Hello community,
here is the log from the commit of package libvirt.2054 for openSUSE:12.2:Update checked in at 2013-10-15 16:48:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/libvirt.2054 (Old)
and /work/SRC/openSUSE:12.2:Update/.libvirt.2054.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt.2054"
Changes:
--------
New Changes file:
--- /dev/null 2013-10-11 12:16:15.204037506 +0200
+++ /work/SRC/openSUSE:12.2:Update/.libvirt.2054.new/libvirt.changes 2013-10-15 16:48:29.000000000 +0200
@@ -0,0 +1,1606 @@
+-------------------------------------------------------------------
+Wed Oct 2 12:32:18 MDT 2013 - jfehlig@suse.com
+
+- CVE-2013-4311: Add support for using 3-arg pkcheck syntax for
+ process
+ 76c1fd33-virstring-funcs.patch, 979e9c56-polkit-starttime.patch,
+ 922b7fda-CVE-2013-4311.patch
+ bnc#836931
+
+-------------------------------------------------------------------
+Thu Sep 5 12:06:46 MDT 2013 - jfehlig@suse.com
+
+- CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats
+ e7f400a1-CVE-2013-4296.patch
+ bnc#838638
+
+-------------------------------------------------------------------
+Fri Feb 1 09:04:29 MST 2013 - jfehlig@suse.com
+
+- Update to libvirt 0.9.11.9 stable release
+ - Fixes CVE-2013-0170 by including cherry picked master
+ commit 46532e3e, bnc#800976
+
+-------------------------------------------------------------------
+Tue Dec 11 13:50:06 UTC 2012 - bwiedemann@suse.com
+
+- Fix starting lxc VM e.g from OpenStack
+ libvirt-selinux-enodata.patch
+ bnc#793900 and rh#858104
+
+-------------------------------------------------------------------
+Thu Oct 11 16:31:50 MDT 2012 - jfehlig@suse.com
+
+- Update to libvirt 0.9.11.6 stable release
+ - Remove the following patches now upstream in 0.9.11.6 stable
+ 4036aa91-systemd.patch
+ 57349ffc-lxc-ctrl.patch,
+ 6039a2cb-CVE-2012-3445.patch
+ 79ca7e4e-libvirt-guests-service.patch
+ b7ff9e69-CVE-2012-4423.patch
+ revert-d8978c90.patch
+ - Fixes bnc#780956 by including cherry picked master
+ commit f3868259
+
+-------------------------------------------------------------------
+Wed Oct 10 08:12:14 MDT 2012 - jfehlig@suse.com
+
+- Add upstream fixes to libvirt-guests service and init files
+ 79ca7e4e-libvirt-guests-service.patch
+ c18dc28b-libvirt-guests.patch
+ bnc#780966
+
+-------------------------------------------------------------------
+Mon Sep 24 15:08:42 MDT 2012 - jfehlig@suse.com
+
+- security: Fix libvirtd crash possibility
+ CVE-2012-4423
+ b7ff9e69-CVE-2012-4423.patch
+ bnc#780432
+
+-------------------------------------------------------------------
+Wed Aug 1 11:42:58 MDT 2012 - jfehlig@suse.com
+
+- daemon: Fix crash in virTypedParameterArrayClear
+ CVE-2012-3445
+ 6039a2cb-CVE-2012-3445.patch
+ bnc#773955
+
+-------------------------------------------------------------------
+Tue Jul 10 09:17:01 MDT 2012 - jfehlig@suse.com
+
+- libvirtd.service: ensure libvirtd starts after network
+ 4036aa91-systemd.patch
+ bnc#767932
+
+-------------------------------------------------------------------
+Fri Jun 22 16:26:01 MDT 2012 - jfehlig@suse.com
+
+- Add upstream patch to fix ref count of virNetServer object
+ 9c77bf04-fix-virnetserver-refcnt.patch
+
+-------------------------------------------------------------------
+Thu Jun 21 11:56:35 MDT 2012 - jfehlig@suse.com
+
+- Fix libvirtd deadlock on shutdown
+ 0dda594d-libvirtd-shutdown-deadlock.patch
+ bnc#767797
+
+-------------------------------------------------------------------
+Wed Jun 20 23:40:14 MDT 2012 - jfehlig@suse.com
+
+- Fix segfault in libvirt_lxc
+ 57349ffc-lxc-ctrl.patch
+ bnc#767448
+
+-------------------------------------------------------------------
+Wed Jun 20 10:48:35 MDT 2012 - jfehlig@suse.com
+
+- Fix build on i586
+ revert-d8978c90.patch
+
+-------------------------------------------------------------------
+Tue Jun 19 17:48:26 MDT 2012 - jfehlig@suse.com
+
+- Update to libvirt 0.9.11.4 stable release
+
+-------------------------------------------------------------------
+Tue Jun 12 14:18:23 MDT 2012 - jfehlig@suse.com
+
+- VUL-1: Fix hotplug support for usb devices with same vendorID,
+ productID
+ 9914477e-usb-search-funcs.patch
+ 05abd150-usb-improve-hotplug.patch
+ bnc#766559
+
+-------------------------------------------------------------------
+Wed May 30 16:00:38 MDT 2012 - jfehlig@suse.com
+
+- Add capability 'audit_write' to libvirtd apparmor profile
+ update install-apparmor-profiles.patch
+ bnc#764388
+- Update to libvirt 0.9.11.3 stable release
+
+-------------------------------------------------------------------
+Wed Apr 25 12:26:25 MDT 2012 - jfehlig@suse.com
+
+- Copy user in virURIParse
+ 4eb1c256-viruri-user.patch
+ bnc#757766
+
+-------------------------------------------------------------------
+Wed Apr 25 08:27:04 MDT 2012 - jfehlig@suse.com
+
+- yajl is availabile in all supported SUSE products, so always
+ use it when building libvirtd
+
+-------------------------------------------------------------------
+Thu Apr 12 11:19:38 MDT 2012 - jfehlig@suse.com
+
+- Update to libvirt 0.9.11
+ - Add support for the suspend event
+ - Add support for event tray moved of removable disks
+ - qemu: Support numad
+ - cpustats: API, improvements and qemu support
+ - qemu: support type='hostdev' network devices at domain start
+ - Introduce virDomainPMWakeup API
+ - network: support Open vSwitch
+ - snapshot improvements
+
+-------------------------------------------------------------------
+Mon Mar 26 12:59:04 MDT 2012 - jfehlig@suse.com
+
+- Remove unconditional define of 'with_netcontrol'
+
+-------------------------------------------------------------------
+Thu Feb 16 09:59:52 MST 2012 - jfehlig@suse.com
+
+- Add a note in /etc/libvirt/qemu.conf describing administrator
+ vigilance required when enabling a lock manager such as sanlock
+
+-------------------------------------------------------------------
+Thu Feb 16 09:01:58 MST 2012 - jfehlig@suse.com
+
+- Recommend dmidecode if suse_version > 1110. dmidecode is used
+ by virConnectGetSysinfo.
+
+-------------------------------------------------------------------
+Wed Feb 15 22:00:42 MST 2012 - jfehlig@suse.com
+
+- Add upstream patches to fix issues with older PolicyKit
+ c05ec920-polkit0-build.patch
+ fcdfa31f-polkit0-auth.patch
+
+-------------------------------------------------------------------
+Wed Feb 15 11:57:25 MST 2012 - jfehlig@suse.com
+
+- Update to libvirt 0.9.10
+ - Add support for sVirt in the LXC driver
+ - Add new API virDomainBlockRebase
+ - Add api to set and get domain metadata
+ - virDomainGetDiskErrors public API
+ - Add rawio attribute to disk element of domain XML
+ - Introduce virDomainPMSuspendForDuration API
+ - Add virStorageVolResize() API
+ - Add a virt-host-validate command to sanity check HV config
+ - Add new virDomainShutdownFlags API
+ - QEMU guest agent support
+
+-------------------------------------------------------------------
+Wed Feb 8 11:12:28 MST 2012 - jfehlig@suse.com
+
+- Fix libvirtd apparmor profile to work with libxenlight toolstack
+ Updated install-apparmor-profiles.patch
+ bnc#745890
+
+-------------------------------------------------------------------
+Wed Jan 25 14:40:32 MST 2012 - jfehlig@suse.com
++++ 1409 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.libvirt.2054.new/libvirt.changes
New:
----
0dda594d-libvirtd-shutdown-deadlock.patch
76c1fd33-virstring-funcs.patch
922b7fda-CVE-2013-4311.patch
979e9c56-polkit-starttime.patch
9c77bf04-fix-virnetserver-refcnt.patch
AF_PACKET.patch
baselibs.conf
c18dc28b-libvirt-guests.patch
clone.patch
e7f400a1-CVE-2013-4296.patch
install-apparmor-profiles.patch
libvirt-0.9.11.9.tar.bz2
libvirt-selinux-enodata.patch
libvirt-suse-netcontrol.patch
libvirt.changes
libvirt.spec
libvirtd-defaults.patch
libvirtd-relocation-server.fw
libvirtd.init
relax-qemu-usergroup-check.patch
suse-qemu-conf.patch
use-init-script-redhat.patch
xen-name-for-devid.patch
xen-pv-cdrom.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
++++ 1057 lines (skipped)
++++++ 0dda594d-libvirtd-shutdown-deadlock.patch ++++++
commit 0dda594da99aede7621018a3705e7cf4c13b1606
Author: Jim Fehlig
Date: Thu Jun 21 09:21:44 2012 -0600
Fix deadlock on libvirtd shutdown
When shutting down libvirtd, the virNetServer shutdown can deadlock
if there are in-flight jobs being handled by virNetServerHandleJob().
virNetServerFree() will acquire the virNetServer lock and call
virThreadPoolFree() to terminate the workers, waiting for the workers
to finish. But in-flight workers will attempt to acquire the
virNetServer lock, resulting in deadlock.
Fix the deadlock by unlocking the virNetServer lock before calling
virThreadPoolFree(). This is safe since the virNetServerPtr object
is ref-counted and only decrementing the ref count needs to be
protected. Additionally, there is no need to re-acquire the lock
after virThreadPoolFree() completes as all the workers have
terminated.
Index: libvirt-0.9.11.9/src/rpc/virnetserver.c
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetserver.c
+++ libvirt-0.9.11.9/src/rpc/virnetserver.c
@@ -801,10 +801,9 @@ void virNetServerFree(virNetServerPtr sr
virNetServerLock(srv);
VIR_DEBUG("srv=%p refs=%d", srv, srv->refs);
srv->refs--;
- if (srv->refs > 0) {
- virNetServerUnlock(srv);
+ virNetServerUnlock(srv);
+ if (srv->refs > 0)
return;
- }
for (i = 0 ; i < srv->nservices ; i++)
virNetServerServiceToggle(srv->services[i], false);
@@ -845,7 +844,6 @@ void virNetServerFree(virNetServerPtr sr
dbus_connection_unref(srv->sysbus);
#endif
- virNetServerUnlock(srv);
virMutexDestroy(&srv->lock);
VIR_FREE(srv);
}
++++++ 76c1fd33-virstring-funcs.patch ++++++
commit 76c1fd33c8093d6a7173a85486e1e6f51a832135
Author: Daniel P. Berrange
Date: Fri Nov 30 15:21:02 2012 +0000
Introduce APIs for splitting/joining strings
This introduces a few new APIs for dealing with strings.
