend
# action taken on host shutdown
# - suspend all running guests are suspended using virsh managedsave
# - shutdown all running guests are asked to shutdown. Please be careful with
@@ -22,12 +32,16 @@
# which just needs a long time to shutdown. When setting
# ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a
# value suitable for your guests.
-#ON_SHUTDOWN=suspend
+ON_SHUTDOWN=suspend
+## Type: integer
+## Default: 0
# If set to non-zero, shutdown will suspend guests concurrently. Number of
# guests on shutdown at any time will not exceed number set in this variable.
-#PARALLEL_SHUTDOWN=0
+PARALLEL_SHUTDOWN=0
+## Type: integer
+## Default: 300
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
@@ -35,7 +49,9 @@
# request). The default value is 300 seconds (5 minutes).
#SHUTDOWN_TIMEOUT=300
+## Type: integer
+## Default: 0
# If non-zero, try to bypass the file system cache when saving and
# restoring guests, even though this may give slower operation for
# some file systems.
-#BYPASS_CACHE=0
+BYPASS_CACHE=0
++++++ libvirt-suse-netcontrol.patch ++++++
Index: libvirt-1.1.2/configure.ac
===================================================================
--- libvirt-1.1.2.orig/configure.ac
+++ libvirt-1.1.2/configure.ac
@@ -174,6 +174,7 @@ LIBVIRT_CHECK_DBUS
LIBVIRT_CHECK_FUSE
LIBVIRT_CHECK_HAL
LIBVIRT_CHECK_NETCF
+LIBVIRT_CHECK_NETCONTROL
LIBVIRT_CHECK_NUMACTL
LIBVIRT_CHECK_OPENWSMAN
LIBVIRT_CHECK_PCIACCESS
@@ -2298,11 +2299,12 @@ if test "$with_libvirtd" = "no" ; then
with_interface=no
fi
-dnl The interface driver depends on the netcf library or udev library
-case $with_interface:$with_netcf:$with_udev in
+dnl The interface driver depends on the netcf library, netcontrol library, or
+dnl udev library
+case $with_interface:$with_netcf:$with_netcontrol:$with_udev in
check:*yes*) with_interface=yes ;;
check:no:no) with_interface=no ;;
- yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf or udev support]) ;;
+ yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf, netcontrol, or udev support]) ;;
esac
if test "$with_interface" = "yes" ; then
@@ -2610,6 +2612,7 @@ LIBVIRT_RESULT_DBUS
LIBVIRT_RESULT_FUSE
LIBVIRT_RESULT_HAL
LIBVIRT_RESULT_NETCF
+LIBVIRT_RESULT_NETCONTROL
LIBVIRT_RESULT_NUMACTL
LIBVIRT_RESULT_OPENWSMAN
LIBVIRT_RESULT_PCIACCESS
Index: libvirt-1.1.2/src/Makefile.am
===================================================================
--- libvirt-1.1.2.orig/src/Makefile.am
+++ libvirt-1.1.2/src/Makefile.am
@@ -754,6 +754,10 @@ if WITH_NETCF
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_netcf.c
endif
+if WITH_NETCONTROL
+INTERFACE_DRIVER_SOURCES += \
+ interface/interface_backend_netcf.c
+endif
if WITH_UDEV
INTERFACE_DRIVER_SOURCES += \
interface/interface_backend_udev.c
@@ -1314,11 +1318,16 @@ if WITH_NETCF
libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS)
else
+if WITH_NETCONTROL
+libvirt_driver_interface_la_CFLAGS += $(NETCONTROL_CFLAGS)
+libvirt_driver_interface_la_LIBADD += $(NETCONTROL_LIBS)
+else
if WITH_UDEV
libvirt_driver_interface_la_CFLAGS += $(UDEV_CFLAGS)
libvirt_driver_interface_la_LIBADD += $(UDEV_LIBS)
endif
endif
+endif
if WITH_DRIVER_MODULES
libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
libvirt_driver_interface_la_LDFLAGS += -module -avoid-version
Index: libvirt-1.1.2/tools/virsh.c
===================================================================
--- libvirt-1.1.2.orig/tools/virsh.c
+++ libvirt-1.1.2/tools/virsh.c
@@ -2864,6 +2864,8 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
vshPrint(ctl, " Interface");
# if defined(WITH_NETCF)
vshPrint(ctl, " netcf");
+# elif defined(WITH_NETCONTROL)
+ vshPrint(ctl, " netcontrol");
# elif defined(WITH_UDEV)
vshPrint(ctl, " udev");
# endif
Index: libvirt-1.1.2/src/interface/interface_backend_netcf.c
===================================================================
--- libvirt-1.1.2.orig/src/interface/interface_backend_netcf.c
+++ libvirt-1.1.2/src/interface/interface_backend_netcf.c
@@ -23,7 +23,12 @@
#include <config.h>
-#include <netcf.h>
+#ifdef WITH_NETCONTROL
+# include <netcontrol/netcf.h>
+# include <netcontrol/logger.h>
+#else
+# include <netcf.h>
+#endif
#include "virerror.h"
#include "datatypes.h"
@@ -54,6 +59,38 @@ static void interfaceDriverUnlock(struct
virMutexUnlock(&driver->lock);
}
+#ifdef WITH_NETCONTROL
+static void
+interface_nc_log_driver(const char *category,
+ int priority,
+ const char *func,
+ const char *file,
+ long long line,
+ const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{
+ int vp;
+
+ switch(priority) {
+ case NC_LOG_FATAL:
+ case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR;
+ break;
+ case NC_LOG_WARN:
+ vp = VIR_LOG_WARN;
+ break;
+ case NC_LOG_INFO:
+ vp = VIR_LOG_INFO;
+ break;
+ case NC_LOG_DEBUG:
+ default:
+ vp = VIR_LOG_DEBUG;
+ break;
+ }
+ virLogMessage(VIR_LOG_FROM_FILE, vp, file, line, func, 0, "%s", msg);
+}
+#endif
+
/*
* Get a minimal virInterfaceDef containing enough metadata
* for access control checks to be performed. Currently
@@ -164,6 +201,10 @@ static virDrvOpenStatus netcfInterfaceOp
