Rebased to version 1.0.5.1
Follow updated packaging guidelines for user alloc (bz #924501) CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
This commit is contained in:
parent
45c1cabef6
commit
660e0112c6
@ -1,34 +0,0 @@
|
||||
From a2214c5257d3bd7b086ce04aca1648e8ff05ee96 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <a2214c5257d3bd7b086ce04aca1648e8ff05ee96.1368567003.git.crobinso@redhat.com>
|
||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
||||
Date: Fri, 10 May 2013 14:45:05 +0100
|
||||
Subject: [PATCH] Fix iohelper usage with streams opened for read
|
||||
|
||||
In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
|
||||
flag when opening files in the stream code. Unfortunately a later
|
||||
piece of code was comparing the flags == O_RDONLY, without masking
|
||||
out the non-access mode flags. This broke the iohelper when used
|
||||
with streams for read, since it caused us to attach the stream
|
||||
output pipe to the stream input FD instead of output FD :-(
|
||||
|
||||
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||||
---
|
||||
src/fdstream.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/fdstream.c b/src/fdstream.c
|
||||
index 6f8ce53..a9a4851 100644
|
||||
--- a/src/fdstream.c
|
||||
+++ b/src/fdstream.c
|
||||
@@ -641,7 +641,7 @@ virFDStreamOpenFileInternal(virStreamPtr st,
|
||||
virCommandTransferFD(cmd, fd);
|
||||
virCommandAddArgFormat(cmd, "%d", fd);
|
||||
|
||||
- if (oflags == O_RDONLY) {
|
||||
+ if ((oflags & O_ACCMODE) == O_RDONLY) {
|
||||
childfd = fds[1];
|
||||
fd = fds[0];
|
||||
virCommandSetOutputFD(cmd, &childfd);
|
||||
--
|
||||
1.8.2.1
|
||||
|
@ -1,447 +0,0 @@
|
||||
diff -ur libvirt-1.0.5.old/src/network/bridge_driver.c libvirt-1.0.5/src/network/bridge_driver.c
|
||||
--- libvirt-1.0.5.old/src/network/bridge_driver.c 2013-05-02 03:18:51.000000000 +0100
|
||||
+++ libvirt-1.0.5/src/network/bridge_driver.c 2013-05-03 14:20:03.666753641 +0100
|
||||
@@ -1,4 +1,3 @@
|
||||
-
|
||||
/*
|
||||
* bridge_driver.c: core driver methods for managing network
|
||||
*
|
||||
@@ -67,12 +66,6 @@
|
||||
#include "virdbus.h"
|
||||
#include "virfile.h"
|
||||
|
||||
-#define NETWORK_PID_DIR LOCALSTATEDIR "/run/libvirt/network"
|
||||
-#define NETWORK_STATE_DIR LOCALSTATEDIR "/lib/libvirt/network"
|
||||
-
|
||||
-#define DNSMASQ_STATE_DIR LOCALSTATEDIR "/lib/libvirt/dnsmasq"
|
||||
-#define RADVD_STATE_DIR LOCALSTATEDIR "/lib/libvirt/radvd"
|
||||
-
|
||||
#define VIR_FROM_THIS VIR_FROM_NETWORK
|
||||
|
||||
/* Main driver state */
|
||||
@@ -84,7 +77,10 @@
|
||||
iptablesContext *iptables;
|
||||
char *networkConfigDir;
|
||||
char *networkAutostartDir;
|
||||
- char *logDir;
|
||||
+ char *stateDir;
|
||||
+ char *pidDir;
|
||||
+ char *dnsmasqStateDir;
|
||||
+ char *radvdStateDir;
|
||||
dnsmasqCapsPtr dnsmasqCaps;
|
||||
};
|
||||
|
||||
@@ -133,8 +129,8 @@
|
||||
{
|
||||
char *leasefile;
|
||||
|
||||
- ignore_value(virAsprintf(&leasefile, DNSMASQ_STATE_DIR "/%s.leases",
|
||||
- netname));
|
||||
+ ignore_value(virAsprintf(&leasefile, "%s/%s.leases",
|
||||