One to split a char * into a char **, another to join a
char ** into a char *, and finally one to free a char **
There is a simple test suite to validate the edge cases
too. No more need to use the horrible strtok_r() API,
or hand-written code for splitting strings.
Signed-off-by: Daniel P. Berrange
Index: libvirt-0.9.11.9/src/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/src/Makefile.am
+++ libvirt-0.9.11.9/src/Makefile.am
@@ -105,6 +105,7 @@ UTIL_SOURCES = \
util/virnetlink.c util/virnetlink.h \
util/virrandom.h util/virrandom.c \
util/virsocketaddr.h util/virsocketaddr.c \
+ util/virstring.h util/virstring.c \
util/virtime.h util/virtime.c \
util/viruri.h util/viruri.c
Index: libvirt-0.9.11.9/src/libvirt_private.syms
===================================================================
--- libvirt-0.9.11.9.orig/src/libvirt_private.syms
+++ libvirt-0.9.11.9/src/libvirt_private.syms
@@ -1486,6 +1486,12 @@ virSetErrorLogPriorityFunc;
virStrerror;
+# virstring.h
+virStringSplit;
+virStringJoin;
+virStringFreeList;
+
+
# virtime.h
virTimeFieldsNow;
virTimeFieldsNowRaw;
Index: libvirt-0.9.11.9/src/util/virstring.c
===================================================================
--- /dev/null
+++ libvirt-0.9.11.9/src/util/virstring.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * http://www.gnu.org/licenses/.
+ *
+ * Authors:
+ * Daniel P. Berrange
+ */
+
+#include
+
+#include "virstring.h"
+#include "memory.h"
+#include "buf.h"
+#include "virterror_internal.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+/*
+ * The following virStringSplit & virStringJoin methods
+ * are derived from g_strsplit / g_strjoin in glib2,
+ * also available under the LGPLv2+ license terms
+ */
+
+/**
+ * virStringSplit:
+ * @string: a string to split
+ * @delim: a string which specifies the places at which to split
+ * the string. The delimiter is not included in any of the resulting
+ * strings, unless @max_tokens is reached.
+ * @max_tokens: the maximum number of pieces to split @string into.
+ * If this is 0, the string is split completely.
+ *
+ * Splits a string into a maximum of @max_tokens pieces, using the given
+ * @delim. If @max_tokens is reached, the remainder of @string is
+ * appended to the last token.
+ *
+ * As a special case, the result of splitting the empty string "" is an empty
+ * vector, not a vector containing a single string. The reason for this
+ * special case is that being able to represent a empty vector is typically
+ * more useful than consistent handling of empty elements. If you do need
+ * to represent empty elements, you'll need to check for the empty string
+ * before calling virStringSplit().
+ *
+ * Return value: a newly-allocated NULL-terminated array of strings. Use
+ * virStringFreeList() to free it.
+ */
+char **virStringSplit(const char *string,
+ const char *delim,
+ size_t max_tokens)
+{
+ char **tokens = NULL;
+ size_t ntokens = 0;
+ size_t maxtokens = 0;
+ const char *remainder = string;
+ char *tmp;
+ size_t i;
+
+ if (max_tokens == 0)
+ max_tokens = INT_MAX;
+
+ tmp = strstr(remainder, delim);
+ if (tmp) {
+ size_t delimlen = strlen(delim);
+
+ while (--max_tokens && tmp) {
+ size_t len = tmp - remainder;
+
+ if (VIR_RESIZE_N(tokens, maxtokens, ntokens, 1) < 0)
+ goto no_memory;
+
+ if (!(tokens[ntokens] = strndup(remainder, len)))
+ goto no_memory;
+ ntokens++;
+ remainder = tmp + delimlen;
+ tmp = strstr(remainder, delim);
+ }
+ }
+ if (*string) {
+ if (VIR_RESIZE_N(tokens, maxtokens, ntokens, 1) < 0)
+ goto no_memory;
+
+ if (!(tokens[ntokens] = strdup(remainder)))
+ goto no_memory;
+ ntokens++;
+ }
+
+ if (VIR_RESIZE_N(tokens, maxtokens, ntokens, 1) < 0)
+ goto no_memory;
+ tokens[ntokens++] = NULL;
+
+ return tokens;
+
+no_memory:
+ virReportOOMError();
+ for (i = 0 ; i < ntokens ; i++)
+ VIR_FREE(tokens[i]);
+ VIR_FREE(tokens);
+ return NULL;
+}
+
+
+/**
+ * virStringJoin:
+ * @strings: a NULL-terminated array of strings to join
+ * @delim: a string to insert between each of the strings
+ *
+ * Joins a number of strings together to form one long string, with the
+ * @delim inserted between each of them. The returned string
+ * should be freed with VIR_FREE().
+ *
+ * Returns: a newly-allocated string containing all of the strings joined
+ * together, with @delim between them
+ */
+char *virStringJoin(const char **strings,
+ const char *delim)
+{
+ char *ret;
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ while (*strings) {
+ virBufferAdd(&buf, *strings, -1);
+ if (*(strings+1))
+ virBufferAdd(&buf, delim, -1);
+ strings++;
+ }
+ if (virBufferError(&buf)) {
+ virReportOOMError();
+ return NULL;
+ }
+ ret = virBufferContentAndReset(&buf);
+ if (!ret) {
+ if (!(ret = strdup(""))) {
+ virReportOOMError();
+ return NULL;
+ }
+ }
+ return ret;
+}
+
+
+/**
+ * virStringFreeList:
+ * @str_array: a NULL-terminated array of strings to free
+ *
+ * Frees a NULL-terminated array of strings, and the array itself.
+ * If called on a NULL value, virStringFreeList() simply returns.
+ */
+void virStringFreeList(char **strings)
+{
+ char **tmp = strings;
+ while (tmp && *tmp) {
+ VIR_FREE(*tmp);
+ tmp++;
+ }
+ VIR_FREE(strings);
+}
Index: libvirt-0.9.11.9/src/util/virstring.h
===================================================================
--- /dev/null
+++ libvirt-0.9.11.9/src/util/virstring.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2007-2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * http://www.gnu.org/licenses/.
+ *
+ * Authors:
+ * Daniel P. Berrange
+ */
+
+#ifndef __VIR_STRING_H__
+# define __VIR_STRING_H__
+
+# include "internal.h"
+
+char **virStringSplit(const char *string,
+ const char *delim,
+ size_t max_tokens)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+
+char *virStringJoin(const char **strings,
+ const char *delim)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+
+void virStringFreeList(char **strings);
+
+#endif /* __VIR_STRING_H__ */
Index: libvirt-0.9.11.9/tests/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/tests/Makefile.am
+++ libvirt-0.9.11.9/tests/Makefile.am
@@ -99,7 +99,7 @@ test_programs = virshtest sockettest \
virhashtest virnetmessagetest virnetsockettest \
utiltest virnettlscontexttest shunloadtest \
virtimetest viruritest virkeyfiletest \
- virauthconfigtest
+ virauthconfigtest virstringtest
# This is a fake SSH we use from virnetsockettest
ssh_SOURCES = ssh.c
@@ -472,6 +472,11 @@ virtimetest_SOURCES = \
virtimetest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
virtimetest_LDADD = ../src/libvirt-net-rpc.la $(LDADDS)
+virstringtest_SOURCES = \
+ virstringtest.c testutils.h testutils.c
+virstringtest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
+virstringtest_LDADD = $(LDADDS)
+
viruritest_SOURCES = \
viruritest.c testutils.h testutils.c
viruritest_CFLAGS = -Dabs_builddir="\"$(abs_builddir)\"" $(AM_CFLAGS)
Index: libvirt-0.9.11.9/tests/virstringtest.c
===================================================================
--- /dev/null
+++ libvirt-0.9.11.9/tests/virstringtest.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2012 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * http://www.gnu.org/licenses/.
+ *
+ * Author: Daniel P. Berrange
+ */
+
+#include
+
+#include
+
+#include "testutils.h"
+#include "util.h"
+#include "virterror_internal.h"
+#include "memory.h"
+#include "logging.h"
+
+#include "virstring.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+struct testSplitData {
+ const char *string;
+ const char *delim;
+ size_t max_tokens;
+ const char **tokens;
+};
+
+
+struct testJoinData {
+ const char *string;
+ const char *delim;
+ const char **tokens;
+};
+
+static int testSplit(const void *args)
+{
+ const struct testSplitData *data = args;
+ char **got;
+ char **tmp1;
+ const char **tmp2;
+ int ret = -1;
+
+ if (!(got = virStringSplit(data->string, data->delim, data->max_tokens))) {
+ VIR_DEBUG("Got no tokens at all");
+ return -1;
+ }
+
+ tmp1 = got;
+ tmp2 = data->tokens;
+ while (*tmp1 && *tmp2) {
+ if (STRNEQ(*tmp1, *tmp2)) {
+ fprintf(stderr, "Mismatch '%s' vs '%s'\n", *tmp1, *tmp2);
+ goto cleanup;
+ }
+ tmp1++;
+ tmp2++;
+ }
+ if (*tmp1) {
+ fprintf(stderr, "Too many pieces returned\n");
+ goto cleanup;
+ }
+ if (*tmp2) {
+ fprintf(stderr, "Too few pieces returned\n");
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+ virStringFreeList(got);
+
+ return ret;
+}
+
+
+static int testJoin(const void *args)
+{
+ const struct testJoinData *data = args;
+ char *got;
+ int ret = -1;
+
+ if (!(got = virStringJoin(data->tokens, data->delim))) {
+ VIR_DEBUG("Got no result");
+ return -1;
+ }
+ if (STRNEQ(got, data->string)) {
+ fprintf(stderr, "Mismatch '%s' vs '%s'\n", got, data->string);
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+ VIR_FREE(got);
+
+ return ret;
+}
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+
+#define TEST_SPLIT(str, del, max, toks) \
+ do { \
+ struct testSplitData splitData = { \
+ .string = str, \
+ .delim = del, \
+ .max_tokens = max, \
+ .tokens = toks, \
+ }; \
+ struct testJoinData joinData = { \
+ .string = str, \
+ .delim = del, \
+ .tokens = toks, \
+ }; \
+ if (virtTestRun("Split " #str, 1, testSplit, &splitData) < 0) \
+ ret = -1; \
+ if (virtTestRun("Join " #str, 1, testJoin, &joinData) < 0) \
+ ret = -1; \
+ } while (0)
+
+ const char *tokens1[] = { NULL };
+ TEST_SPLIT("", " ", 0, tokens1);
+
+ const char *tokens2[] = { "", "", NULL };
+ TEST_SPLIT(" ", " ", 0, tokens2);
+
+ const char *tokens3[] = { "", "", "", NULL };
+ TEST_SPLIT(" ", " ", 0, tokens3);
+
+ const char *tokens4[] = { "The", "quick", "brown", "fox", NULL };
+ TEST_SPLIT("The quick brown fox", " ", 0, tokens4);
+
+ const char *tokens5[] = { "The quick ", " fox", NULL };
+ TEST_SPLIT("The quick brown fox", "brown", 0, tokens5);
+
+ const char *tokens6[] = { "", "The", "quick", "brown", "fox", NULL };
+ TEST_SPLIT(" The quick brown fox", " ", 0, tokens6);
+
+ const char *tokens7[] = { "The", "quick", "brown", "fox", "", NULL };
+ TEST_SPLIT("The quick brown fox ", " ", 0, tokens7);
+
+
+ return ret==0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+VIRT_TEST_MAIN(mymain)
++++++ 922b7fda-CVE-2013-4311.patch ++++++
commit 77d448e15d73773d5ffe00b62dbdbc0380c4faae
Author: Daniel P. Berrange
Date: Wed Aug 28 15:25:40 2013 +0100
Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.