goto mutex_error;
}
+#ifdef WITH_NETCONTROL
+ nc_logger_redirect_to(interface_nc_log_driver);
+#endif
+
/* open netcf */
if (ncf_init(&driverState->netcf, NULL) != 0)
{
Index: libvirt-1.1.2/src/interface/interface_driver.c
===================================================================
--- libvirt-1.1.2.orig/src/interface/interface_driver.c
+++ libvirt-1.1.2/src/interface/interface_driver.c
@@ -28,8 +28,15 @@ interfaceRegister(void) {
if (netcfIfaceRegister() == 0)
return 0;
#endif /* WITH_NETCF */
+#ifdef WITH_NETCONTROL
+ /* Attempt to load the netcontrol based backend, which is a slightly
+ patched netcf backend */
+ if (netcfIfaceRegister() == 0)
+ return 0;
+#endif /* WITH_NETCONTROL */
#if WITH_UDEV
- /* If there's no netcf or it failed to load, register the udev backend */
+ /* If there's no netcf or netcontrol, or it failed to load, register the
+ udev backend */
if (udevIfaceRegister() == 0)
return 0;
#endif /* WITH_UDEV */
Index: libvirt-1.1.2/m4/virt-netcontrol.m4
===================================================================
--- /dev/null
+++ libvirt-1.1.2/m4/virt-netcontrol.m4
@@ -0,0 +1,35 @@
+dnl The libnetcontrol library
+dnl
+dnl Copyright (C) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_CHECK_NETCONTROL],[
+ LIBVIRT_CHECK_PKG([NETCONTROL], [netcontrol], [0.2.0])
+
+ if test "$with_netcontrol" = "yes" ; then
+ old_CFLAGS="$CFLAGS"
+ old_LIBS="$CFLAGS"
+ CFLAGS="$CFLAGS $NETCONTROL_CFLAGS"
+ LIBS="$LIBS $NETCONTROL_LIBS"
+ CFLAGS="$old_CFLAGS"
+ LIBS="$old_LIBS"
+ fi
+])
+
+AC_DEFUN([LIBVIRT_RESULT_NETCONTROL],[
+ LIBVIRT_RESULT_LIB([NETCONTROL])
+])
++++++ libvirtd-defaults.patch ++++++
Index: libvirt-1.1.2/daemon/libvirtd.conf
===================================================================
--- libvirt-1.1.2.orig/daemon/libvirtd.conf
+++ libvirt-1.1.2/daemon/libvirtd.conf
@@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-1.1.2/daemon/libvirtd-config.c
===================================================================
--- libvirt-1.1.2.orig/daemon/libvirtd-config.c
+++ libvirt-1.1.2/daemon/libvirtd-config.c
@@ -222,7 +222,7 @@ daemonConfigNew(bool privileged ATTRIBUT
if (VIR_ALLOC(data) < 0)
return NULL;
- data->listen_tls = 1;
+ data->listen_tls = 0;
data->listen_tcp = 0;
if (VIR_STRDUP(data->tls_port, LIBVIRTD_TLS_PORT) < 0 ||
++++++ libvirtd-init-script.patch ++++++
Adjust libvirtd sysconfig file to conform to SUSE standards
Index: libvirt-1.1.2/daemon/libvirtd.sysconf
===================================================================
--- libvirt-1.1.2.orig/daemon/libvirtd.sysconf
+++ libvirt-1.1.2/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@
+## Path: System/Virtualization/libvirt
+
+## Type: string
+## Default: /etc/libvirt/libvirtd.conf
# Override the default config file
# NOTE: This setting is no longer honoured if using
# systemd. Set '--config /etc/libvirt/libvirtd.conf'
# in LIBVIRTD_ARGS instead.
-#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
+LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
-# Listen for TCP/IP connections
-# NB. must setup TLS/SSL keys prior to using this
-#LIBVIRTD_ARGS="--listen"
+## Type: string
+## Default: --listen
+# Arguments to pass to libvirtd
+LIBVIRTD_ARGS="--listen"
+## Type: string
+## Default: none
# Override Kerberos service keytab for SASL/GSSAPI
#KRB5_KTNAME=/etc/libvirt/krb5.tab
+## Type: string
+## Default: none
# Override the QEMU/SDL default audio driver probing when
# starting virtual machines using SDL graphics
#
@@ -20,5 +29,7 @@
#
#SDL_AUDIODRIVER=pulse
-# Override the maximum number of opened files
-#LIBVIRTD_NOFILES_LIMIT=2048
+## Type: integer
+## Default: 2048
+## Override the maximum number of opened files
+LIBVIRTD_NOFILES_LIMIT=2048
++++++ libvirtd-relocation-server.fw ++++++
## Name: Libvirtd Relocation Server
## Description: Enables libvirtd plain relocation service
TCP="49152:49215"
++++++ libvirtd.init ++++++
#!/bin/sh
# the following is the LSB init header see
# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge…
#
### BEGIN INIT INFO
# Provides: libvirtd
# Required-Start: $network $remote_fs
# Should-Start: xend cgconfig
# Default-Start: 3 5
# Required-Stop: $network $remote_fs
# Should-Stop: xend cgconfig
# Default-Stop: 0 1 2 4 6
# Short-Description: daemon for libvirt virtualization API
# Description: This is a daemon for managing QEMU guest instances
# and libvirt virtual networks
# See http://libvirt.org
### END INIT INFO
LIBVIRTD_BIN=/usr/sbin/libvirtd
LIBVIRTD_PIDFILE=/var/run/libvirtd.pid
test -x $LIBVIRTD_BIN || { echo "$LIBVIRD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
. /etc/rc.status
rc_reset
test -f /etc/sysconfig/libvirtd && . /etc/sysconfig/libvirtd
LIBVIRTD_CONFIG_ARGS=
if [ -n "$LIBVIRTD_CONFIG" ]
then
LIBVIRTD_CONFIG_ARGS="--config $LIBVIRTD_CONFIG"
fi
case "$1" in
start)
if [ -e $LIBVIRTD_PIDFILE ]; then
if checkproc $LIBVIRTD_BIN ; then
echo -n "libvirtd is already running."
rc_status -v
exit
else
echo "Removing stale PID file $LIBVIRTD_PIDFILE."
