Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2015-08-29 20:05:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libvirt" Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2015-08-27 08:57:23.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes 2015-08-29 20:05:18.000000000 +0200 @@ -1,0 +2,30 @@ +Fri Aug 28 17:41:30 UTC 2015 - jfehlig@suse.com + +- Replace local libxl patches with upstream variants + Dropped: + 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch + 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch + 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch + Added: + 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch + 15120b8c-libxl-no-resume-on-suspend-fail.patch + e80b84a7-libxl-acquire-job-on-migrate.patch + bsc#936185 +- Added another virt-aa-helper upstream patch + 52970dec-virt-aa-helper-improve-valid-path.patch + lp#1483071 +- Added upstream patch to fix libvirt-tck memory balloon test + failure on Xen + 60acb38-revert-curmem-inactive-dom.patch + +------------------------------------------------------------------- +Wed Aug 26 14:38:40 UTC 2015 - cbosdonnat@suse.com + +- Fix generated apparmor profile to allow access to ovmf and nvram. + 26c5fa3a-virt-aa-helper-missing-doc.patch + 2f01cfdf-virt-aa-helper-allow-ovmf.patch + 91fdcefa-virt-aa-helper-allow-nvram.patch + d25a5e08-virt-aa-helper-simplify-restriction-logic.patch + lp#1483071 + +------------------------------------------------------------------- Old: ---- 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch New: ---- 15120b8c-libxl-no-resume-on-suspend-fail.patch 26c5fa3a-virt-aa-helper-missing-doc.patch 2f01cfdf-virt-aa-helper-allow-ovmf.patch 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch 52970dec-virt-aa-helper-improve-valid-path.patch 60acb38-revert-curmem-inactive-dom.patch 91fdcefa-virt-aa-helper-allow-nvram.patch d25a5e08-virt-aa-helper-simplify-restriction-logic.patch e80b84a7-libxl-acquire-job-on-migrate.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.6XsSsk/_old 2015-08-29 20:05:20.000000000 +0200 +++ /var/tmp/diff_new_pack.6XsSsk/_new 2015-08-29 20:05:20.000000000 +0200 @@ -447,10 +447,16 @@ Source99: baselibs.conf # Upstream patches Patch0: 269d39af-storage-allocation-fix.patch +Patch1: 26c5fa3a-virt-aa-helper-missing-doc.patch +Patch2: d25a5e08-virt-aa-helper-simplify-restriction-logic.patch +Patch3: 2f01cfdf-virt-aa-helper-allow-ovmf.patch +Patch4: 91fdcefa-virt-aa-helper-allow-nvram.patch +Patch5: 52970dec-virt-aa-helper-improve-valid-path.patch +Patch6: 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch +Patch7: 15120b8c-libxl-no-resume-on-suspend-fail.patch +Patch8: e80b84a7-libxl-acquire-job-on-migrate.patch +Patch9: 60acb38-revert-curmem-inactive-dom.patch # Patches pending upstream review -Patch100: 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch -Patch101: 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch -Patch102: 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -981,9 +987,15 @@ %prep %setup -q %patch0 -p1 -%patch100 -p1 -%patch101 -p1 -%patch102 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 ++++++ 15120b8c-libxl-no-resume-on-suspend-fail.patch ++++++ commit 15120b8c61014a9263cb53314076da9a44e39621 Author: Jim Fehlig <jfehlig@suse.com> Date: Wed Jul 15 17:29:15 2015 -0600 libxl: don't attempt to resume domain when suspend fails Failure of libxl_domain_suspend() does not leave the domain in a suspended state, so no need to call libxl_domain_resume(), which btw will fail with "domain not suspended". Signed-off-by: Jim Fehlig <jfehlig@suse.com> Index: libvirt-1.2.18/src/libxl/libxl_migration.c =================================================================== --- libvirt-1.2.18.orig/src/libxl/libxl_migration.c +++ libvirt-1.2.18/src/libxl/libxl_migration.c @@ -178,7 +178,6 @@ libxlDoMigrateSend(libxlDriverPrivatePtr int sockfd) { libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver); - virObjectEventPtr event = NULL; int xl_flags = 0; int ret; @@ -188,24 +187,11 @@ libxlDoMigrateSend(libxlDriverPrivatePtr ret = libxl_domain_suspend(cfg->ctx, vm->def->id, sockfd, xl_flags, NULL); if (ret != 0) { - /* attempt to resume the domain on failure */ - if (libxl_domain_resume(cfg->ctx, vm->def->id, 1, 0) != 0) { - VIR_DEBUG("Failed to resume domain following failed migration"); - virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, - VIR_DOMAIN_PAUSED_MIGRATION); - event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_SUSPENDED, - VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED); - ignore_value(virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm)); - } virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to send migration data to destination host")); ret = -1; - goto cleanup; } - cleanup: - if (event) - libxlDomainEventQueue(driver, event); virObjectUnref(cfg); return ret; } ++++++ 26c5fa3a-virt-aa-helper-missing-doc.patch ++++++

From 26c5fa3a9bd37624ddd1509daf7d6a84268f089e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> Date: Fri, 21 Aug 2015 12:29:25 +0200 Subject: [PATCH 1/4] virt-aa-helper: document --probing and --dry-run

--- src/security/virt-aa-helper.c | 2 ++ 1 file changed, 2 insertions(+) Index: libvirt-1.2.18/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.18.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.18/src/security/virt-aa-helper.c @@ -107,12 +107,14 @@ vah_usage(void) " Options:\n" " -a | --add load profile\n" " -c | --create create profile from template\n" + " -d | --dry-run dry run\n" " -D | --delete unload and delete profile\n" " -f | --add-file <file> add file to profile\n" " -F | --append-file <file> append file to profile\n" " -r | --replace reload profile\n" " -R | --remove unload profile\n" " -h | --help this help\n" + " -p | --probing [0|1] allow disk format probing\n" " -u | --uuid <uuid> uuid (profile name)\n" "\n"), progname); ++++++ 2f01cfdf-virt-aa-helper-allow-ovmf.patch ++++++

From 2f01cfdf05448513d150ff1914d3444161c531b9 Mon Sep 17 00:00:00 2001 From: intrigeri <intrigeri@debian.org> Date: Fri, 21 Aug 2015 10:52:52 +0200 Subject: [PATCH 3/4] virt-aa-helper: allow access to /usr/share/ovmf/

We forbid access to /usr/share/, but (at least on Debian-based systems) the Open Virtual Machine Firmware files needed for booting UEFI virtual machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add that directory to the list of read only paths. A similar patch was suggested by Jamie Strandboge <jamie@canonical.com> on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071. --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: libvirt-1.2.18/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.18.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.18/src/security/virt-aa-helper.c @@ -572,7 +572,8 @@ valid_path(const char *path, const bool "/boot/", "/vmlinuz", "/initrd", - "/initrd.img" + "/initrd.img", + "/usr/share/ovmf/" /* for OVMF images */ }; /* override the above with these */ const char * const override[] = { ++++++ 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch ++++++ commit 44a54eb073d2ae52ebf1661ae73bb1f0f98599f9 Author: Jim Fehlig <jfehlig@suse.com> Date: Wed Jul 15 16:35:50 2015 -0600 libxl: fix ref counting of libxlMigrationDstArgs This patch fixes some flawed logic around ref counting the libxlMigrationDstArgs object. First, when adding sockets to the event loop with virNetSocketAddIOCallback(), the generic virObjectFreeCallback() was registered as a free function, with libxlMigrationDstArgs as its parameter. A reference was also taken on libxlMigrationDstArgs for each successful call to virNetSocketAddIOCallback(). The rational behind this logic was that the libxlMigrationDstArgs object had to out-live the socket objects. But virNetSocketAddIOCallback() already takes a reference on socket objects, ensuring their life until removed from the event loop and unref'ed in virNetSocketEventFree(). We only need to ensure libxlMigrationDstArgs lives until libxlDoMigrateReceive() finishes, which can be done by simply unref'ing libxlMigrationDstArgs at the end of libxlDoMigrateReceive(). The second flaw was unref'ing the sockets in the failure path of libxlMigrateReceive() and at the end of libxlDoMigrateReceive(). As mentioned above, the sockets are already unref'ed by virNetSocketEventFree() when removed from the event loop. Attempting to unref the socket a second time resulted in a libvirtd