+ driverState->dnsmasqStateDir, netname));
|
||||
return leasefile;
|
||||
}
|
||||
|
||||
@@ -146,8 +142,8 @@
|
||||
{
|
||||
char *conffile;
|
||||
|
||||
- ignore_value(virAsprintf(&conffile, DNSMASQ_STATE_DIR "/%s.conf",
|
||||
- netname));
|
||||
+ ignore_value(virAsprintf(&conffile, "%s/%s.conf",
|
||||
+ driverState->dnsmasqStateDir, netname));
|
||||
return conffile;
|
||||
}
|
||||
|
||||
@@ -166,8 +162,8 @@
|
||||
{
|
||||
char *configfile;
|
||||
|
||||
- ignore_value(virAsprintf(&configfile, RADVD_STATE_DIR "/%s-radvd.conf",
|
||||
- netname));
|
||||
+ ignore_value(virAsprintf(&configfile, "%s/%s-radvd.conf",
|
||||
+ driverState->radvdStateDir, netname));
|
||||
return configfile;
|
||||
}
|
||||
|
||||
@@ -187,8 +183,10 @@
|
||||
int ret = -1;
|
||||
|
||||
/* remove the (possibly) existing dnsmasq and radvd files */
|
||||
- if (!(dctx = dnsmasqContextNew(def->name, DNSMASQ_STATE_DIR)))
|
||||
+ if (!(dctx = dnsmasqContextNew(def->name,
|
||||
+ driverState->dnsmasqStateDir))) {
|
||||
goto cleanup;
|
||||
+ }
|
||||
|
||||
if (!(leasefile = networkDnsmasqLeaseFileName(def->name)))
|
||||
goto cleanup;
|
||||
@@ -202,7 +200,8 @@
|
||||
if (!(configfile = networkDnsmasqConfigFileName(def->name)))
|
||||
goto no_memory;
|
||||
|
||||
- if (!(statusfile = virNetworkConfigFile(NETWORK_STATE_DIR, def->name)))
|
||||
+ if (!(statusfile
|
||||
+ = virNetworkConfigFile(driverState->stateDir, def->name)))
|
||||
goto no_memory;
|
||||
|
||||
/* dnsmasq */
|
||||
@@ -212,7 +211,7 @@
|
||||
|
||||
/* radvd */
|
||||
unlink(radvdconfigfile);
|
||||
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
|
||||
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
|
||||
|
||||
/* remove status file */
|
||||
unlink(statusfile);
|
||||
@@ -279,7 +278,7 @@
|
||||
if (obj->def->ips && (obj->def->nips > 0)) {
|
||||
char *radvdpidbase;
|
||||
|
||||
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, obj->def->name,
|
||||
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, obj->def->name,
|
||||
&obj->dnsmasqPid,
|
||||
dnsmasqCapsGetBinaryPath(driver->dnsmasqCaps)));
|
||||
|
||||
@@ -287,7 +286,7 @@
|
||||
virReportOOMError();
|
||||
goto cleanup;
|
||||
}
|
||||
- ignore_value(virPidFileReadIfAlive(NETWORK_PID_DIR, radvdpidbase,
|
||||
+ ignore_value(virPidFileReadIfAlive(driverState->pidDir, radvdpidbase,
|
||||
&obj->radvdPid, RADVD));
|
||||
VIR_FREE(radvdpidbase);
|
||||
}
|
||||
@@ -359,7 +358,9 @@
|
||||
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
|
||||
void *opaque ATTRIBUTE_UNUSED)
|
||||
{
|
||||
- char *base = NULL;
|
||||
+ int ret = -1;
|
||||
+ char *configdir = NULL;
|
||||
+ char *rundir = NULL;
|
||||
#ifdef HAVE_FIREWALLD
|
||||
DBusConnection *sysbus = NULL;
|
||||
#endif
|
||||
@@ -373,46 +374,53 @@
|
||||
}
|
||||
networkDriverLock(driverState);
|
||||
|
||||
+ /* Configuration paths one of
|
||||
+ * ~/.libvirt/... (old style session/unprivileged)
|
||||
+ * ~/.config/libvirt/... (new XDG session/unprivileged)
|
||||
+ * /etc/libvirt/... && /var/(run|lib)/libvirt/... (system/privileged).