rm -f $LIBVIRTD_PIDFILE
fi
fi
echo -n "Starting libvirtd "
mkdir -p /var/cache/libvirt
rm -rf /var/cache/libvirt/*
# LIBVIRTD_NOFILES_LIMIT from /etc/sysconfig/libvirtd is not handled
# automatically
if [ -n "$LIBVIRTD_NOFILES_LIMIT" ]; then
ulimit -n "$LIBVIRTD_NOFILES_LIMIT"
fi
startproc $LIBVIRTD_BIN --daemon $LIBVIRTD_CONFIG_ARGS $LIBVIRTD_ARGS
rc_status -v
;;
stop)
echo -n "Shutting down libvirtd "
rm -rf /var/cache/libvirt/*
killproc -TERM $LIBVIRTD_BIN > /dev/null 2>&1
rm -f $LIBVIRTD_PIDFILE
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
reload)
killproc -HUP $LIBVIRTD_BIN
rc_status -v
;;
status)
echo -n "Checking status of libvirtd "
checkproc $LIBVIRTD_BIN
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|restart|try-restart|reload|status}"
rc_failed 2
rc_exit
;;
esac
rc_exit
++++++ libxl-hvm-vnc.patch ++++++
Index: libvirt-1.1.2/src/libxl/libxl_conf.c
===================================================================
--- libvirt-1.1.2.orig/src/libxl/libxl_conf.c
+++ libvirt-1.1.2/src/libxl/libxl_conf.c
@@ -524,6 +524,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de
}
static int
+libxlFixupDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config)
+{
+ libxl_domain_build_info *b_info = &d_config->b_info;
+ int hvm = STREQ(def->os.type, "hvm");
+ libxl_device_vfb vfb;
+
+ if (!hvm)
+ return 0;
+
+ if (d_config->num_vfbs) {
+ vfb = d_config->vfbs[0];
+ if (libxl_defbool_val(vfb.vnc.enable))
+ memcpy(&b_info->u.hvm.vnc, &vfb.vnc, sizeof(libxl_vnc_info));
+ else if (libxl_defbool_val(vfb.sdl.enable))
+ memcpy(&b_info->u.hvm.sdl, &vfb.sdl, sizeof(libxl_sdl_info));
+ else
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static int
libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config)
{
virDomainDefPtr def = vm->def;
@@ -1040,6 +1064,9 @@ libxlBuildDomainConfig(libxlDriverPrivat
if (libxlMakeVfbList(driver, def, d_config) < 0)
return -1;
+ if (libxlFixupDomBuildInfo(def, d_config) < 0)
+ return -1;
+
d_config->on_reboot = def->onReboot;
d_config->on_poweroff = def->onPoweroff;
d_config->on_crash = def->onCrash;
++++++ support-managed-pci-xen-driver.patch ++++++
>From 5aeda96eafd230af55343e7ef835e081ded484aa Mon Sep 17 00:00:00 2001
From: Chunyan Liu <cyliu(a)suse.com>
Date: Fri, 25 Jan 2013 17:37:14 +0800
Subject: [PATCH] support managed pci devices in xen driver
---
src/xenxs/xen_sxpr.c | 22 ++++++++--------------
src/xenxs/xen_xm.c | 28 +++++++++++++++++++++++++++-
2 files changed, 35 insertions(+), 15 deletions(-)
Index: libvirt-1.1.2/src/xenxs/xen_sxpr.c
===================================================================
--- libvirt-1.1.2.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.1.2/src/xenxs/xen_sxpr.c
@@ -993,6 +993,7 @@ xenParseSxprPCI(virDomainDefPtr def,
int busID;
int slotID;
int funcID;
+ bool managed;
node = cur->u.s.car;
if (!sexpr_lookup(node, "dev"))
@@ -1040,11 +1041,13 @@ xenParseSxprPCI(virDomainDefPtr def,
goto error;
}
+ managed = sexpr_int(node, "dev/opts/managed");
+
if (!(dev = virDomainHostdevDefAlloc()))
goto error;
dev->mode = VIR_DOMAIN_HOSTDEV_MODE_SUBSYS;
- dev->managed = false;
+ dev->managed = managed ? true : false;
dev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
dev->source.subsys.u.pci.addr.domain = domainID;
dev->source.subsys.u.pci.addr.bus = busID;
@@ -1990,11 +1993,15 @@ static void
xenFormatSxprPCI(virDomainHostdevDefPtr def,
virBufferPtr buf)
{
- virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x))",
+ virBufferAsprintf(buf, "(dev (domain 0x%04x)(bus 0x%02x)(slot 0x%02x)(func 0x%x)",
def->source.subsys.u.pci.addr.domain,
def->source.subsys.u.pci.addr.bus,
def->source.subsys.u.pci.addr.slot,
def->source.subsys.u.pci.addr.function);
+
+ if (def->managed)
+ virBufferAddLit(buf, "(opts (managed 1))");
+ virBufferAddLit(buf, ")");
}
@@ -2013,12 +2020,6 @@ xenFormatSxprOnePCI(virDomainHostdevDefP
virBufferPtr buf,
int detach)
{
- if (def->managed) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("managed PCI devices not supported with XenD"));
- return -1;
- }
-
virBufferAddLit(buf, "(pci ");
xenFormatSxprPCI(def, buf);
if (detach)
@@ -2073,12 +2074,6 @@ xenFormatSxprAllPCI(virDomainDefPtr def,
for (i = 0; i < def->nhostdevs; i++) {
if (def->hostdevs[i]->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
def->hostdevs[i]->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
- if (def->hostdevs[i]->managed) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("managed PCI devices not supported with XenD"));
- return -1;
- }
-
xenFormatSxprPCI(def->hostdevs[i], buf);
}
}
Index: libvirt-1.1.2/src/xenxs/xen_xm.c
===================================================================
--- libvirt-1.1.2.orig/src/xenxs/xen_xm.c
+++ libvirt-1.1.2/src/xenxs/xen_xm.c
@@ -802,6 +802,8 @@ xenParseXM(virConfPtr conf, int xendConf
int busID;
int slotID;
int funcID;
+ char *opt;
+ int managed = 0;
domain[0] = bus[0] = slot[0] = func[0] = '\0';
@@ -811,6 +813,11 @@ xenParseXM(virConfPtr conf, int xendConf
/* pci=['0000:00:1b.0','0000:00:13.0'] */
if (!(key = list->str))
goto skippci;
+
+ opt = strchr(key, ',');
+ if (opt)
+ opt++;
+
if (!(nextkey = strchr(key, ':')))
goto skippci;
@@ -859,10 +866,30 @@ xenParseXM(virConfPtr conf, int xendConf
if (virStrToLong_i(func, NULL, 16, &funcID) < 0)
goto skippci;
+ if (opt) {
+ char opt_managed[2];
+ char *data;
+
+ opt_managed[0] = '\0';
+ data = strchr(opt, '=');
+ data++;
+
+ if (STRPREFIX(opt, "managed=")) {
+ if (virStrncpy(opt_managed, data, 1, sizeof(opt_managed)) == NULL) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("managed option %s too big for destination"),
+ data);
+ goto skippci;
+ }
+ }
+ if (virStrToLong_i(opt_managed, NULL, 10, &managed) < 0)
+ goto skippci;
+ }
+
if (!(hostdev = virDomainHostdevDefAlloc()))
goto cleanup;
- hostdev->managed = false;
+ hostdev->managed = managed ? true : false;
hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI;
hostdev->source.subsys.u.pci.addr.domain = domainID;
hostdev->source.subsys.u.pci.addr.bus = busID;
++++++ suse-qemu-conf.patch ++++++
Index: libvirt-1.1.2/src/qemu/qemu.conf
===================================================================
--- libvirt-1.1.2.orig/src/qemu/qemu.conf
+++ libvirt-1.1.2/src/qemu/qemu.conf
@@ -175,7 +175,16 @@
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
#security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
@@ -371,6 +380,15 @@
#allow_disk_format_probing = 1
+# SUSE note:
+# Many lock managers, sanlock included, will kill the resources
+# they protect when terminated. E.g. the sanlock daemon will kill
+# any virtual machines for which it holds disk leases when the
+# daemon is stopped or restarted. Administrators must be vigilant
+# when enabling a lock manager since simply updating the manager
+# may cause it to be restarted, potentially killing the resources
+# it protects.