crash since the socket was previously unref'ed and disposed. Signed-off-by: Jim Fehlig <jfehlig@suse.com> Index: libvirt-1.2.18/src/libxl/libxl_migration.c =================================================================== --- libvirt-1.2.18.orig/src/libxl/libxl_migration.c +++ libvirt-1.2.18/src/libxl/libxl_migration.c @@ -109,7 +109,6 @@ libxlDoMigrateReceive(void *opaque) /* Remove all listen socks from event handler, and close them. */ for (i = 0; i < nsocks; i++) { - virNetSocketUpdateIOCallback(socks[i], 0); virNetSocketRemoveIOCallback(socks[i]); virNetSocketClose(socks[i]); virObjectUnref(socks[i]); @@ -117,6 +116,7 @@ libxlDoMigrateReceive(void *opaque) } args->nsocks = 0; VIR_FORCE_CLOSE(recvfd); + virObjectUnref(args); } @@ -164,11 +164,11 @@ libxlMigrateReceive(virNetSocketPtr sock virNetSocketUpdateIOCallback(socks[i], 0); virNetSocketRemoveIOCallback(socks[i]); virNetSocketClose(socks[i]); - virObjectUnref(socks[i]); socks[i] = NULL; } args->nsocks = 0; VIR_FORCE_CLOSE(recvfd); + virObjectUnref(args); } static int @@ -318,7 +318,7 @@ libxlDomainMigrationPrepare(virConnectPt virNetSocketPtr *socks = NULL; size_t nsocks = 0; int nsocks_listen = 0; - libxlMigrationDstArgs *args; + libxlMigrationDstArgs *args = NULL; size_t i; int ret = -1; @@ -420,22 +420,12 @@ libxlDomainMigrationPrepare(virConnectPt VIR_EVENT_HANDLE_READABLE, libxlMigrateReceive, args, - virObjectFreeCallback) < 0) + NULL) < 0) continue; - /* - * Successfully added sock to event loop. Take a ref on args to - * ensure it is not freed until sock is removed from the event loop. - * Ref is dropped in virObjectFreeCallback after being removed - * from the event loop. - */ - virObjectRef(args); nsocks_listen++; } - /* Done with args in this function, drop reference */ - virObjectUnref(args); - if (!nsocks_listen) goto error; @@ -448,6 +438,8 @@ libxlDomainMigrationPrepare(virConnectPt virObjectUnref(socks[i]); } VIR_FREE(socks); + virObjectUnref(args); + /* Remove virDomainObj from domain list */ if (vm) { virDomainObjListRemove(driver->domains, vm); ++++++ 52970dec-virt-aa-helper-improve-valid-path.patch ++++++ commit 52970dec5b4d0fd1a9baa593b46a33bd7eeaf6b8 Author: Michal Privoznik <mprivozn@redhat.com> Date: Thu Aug 27 02:50:21 2015 +0200 virt-aa-helper: Improve valid_path So, after some movement in virt-aa-helper, I've noticed the virt-aa-helper-test failing. I've ran gdb (it took me a while to realize how to do that) and this showed up immediately: Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) bt #0 strlen () at ../sysdeps/x86_64/strlen.S:106 #1 0x0000555555561a13 in array_starts_with (str=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", arr=0x7fffffffd160, size=-1540438016) at security/virt-aa-helper.c:525 #2 0x0000555555561d49 in valid_path (path=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", readonly=false) at security/virt-aa-helper.c:617 #3 0x0000555555562506 in vah_add_path (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw", recursive=false) at security/virt-aa-helper.c:823 #4 0x0000555555562693 in vah_add_file (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw") at security/virt-aa-helper.c:854 #5 0x0000555555562918 in add_file_path (disk=0x5555557d4440, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", depth=0, opaque=0x7fffffffd3e0) at security/virt-aa-helper.c:931 #6 0x00007ffff78f18b1 in virDomainDiskDefForeachPath (disk=0x5555557d4440, ignoreOpenFailure=true, iter=0x5555555628a6 <add_file_path>, opaque=0x7fffffffd3e0) at conf/domain_conf.c:23286 #7 0x0000555555562b5f in get_files (ctl=0x7fffffffd670) at security/virt-aa-helper.c:982 #8 0x0000555555564100 in vahParseArgv (ctl=0x7fffffffd670, argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1277 #9 0x00005555555643d6 in main (argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1332 So I've taken look at valid_path() because it is obviously calling array_starts_with() with malformed @size. And here's the result: there are two variables to hold the size of three arrays and their value is recalculated before each call of array_starts_with(). What if we just use three variables, initialize them and do not touch them afterwards? Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Index: libvirt-1.2.18/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.18.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.18/src/security/virt-aa-helper.c @@ -546,9 +546,6 @@ array_starts_with(const char *str, const static int valid_path(const char *path, const bool readonly) { - int npaths; - int nropaths; - const char * const restricted[] = { "/bin/", "/etc/", @@ -581,6 +578,10 @@ valid_path(const char *path, const bool "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */ }; + const int nropaths = ARRAY_CARDINALITY(restricted); + const int nrwpaths = ARRAY_CARDINALITY(restricted_rw); + const int nopaths = ARRAY_CARDINALITY(override); + if (path == NULL) { vah_error(NULL, 0, _("bad pathname")); return -1; @@ -600,21 +601,18 @@ valid_path(const char *path, const bool vah_warning(_("path does not exist, skipping file type checks")); /* overrides are always allowed */ - npaths = sizeof(override)/sizeof(*(override)); - if (array_starts_with(path, override, npaths) == 0) + if (array_starts_with(path, override, nopaths) == 0) return 0; /* allow read only paths upfront */ if (readonly) { - nropaths = sizeof(restricted_rw)/sizeof(*(restricted_rw)); - if (array_starts_with(path, restricted_rw, nropaths) == 0) + if (array_starts_with(path, restricted_rw, nrwpaths) == 0) return 0; } /* disallow RW acess to all paths in restricted and restriced_rw */ - npaths = sizeof(restricted)/sizeof(*(restricted)); - if ((array_starts_with(path, restricted, npaths) == 0 - || array_starts_with(path, restricted_rw, nropaths) == 0)) + if ((array_starts_with(path, restricted, nropaths) == 0 || + array_starts_with(path, restricted_rw, nrwpaths) == 0)) return 1; return 0; ++++++ 60acb38-revert-curmem-inactive-dom.patch ++++++ commit 60acb38abbee1636a9cddf8d296f700d115c8f77 Author: Jim Fehlig <jfehlig@suse.com> Date: Mon Aug 10 12:49:55 2015 -0600 Revert "LXC: show used memory as 0 when domain is not active" This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. Conflicts: src/qemu/qemu_driver.c Signed-off-by: Jim Fehlig <jfehlig@suse.com> Index: libvirt-1.2.18/src/lxc/lxc_driver.c =================================================================== --- libvirt-1.2.18.orig/src/lxc/lxc_driver.c +++ libvirt-1.2.18/src/lxc/lxc_driver.c @@ -597,7 +597,7 @@ static int lxcDomainGetInfo(virDomainPtr if (!virDomainObjIsActive(vm)) { info->cpuTime = 0; - info->memory = 0; + info->memory = vm->def->mem.cur_balloon; } else { if (virCgroupGetCpuacctUsage(priv->cgroup, &(info->cpuTime)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, Index: libvirt-1.2.18/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.2.18.orig/src/qemu/qemu_driver.c +++ libvirt-1.2.18/src/qemu/qemu_driver.c @@ -2641,13 +2641,13 @@ qemuDomainGetInfo(virDomainPtr dom, goto cleanup; } - if (virDomainObjIsActive(vm)) { - if (VIR_ASSIGN_IS_OVERFLOW(info->memory, vm->def->mem.cur_balloon)) { - virReportError(VIR_ERR_OVERFLOW, "%s", - _("Current memory size too large")); - goto cleanup; - } + if (VIR_ASSIGN_IS_OVERFLOW(info->memory, vm->def->mem.cur_balloon)) { + virReportError(VIR_ERR_OVERFLOW, "%s", + _("Current memory size too large")); + goto cleanup; + } + if (virDomainObjIsActive(vm)) { if (qemuGetProcessInfo(&(info->cpuTime), NULL, NULL, vm->pid, 0) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("cannot read cputime for domain")); ++++++ 91fdcefa-virt-aa-helper-allow-nvram.patch ++++++

From 91fdcefa7f145c1c39acc8e9a44fbfbf11568e54 Mon Sep 17 00:00:00 2001 From: Peter Kieser <peter@kieser.ca> Date: Thu, 20 Aug 2015 10:58:59 -0700 Subject: [PATCH 4/4] virt-aa-helper: add NVRAM store file for read/write