|
||||
+ *
|
||||
+ * NB: The qemu driver puts its domain state in /var/run, and I
|
||||
+ * think the network driver should have used /var/run too (instead
|
||||
+ * of /var/lib), but it's been this way for a long time, and we
|
||||
+ * probably should change it now.
|
||||
+ */
|
||||
if (privileged) {
|
||||
- if (virAsprintf(&driverState->logDir,
|
||||
- "%s/log/libvirt/qemu", LOCALSTATEDIR) == -1)
|
||||
- goto out_of_memory;
|
||||
-
|
||||
- if ((base = strdup(SYSCONFDIR "/libvirt")) == NULL)
|
||||
+ if (!(driverState->networkConfigDir
|
||||
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks")) ||
|
||||
+ !(driverState->networkAutostartDir
|
||||
+ = strdup(SYSCONFDIR "/libvirt/qemu/networks/autostart")) ||
|
||||
+ !(driverState->stateDir
|
||||
+ = strdup(LOCALSTATEDIR "/lib/libvirt/network")) ||
|
||||
+ !(driverState->pidDir
|
||||
+ = strdup(LOCALSTATEDIR "/run/libvirt/network")) ||
|
||||
+ !(driverState->dnsmasqStateDir
|
||||
+ = strdup(LOCALSTATEDIR "/lib/libvirt/dnsmasq")) ||
|
||||
+ !(driverState->radvdStateDir
|
||||
+ = strdup(LOCALSTATEDIR "/lib/libvirt/radvd"))) {
|
||||
goto out_of_memory;
|
||||
+ }
|
||||
} else {
|
||||
- char *userdir = virGetUserCacheDirectory();
|
||||
-
|
||||
- if (!userdir)
|
||||
+ configdir = virGetUserConfigDirectory();
|
||||
+ rundir = virGetUserRuntimeDirectory();
|
||||
+ if (!(configdir && rundir))
|
||||
goto error;
|
||||
|
||||
- if (virAsprintf(&driverState->logDir,
|
||||
- "%s/qemu/log", userdir) == -1) {
|
||||
- VIR_FREE(userdir);
|
||||
+ if ((virAsprintf(&driverState->networkConfigDir,
|
||||
+ "%s/qemu/networks", configdir) < 0) ||
|
||||
+ (virAsprintf(&driverState->networkAutostartDir,
|
||||
+ "%s/qemu/networks/autostart", configdir) < 0) ||
|
||||
+ (virAsprintf(&driverState->stateDir,
|
||||
+ "%s/network/lib", rundir) < 0) ||
|
||||
+ (virAsprintf(&driverState->pidDir,
|
||||
+ "%s/network/run", rundir) < 0) ||
|
||||
+ (virAsprintf(&driverState->dnsmasqStateDir,
|
||||
+ "%s/dnsmasq/lib", rundir) < 0) ||
|
||||
+ (virAsprintf(&driverState->radvdStateDir,
|
||||
+ "%s/radvd/lib", rundir) < 0)) {
|
||||
goto out_of_memory;
|
||||
}
|
||||
- VIR_FREE(userdir);
|
||||
-
|
||||
- userdir = virGetUserConfigDirectory();
|
||||
- if (virAsprintf(&base, "%s", userdir) == -1) {
|
||||
- VIR_FREE(userdir);
|
||||
- goto out_of_memory;
|
||||
- }
|
||||
- VIR_FREE(userdir);
|
||||
}
|
||||
|
||||
- /* Configuration paths are either ~/.libvirt/qemu/... (session) or
|
||||
- * /etc/libvirt/qemu/... (system).