+#
# To enable 'Sanlock' project based locking of the file
# content (to prevent two VMs writing to the same
# disk), uncomment this
++++++ systemd-service-xen.patch ++++++
Index: libvirt-1.1.2/daemon/libvirtd.service.in
===================================================================
--- libvirt-1.1.2.orig/daemon/libvirtd.service.in
+++ libvirt-1.1.2/daemon/libvirtd.service.in
@@ -9,6 +9,8 @@ Before=libvirt-guests.service
After=network.target
After=dbus.service
After=iscsid.service
+Wants=xencommons.service
+After=xencommons.service
[Service]
Type=notify
++++++ virtlockd-init-script.patch ++++++
Adjust virtlockd init files to conform to SUSE standards
Index: libvirt-1.1.2/src/locking/virtlockd.sysconf
===================================================================
--- libvirt-1.1.2.orig/src/locking/virtlockd.sysconf
+++ libvirt-1.1.2/src/locking/virtlockd.sysconf
@@ -1,3 +1,7 @@
+## Path: System/Virtualization/virtlockd
+
+## Type: string
+## Default: ""
#
# Pass extra arguments to virtlockd
#VIRTLOCKD_ARGS=
Index: libvirt-1.1.2/src/locking/virtlockd.init.in
===================================================================
--- libvirt-1.1.2.orig/src/locking/virtlockd.init.in
+++ libvirt-1.1.2/src/locking/virtlockd.init.in
@@ -4,11 +4,13 @@
# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-ge…
#
### BEGIN INIT INFO
-# Provides: virtlockd
-# Default-Start: 3 4 5
+# Provides: virtlockd
+# Required-Start: $network $remote_fs
+# Default-Start: 3 4 5
+# Required-Stop: $network $remote_fs
# Short-Description: virtual machine lock manager
-# Description: This is a daemon for managing locks
-# on virtual machine disk images
+# Description: This is a daemon for managing locks
+# on virtual machine disk images
### END INIT INFO
# the following is chkconfig init header
@@ -23,35 +25,33 @@
# pidfile: @localstatedir@/run/libvirt/virtlockd.pid
#
-# Source function library.
-. @sysconfdir@/rc.d/init.d/functions
+. @sysconfdir@/rc.status
+rc_reset
SERVICE=virtlockd
-PROCESS=virtlockd
-PIDFILE=@localstatedir@/run/libvirt/lockd/$SERVICE.pid
+PROCESS=@sbindir@/virtlockd
+PIDDIR=@localstatedir@/run/libvirt/lockd/
+PIDFILE=$PIDDIR/$SERVICE.pid
VIRTLOCKD_ARGS=
test -f @sysconfdir@/sysconfig/virtlockd && . @sysconfdir@/sysconfig/virtlockd
-RETVAL=0
-
start() {
- echo -n $"Starting $SERVICE daemon: "
- daemon --pidfile $PIDFILE --check $SERVICE $PROCESS --daemon $VIRTLOCKD_ARGS
+ echo -n $"Starting $SERVICE "
+ test -d $PIDDIR || mkdir -p $PIDDIR
+ startproc -p $PIDFILE $PROCESS --pid-file $PIDFILE --daemon $VIRTLOCKD_ARGS
RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && touch @localstatedir@/lock/subsys/$SERVICE
+ rc_status -v
}
stop() {
- echo -n $"Stopping $SERVICE daemon: "
+ echo -n $"Stopping $SERVICE "
- killproc -p $PIDFILE $PROCESS
+ killproc -p $PIDFILE $PROCESS > /dev/null 2>&1
RETVAL=$?
- echo
+ rc_status -v
if [ $RETVAL -eq 0 ]; then
- rm -f @localstatedir@/lock/subsys/$SERVICE
rm -f $PIDFILE
fi
}
@@ -65,9 +65,7 @@ reload() {
echo -n $"Reloading $SERVICE configuration: "
killproc -p $PIDFILE $PROCESS -HUP
- RETVAL=$?
- echo
- return $RETVAL
+ rc_status
}
# See how we were called.
@@ -76,18 +74,20 @@ case "$1" in
$1
;;
status)
- status -p $PIDFILE $PROCESS
- RETVAL=$?
+ echo -n "Checking status of $SERVICE "
+ checkproc $PROCESS
+ rc_status -v
;;
force-reload)
reload
;;
condrestart|try-restart)
- [ -f @localstatedir@/lock/subsys/$SERVICE ] && restart || :
+ $0 status >/dev/null && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart}"
- exit 2
+ rc_failed 2
+ rc_exit
;;
esac
-exit $RETVAL
+rc_exit
++++++ xen-name-for-devid.patch ++++++
Do not search xenstore for disk/network/PCI device IDs
Disk, network, and PCI devices can be referenced by name in Xen,
e.g. when modifying their configuration or remvoving them. As such,
don't search xenstore for a device ID corresponding to these devices.
Instead, search the devices contained in the domain definition and use
the devices's target name if found.
Note that for network devices, the mac address is used for the device
name. For PCI devices, the bdf (bus:dev:fun) specifier is used for
the device name.
This approach allows removing a disk/network/PCI device when domain
is inactive. We obviously can't search xenstore when the domain is
inactive.
Index: libvirt-1.1.2/src/xen/xend_internal.c
===================================================================
--- libvirt-1.1.2.orig/src/xen/xend_internal.c
+++ libvirt-1.1.2/src/xen/xend_internal.c
@@ -70,7 +70,7 @@
#define XEND_RCV_BUF_MAX_LEN (256 * 1024)
static int
-virDomainXMLDevID(virConnectPtr conn, virDomainDefPtr domain,
+virDomainXMLDevID(virConnectPtr conn ATTRIBUTE_UNUSED, virDomainDefPtr domain,
virDomainDeviceDefPtr dev, char *class,
char *ref, int ref_len);
@@ -3314,18 +3314,18 @@ xenDaemonDomainBlockPeek(virConnectPtr c
* Returns 0 in case of success, -1 in case of failure.