To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.
This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
Signed-off-by: Colin Walters
Signed-off-by: Daniel P. Berrange
(cherry picked from commit 922b7fda77b094dbf022d625238262ea05335666)
Signed-off-by: Eric Blake
Conflicts:
configure.ac - context
libvirt.spec.in - context of indentation
src/access/viraccessdriverpolkit.c - not present on this branch
Index: libvirt-0.9.11.9/configure.ac
===================================================================
--- libvirt-0.9.11.9.orig/configure.ac
+++ libvirt-0.9.11.9/configure.ac
@@ -1133,6 +1133,14 @@ if test "x$with_polkit" = "xyes" || test
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
if test "x$PKCHECK_PATH" != "x" ; then
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+ AC_MSG_CHECKING([whether pkcheck supports uid value])
+ pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
+ if test "x$pkcheck_supports_uid" = "xtrue"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
+ else
+ AC_MSG_RESULT([no])
+ fi
AC_DEFINE_UNQUOTED([HAVE_POLKIT], 1,
[use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([HAVE_POLKIT1], 1,
Index: libvirt-0.9.11.9/daemon/remote.c
===================================================================
--- libvirt-0.9.11.9.orig/daemon/remote.c
+++ libvirt-0.9.11.9/daemon/remote.c
@@ -2559,10 +2559,12 @@ remoteDispatchAuthPolkit(virNetServerPtr
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
+ bool supportsuid = false;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+ static bool polkitInsecureWarned;
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2584,14 +2586,28 @@ remoteDispatchAuthPolkit(virNetServerPtr
goto authfail;
}
+ if (timestamp == 0) {
+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
+ (long long)callerPid);
+ goto authfail;
+ }
+
VIR_INFO("Checking PID %lld running as %d",
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
- if (timestamp != 0) {
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = true;
+# endif
+ if (supportsuid) {
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+ (long long) callerPid, timestamp, (unsigned long) callerUid);
} else {
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
}
virCommandAddArg(cmd, "--allow-user-interaction");
Index: libvirt-0.9.11.9/libvirt.spec.in
===================================================================
--- libvirt-0.9.11.9.orig/libvirt.spec.in
+++ libvirt-0.9.11.9/libvirt.spec.in
@@ -445,8 +445,7 @@ BuildRequires: cyrus-sasl-devel
%endif
%if %{with_polkit}
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
-# Only need the binary, not -devel
-BuildRequires: polkit >= 0.93
+BuildRequires: polkit-devel >= 0.93
%else
BuildRequires: PolicyKit-devel >= 0.6
%endif
++++++ 979e9c56-polkit-starttime.patch ++++++
commit cd03624eecc7fd4c6552e74ee1305c53a43cac58
Author: Daniel P. Berrange
Date: Thu Apr 25 17:05:00 2013 +0100
Include process start time when doing polkit checks
Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.
It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.
Signed-off-by: Daniel P. Berrange
(cherry picked from commit 979e9c56a7aadf2dcfbddd1abfbad594b78b4468)
Signed-off-by: Eric Blake
Conflicts:
src/libvirt_private.syms - not backported
src/locking/lock_daemon.c - not backported
src/rpc/virnetserverclient.c
src/rpc/virnetsocket.c
src/rpc/virnetsocket.h
src/util/viridentity.h - not backported
src/util/virprocess.c
src/util/virprocess.h
src/util/virstring.c
src/util/virstring.h
Most conflicts were contextual (this patch adds new functions,
but upstream intermediate patches not backported here also added
new features, and the resolution was picking out just the portions
needed by this commit). virnetsocket.c also had slightly
different locking semantics.
Index: libvirt-0.9.11.9/daemon/remote.c
===================================================================
--- libvirt-0.9.11.9.orig/daemon/remote.c
+++ libvirt-0.9.11.9/daemon/remote.c
@@ -2118,6 +2118,7 @@ remoteDispatchAuthList(virNetServerPtr s
uid_t callerUid;
gid_t callerGid;
pid_t callerPid;
+ unsigned long long timestamp;
/* If the client is root then we want to bypass the
* policykit auth to avoid root being denied if
@@ -2125,7 +2126,7 @@ remoteDispatchAuthList(virNetServerPtr s
*/
if (auth == VIR_NET_SERVER_SERVICE_AUTH_POLKIT) {
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
- &callerPid) < 0) {
+ &callerPid, ×tamp) < 0) {
/* Don't do anything on error - it'll be validated at next
* phase of auth anyway */
virResetLastError();
@@ -2553,6 +2554,7 @@ remoteDispatchAuthPolkit(virNetServerPtr
pid_t callerPid = -1;
gid_t callerGid = -1;
uid_t callerUid = -1;
+ unsigned long long timestamp;
const char *action;
int status = -1;
char *ident = NULL;
@@ -2578,7 +2580,7 @@ remoteDispatchAuthPolkit(virNetServerPtr
}
if (virNetServerClientGetUNIXIdentity(client, &callerUid, &callerGid,
- &callerPid) < 0) {
+ &callerPid, ×tamp) < 0) {
goto authfail;
}
@@ -2586,7 +2588,11 @@ remoteDispatchAuthPolkit(virNetServerPtr
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ if (timestamp != 0) {
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+ } else {
+ virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ }
virCommandAddArg(cmd, "--allow-user-interaction");
if (virAsprintf(&ident, "pid:%lld,uid:%d",
Index: libvirt-0.9.11.9/src/rpc/virnetserverclient.c
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetserverclient.c
+++ libvirt-0.9.11.9/src/rpc/virnetserverclient.c
@@ -433,16 +433,20 @@ int virNetServerClientGetFD(virNetServer
}
int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
- uid_t *uid, gid_t *gid, pid_t *pid)
+ uid_t *uid, gid_t *gid, pid_t *pid,
+ unsigned long long *timestamp)
{
int ret = -1;
virNetServerClientLock(client);
if (client->sock)
- ret = virNetSocketGetUNIXIdentity(client->sock, uid, gid, pid);
+ ret = virNetSocketGetUNIXIdentity(client->sock,
+ uid, gid, pid,
+ timestamp);
virNetServerClientUnlock(client);
return ret;
}
+
bool virNetServerClientIsSecure(virNetServerClientPtr client)
{
bool secure = false;
Index: libvirt-0.9.11.9/src/rpc/virnetserverclient.h
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetserverclient.h
+++ libvirt-0.9.11.9/src/rpc/virnetserverclient.h
@@ -71,7 +71,8 @@ int virNetServerClientSetIdentity(virNet
const char *virNetServerClientGetIdentity(virNetServerClientPtr client);
int virNetServerClientGetUNIXIdentity(virNetServerClientPtr client,
- uid_t *uid, gid_t *gid, pid_t *pid);
+ uid_t *uid, gid_t *gid, pid_t *pid,
+ unsigned long long *timestamp);
void virNetServerClientRef(virNetServerClientPtr client);
Index: libvirt-0.9.11.9/src/rpc/virnetsocket.c
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetsocket.c
+++ libvirt-0.9.11.9/src/rpc/virnetsocket.c
@@ -36,6 +36,7 @@
#endif
#include "virnetsocket.h"
+#include "virstring.h"
#include "util.h"
#include "memory.h"
#include "virterror_internal.h"
@@ -189,6 +190,91 @@ error:
return NULL;
}
+#ifdef __linux__
+/*
+ * Port of code from polkitunixprocess.c under terms
+ * of the LGPLv2+
+ */
+static int virProcessGetStartTime(pid_t pid,
+ unsigned long long *timestamp)
+{
+ char *filename = NULL;
+ char *buf = NULL;
+ char *tmp;
+ int ret = -1;
+ int len;
+ char **tokens = NULL;
+
+ if (virAsprintf(&filename, "/proc/%llu/stat",
+ (unsigned long long)pid) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
+ if ((len = virFileReadAll(filename, 1024, &buf)) < 0)
+ goto cleanup;
+
+ /* start time is the token at index 19 after the '(process name)' entry - since only this
+ * field can contain the ')' character, search backwards for this to avoid malicious
+ * processes trying to fool us
+ */
+
+ if (!(tmp = strrchr(buf, ')'))) {
+ virNetError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot find start time in %s"),
+ filename);
+ goto cleanup;
+ }
+ tmp += 2; /* skip ') ' */
+ if ((tmp - buf) >= len) {
+ virNetError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot find start time in %s"),
+ filename);
+ goto cleanup;
+ }
+
+ tokens = virStringSplit(tmp, " ", 0);
+
+ if (virStringListLength(tokens) < 20) {
+ virNetError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot find start time in %s"),
+ filename);
+ goto cleanup;
+ }
+
+ if (virStrToLong_ull(tokens[19],
+ NULL,
+ 10,
+ timestamp) < 0) {
+ virNetError(VIR_ERR_INTERNAL_ERROR,
+ _("Cannot parse start time %s in %s"),
+ tokens[19], filename);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ virStringFreeList(tokens);
+ VIR_FREE(filename);
+ VIR_FREE(buf);
+ return ret;
+}
+#else
+int virProcessGetStartTime(pid_t pid,
+ unsigned long long *timestamp)
+{
+ static bool warned = false;
+ if (warned == false) {
+ VIR_WARN("Process start time of pid %llu not available on this platform",
+ (unsigned long long)pid);
+ warned = true;
+ }
+ *timestamp = 0;
+ return 0;
+}
+#endif
+
int virNetSocketNewListenTCP(const char *nodename,
const char *service,
@@ -834,31 +920,40 @@ int virNetSocketGetPort(virNetSocketPtr
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
uid_t *uid,
gid_t *gid,
- pid_t *pid)
+ pid_t *pid,
+ unsigned long long *timestamp)
{
struct ucred cr;
socklen_t cr_len = sizeof(cr);
+ int ret = -1;
+
virMutexLock(&sock->lock);
if (getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) < 0) {
virReportSystemError(errno, "%s",
_("Failed to get client socket identity"));
- virMutexUnlock(&sock->lock);
- return -1;
+ goto cleanup;
}
+ if (virProcessGetStartTime(cr.pid, timestamp) < 0)
+ goto cleanup;
+
*pid = cr.pid;
*uid = cr.uid;
*gid = cr.gid;
+ ret = 0;
+
+cleanup:
virMutexUnlock(&sock->lock);
- return 0;
+ return ret;
}
#else
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
uid_t *uid ATTRIBUTE_UNUSED,
gid_t *gid ATTRIBUTE_UNUSED,
- pid_t *pid ATTRIBUTE_UNUSED)
+ pid_t *pid ATTRIBUTE_UNUSED,
+ unsigned long long *timestamp ATTRIBUTE_UNUSED)
{
/* XXX Many more OS support UNIX socket credentials we could port to. See dbus ....*/
virReportSystemError(ENOSYS, "%s",
Index: libvirt-0.9.11.9/src/rpc/virnetsocket.h
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetsocket.h
+++ libvirt-0.9.11.9/src/rpc/virnetsocket.h
@@ -89,7 +89,8 @@ int virNetSocketGetPort(virNetSocketPtr
int virNetSocketGetUNIXIdentity(virNetSocketPtr sock,
uid_t *uid,
gid_t *gid,
- pid_t *pid);
+ pid_t *pid,
+ unsigned long long *timestamp);
int virNetSocketSetBlocking(virNetSocketPtr sock,
bool blocking);
Index: libvirt-0.9.11.9/src/util/virstring.c
===================================================================
--- libvirt-0.9.11.9.orig/src/util/virstring.c
+++ libvirt-0.9.11.9/src/util/virstring.c
@@ -166,3 +166,14 @@ void virStringFreeList(char **strings)
}
VIR_FREE(strings);
}
+
+
+size_t virStringListLength(char **strings)
+{
+ size_t i = 0;
+
+ while (strings && strings[i])
+ i++;
+
+ return i;
+}
Index: libvirt-0.9.11.9/src/util/virstring.h
===================================================================
--- libvirt-0.9.11.9.orig/src/util/virstring.h
+++ libvirt-0.9.11.9/src/util/virstring.h
@@ -35,4 +35,6 @@ char *virStringJoin(const char **strings
void virStringFreeList(char **strings);
+size_t virStringListLength(char **strings);
+
#endif /* __VIR_STRING_H__ */
++++++ 9c77bf04-fix-virnetserver-refcnt.patch ++++++
commit 9c77bf04b03ff026bb37212a195070d8983f530d
Author: Hu Tao
Date: Fri Jun 22 11:26:03 2012 +0800
fix a bug of ref count in virnetserver.c
The test of ref count is not protected by lock, which is unsafe because
the ref count may have been changed by other threads during the test.