|
||||
- */
|
||||
- if (virAsprintf(&driverState->networkConfigDir, "%s/qemu/networks", base) == -1)
|
||||
- goto out_of_memory;
|
||||
-
|
||||
- if (virAsprintf(&driverState->networkAutostartDir, "%s/qemu/networks/autostart",
|
||||
- base) == -1)
|
||||
- goto out_of_memory;
|
||||
-
|
||||
- VIR_FREE(base);
|
||||
-
|
||||
if (!(driverState->iptables = iptablesContextNew())) {
|
||||
goto out_of_memory;
|
||||
}
|
||||
@@ -421,7 +429,7 @@
|
||||
driverState->dnsmasqCaps = dnsmasqCapsNewFromBinary(DNSMASQ);
|
||||
|
||||
if (virNetworkLoadAllState(&driverState->networks,
|
||||
- NETWORK_STATE_DIR) < 0)
|
||||
+ driverState->stateDir) < 0)
|
||||
goto error;
|
||||
|
||||
if (virNetworkLoadAllConfigs(&driverState->networks,
|
||||
@@ -462,18 +470,19 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
- return 0;
|
||||
+ ret = 0;
|
||||
+cleanup:
|
||||
+ VIR_FREE(configdir);
|
||||
+ VIR_FREE(rundir);
|
||||
+ return ret;
|
||||
|
||||
out_of_memory:
|
||||
virReportOOMError();
|
||||
-
|
||||
error:
|
||||
if (driverState)
|
||||
networkDriverUnlock(driverState);
|
||||
-
|
||||
- VIR_FREE(base);
|
||||
networkStateCleanup();
|
||||
- return -1;
|
||||
+ goto cleanup;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -489,7 +498,7 @@
|
||||
|
||||
networkDriverLock(driverState);
|
||||
virNetworkLoadAllState(&driverState->networks,
|
||||
- NETWORK_STATE_DIR);
|
||||
+ driverState->stateDir);
|
||||
virNetworkLoadAllConfigs(&driverState->networks,
|
||||
driverState->networkConfigDir,
|
||||
driverState->networkAutostartDir);
|
||||
@@ -516,9 +525,12 @@
|
||||
/* free inactive networks */
|
||||
virNetworkObjListFree(&driverState->networks);
|
||||
|
||||
- VIR_FREE(driverState->logDir);
|
||||
VIR_FREE(driverState->networkConfigDir);
|
||||
VIR_FREE(driverState->networkAutostartDir);
|
||||
+ VIR_FREE(driverState->stateDir);
|
||||
+ VIR_FREE(driverState->pidDir);
|
||||
+ VIR_FREE(driverState->dnsmasqStateDir);
|
||||
+ VIR_FREE(driverState->radvdStateDir);
|
||||
|
||||
if (driverState->iptables)
|
||||
iptablesContextFree(driverState->iptables);
|
||||
@@ -1060,32 +1072,33 @@
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
|
||||
+ if (virFileMakePath(driverState->pidDir) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("cannot create directory %s"),
|
||||
- NETWORK_PID_DIR);
|
||||
+ driverState->pidDir);
|
||||
goto cleanup;
|
||||
}
|
||||
- if (virFileMakePath(NETWORK_STATE_DIR) < 0) {
|
||||
+ if (virFileMakePath(driverState->stateDir) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("cannot create directory %s"),
|
||||
- NETWORK_STATE_DIR);
|
||||
+ driverState->stateDir);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, network->def->name))) {
|
||||
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir,
|
||||
+ network->def->name))) {
|
||||
virReportOOMError();
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (virFileMakePath(DNSMASQ_STATE_DIR) < 0) {
|
||||
+ if (virFileMakePath(driverState->dnsmasqStateDir) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("cannot create directory %s"),
|
||||
- DNSMASQ_STATE_DIR);
|
||||
+ driverState->dnsmasqStateDir);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR);
|
||||
+ dctx = dnsmasqContextNew(network->def->name, driverState->dnsmasqStateDir);
|
||||
if (dctx == NULL)
|
||||
goto cleanup;
|
||||
|
||||
@@ -1113,7 +1126,7 @@
|
||||
* pid
|
||||
*/
|
||||
|
||||
- ret = virPidFileRead(NETWORK_PID_DIR, network->def->name,
|
||||
+ ret = virPidFileRead(driverState->pidDir, network->def->name,
|
||||
&network->dnsmasqPid);
|
||||
if (ret < 0)
|
||||
goto cleanup;
|
||||
@@ -1150,8 +1163,10 @@
|
||||
return networkStartDhcpDaemon(driver, network);
|
||||
|
||||
VIR_INFO("Refreshing dnsmasq for network %s", network->def->bridge);
|
||||
- if (!(dctx = dnsmasqContextNew(network->def->name, DNSMASQ_STATE_DIR)))
|
||||
+ if (!(dctx = dnsmasqContextNew(network->def->name,
|
||||
+ driverState->dnsmasqStateDir))) {
|
||||
goto cleanup;
|
||||
+ }
|
||||
|
||||
/* Look for first IPv4 address that has dhcp defined.