*/
static int
-virDomainXMLDevID(virConnectPtr conn,
+virDomainXMLDevID(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainDefPtr def,
virDomainDeviceDefPtr dev,
char *class,
char *ref,
int ref_len)
{
- xenUnifiedPrivatePtr priv = conn->privateData;
- char *xref;
- char *tmp;
+ unsigned int i;
if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
+ if (dev->data.disk->dst == NULL)
+ return -1;
if (dev->data.disk->driverName &&
STREQ(dev->data.disk->driverName, "tap"))
strcpy(class, "tap");
@@ -3335,19 +3335,17 @@ virDomainXMLDevID(virConnectPtr conn,
else
strcpy(class, "vbd");
- if (dev->data.disk->dst == NULL)
- return -1;
- xenUnifiedLock(priv);
- xref = xenStoreDomainGetDiskID(conn, def->id,
- dev->data.disk->dst);
- xenUnifiedUnlock(priv);
- if (xref == NULL)
- return -1;
-
- tmp = virStrcpy(ref, xref, ref_len);
- VIR_FREE(xref);
- if (tmp == NULL)
- return -1;
+ /* For disks, the device name can be used directly. */
+ for (i = 0; i < def->ndisks; i++) {
+ virDomainDiskDefPtr disk = def->disks[i];
+ if (STREQ(dev->data.disk->dst, disk->dst)) {
+ if (virStrcpy(ref, disk->dst, ref_len) == NULL)
+ return -1;
+ else
+ return 0;
+ }
+ }
+ return -1;
} else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
char mac[VIR_MAC_STRING_BUFLEN];
virDomainNetDefPtr netdef = dev->data.net;
@@ -3355,16 +3353,22 @@ virDomainXMLDevID(virConnectPtr conn,
strcpy(class, "vif");
- xenUnifiedLock(priv);
- xref = xenStoreDomainGetNetworkID(conn, def->id, mac);
- xenUnifiedUnlock(priv);
- if (xref == NULL)
- return -1;
-
- tmp = virStrcpy(ref, xref, ref_len);
- VIR_FREE(xref);
- if (tmp == NULL)
- return -1;
+ /* For nics, the mac address can be used directly. */
+ for (i = 0; i < def->nnets; i++) {
+ char dst_mac[30];
+ virDomainNetDefPtr dst_net = def->nets[i];
+ snprintf(dst_mac, sizeof(dst_mac), "%02x:%02x:%02x:%02x:%02x:%02x",
+ dst_net->mac.addr[0], dst_net->mac.addr[1],
+ dst_net->mac.addr[2], dst_net->mac.addr[3],
+ dst_net->mac.addr[4], dst_net->mac.addr[5]);
+ if (STREQ(mac, dst_mac)) {
+ if (virStrcpy(ref, dst_mac, ref_len) == NULL)
+ return -1;
+ else
+ return 0;
+ }
+ }
+ return -1;
} else if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV &&
dev->data.hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS &&
dev->data.hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) {
@@ -3380,17 +3384,44 @@ virDomainXMLDevID(virConnectPtr conn,
strcpy(class, "pci");
- xenUnifiedLock(priv);
- xref = xenStoreDomainGetPCIID(conn, def->id, bdf);
- xenUnifiedUnlock(priv);
- VIR_FREE(bdf);
- if (xref == NULL)
- return -1;
+ /* For PCI devices, the device BFD can be used directly. */
+ for (i = 0 ; i < def->nhostdevs ; i++) {
+ char *dst_bdf;
+ virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+
+ if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+ continue;
+ if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+ continue;
+
+ if (virAsprintf(&dst_bdf, "%04x:%02x:%02x.%0x",
+ hostdev->source.subsys.u.pci.addr.domain,
+ hostdev->source.subsys.u.pci.addr.bus,
+ hostdev->source.subsys.u.pci.addr.slot,
+ hostdev->source.subsys.u.pci.addr.function) < 0) {
+ virReportOOMError();
+ VIR_FREE(bdf);
+ return -1;
+ }
- tmp = virStrcpy(ref, xref, ref_len);
- VIR_FREE(xref);
- if (tmp == NULL)
- return -1;
+ if (STREQ(bdf, dst_bdf)) {
+ if (virStrcpy(ref, dst_bdf, ref_len) == NULL) {
+ virReportOOMError();
+ VIR_FREE(dst_bdf);
+ VIR_FREE(bdf);
+ return -1;
+ }
+ else {
+ VIR_FREE(dst_bdf);
+ VIR_FREE(bdf);
+ return 0;
+ }
+ }
+ VIR_FREE(dst_bdf);
+ }
+
+ VIR_FREE(bdf);
+ return -1;
} else {
virReportError(VIR_ERR_OPERATION_INVALID,
"%s", _("hotplug of device type not supported"));
++++++ xen-pv-cdrom.patch ++++++
Index: libvirt-1.1.2/src/xenxs/xen_sxpr.c
===================================================================
--- libvirt-1.1.2.orig/src/xenxs/xen_sxpr.c
+++ libvirt-1.1.2/src/xenxs/xen_sxpr.c
@@ -327,7 +327,7 @@ error:
static int
xenParseSxprDisks(virDomainDefPtr def,
const struct sexpr *root,
- int hvm,
+ int hvm ATTRIBUTE_UNUSED,
int xendConfigVersion)
{
const struct sexpr *cur, *node;
@@ -378,7 +378,6 @@ xenParseSxprDisks(virDomainDefPtr def,
/* There is a case without the uname to the CD-ROM device */
offset = strchr(dst, ':');
if (!offset ||
- !hvm ||
STRNEQ(offset, ":cdrom")) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("domain information incomplete, vbd has no src"));
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package python3-psutil for openSUSE:Factory checked in at 2015-02-05 11:01:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3-psutil (Old)
and /work/SRC/openSUSE:Factory/.python3-psutil.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-psutil"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3-psutil/python3-psutil.changes 2015-01-08 23:02:43.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python3-psutil.new/python3-psutil.changes 2015-02-05 11:01:40.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Feb 4 17:57:45 UTC 2015 - arun(a)gmx.de
+
+- specfile: update copyright year
+
+- update to version 2.2.1:
+ * #496: [Linux] fix "ValueError: ambiguos inode with multiple PIDs
+ references" (patch by Bruno Binet)
+
+-------------------------------------------------------------------
Old:
----
psutil-2.2.0.tar.gz
New:
----
psutil-2.2.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-psutil.spec ++++++
--- /var/tmp/diff_new_pack.zRa0sA/_old 2015-02-05 11:01:41.000000000 +0100
+++ /var/tmp/diff_new_pack.zRa0sA/_new 2015-02-05 11:01:41.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python3-psutil
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: python3-psutil
-Version: 2.2.0
+Version: 2.2.1
Release: 0
Summary: A process utilities module for Python
License: BSD-3-Clause
++++++ psutil-2.2.0.tar.gz -> psutil-2.2.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/CREDITS new/psutil-2.2.1/CREDITS