This patch fixes this.
Index: libvirt-0.9.11.9/src/rpc/virnetserver.c
===================================================================
--- libvirt-0.9.11.9.orig/src/rpc/virnetserver.c
+++ libvirt-0.9.11.9/src/rpc/virnetserver.c
@@ -794,15 +794,16 @@ void virNetServerQuit(virNetServerPtr sr
void virNetServerFree(virNetServerPtr srv)
{
int i;
+ int refs;
if (!srv)
return;
virNetServerLock(srv);
VIR_DEBUG("srv=%p refs=%d", srv, srv->refs);
- srv->refs--;
+ refs = --srv->refs;
virNetServerUnlock(srv);
- if (srv->refs > 0)
+ if (refs > 0)
return;
for (i = 0 ; i < srv->nservices ; i++)
++++++ AF_PACKET.patch ++++++
Index: libvirt-0.9.11.9/src/util/virnetdev.c
===================================================================
--- libvirt-0.9.11.9.orig/src/util/virnetdev.c
+++ libvirt-0.9.11.9/src/util/virnetdev.c
@@ -85,7 +85,7 @@ static int virNetDevSetupControlFull(con
static int virNetDevSetupControl(const char *ifname,
struct ifreq *ifr)
{
- return virNetDevSetupControlFull(ifname, ifr, AF_PACKET, SOCK_DGRAM);
+ return virNetDevSetupControlFull(ifname, ifr, AF_INET, SOCK_STREAM);
}
#endif
Index: libvirt-0.9.11.9/src/util/virnetdevbridge.c
===================================================================
--- libvirt-0.9.11.9.orig/src/util/virnetdevbridge.c
+++ libvirt-0.9.11.9/src/util/virnetdevbridge.c
@@ -84,7 +84,7 @@ static int virNetDevSetupControlFull(con
static int virNetDevSetupControl(const char *ifname,
struct ifreq *ifr)
{
- return virNetDevSetupControlFull(ifname, ifr, AF_PACKET, SOCK_DGRAM);
+ return virNetDevSetupControlFull(ifname, ifr, AF_INET, SOCK_STREAM);
}
#endif
++++++ baselibs.conf ++++++
libvirt-client
requires -libvirt-<targettype>
libvirt-devel
requires -libvirt-<targettype>
++++++ c18dc28b-libvirt-guests.patch ++++++
commit c18dc28b1ff29282ca1effc41c42f9c621fdadd1
Author: Gerd v. Egidy
Date: Tue Aug 21 17:03:40 2012 +0200
output status information during guest shutdown again
Since the move to systemd libvirt-guests doesn't output this progress
information anymore. This patch brings back this feature.
It is helpful to show the admin what the system is waiting for and what
is left of the timeout (e.g. for calibrating the shutdown timing of a ups).
Rewriting the current line with \r doesn't work anymore in the context
of systemd. So always write new lines, but move to 5 second intervals
to avoid flooding the console.
Index: libvirt-0.9.11.9/tools/libvirt-guests.init.sh
===================================================================
--- libvirt-0.9.11.9.orig/tools/libvirt-guests.init.sh
+++ libvirt-0.9.11.9/tools/libvirt-guests.init.sh
@@ -225,22 +225,27 @@ suspend_guest()
name=$(guest_name "$uri" "$guest")
label=$(eval_gettext "Suspending \$name: ")
bypass=
+ slept=0
test "x$BYPASS_CACHE" = x0 || bypass=--bypass-cache
- printf %s "$label"
+ printf '%s...\n' "$label"
run_virsh "$uri" managedsave $bypass "$guest" >/dev/null &
virsh_pid=$!
while true; do
sleep 1
kill -0 "$virsh_pid" >/dev/null 2>&1 || break
- progress=$(run_virsh_c "$uri" domjobinfo "$guest" 2>/dev/null | \
- awk '/^Data processed:/{print $3, $4}')
- if [ -n "$progress" ]; then
- printf '\r%s%12s ' "$label" "$progress"
- else
- printf '\r%s%-12s ' "$label" "..."
+
+ slept=$(($slept + 1))
+ if [ $(($slept % 5)) -eq 0 ]; then
+ progress=$(run_virsh_c "$uri" domjobinfo "$guest" 2>/dev/null | \
+ awk '/^Data processed:/{print $3, $4}')
+ if [ -n "$progress" ]; then
+ printf '%s%s\n' "$label" "$progress"
+ else
+ printf '%s%s\n' "$label" "..."
+ fi
fi
done
- retval wait "$virsh_pid" && printf '\r%s%-12s\n' "$label" "$(gettext "done")"
+ retval wait "$virsh_pid" && printf '%s%s\n' "$label" "$(gettext "done")"
}
# shutdown_guest URI GUEST
@@ -252,30 +257,41 @@ shutdown_guest()
guest=$2
name=$(guest_name "$uri" "$guest")
- label=$(eval_gettext "Shutting down \$name: ")
- printf %s "$label"
+ eval_gettext "Starting shutdown on guest: \$name"
+ echo
retval run_virsh "$uri" shutdown "$guest" >/dev/null || return
timeout=$SHUTDOWN_TIMEOUT
check_timeout=false
if [ $timeout -gt 0 ]; then
check_timeout=true
+ format=$(eval_gettext "Waiting for guest %s to shut down, %d seconds left\n")
+ else
+ slept=0
+ format=$(eval_gettext "Waiting for guest %s to shut down\n")
fi
while ! $check_timeout || [ "$timeout" -gt 0 ]; do
sleep 1
guest_is_on "$uri" "$guest" || return
"$guest_running" || break
+
if $check_timeout; then
- timeout=$((timeout - 1))
- printf '\r%s%-12d ' "$label" "$timeout"
+ if [ $(($timeout % 5)) -eq 0 ]; then
+ printf "$format" "$name" "$timeout"
+ fi
+ timeout=$(($timeout - 1))
+ else
+ slept=$(($slept + 1))
+ if [ $(($slept % 5)) -eq 0 ]; then
+ printf "$format" "$name"
+ fi
fi
done
if guest_is_on "$uri" "$guest"; then
if "$guest_running"; then
- printf '\r%s%-12s\n' "$label" \
- "$(gettext "failed to shutdown in time")"
+ eval_gettext "Shutdown of guest \$name failed to complete in time."
else
- printf '\r%s%-12s\n' "$label" "$(gettext "done")"
+ eval_gettext "Shutdown of guest \$name complete."
fi
fi
}
@@ -356,6 +372,10 @@ shutdown_guests_parallel()
timeout=$SHUTDOWN_TIMEOUT
if [ $timeout -gt 0 ]; then
check_timeout=true
+ format=$(eval_gettext "Waiting for %d guests to shut down, %d seconds left\n")
+ else
+ slept=0
+ format=$(eval_gettext "Waiting for %d guests to shut down\n")
fi
while [ -n "$on_shutdown" ] || [ -n "$guests" ]; do
while [ -n "$guests" ] &&
@@ -368,14 +388,29 @@ shutdown_guests_parallel()
on_shutdown="$on_shutdown $guest"
done
sleep 1
+
+ set -- $guests
+ guestcount=$#
+ set -- $on_shutdown
+ shutdowncount=$#
+
if $check_timeout; then
+ if [ $(($timeout % 5)) -eq 0 ]; then
+ printf "$format" $(($guestcount + $shutdowncount)) "$timeout"
+ fi
timeout=$(($timeout - 1))
if [ $timeout -le 0 ]; then
eval_gettext "Timeout expired while shutting down domains"; echo
RETVAL=1
return
fi
+ else
+ slept=$(($slept + 1))
+ if [ $(($slept % 5)) -eq 0 ]; then
+ printf "$format" $(($guestcount + $shutdowncount))
+ fi
fi
+
on_shutdown_prev=$on_shutdown
on_shutdown=$(check_guests_shutdown "$uri" "$on_shutdown")
print_guests_shutdown "$uri" "$on_shutdown_prev" "$on_shutdown"
Index: libvirt-0.9.11.9/tools/libvirt-guests.service.in
===================================================================
--- libvirt-0.9.11.9.orig/tools/libvirt-guests.service.in
+++ libvirt-0.9.11.9/tools/libvirt-guests.service.in
@@ -10,6 +10,7 @@ ExecStart=/etc/init.d/libvirt-guests sta
ExecStop=/etc/init.d/libvirt-guests stop
Type=oneshot
RemainAfterExit=yes
+StandardOutput=journal+console
[Install]
WantedBy=multi-user.target
++++++ clone.patch ++++++
Index: src/lxc/lxc_container.c
===================================================================
--- src/lxc/lxc_container.c.orig
+++ src/lxc/lxc_container.c
@@ -1455,6 +1455,9 @@ int lxcContainerStart(virDomainDefPtr de
ttyPaths, nttyPaths, handshakefd};
/* allocate a stack for the container */
+#ifdef __ia64__
+ stacksize *= 2;
+#endif
if (VIR_ALLOC_N(stack, stacksize) < 0) {
virReportOOMError();
return -1;
@@ -1474,7 +1477,11 @@ int lxcContainerStart(virDomainDefPtr de
cflags |= CLONE_NEWNET;
}
+#ifdef __ia64__
+ pid = __clone2(lxcContainerChild, stack, stacksize, cflags, &args);
+#else
pid = clone(lxcContainerChild, stacktop, cflags, &args);
+#endif
VIR_FREE(stack);
VIR_DEBUG("clone() completed, new container PID is %d", pid);
@@ -1500,6 +1507,7 @@ int lxcContainerAvailable(int features)
int cpid;
char *childStack;
char *stack;
+ int stacksize = getpagesize() * 4;
if (features & LXC_CONTAINER_FEATURE_USER)
flags |= CLONE_NEWUSER;
@@ -1507,14 +1515,21 @@ int lxcContainerAvailable(int features)
if (features & LXC_CONTAINER_FEATURE_NET)
flags |= CLONE_NEWNET;
- if (VIR_ALLOC_N(stack, getpagesize() * 4) < 0) {
+#ifdef __ia64__
+ stacksize *= 2;
+#endif
+ if (VIR_ALLOC_N(stack, stacksize) < 0) {
VIR_DEBUG("Unable to allocate stack");
return -1;
}
- childStack = stack + (getpagesize() * 4);
+ childStack = stack + stacksize;
+#ifdef __ia64__
+ cpid = __clone2(lxcContainerDummyChild, stack, stacksize, flags, NULL);
+#else
cpid = clone(lxcContainerDummyChild, childStack, flags, NULL);
+#endif
VIR_FREE(stack);
if (cpid < 0) {
char ebuf[1024] ATTRIBUTE_UNUSED;
++++++ e7f400a1-CVE-2013-4296.patch ++++++
commit 9579f4576c066bc20a8dd952b08657b326f71052
Author: Daniel P. Berrange
Date: Tue Sep 3 16:52:06 2013 +0100
Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
The 'stats' variable was not initialized to NULL, so if some
early validation of the RPC call fails, it is possible to jump
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
This is a security flaw, since the API can be called from a
readonly connection which can trigger the validation checks.