This is a cryptographically signed message in MIME format. Some UEFI firmwares may want to use a non-volatile memory to store some variables. If AppArmor is enabled, and NVRAM store file is set currently virt-aa-helper does not add the NVRAM store file to the template. Add this file for read/write when this functionality is defined in domain XML. Signed-off-by: Peter Kieser <peter@kieser.ca> --- src/security/virt-aa-helper.c | 4 ++++ 1 file changed, 4 insertions(+) Index: libvirt-1.2.18/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.18.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.18/src/security/virt-aa-helper.c @@ -1057,6 +1057,10 @@ get_files(vahControl * ctl) if (vah_add_file(&buf, ctl->def->os.loader->path, "r") != 0) goto cleanup; + if (ctl->def->os.loader && ctl->def->os.loader->nvram) + if (vah_add_file(&buf, ctl->def->os.loader->nvram, "rw") != 0) + goto cleanup; + for (i = 0; i < ctl->def->ngraphics; i++) { if (ctl->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && ctl->def->graphics[i]->data.vnc.socket && ++++++ d25a5e08-virt-aa-helper-simplify-restriction-logic.patch ++++++

From d25a5e087ae10142d3d533ed193146736526b2ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> Date: Fri, 21 Aug 2015 10:49:15 +0200 Subject: [PATCH 2/4] virt-aa-helper: Simplify restriction logic

First check overrides, then read only files then restricted access itself. This allows us to mark files for read only access whose parents were already restricted for read write. Based on a proposal by Martin Kletzander --- src/security/virt-aa-helper.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) Index: libvirt-1.2.18/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.18.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.18/src/security/virt-aa-helper.c @@ -546,7 +546,9 @@ array_starts_with(const char *str, const static int valid_path(const char *path, const bool readonly) { - int npaths, opaths; + int npaths; + int nropaths; + const char * const restricted[] = { "/bin/", "/etc/", @@ -596,18 +598,23 @@ valid_path(const char *path, const bool if (!virFileExists(path)) vah_warning(_("path does not exist, skipping file type checks")); - opaths = sizeof(override)/sizeof(*(override)); + /* overrides are always allowed */ + npaths = sizeof(override)/sizeof(*(override)); + if (array_starts_with(path, override, npaths) == 0) + return 0; + + /* allow read only paths upfront */ + if (readonly) { + nropaths = sizeof(restricted_rw)/sizeof(*(restricted_rw)); + if (array_starts_with(path, restricted_rw, nropaths) == 0) + return 0; + } + /* disallow RW acess to all paths in restricted and restriced_rw */ npaths = sizeof(restricted)/sizeof(*(restricted)); - if (array_starts_with(path, restricted, npaths) == 0 && - array_starts_with(path, override, opaths) != 0) - return 1; - - npaths = sizeof(restricted_rw)/sizeof(*(restricted_rw)); - if (!readonly) { - if (array_starts_with(path, restricted_rw, npaths) == 0) - return 1; - } + if ((array_starts_with(path, restricted, npaths) == 0 + || array_starts_with(path, restricted_rw, nropaths) == 0)) + return 1; return 0; } ++++++ e80b84a7-libxl-acquire-job-on-migrate.patch ++++++ commit e80b84a74324cd535ec7232c4e1653805af2103a Author: Jim Fehlig <jfehlig@suse.com> Date: Thu Jul 16 12:24:32 2015 -0600 libxl: acquire a job when receiving a migrating domain Commit f86ae403 moved acquiring a job from libxlDomainStart() to its callers. One spot missed was in libxlDoMigrateReceive(). Acquire a job in libxlDoMigrateReceive() before calling libxlDomainStart(). Signed-off-by: Jim Fehlig <jfehlig@suse.com> Index: libvirt-1.2.18/src/libxl/libxl_migration.c =================================================================== --- libvirt-1.2.18.orig/src/libxl/libxl_migration.c +++ libvirt-1.2.18/src/libxl/libxl_migration.c @@ -95,17 +95,20 @@ libxlDoMigrateReceive(void *opaque) int recvfd = args->recvfd; size_t i; int ret; + bool remove_dom = 0; + + virObjectLock(vm); + if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0) + goto cleanup; /* * Always start the domain paused. If needed, unpause in the * finish phase, after transfer of the domain is complete. */ - virObjectLock(vm); ret = libxlDomainStart(driver, vm, true, recvfd); - virObjectUnlock(vm); if (ret < 0 && !vm->persistent) - virDomainObjListRemove(driver->domains, vm); + remove_dom = true; /* Remove all listen socks from event handler, and close them. */ for (i = 0; i < nsocks; i++) { @@ -117,6 +120,17 @@ libxlDoMigrateReceive(void *opaque) args->nsocks = 0; VIR_FORCE_CLOSE(recvfd); virObjectUnref(args); + + if (!libxlDomainObjEndJob(driver, vm)) + vm = NULL; + + cleanup: + if (remove_dom && vm) { + virDomainObjListRemove(driver->domains, vm); + vm = NULL; + } + if (vm) + virObjectUnlock(vm); }