--- old/psutil-2.2.0/CREDITS 2015-01-03 15:01:37.000000000 +0100
+++ new/psutil-2.2.1/CREDITS 2015-02-02 14:01:33.000000000 +0100
@@ -276,3 +276,7 @@
N: karthikrev
I: 568
+
+N: Bruno Binet
+E: bruno.binet(a)gmail.com
+I: 572
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/HISTORY.rst new/psutil-2.2.1/HISTORY.rst
--- old/psutil-2.2.0/HISTORY.rst 2015-01-06 16:30:48.000000000 +0100
+++ new/psutil-2.2.1/HISTORY.rst 2015-02-02 14:01:12.000000000 +0100
@@ -1,5 +1,14 @@
Bug tracker at https://github.com/giampaolo/psutil/issues
+2.2.1 - 2015-02-02
+==================
+
+**Bug fixes**
+
+- #496: [Linux] fix "ValueError: ambiguos inode with multiple PIDs references"
+ (patch by Bruno Binet)
+
+
2.2.0 - 2015-01-06
==================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/PKG-INFO new/psutil-2.2.1/PKG-INFO
--- old/psutil-2.2.0/PKG-INFO 2015-01-06 16:38:32.000000000 +0100
+++ new/psutil-2.2.1/PKG-INFO 2015-02-02 14:09:59.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: psutil
-Version: 2.2.0
+Version: 2.2.1
Summary: psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
Home-page: https://github.com/giampaolo/psutil
Author: Giampaolo Rodola
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/psutil/__init__.py new/psutil-2.2.1/psutil/__init__.py
--- old/psutil-2.2.0/psutil/__init__.py 2015-01-03 15:16:25.000000000 +0100
+++ new/psutil-2.2.1/psutil/__init__.py 2015-01-20 15:56:42.000000000 +0100
@@ -13,7 +13,7 @@
from __future__ import division
__author__ = "Giampaolo Rodola'"
-__version__ = "2.2.0"
+__version__ = "2.2.1"
version_info = tuple([int(num) for num in __version__.split('.')])
__all__ = [
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/psutil/_pslinux.py new/psutil-2.2.1/psutil/_pslinux.py
--- old/psutil-2.2.0/psutil/_pslinux.py 2015-01-03 14:43:59.000000000 +0100
+++ new/psutil-2.2.1/psutil/_pslinux.py 2015-02-02 14:00:19.000000000 +0100
@@ -446,12 +446,12 @@
_, laddr, raddr, status, _, _, _, _, _, inode = \
line.split()[:10]
if inode in inodes:
- # We assume inet sockets are unique, so we error
- # out if there are multiple references to the
- # same inode. We won't do this for UNIX sockets.
- if len(inodes[inode]) > 1 and family != socket.AF_UNIX:
- raise ValueError("ambiguos inode with multiple "
- "PIDs references")
+ # # We assume inet sockets are unique, so we error
+ # # out if there are multiple references to the
+ # # same inode. We won't do this for UNIX sockets.
+ # if len(inodes[inode]) > 1 and family != socket.AF_UNIX:
+ # raise ValueError("ambiguos inode with multiple "
+ # "PIDs references")
pid, fd = inodes[inode][0]
else:
pid, fd = None, -1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/psutil.egg-info/PKG-INFO new/psutil-2.2.1/psutil.egg-info/PKG-INFO
--- old/psutil-2.2.0/psutil.egg-info/PKG-INFO 2015-01-06 16:38:32.000000000 +0100
+++ new/psutil-2.2.1/psutil.egg-info/PKG-INFO 2015-02-02 14:09:58.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: psutil
-Version: 2.2.0
+Version: 2.2.1
Summary: psutil is a cross-platform library for retrieving information onrunning processes and system utilization (CPU, memory, disks, network)in Python.
Home-page: https://github.com/giampaolo/psutil
Author: Giampaolo Rodola
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/psutil-2.2.0/test/test_psutil.py new/psutil-2.2.1/test/test_psutil.py
--- old/psutil-2.2.0/test/test_psutil.py 2015-01-05 19:51:17.000000000 +0100
+++ new/psutil-2.2.1/test/test_psutil.py 2015-01-20 15:56:42.000000000 +0100
@@ -2341,6 +2341,7 @@
self.assertTrue(ret >= 0)
def connections(self, ret):
+ self.assertEqual(len(ret), len(set(ret)))
for conn in ret:
check_connection(conn)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package python3-gunicorn for openSUSE:Factory checked in at 2015-02-05 11:01:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3-gunicorn (Old)
and /work/SRC/openSUSE:Factory/.python3-gunicorn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-gunicorn"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3-gunicorn/python3-gunicorn.changes 2015-02-01 12:30:42.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.python3-gunicorn.new/python3-gunicorn.changes 2015-02-05 11:01:39.000000000 +0100
@@ -1,0 +2,8 @@
+Wed Feb 4 17:55:49 UTC 2015 - arun(a)gmx.de
+
+- update to version 19.2.1:
+ * expose loglevel in the Logger class
+ * fix :issue: "977" fix initial crash
+ * document security mailing-list in the contributing page.
+
+-------------------------------------------------------------------
Old:
----
gunicorn-19.2.0.tar.gz
New:
----
gunicorn-19.2.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-gunicorn.spec ++++++
--- /var/tmp/diff_new_pack.wAKPez/_old 2015-02-05 11:01:40.000000000 +0100
+++ /var/tmp/diff_new_pack.wAKPez/_new 2015-02-05 11:01:40.000000000 +0100
@@ -17,7 +17,7 @@
Name: python3-gunicorn
-Version: 19.2.0
+Version: 19.2.1
Release: 0
Summary: WSGI HTTP Server for UNIX
License: MIT
++++++ gunicorn-19.2.0.tar.gz -> gunicorn-19.2.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/PKG-INFO new/gunicorn-19.2.1/PKG-INFO
--- old/gunicorn-19.2.0/PKG-INFO 2015-01-30 15:35:16.000000000 +0100
+++ new/gunicorn-19.2.1/PKG-INFO 2015-02-04 14:44:35.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: gunicorn
-Version: 19.2.0
+Version: 19.2.1
Summary: WSGI HTTP Server for UNIX
Home-page: http://gunicorn.org
Author: Benoit Chesneau
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/docs/source/2015-news.rst new/gunicorn-19.2.1/docs/source/2015-news.rst
--- old/gunicorn-19.2.0/docs/source/2015-news.rst 2015-01-30 15:34:02.000000000 +0100
+++ new/gunicorn-19.2.1/docs/source/2015-news.rst 2015-02-04 14:43:49.000000000 +0100
@@ -6,8 +6,30 @@
Please see :doc:`news` for the latest changes.