This was introduced in release v0.9.1 onwards by
commit 158ba8730e44b7dd07a21ab90499996c5dec080a
Author: Daniel P. Berrange
Date: Wed Apr 13 16:21:35 2011 +0100
Merge all returns paths from dispatcher into single path
Signed-off-by: Daniel P. Berrange
(cherry picked from commit e7f400a110e2e3673b96518170bfea0855dd82c0)
Conflicts:
daemon/remote.c - context
Index: libvirt-0.9.11.9/daemon/remote.c
===================================================================
--- libvirt-0.9.11.9.orig/daemon/remote.c
+++ libvirt-0.9.11.9/daemon/remote.c
@@ -1060,7 +1060,7 @@ remoteDispatchDomainMemoryStats(virNetSe
remote_domain_memory_stats_ret *ret)
{
virDomainPtr dom = NULL;
- struct _virDomainMemoryStat *stats;
+ struct _virDomainMemoryStat *stats = NULL;
int nr_stats, i;
int rv = -1;
struct daemonClientPrivate *priv =
++++++ install-apparmor-profiles.patch ++++++
Index: libvirt-0.9.11.9/examples/apparmor/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/examples/apparmor/Makefile.am
+++ libvirt-0.9.11.9/examples/apparmor/Makefile.am
@@ -1,8 +1,39 @@
## Copyright (C) 2005-2011 Red Hat, Inc.
## See COPYING.LIB for the License of this software
-EXTRA_DIST= \
- TEMPLATE \
- libvirt-qemu \
- usr.lib.libvirt.virt-aa-helper \
- usr.sbin.libvirtd
+EXTRA_DIST= \
+ TEMPLATE \
+ libvirt-qemu \
+ usr.lib.libvirt.virt-aa-helper.in \
+ usr.sbin.libvirtd.in
+
+if WITH_SECDRIVER_APPARMOR
+
+usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+usr.sbin.libvirtd: usr.sbin.libvirtd.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+install-data-local: usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/
+ $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ $(INSTALL_DATA) usr.sbin.libvirtd $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt
+ $(INSTALL_DATA) TEMPLATE $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions
+ $(INSTALL_DATA) libvirt-qemu $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+
+uninstall-local::
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+
+endif
Index: libvirt-0.9.11.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
===================================================================
--- /dev/null
+++ libvirt-0.9.11.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,40 @@
+# Last Modified: Fri Aug 19 11:21:48 2011
+#include
+
+@libdir@/libvirt/virt-aa-helper {
+ #include
+
+ # needed for searching directories
+ capability dac_override,
+ capability dac_read_search,
+
+ # needed for when disk is on a network filesystem
+ network inet,
+
+ deny @{PROC}/[0-9]*/mounts r,
+ @{PROC}/filesystems r,
+
+ # for hostdev
+ /sys/devices/ r,
+ /sys/devices/** r,
+
+ @libdir@/libvirt/virt-aa-helper mr,
+ /sbin/apparmor_parser Ux,
+
+ /etc/apparmor.d/libvirt/* r,
+ /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
+
+ # for backingstore -- allow access to non-hidden files in @{HOME} as well
+ # as storage pools
+ audit deny @{HOME}/.* mrwkl,
+ audit deny @{HOME}/.*/ rw,
+ audit deny @{HOME}/.*/** mrwkl,
+ audit deny @{HOME}/bin/ rw,
+ audit deny @{HOME}/bin/** mrwkl,
+ @{HOME}/ r,
+ @{HOME}/** r,
+ /var/lib/libvirt/images/ r,
+ /var/lib/libvirt/images/** r,
+ /var/lib/kvm/images/ r,
+ /var/lib/kvm/images/** r,
+}
Index: libvirt-0.9.11.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-0.9.11.9.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ /dev/null
@@ -1,38 +0,0 @@
-# Last Modified: Mon Apr 5 15:10:27 2010
-#include
-
-/usr/lib/libvirt/virt-aa-helper {
- #include
-
- # needed for searching directories
- capability dac_override,
- capability dac_read_search,
-
- # needed for when disk is on a network filesystem
- network inet,
-
- deny @{PROC}/[0-9]*/mounts r,
- @{PROC}/filesystems r,
-
- # for hostdev
- /sys/devices/ r,
- /sys/devices/** r,
-
- /usr/lib/libvirt/virt-aa-helper mr,
- /sbin/apparmor_parser Ux,
-
- /etc/apparmor.d/libvirt/* r,
- /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
-
- # for backingstore -- allow access to non-hidden files in @{HOME} as well
- # as storage pools
- audit deny @{HOME}/.* mrwkl,
- audit deny @{HOME}/.*/ rw,
- audit deny @{HOME}/.*/** mrwkl,
- audit deny @{HOME}/bin/ rw,
- audit deny @{HOME}/bin/** mrwkl,
- @{HOME}/ r,
- @{HOME}/** r,
- /var/lib/libvirt/images/ r,
- /var/lib/libvirt/images/** r,
-}
Index: libvirt-0.9.11.9/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-0.9.11.9.orig/examples/apparmor/usr.sbin.libvirtd
+++ /dev/null
@@ -1,52 +0,0 @@
-# Last Modified: Mon Apr 5 15:03:58 2010
-#include
-@{LIBVIRT}="libvirt"
-
-/usr/sbin/libvirtd {
- #include
-
- capability kill,
- capability net_admin,
- capability net_raw,
- capability setgid,
- capability sys_admin,
- capability sys_module,
- capability sys_ptrace,
- capability sys_nice,
- capability sys_chroot,
- capability setuid,
- capability dac_override,
- capability dac_read_search,
- capability fowner,
- capability chown,
- capability setpcap,
- capability mknod,
- capability fsetid,
-
- network inet stream,
- network inet dgram,
- network inet6 stream,
- network inet6 dgram,
-
- # Very lenient profile for libvirtd since we want to first focus on confining
- # the guests. Guests will have a very restricted profile.
- /** rwmkl,
-
- /bin/* Ux,
- /sbin/* Ux,
- /usr/bin/* Ux,
- /usr/sbin/* Ux,
-
- # force the use of virt-aa-helper
- audit deny /sbin/apparmor_parser rwxl,
- audit deny /etc/apparmor.d/libvirt/** wxl,
- audit deny /sys/kernel/security/apparmor/features rwxl,
- audit deny /sys/kernel/security/apparmor/matching rwxl,
- audit deny /sys/kernel/security/apparmor/.* rwxl,
- /sys/kernel/security/apparmor/profiles r,
- /usr/lib/libvirt/* PUxr,
-
- # allow changing to our UUID-based named profiles
- change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
-
-}
Index: libvirt-0.9.11.9/examples/apparmor/usr.sbin.libvirtd.in
===================================================================
--- /dev/null
+++ libvirt-0.9.11.9/examples/apparmor/usr.sbin.libvirtd.in
@@ -0,0 +1,58 @@
+# Last Modified: Fri Aug 19 11:20:36 2011
+#include
+@{LIBVIRT}="libvirt"
+
+/usr/sbin/libvirtd {
+ #include
+
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability sys_admin,
+ capability sys_module,
+ capability sys_ptrace,
+ capability sys_nice,
+ capability sys_chroot,
+ capability setuid,
+ capability dac_override,
+ capability dac_read_search,
+ capability fowner,
+ capability chown,
+ capability setpcap,
+ capability mknod,
+ capability fsetid,
+ capability ipc_lock,
+ capability audit_write,
+
+ network inet stream,
+ network inet dgram,
+ network inet6 stream,
+ network inet6 dgram,
+
+ # Very lenient profile for libvirtd since we want to first focus on confining
+ # the guests. Guests will have a very restricted profile.
