Temporary patch (not upstream) to disable sVirt.

2012-09-16 13:20:53 +01:00 · 2012-09-16 13:20:53 +01:00 · a11c35cb78
commit a11c35cb78
parent 366f5c0d4f
2 changed files with 66 additions and 0 deletions
--- a/0001-Revert-launch-libvirt-Enable-sVirt.patch
+++ b/0001-Revert-launch-libvirt-Enable-sVirt.patch
@ -0,0 +1,59 @@
 From 3479b9b37f95ec37e1203d3c7bce15df7c2a20e8 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Sun, 16 Sep 2012 13:16:59 +0100
 Subject: [PATCH] Revert "launch: libvirt: Enable sVirt."
 This reverts commit 6575ac4c61cc41a2e3c662b58fd0e0cee2b6a2e3.
 ---
 src/launch-libvirt.c |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
 index c4ca817..9b082a4 100644
 --- a/src/launch-libvirt.c
 +++ b/src/launch-libvirt.c
@@ -418,6 +418,7 @@ launch_libvirt (guestfs_h *g, const char *libvirt_uri)
 static int construct_libvirt_xml_name (guestfs_h *g, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_cpu (guestfs_h *g, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo, const char *kernel, const char *initrd, size_t appliance_index);
 +static int construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo);
 static int construct_libvirt_xml_devices (guestfs_h *g, xmlTextWriterPtr xo, const char *appliance, size_t appliance_index, const char *guestfsd_sock, const char *console_sock);
 static int construct_libvirt_xml_qemu_cmdline (guestfs_h *g, xmlTextWriterPtr xo);
@@ -481,6 +482,8 @@ construct_libvirt_xml (guestfs_h *g, const char *capabilities_xml,
     goto err;
   if (construct_libvirt_xml_boot (g, xo, kernel, initrd, appliance_index) == -1)
     goto err;
 +  if (construct_libvirt_xml_seclabel (g, xo) == -1)
 +    goto err;
   if (construct_libvirt_xml_lifecycle (g, xo) == -1)
     goto err;
   if (construct_libvirt_xml_devices (g, xo, appliance, appliance_index,
@@ -635,6 +638,24 @@ construct_libvirt_xml_boot (guestfs_h *g, xmlTextWriterPtr xo,
   return -1;
 }
 +static int
 +construct_libvirt_xml_seclabel (guestfs_h *g, xmlTextWriterPtr xo)
 +{
 +  XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel"));
 +  /* XXX This disables SELinux/sVirt confinement.  Remove this
 +   * once we've worked out how to label guestfsd_sock.
 +   */
 +  XMLERROR (-1,
 +            xmlTextWriterWriteAttribute (xo, BAD_CAST "type",
 +                                         BAD_CAST "none"));
 +  XMLERROR (-1, xmlTextWriterEndElement (xo));
 +
 +  return 0;
 +
 + err:
 +  return -1;
 +}
 +
 /* qemu -no-reboot */
 static int
 construct_libvirt_xml_lifecycle (guestfs_h *g, xmlTextWriterPtr xo)
 -- 
 1.7.10.4
--- a/libguestfs.spec
+++ b/libguestfs.spec
@ -43,6 +43,12 @@ Patch2:        libguestfs-1.19.2-remove-udev-from-packagelist.patch
 # on i386 only.  This works around a bug in 32-bit qemu (RHBZ#857026).
 Patch3:        0001-i386-Add-noapic-flag-to-work-around-a-qemu-or-kernel.patch
 # Temporary patch (not upstream) to disable sVirt.  Before we can
 # enable sVirt we must fix libvirt (at a minimum: RHBZ#853393, but
 # also RHBZ#857659 would be good) and SELinux policy (required:
 # RHBZ#857453; nice to have: RHBZ#856634).
 Patch4:        0001-Revert-launch-libvirt-Enable-sVirt.patch
 %if 0%{?rhel} >= 7
 ExclusiveArch: x86_64
 %endif
@ -688,6 +694,7 @@ autoreconf -i
 %endif
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 mkdir -p daemon/m4