+19.2.1 / 2015/02/4
+==================
+
+Changes
+-------
+
+Logging
++++++++
+
+- expose loglevel in the Logger class
+
+AsyncIO worker (gaiohttp)
++++++++++++++++++++++++++
+
+- fix :issue:`977` fix initial crash
+
+Documentation
++++++++++++++
+
+- document security mailing-list in the contributing page.
+
+
19.2 / 2015/01/30
-===================
+=================
Changes
-------
@@ -16,21 +38,21 @@
++++
- optimize the sync workers when listening on a single interface
-- add `--sendfile` settings to enable/disable sendfile. fix issue:`856` .
-- add the selectors module to the code base. issue:`886`
+- add `--sendfile` settings to enable/disable sendfile. fix :issue:`856` .
+- add the selectors module to the code base. :issue:`886`
- add `--max-requests-jitter` setting to set the maximum jitter to add to the
max-requests setting.
-- fix issue:`899` propagate proxy_protocol_info to keep-alive requests
-- fix issue:`863` worker timeout: dynamic timeout has been removed
+- fix :issue:`899` propagate proxy_protocol_info to keep-alive requests
+- fix :issue:`863` worker timeout: dynamic timeout has been removed
- fix: Avoid world writable file
Logging
+++++++
-- fix issue:`941` set logconfig default to paster more trivially
+- fix :issue:`941` set logconfig default to paster more trivially
- add statsd-prefix config setting: set the prefix to use when emitting statsd
metrics
-- issue:`832` log to console by default
+- :issue:`832` log to console by default
Thread Worker
+++++++++++++
@@ -40,7 +62,7 @@
Eventlet Worker
+++++++++++++++
-- fix issue:`867` Fix eventlet shutdown to actively shut down the workers.
+- fix :issue:`867` Fix eventlet shutdown to actively shut down the workers.
Documentation
+++++++++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/docs/source/community.rst new/gunicorn-19.2.1/docs/source/community.rst
--- old/gunicorn-19.2.0/docs/source/community.rst 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/docs/source/community.rst 2015-02-04 08:26:34.000000000 +0100
@@ -31,3 +31,10 @@
Bug reports, enhancement requests and tasks generally go in the `Github
issue tracker <http://github.com/benoitc/gunicorn/issues>`_.
+
+Security Issues
+===============
+
+The security mailing list is a place to report security issues. Only
+developers are subscribed to it. To post a message to the list use the address
+to `security(a)gunicorn.org <mailto:security@gunicorn.org>`_ .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/docs/source/conf.py new/gunicorn-19.2.1/docs/source/conf.py
--- old/gunicorn-19.2.0/docs/source/conf.py 2015-01-30 15:34:02.000000000 +0100
+++ new/gunicorn-19.2.1/docs/source/conf.py 2015-02-04 08:23:01.000000000 +0100
@@ -2,7 +2,10 @@
#
# Gunicorn documentation build configuration file
#
-import sys, os
+
+import os
+import sys
+import time
DOCS_DIR = os.path.abspath(os.path.dirname(__file__))
@@ -19,7 +22,7 @@
# General information about the project.
project = u'Gunicorn'
-copyright = u'2009-2015, Benoit Chesneau'
+copyright = u'2009-%s, Benoit Chesneau' % time.strftime('%Y')
# gunicorn version
import gunicorn
release = version = gunicorn.__version__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/docs/source/news.rst new/gunicorn-19.2.1/docs/source/news.rst
--- old/gunicorn-19.2.0/docs/source/news.rst 2015-01-30 15:34:02.000000000 +0100
+++ new/gunicorn-19.2.1/docs/source/news.rst 2015-02-04 14:43:51.000000000 +0100
@@ -2,8 +2,30 @@
Changelog
=========
+19.2.1 / 2015/02/4
+==================
+
+Changes
+-------
+
+Logging
++++++++
+
+- expose loglevel in the Logger class
+
+AsyncIO worker (gaiohttp)
++++++++++++++++++++++++++
+
+- fix :issue:`977` fix initial crash
+
+Documentation
++++++++++++++
+
+- document security mailing-list in the contributing page.
+
+
19.2 / 2015/01/30
-===================
+=================
Changes
-------
@@ -12,12 +34,12 @@
++++
- optimize the sync workers when listening on a single interface
-- add `--sendfile` settings to enable/disable sendfile. fix issue:`856` .
-- add the selectors module to the code base. issue:`886`
+- add `--sendfile` settings to enable/disable sendfile. fix :issue:`856` .
+- add the selectors module to the code base. :issue:`886`
- fix :pr:`862` add `--max-requests-jitter` setting to set the maximum jitter to add to the
max-requests setting.
-- fix issue:`899` propagate proxy_protocol_info to keep-alive requests
-- fix issue:`863` worker timeout: dynamic timeout has been removed, fix a race
+- fix :issue:`899` propagate proxy_protocol_info to keep-alive requests
+- fix :issue:`863` worker timeout: dynamic timeout has been removed, fix a race
condition error
- fix: Avoid world writable file
- fix :issue:`917`: the deprecated ``--debug`` option has been removed.
@@ -25,10 +47,10 @@
Logging
+++++++
-- fix issue:`941` set logconfig default to paster more trivially
+- fix :issue:`941` set logconfig default to paster more trivially
- add statsd-prefix config setting: set the prefix to use when emitting statsd
metrics
-- issue:`832` log to console by default
+- :issue:`832` log to console by default
- fix :issue:`845`: set the gunicorn loggers from the paste config
Thread Worker
@@ -39,7 +61,7 @@
Eventlet Worker
+++++++++++++++
-- fix issue:`867` Fix eventlet shutdown to actively shut down the workers.
+- fix :issue:`867` Fix eventlet shutdown to actively shut down the workers.
Documentation
+++++++++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn/__init__.py new/gunicorn-19.2.1/gunicorn/__init__.py
--- old/gunicorn-19.2.0/gunicorn/__init__.py 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn/__init__.py 2015-02-04 14:38:13.000000000 +0100