+ /** rwmkl,
+
+ /bin/* Ux,
+ /sbin/* Ux,
+ /usr/bin/* Ux,
+ /usr/sbin/* Ux,
+ /usr/lib/xen/bin/qemu-dm Ux,
+ /usr/lib/PolicyKit/polkit-read-auth-helper Px,
+
+ # force the use of virt-aa-helper
+ audit deny /sbin/apparmor_parser rwxl,
+ audit deny /etc/apparmor.d/libvirt/** wxl,
+ audit deny /sys/kernel/security/apparmor/features rwxl,
+ audit deny /sys/kernel/security/apparmor/matching rwxl,
+ audit deny /sys/kernel/security/apparmor/.* rwxl,
+ /sys/kernel/security/apparmor/profiles r,
+ @libdir@/libvirt/* Pxr,
+ @libdir@/libvirt/libvirt_parthelper Ux,
+ @libdir@/libvirt/libvirt_iohelper Ux,
+
+ # allow changing to our UUID-based named profiles
+ change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+
+}
Index: libvirt-0.9.11.9/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-0.9.11.9.orig/examples/apparmor/libvirt-qemu
+++ libvirt-0.9.11.9/examples/apparmor/libvirt-qemu
@@ -52,6 +52,7 @@
# access to firmware's etc
/usr/share/kvm/** r,
/usr/share/qemu/** r,
+ /usr/share/qemu-kvm/** r,
/usr/share/bochs/** r,
/usr/share/openbios/** r,
/usr/share/openhackware/** r,
@@ -65,6 +66,7 @@
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
+ /usr/bin/qemu-kvm rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
++++++ libvirt-selinux-enodata.patch ++++++
LXC: check for the ENODATA error code
For details, see https://bugzilla.redhat.com/show_bug.cgi?id=858104
Index: libvirt-0.9.11.9/src/lxc/lxc_container.c
===================================================================
--- libvirt-0.9.11.9.orig/src/lxc/lxc_container.c
+++ libvirt-0.9.11.9/src/lxc/lxc_container.c
@@ -506,7 +506,7 @@ static int lxcContainerMountBasicFS(cons
if (pivotRoot) {
#if HAVE_SELINUX
if (getfilecon("/", &con) < 0 &&
- errno != ENOTSUP) {
+ errno != ENOTSUP && errno != ENODATA) {
virReportSystemError(errno, "%s",
_("Failed to query file context on /"));
goto cleanup;
Index: libvirt-0.9.11.9/src/lxc/lxc_controller.c
===================================================================
--- libvirt-0.9.11.9.orig/src/lxc/lxc_controller.c
+++ libvirt-0.9.11.9/src/lxc/lxc_controller.c
@@ -1480,7 +1480,7 @@ lxcControllerRun(virDomainDefPtr def,
#if HAVE_SELINUX
if (getfilecon(root->src, &con) < 0 &&
- errno != ENOTSUP) {
+ errno != ENOTSUP && errno != ENODATA) {
virReportSystemError(errno,
_("Failed to query file context on %s"),
root->src);
++++++ libvirt-suse-netcontrol.patch ++++++
Index: libvirt-0.9.11.9/configure.ac
===================================================================
--- libvirt-0.9.11.9.orig/configure.ac
+++ libvirt-0.9.11.9/configure.ac
@@ -63,6 +63,7 @@ AVAHI_REQUIRED="0.6.0"
POLKIT_REQUIRED="0.6"
PARTED_REQUIRED="1.8.0"
NETCF_REQUIRED="0.1.4"
+NETCONTROL_REQUIRED="0.2.0"
UDEV_REQUIRED=145
PCIACCESS_REQUIRED=0.10.0
XMLRPC_REQUIRED=1.14.0
@@ -1782,6 +1783,38 @@ AM_CONDITIONAL([WITH_NETCF], [test "$wit
AC_SUBST([NETCF_CFLAGS])
AC_SUBST([NETCF_LIBS])
+AC_ARG_WITH([netcontrol],
+ AC_HELP_STRING([--with-netcontrol], [SUSE netcontrol support to configure physical host network interfaces @<:@default=check@:>@]),
+ [],
+ [test "$with_netcontrol" = "yes" && with_netcontrol=no || with_netcontrol=check])
+
+NETCONTROL_CFLAGS=
+NETCONTROL_LIBS=
+if test "$with_netcf" = "yes"; then
+ if test "$with_netcontrol" = "yes" || test "$with_netcontrol" = "check"; then
+ AC_MSG_WARN([netcf and netcontrol cannot be used together, disabling netcontrol])
+ with_netcontrol=no
+ fi
+fi
+
+if test "$with_netcontrol" = "yes" || test "$with_netcontrol" = "check"; then
+ PKG_CHECK_MODULES(NETCONTROL, netcontrol >= $NETCONTROL_REQUIRED,
+ [with_netcontrol=yes], [
+ if test "$with_netcontrol" = "check" ; then
+ with_netcontrol=no
+ else
+ AC_MSG_ERROR(
+ [You must install netcontrol >= $NETCONTROL_REQUIRED to compile libvirt])
+ fi
+ ])
+ if test "$with_netcontrol" = "yes" ; then
+ AC_DEFINE_UNQUOTED([WITH_NETCONTROL], 1,
+ [whether libnetcontrol is available to configure physical host network interfaces])
+ fi
+fi
+AM_CONDITIONAL([WITH_NETCONTROL], [test "$with_netcontrol" = "yes"])
+AC_SUBST([NETCONTROL_CFLAGS])
+AC_SUBST([NETCONTROL_LIBS])
AC_ARG_WITH([secrets],
AC_HELP_STRING([--with-secrets], [with local secrets management driver @<:@default=yes@:>@]),[],[with_secrets=yes])
@@ -2727,6 +2760,7 @@ AC_MSG_NOTICE([ Remote: $with_remote])
AC_MSG_NOTICE([ Network: $with_network])
AC_MSG_NOTICE([Libvirtd: $with_libvirtd])
AC_MSG_NOTICE([ netcf: $with_netcf])
+AC_MSG_NOTICE([ netctrl: $with_netcontrol])
AC_MSG_NOTICE([ macvtap: $with_macvtap])
AC_MSG_NOTICE([virtport: $with_virtualport])
AC_MSG_NOTICE([])
@@ -2858,6 +2892,11 @@ AC_MSG_NOTICE([ netcf: $NETCF_CFLAGS $
else
AC_MSG_NOTICE([ netcf: no])
fi
+if test "$with_netcontrol" = "yes" ; then
+AC_MSG_NOTICE([ netctrl: $NETCONTROL_CFLAGS $NETCONTROL_LIBS])
+else
+AC_MSG_NOTICE([ netctrl: no])
+fi
if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then
AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS])
else
Index: libvirt-0.9.11.9/daemon/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/daemon/Makefile.am
+++ libvirt-0.9.11.9/daemon/Makefile.am
@@ -143,6 +143,10 @@ endif
if WITH_NETCF
libvirtd_LDADD += ../src/libvirt_driver_interface.la
+else
+if WITH_NETCONTROL
+ libvirtd_LDADD += ../src/libvirt_driver_interface.la
+endif
endif
if WITH_NODE_DEVICES
Index: libvirt-0.9.11.9/daemon/libvirtd.c
===================================================================
--- libvirt-0.9.11.9.orig/daemon/libvirtd.c
+++ libvirt-0.9.11.9/daemon/libvirtd.c
@@ -76,6 +76,10 @@
# endif
# ifdef WITH_NETCF
# include "interface/netcf_driver.h"
+# else
+# ifdef WITH_NETCONTROL
+# include "interface/netcf_driver.h"
+# endif
# endif
# ifdef WITH_STORAGE_DIR
# include "storage/storage_driver.h"
@@ -415,6 +419,10 @@ static void daemonInitialize(void)
# endif
# ifdef WITH_NETCF
interfaceRegister();
+#else
+# ifdef WITH_NETCONTROL
+ interfaceRegister();
+# endif
# endif
# ifdef WITH_STORAGE_DIR
storageRegister();
Index: libvirt-0.9.11.9/src/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/src/Makefile.am
+++ libvirt-0.9.11.9/src/Makefile.am
@@ -971,6 +971,24 @@ libvirt_driver_interface_la_LIBADD += ..
libvirt_driver_interface_la_LDFLAGS += -module -avoid-version
endif
libvirt_driver_interface_la_SOURCES = $(INTERFACE_DRIVER_SOURCES)
+else
+if WITH_NETCONTROL
+if WITH_DRIVER_MODULES
+mod_LTLIBRARIES += libvirt_driver_interface.la
+else
+noinst_LTLIBRARIES += libvirt_driver_interface.la
+libvirt_la_BUILT_LIBADD += libvirt_driver_interface.la
+endif
+libvirt_driver_interface_la_CFLAGS = $(NETCONTROL_CFLAGS) \
+ -I@top_srcdir@/src/conf $(AM_CFLAGS)
+libvirt_driver_interface_la_LDFLAGS = $(AM_LDFLAGS)
+libvirt_driver_interface_la_LIBADD = $(NETCONTROL_LIBS)
+if WITH_DRIVER_MODULES
+libvirt_driver_interface_la_LIBADD += ../gnulib/lib/libgnu.la
+libvirt_driver_interface_la_LDFLAGS += -module -avoid-version
+endif
+libvirt_driver_interface_la_SOURCES = $(INTERFACE_DRIVER_SOURCES)
+endif
endif
if WITH_SECRETS
Index: libvirt-0.9.11.9/src/interface/netcf_driver.c
===================================================================
--- libvirt-0.9.11.9.orig/src/interface/netcf_driver.c
+++ libvirt-0.9.11.9/src/interface/netcf_driver.c
@@ -23,7 +23,13 @@
#include
+#ifdef WITH_NETCONTROL
+#include
+#include
+#include "logging.h"
+#else
#include
+#endif
#include "virterror_internal.h"
#include "datatypes.h"
@@ -55,6 +61,39 @@ static void interfaceDriverUnlock(struct
virMutexUnlock(&driver->lock);
}
+#ifdef WITH_NETCONTROL
+static void interface_nc_log_driver(const char *category,
+ int priority,
+ const char *func,
+ const char *file ATTRIBUTE_UNUSED,
+ long long line,
+ const char *msg,
+ size_t len ATTRIBUTE_UNUSED)
+{
+ int vp;
+ const char *vc;
+
+ switch(priority) {
+ case NC_LOG_FATAL:
+ case NC_LOG_ERROR:
+ vp = VIR_LOG_ERROR;
+ break;
+ case NC_LOG_WARN:
+ vp = VIR_LOG_WARN;
+ break;
+ case NC_LOG_INFO:
+ vp = VIR_LOG_INFO;
+ break;
+ case NC_LOG_DEBUG:
+ default:
+ vp = VIR_LOG_DEBUG;
+ break;
+ }
+ vc = category ? category : "netcontrol";
+ virLogMessage(vc, vp, func, line, 0, "%s", msg);
+}
+#endif
+
static int netcf_to_vir_err(int netcf_errcode)
{
switch (netcf_errcode)
@@ -140,6 +179,10 @@ static virDrvOpenStatus interfaceOpenInt
goto mutex_error;
}
+#ifdef WITH_NETCONTROL
+ nc_logger_redirect_to(interface_nc_log_driver);
+#endif
+
/* open netcf */
if (ncf_init(&driverState->netcf, NULL) != 0)
{
Index: libvirt-0.9.11.9/tools/virsh.c
===================================================================
--- libvirt-0.9.11.9.orig/tools/virsh.c
+++ libvirt-0.9.11.9/tools/virsh.c
@@ -19835,6 +19835,10 @@ vshShowVersion(vshControl *ctl ATTRIBUTE
#endif
#ifdef WITH_NETCF
vshPrint(ctl, " Interface");
+#else
+# ifdef WITH_NETCONTROL
+ vshPrint(ctl, " NetControl");
+# endif
#endif
#ifdef WITH_NWFILTER
vshPrint(ctl, " Nwfilter");