@@ -3,6 +3,6 @@
# This file is part of gunicorn released under the MIT license.
# See the NOTICE for more information.
-version_info = (19, 2, 0)
+version_info = (19, 2, 1)
__version__ = ".".join([str(v) for v in version_info])
SERVER_SOFTWARE = "gunicorn/%s" % __version__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn/glogging.py new/gunicorn-19.2.1/gunicorn/glogging.py
--- old/gunicorn-19.2.0/gunicorn/glogging.py 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn/glogging.py 2015-02-04 09:10:53.000000000 +0100
@@ -171,12 +171,13 @@
self.access_log.propagate = False
self.error_handlers = []
self.access_handlers = []
+ self.loglevel = logging.INFO
self.cfg = cfg
self.setup(cfg)
def setup(self, cfg):
- loglevel = self.LOG_LEVELS.get(cfg.loglevel.lower(), logging.INFO)
- self.error_log.setLevel(loglevel)
+ self.loglevel = self.LOG_LEVELS.get(cfg.loglevel.lower(), logging.INFO)
+ self.error_log.setLevel(self.loglevel)
self.access_log.setLevel(logging.INFO)
# set gunicorn.error handler
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn/http/__init__.py new/gunicorn-19.2.1/gunicorn/http/__init__.py
--- old/gunicorn-19.2.0/gunicorn/http/__init__.py 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn/http/__init__.py 2015-02-04 08:23:01.000000000 +0100
@@ -6,4 +6,4 @@
from gunicorn.http.message import Message, Request
from gunicorn.http.parser import RequestParser
-__all__ = [Message, Request, RequestParser]
+__all__ = ['Message', 'Request', 'RequestParser']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn/http/parser.py new/gunicorn-19.2.1/gunicorn/http/parser.py
--- old/gunicorn-19.2.0/gunicorn/http/parser.py 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn/http/parser.py 2015-02-04 08:23:01.000000000 +0100
@@ -9,8 +9,9 @@
class Parser(object):
- def __init__(self, mesg_class, cfg, source):
- self.mesg_class = mesg_class
+ mesg_class = None
+
+ def __init__(self, cfg, source):
self.cfg = cfg
if hasattr(source, "recv"):
self.unreader = SocketUnreader(source)
@@ -47,5 +48,4 @@
class RequestParser(Parser):
- def __init__(self, *args, **kwargs):
- super(RequestParser, self).__init__(Request, *args, **kwargs)
+ mesg_class = Request
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn/workers/_gaiohttp.py new/gunicorn-19.2.1/gunicorn/workers/_gaiohttp.py
--- old/gunicorn-19.2.0/gunicorn/workers/_gaiohttp.py 2015-01-21 23:12:39.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn/workers/_gaiohttp.py 2015-02-04 10:06:59.000000000 +0100
@@ -5,6 +5,7 @@
import asyncio
import functools
+import logging
import os
import gunicorn.workers.base as base
@@ -44,11 +45,14 @@
return proto
def factory(self, wsgi, addr):
+ # are we in debug level
+ is_debug = self.log.loglevel == logging.DEBUG
+
proto = WSGIServerHttpProtocol(
wsgi, readpayload=True,
loop=self.loop,
log=self.log,
- debug=self.cfg.debug,
+ debug=is_debug,
keep_alive=self.cfg.keepalive,
access_log=self.log.access_log,
access_log_format=self.cfg.access_log_format)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/gunicorn.egg-info/PKG-INFO new/gunicorn-19.2.1/gunicorn.egg-info/PKG-INFO
--- old/gunicorn-19.2.0/gunicorn.egg-info/PKG-INFO 2015-01-30 15:35:15.000000000 +0100
+++ new/gunicorn-19.2.1/gunicorn.egg-info/PKG-INFO 2015-02-04 14:44:35.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: gunicorn
-Version: 19.2.0
+Version: 19.2.1
Summary: WSGI HTTP Server for UNIX
Home-page: http://gunicorn.org
Author: Benoit Chesneau
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gunicorn-19.2.0/setup.cfg new/gunicorn-19.2.1/setup.cfg
--- old/gunicorn-19.2.0/setup.cfg 2015-01-30 15:35:16.000000000 +0100
+++ new/gunicorn-19.2.1/setup.cfg 2015-02-04 14:44:35.000000000 +0100
@@ -11,7 +11,7 @@
universal = 1
[egg_info]
+tag_svn_revision = 0
tag_build =
tag_date = 0
-tag_svn_revision = 0
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0
Hello community,
here is the log from the commit of package gnome-multi-writer for openSUSE:Factory checked in at 2015-02-05 11:01:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gnome-multi-writer (Old)
and /work/SRC/openSUSE:Factory/.gnome-multi-writer.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnome-multi-writer"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gnome-multi-writer/gnome-multi-writer.changes 2015-02-03 11:39:35.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.gnome-multi-writer.new/gnome-multi-writer.changes 2015-02-05 11:01:36.000000000 +0100
@@ -1,0 +2,21 @@
+Tue Jan 20 07:30:16 UTC 2015 - badshah400(a)gmail.com
+
+- Update to version 3.15.4:
+ + Show the size next to the device name when the device is idle.
+ + Bugs fixed:
+ - Add a translatable version of a generic flash drive.
+ - Add quirks for the 36 port MegaHub.
+ - Don't proceed to the copy phase if unmounting failed.
+ - Fix crash when libusb context creation fails.
+ - Never use the USB platform ID for the hub label.
+ - Support root hubs with bus numbers >= 8.
+ - Try to get the icon name hint from UDisks.
+ - Unmount all partitions when a device is inserted.
+
+-------------------------------------------------------------------
+Sat Jan 10 09:06:05 UTC 2015 - dimstar(a)opensuse.org
+
+- Add docbook-utils-minimal BuildRequires: enable building of the
+ man pages.
+
+-------------------------------------------------------------------
Old:
----
gnome-multi-writer-3.15.2.tar.xz
New:
----
gnome-multi-writer-3.15.4.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gnome-multi-writer.spec ++++++
--- /var/tmp/diff_new_pack.PoGHIT/_old 2015-02-05 11:01:37.000000000 +0100
+++ /var/tmp/diff_new_pack.PoGHIT/_new 2015-02-05 11:01:37.000000000 +0100
@@ -18,13 +18,14 @@
Name: gnome-multi-writer
-Version: 3.15.2
+Version: 3.15.4
Release: 0
Summary: Write an ISO file to multiple USB devices at once
License: GPL-2.0+
Group: System/GUI/GNOME
Url: https://wiki.gnome.org/Apps/MultiWriter
-Source: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
+Source: http://download.gnome.org/sources/gnome-multi-writer/3.15/%{name}-%{version…
+BuildRequires: docbook-utils-minimal
BuildRequires: gobject-introspection-devel >= 0.9.8
BuildRequires: hicolor-icon-theme
BuildRequires: intltool >= 0.50.0
@@ -79,8 +80,8 @@
%{_datadir}/applications/org.gnome.MultiWriter.desktop
%{_datadir}/appdata/org.gnome.MultiWriter.appdata.xml
%{_datadir}/icons/hicolor/*/apps/gnome-multi-writer.*
+%{_mandir}/man1/gnome-multi-writer.1%{?ext_man}
%files lang -f %{name}.lang
%defattr(-,root,root)
-
++++++ gnome-multi-writer-3.15.2.tar.xz -> gnome-multi-writer-3.15.4.tar.xz ++++++
++++ 5072 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-commit+help(a)opensuse.org
1
0