++++++ libvirtd-defaults.patch ++++++
Index: libvirt-0.9.11.9/daemon/libvirtd.conf
===================================================================
--- libvirt-0.9.11.9.orig/daemon/libvirtd.conf
+++ libvirt-0.9.11.9/daemon/libvirtd.conf
@@ -18,8 +18,8 @@
# It is necessary to setup a CA and issue server certificates before
# using this capability.
#
-# This is enabled by default, uncomment this to disable it
-#listen_tls = 0
+# This is disabled by default, uncomment this to enable it
+#listen_tls = 1
# Listen for unencrypted TCP connections on the public TCP/IP port.
# NB, must pass the --listen flag to the libvirtd process for this to
Index: libvirt-0.9.11.9/daemon/libvirtd.c
===================================================================
--- libvirt-0.9.11.9.orig/daemon/libvirtd.c
+++ libvirt-0.9.11.9/daemon/libvirtd.c
@@ -872,7 +872,7 @@ daemonConfigNew(bool privileged ATTRIBUT
return NULL;
}
- data->listen_tls = 1;
+ data->listen_tls = 0;
data->listen_tcp = 0;
if (!(data->tls_port = strdup(LIBVIRTD_TLS_PORT)))
++++++ libvirtd-relocation-server.fw ++++++
## Name: Libvirtd Relocation Server
## Description: Enables libvirtd plain relocation service
TCP="49152:49215"
++++++ libvirtd.init ++++++
#!/bin/sh
# the following is the LSB init header see
# http://www.linux-foundation.org/spec//booksets/LSB-Core-generic/LSB-Core-gen...
#
### BEGIN INIT INFO
# Provides: libvirtd
# Required-Start: $network $remote_fs
# Should-Start: xend cgconfig
# Default-Start: 3 5
# Required-Stop: $network $remote_fs
# Should-Stop: xend cgconfig
# Default-Stop: 0 1 2 4 6
# Short-Description: daemon for libvirt virtualization API
# Description: This is a daemon for managing QEMU guest instances
# and libvirt virtual networks
# See http://libvirt.org
### END INIT INFO
LIBVIRTD_BIN=/usr/sbin/libvirtd
LIBVIRTD_PIDFILE=/var/run/libvirtd.pid
test -x $LIBVIRTD_BIN || { echo "$LIBVIRD_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
. /etc/rc.status
rc_reset
case "$1" in
start)
if [ -e $LIBVIRTD_PIDFILE ]; then
if checkproc $LIBVIRTD_BIN ; then
echo -n "libvirtd is already running."
rc_status -v
exit
else
echo "Removing stale PID file $LIBVIRTD_PIDFILE."
rm -f $LIBVIRTD_PIDFILE
fi
fi
echo -n "Starting libvirtd "
startproc $LIBVIRTD_BIN -d -l
rc_status -v
;;
stop)
echo -n "Shutting down libvirtd "
killproc -TERM $LIBVIRTD_BIN > /dev/null 2>&1
rm -f $LIBVIRTD_PIDFILE
rc_status -v
;;
try-restart)
$0 status >/dev/null && $0 restart
rc_status
;;
restart)
$0 stop
$0 start
rc_status
;;
reload)
killproc -HUP $LIBVIRTD_BIN
rc_status -v
;;
status)
echo -n "Checking status of libvirtd "
checkproc $LIBVIRTD_BIN
rc_status -v
;;
*)
echo "Usage: $0 {start|stop|restart|try-restart|reload|status}"
rc_failed 2
rc_exit
;;
esac
rc_exit
++++++ relax-qemu-usergroup-check.patch ++++++
Allow qemu driver (and hence libvirtd) to load when qemu
user:group does not exist. The kvm package, which may not
exist on a xen host, creates qemu user:group.
A better (future) solution would be to build the libvirtd
drivers as loadable modules instead of built-in to the
daemon. Then the qemu driver would only be loaded when needed,
which would never be the case on a xen-only configuration.
Index: libvirt-0.9.11.9/src/qemu/qemu_conf.c
===================================================================
--- libvirt-0.9.11.9.orig/src/qemu/qemu_conf.c
+++ libvirt-0.9.11.9/src/qemu/qemu_conf.c
@@ -271,9 +271,7 @@ int qemudLoadDriverConfig(struct qemud_d
return -1;
}
if (virGetUserID(user, &driver->user) < 0) {
- VIR_FREE(user);
- virConfFree(conf);
- return -1;
+ VIR_WARN("User %s does not exist! Continuing...", user);
}
VIR_FREE(user);
@@ -286,9 +284,7 @@ int qemudLoadDriverConfig(struct qemud_d
return -1;
}
if (virGetGroupID(group, &driver->group) < 0) {
- VIR_FREE(group);
- virConfFree(conf);
- return -1;
+ VIR_WARN("Group %s does not exist! Continuing...", group);
}
VIR_FREE(group);
++++++ suse-qemu-conf.patch ++++++
Index: libvirt-0.9.11.9/src/qemu/qemu.conf
===================================================================
--- libvirt-0.9.11.9.orig/src/qemu/qemu.conf
+++ libvirt-0.9.11.9/src/qemu/qemu.conf
@@ -146,7 +146,16 @@
# leaving SELinux enabled for the host in general, then set this
# to 'none' instead.
#
+# SUSE Note:
+# Currently, Apparmor is the default security framework in SUSE
+# distros. If Apparmor is enabled on the host, libvirtd is
+# generously confined but users must opt-in to confine qemu
+# instances. Change this to 'apparmor' to enable Apparmor
+# confinement of qemu instances.
+#
#security_driver = "selinux"
+# security_driver = "apparmor"
+security_driver = "none"
# If set to non-zero, then the default security labeling
# will make guests confined. If set to zero, then guests
@@ -319,6 +328,15 @@
#allow_disk_format_probing = 1
+# SUSE note:
+# Many lock managers, sanlock included, will kill the resources
+# they protect when terminated. E.g. the sanlock daemon will kill
+# any virtual machines for which it holds disk leases when the
+# daemon is stopped or restarted. Administrators must be vigilant
+# when enabling a lock manager since simply updating the manager
+# may cause it to be restarted, potentially killing the resources
+# it protects.
+#
# To enable 'Sanlock' project based locking of the file
# content (to prevent two VMs writing to the same
# disk), uncomment this
++++++ use-init-script-redhat.patch ++++++
Index: libvirt-0.9.11.9/tools/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/tools/Makefile.am
+++ libvirt-0.9.11.9/tools/Makefile.am
@@ -182,24 +182,22 @@ install-data-local: install-init install
uninstall-local: uninstall-init uninstall-systemd
install-sysconfig:
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
+ $(MKDIR_P) $(DESTDIR)$(localstatedir)/adm/fillup-templates
$(INSTALL_DATA) $(srcdir)/libvirt-guests.sysconf \
- $(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
+ $(DESTDIR)$(localstatedir)/adm/fillup-templates/sysconfig.libvirt-guests
uninstall-sysconfig:
- rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
- rmdir $(DESTDIR)$(sysconfdir)/sysconfig ||:
+ rm -f $(DESTDIR)$(localstatedir)/adm/fillup-templates/sysconfig.libvirt-guests
EXTRA_DIST += libvirt-guests.init.sh
install-initscript: libvirt-guests.init
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init.d
$(INSTALL_SCRIPT) libvirt-guests.init \
- $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirt-guests
+ $(DESTDIR)$(sysconfdir)/init.d/libvirt-guests
uninstall-initscript:
- rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirt-guests
- rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d ||:
+ rm -f $(DESTDIR)$(sysconfdir)/init.d/libvirt-guests
if LIBVIRT_INIT_SCRIPT_RED_HAT
Index: libvirt-0.9.11.9/tools/libvirt-guests.sysconf
===================================================================
--- libvirt-0.9.11.9.orig/tools/libvirt-guests.sysconf
+++ libvirt-0.9.11.9/tools/libvirt-guests.sysconf
@@ -1,19 +1,29 @@
+## Path: System/Virtualization/libvirt
+
+## Type: string
+## Default: default
# URIs to check for running guests
# example: URIS='default xen:/// vbox+tcp://host/system lxc:///'
-#URIS=default
+URIS=default
+## Type: string
+## Default: start
# action taken on host boot
# - start all guests which were running on shutdown are started on boot
# regardless on their autostart settings
# - ignore libvirt-guests init script won't start any guest on boot, however,
# guests marked as autostart will still be automatically started by
# libvirtd
-#ON_BOOT=start
+ON_BOOT=start
+## Type: integer
+## Default: 0
# Number of seconds to wait between each guest start. Set to 0 to allow
# parallel startup.
-#START_DELAY=0
+START_DELAY=0
+## Type: string
+## Default: suspend
# action taken on host shutdown
# - suspend all running guests are suspended using virsh managedsave
# - shutdown all running guests are asked to shutdown. Please be careful with
@@ -22,20 +32,26 @@
# which just needs a long time to shutdown. When setting
# ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a
# value suitable for your guests.
-#ON_SHUTDOWN=suspend
+ON_SHUTDOWN=suspend
+## Type: integer
+## Default: 0
# If set to non-zero, shutdown will suspend guests concurrently. Number of
# guests on shutdown at any time will not exceed number set in this variable.
-#PARALLEL_SHUTDOWN=0
+PARALLEL_SHUTDOWN=0
+## Type: integer
+## Default: 300
# Number of seconds we're willing to wait for a guest to shut down. If parallel
# shutdown is enabled, this timeout applies as a timeout for shutting down all
# guests on a single URI defined in the variable URIS. If this is 0, then there
# is no time out (use with caution, as guests might not respond to a shutdown
# request). The default value is 300 seconds (5 minutes).
-#SHUTDOWN_TIMEOUT=300
+SHUTDOWN_TIMEOUT=300
+## Type: integer
+## Default: 0
# If non-zero, try to bypass the file system cache when saving and
# restoring guests, even though this may give slower operation for
# some file systems.
-#BYPASS_CACHE=0
+BYPASS_CACHE=0
Index: libvirt-0.9.11.9/tools/libvirt-guests.init.sh
===================================================================
--- libvirt-0.9.11.9.orig/tools/libvirt-guests.init.sh
+++ libvirt-0.9.11.9/tools/libvirt-guests.init.sh
@@ -4,10 +4,10 @@
#
### BEGIN INIT INFO
# Provides: libvirt-guests
-# Required-Start: libvirtd
-# Required-Stop: libvirtd
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
+# Required-Start: $network $remote_fs libvirtd
+# Required-Stop: $network $remote_fs libvirtd
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
# Short-Description: suspend/resume libvirt guests on shutdown/boot
# Description: This is a script for suspending active libvirt guests
# on shutdown and resuming them on next boot
@@ -24,14 +24,13 @@
# See http://libvirt.org
#
+. /etc/rc.status
+rc_reset
+
sysconfdir="@sysconfdir@"
localstatedir="@localstatedir@"
libvirtd="@sbindir@"/libvirtd
-# Source function library.
-test ! -r "$sysconfdir"/rc.d/init.d/functions ||
- . "$sysconfdir"/rc.d/init.d/functions
-
# Source gettext library.
# Make sure this file is recognized as having translations: _("dummy")
. "@bindir@"/gettext.sh
@@ -52,15 +51,13 @@ test -f "$sysconfdir"/sysconfig/libvirt-
LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests
VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests
-RETVAL=0
-
# retval COMMAND ARGUMENTS...
# run command with arguments and convert non-zero return value to 1 and set
# the global return variable
retval() {
"$@"
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
else
return 0
@@ -89,6 +86,25 @@ run_virsh_c() {
( export LC_ALL=C; run_virsh "$@" )
}
+await_daemon_up()
+{
+ uri=$1
+ i=1
+ rets=10
+ run_virsh $uri list > /dev/null 2>&1
+ while [ $? -ne 0 -a $i -lt $rets ]; do
+ sleep 1
+ echo -n .
+ i=$(($i + 1))
+ run_virsh $uri list > /dev/null 2>&1
+ done
+ if [ $i -eq $rets ]; then
+ echo $"libvirt-guests unable to connect to URI: $uri"
+ return 1
+ fi
+ return 0
+}
+
# test_connect URI
# check if URI is reachable
test_connect()
@@ -115,7 +131,7 @@ list_guests() {
list=$(run_virsh_c "$uri" list --uuid $persistent)
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -141,7 +157,7 @@ guest_is_on() {
guest_running=false
id=$(run_virsh "$uri" domid "$uuid")
if [ $? -ne 0 ]; then
- RETVAL=1
+ rc_failed 1
return 1
fi
@@ -189,6 +205,12 @@ start() {
test_connect "$uri" || continue
+ await_daemon_up $uri
+ if [ $? -ne 0 ]; then
+ echo $"Ignoring guests on $uri URI, can't connect"
+ continue
+ fi
+
eval_gettext "Resuming guests on \$uri URI..."; echo
for guest in $list; do
name=$(guest_name "$uri" "$guest")
@@ -401,7 +423,7 @@ shutdown_guests_parallel()
timeout=$(($timeout - 1))
if [ $timeout -le 0 ]; then
eval_gettext "Timeout expired while shutting down domains"; echo
- RETVAL=1
+ rc_failed 1
return
fi
else
@@ -429,7 +451,7 @@ stop() {
if [ $SHUTDOWN_TIMEOUT -lt 0 ]; then
gettext "SHUTDOWN_TIMEOUT must be equal or greater than 0"
echo
- RETVAL=6
+ rc_failed 6
return
fi
fi
@@ -477,14 +499,14 @@ stop() {
if [ $? -ne 0 ]; then
eval_gettext "Failed to list persistent guests on \$uri"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
else
gettext "Failed to list transient guests"
echo
- RETVAL=1
+ rc_failed 1
set +f
return
fi
@@ -543,14 +565,13 @@ gueststatus() {
rh_status() {
if [ -f "$LISTFILE" ]; then
gettext "stopped, with saved guests"; echo
- RETVAL=3
+ rc_failed 3
else
if [ -f "$VAR_SUBSYS_LIBVIRT_GUESTS" ]; then
gettext "started"; echo
else
gettext "stopped, with no saved guests"; echo
fi
- RETVAL=0
fi
}
@@ -594,4 +615,4 @@ case "$1" in
usage
;;
esac
-exit $RETVAL
+rc_exit
Index: libvirt-0.9.11.9/daemon/Makefile.am
===================================================================
--- libvirt-0.9.11.9.orig/daemon/Makefile.am
+++ libvirt-0.9.11.9/daemon/Makefile.am
@@ -249,22 +249,16 @@ uninstall-logrotate:
rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || :
install-sysconfig:
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
+ $(MKDIR_P) $(DESTDIR)$(localstatedir)/adm/fillup-templates
$(INSTALL_DATA) $(srcdir)/libvirtd.sysconf \
- $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
+ $(DESTDIR)$(localstatedir)/adm/fillup-templates/sysconfig.libvirtd
+
uninstall-sysconfig:
- rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirtd
- rmdir $(DESTDIR)$(sysconfdir)/sysconfig || :
+ rm -f $(DESTDIR)$(localstatedir)/adm/fillup-templates/sysconfig.libvirtd
if WITH_SYSCTL
install-sysctl:
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysctl.d
- $(INSTALL_DATA) $(srcdir)/libvirtd.sysctl \
- $(DESTDIR)$(sysconfdir)/sysctl.d/libvirtd
-
uninstall-sysctl:
- rm -f $(DESTDIR)$(sysconfdir)/sysctl.d/libvirtd
- rmdir $(DESTDIR)$(sysconfdir)/sysctl.d || :
else
install-sysctl:
uninstall-sysctl:
@@ -275,13 +269,7 @@ if LIBVIRT_INIT_SCRIPT_RED_HAT
BUILT_SOURCES += libvirtd.init
install-init-redhat: install-sysconfig libvirtd.init
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
- $(INSTALL_SCRIPT) libvirtd.init \
- $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
-
uninstall-init-redhat: uninstall-sysconfig
- rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/libvirtd
- rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
else
install-init-redhat:
uninstall-init-redhat:
Index: libvirt-0.9.11.9/daemon/libvirtd.sysconf
===================================================================
--- libvirt-0.9.11.9.orig/daemon/libvirtd.sysconf
+++ libvirt-0.9.11.9/daemon/libvirtd.sysconf
@@ -1,16 +1,25 @@
+## Path: System/Virtualization/libvirt
+
+## Type: string
+## Default: /etc/libvirt/libvirtd.conf
# Override the default config file
# NOTE: This setting is no longer honoured if using
# systemd. Set '--config /etc/libvirt/libvirtd.conf'
# in LIBVIRTD_ARGS instead.
-#LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
+LIBVIRTD_CONFIG=/etc/libvirt/libvirtd.conf
-# Listen for TCP/IP connections
-# NB. must setup TLS/SSL keys prior to using this
-#LIBVIRTD_ARGS="--listen"
+## Type: string
+## Default: --listen
+# Arguments to pass to libvirtd
+LIBVIRTD_ARGS="--listen"
+## Type: string
+## Default: none
# Override Kerberos service keytab for SASL/GSSAPI
#KRB5_KTNAME=/etc/libvirt/krb5.tab
+## Type: string
+## Default: none
# Override the QEMU/SDL default audio driver probing when
# starting virtual machines using SDL graphics
#
++++++ xen-name-for-devid.patch ++++++
commit 7906a668fa8d5c21cc729db8a13b08e3dd1d241f
Author: Jim Fehlig
Date: Wed Jan 27 16:11:41 2010 -0700
Do not search xenstore for disk device IDs
Disk devices can be referenced by name in Xen, e.g. when modifying
their configuration or remvoving them. As such, don't search
xenstore for a device ID corresponding to the disk device. Instead,
search the disks contained in the domain definition and use the
disk's target name if found.
This approach allows removing a disk when domain is inactive. We
obviously can't search xenstore when the domain is inactive.
Index: libvirt-0.9.11.9/src/xen/xend_internal.c
===================================================================
--- libvirt-0.9.11.9.orig/src/xen/xend_internal.c
+++ libvirt-0.9.11.9/src/xen/xend_internal.c
@@ -60,6 +60,7 @@
static int
virDomainXMLDevID(virDomainPtr domain,
+ virDomainDefPtr domDef,
virDomainDeviceDefPtr dev,
char *class,
char *ref,
@@ -2757,7 +2758,7 @@ xenDaemonAttachDeviceFlags(virDomainPtr
sexpr = virBufferContentAndReset(&buf);
- if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) {
+ if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref))) {
/* device doesn't exist, define it */
ret = xend_op(domain->conn, domain->name, "op", "device_create",
"config", sexpr, NULL);
@@ -2878,7 +2879,7 @@ xenDaemonUpdateDeviceFlags(virDomainPtr
sexpr = virBufferContentAndReset(&buf);
- if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref))) {
+ if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref))) {
virXendError(VIR_ERR_OPERATION_INVALID, "%s",
_("requested device does not exist"));
goto cleanup;
@@ -2973,7 +2974,7 @@ xenDaemonDetachDeviceFlags(virDomainPtr
def, xml, VIR_DOMAIN_XML_INACTIVE)))
goto cleanup;
- if (virDomainXMLDevID(domain, dev, class, ref, sizeof(ref)))
+ if (virDomainXMLDevID(domain, def, dev, class, ref, sizeof(ref)))
goto cleanup;
if (dev->type == VIR_DOMAIN_DEVICE_HOSTDEV) {
@@ -3919,6 +3920,7 @@ struct xenUnifiedDriver xenDaemonDriver
*/
static int
virDomainXMLDevID(virDomainPtr domain,
+ virDomainDefPtr domDef,
virDomainDeviceDefPtr dev,
char *class,
char *ref,
@@ -3927,8 +3929,12 @@ virDomainXMLDevID(virDomainPtr domain,
xenUnifiedPrivatePtr priv = domain->conn->privateData;
char *xref;
char *tmp;
+ unsigned int i;
+ virDomainDiskDefPtr disk;
if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
+ if (dev->data.disk->dst == NULL)
+ return -1;
if (dev->data.disk->driverName &&
STREQ(dev->data.disk->driverName, "tap"))
strcpy(class, "tap");
@@ -3938,19 +3944,21 @@ virDomainXMLDevID(virDomainPtr domain,
else
strcpy(class, "vbd");
- if (dev->data.disk->dst == NULL)
- return -1;
- xenUnifiedLock(priv);
- xref = xenStoreDomainGetDiskID(domain->conn, domain->id,
- dev->data.disk->dst);
- xenUnifiedUnlock(priv);
- if (xref == NULL)
- return -1;
-
- tmp = virStrcpy(ref, xref, ref_len);
- VIR_FREE(xref);
- if (tmp == NULL)
- return -1;
+ /* For disks, the device name can be used directly.
+ * If disk device exists in domain definintion,
+ * copy it to ref and return success.
+ */
+ for (i = 0; i < domDef->ndisks; i++) {
+ disk = domDef->disks[i];
+ if (STREQ(dev->data.disk->dst, disk->dst)) {
+ tmp = virStrcpy(ref, disk->dst, ref_len);
+ if (tmp == NULL)
+ return -1;
+ else
+ return 0;
+ }
+ }
+ return -1;
} else if (dev->type == VIR_DOMAIN_DEVICE_NET) {
char mac[30];
virDomainNetDefPtr def = dev->data.net;
++++++ xen-pv-cdrom.patch ++++++
Index: libvirt-0.9.11.9/src/xenxs/xen_sxpr.c
===================================================================
--- libvirt-0.9.11.9.orig/src/xenxs/xen_sxpr.c
+++ libvirt-0.9.11.9/src/xenxs/xen_sxpr.c
@@ -340,7 +340,7 @@ error:
static int
xenParseSxprDisks(virDomainDefPtr def,
const struct sexpr *root,
- int hvm,
+ int hvm ATTRIBUTE_UNUSED,
int xendConfigVersion)
{
const struct sexpr *cur, *node;
@@ -391,7 +391,6 @@ xenParseSxprDisks(virDomainDefPtr def,
/* There is a case without the uname to the CD-ROM device */
offset = strchr(dst, ':');
if (!offset ||
- !hvm ||
STRNEQ(offset, ":cdrom")) {
XENXS_ERROR(VIR_ERR_INTERNAL_ERROR,
"%s", _("domain information incomplete, vbd has no src"));
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org