|
||||
* We only support dhcp-host config on one IPv4 subnetwork
|
||||
@@ -1375,16 +1390,16 @@
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (virFileMakePath(NETWORK_PID_DIR) < 0) {
|
||||
+ if (virFileMakePath(driverState->pidDir) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("cannot create directory %s"),
|
||||
- NETWORK_PID_DIR);
|
||||
+ driverState->pidDir);
|
||||
goto cleanup;
|
||||
}
|
||||
- if (virFileMakePath(RADVD_STATE_DIR) < 0) {
|
||||
+ if (virFileMakePath(driverState->radvdStateDir) < 0) {
|
||||
virReportSystemError(errno,
|
||||
_("cannot create directory %s"),
|
||||
- RADVD_STATE_DIR);
|
||||
+ driverState->radvdStateDir);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -1393,7 +1408,7 @@
|
||||
virReportOOMError();
|
||||
goto cleanup;
|
||||
}
|
||||
- if (!(pidfile = virPidFileBuildPath(NETWORK_PID_DIR, radvdpidbase))) {
|
||||
+ if (!(pidfile = virPidFileBuildPath(driverState->pidDir, radvdpidbase))) {
|
||||
virReportOOMError();
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -1421,7 +1436,7 @@
|
||||
if (virCommandRun(cmd, NULL) < 0)
|
||||
goto cleanup;
|
||||
|
||||
- if (virPidFileRead(NETWORK_PID_DIR, radvdpidbase, &network->radvdPid) < 0)
|
||||
+ if (virPidFileRead(driverState->pidDir, radvdpidbase, &network->radvdPid) < 0)
|
||||
goto cleanup;
|
||||
|
||||
ret = 0;
|
||||
@@ -1448,7 +1463,7 @@
|
||||
network->def->name) >= 0) &&
|
||||
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
|
||||
!= NULL)) {
|
||||
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
|
||||
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
|
||||
VIR_FREE(radvdpidbase);
|
||||
}
|
||||
network->radvdPid = -1;
|
||||
@@ -1488,7 +1503,7 @@
|
||||
network->def->name) >= 0) &&
|
||||
((radvdpidbase = networkRadvdPidfileBasename(network->def->name))
|
||||
!= NULL)) {
|
||||
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
|
||||
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
|
||||
VIR_FREE(radvdpidbase);
|
||||
}
|
||||
network->radvdPid = -1;
|
||||
@@ -2572,7 +2587,7 @@
|
||||
if (!(radvdpidbase = networkRadvdPidfileBasename(network->def->name))) {
|
||||
virReportOOMError();
|
||||
} else {
|
||||
- virPidFileDelete(NETWORK_PID_DIR, radvdpidbase);
|
||||
+ virPidFileDelete(driverState->pidDir, radvdpidbase);
|
||||
VIR_FREE(radvdpidbase);
|
||||
}
|
||||
}
|
||||
@@ -2673,7 +2688,8 @@
|
||||
/* Persist the live configuration now that anything autogenerated
|
||||
* is setup.
|
||||
*/
|
||||
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0) {
|
||||
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
|
||||
+ network)) < 0) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
@@ -2703,7 +2719,8 @@
|
||||
if (!virNetworkObjIsActive(network))
|
||||
return 0;
|
||||
|
||||
- stateFile = virNetworkConfigFile(NETWORK_STATE_DIR, network->def->name);
|
||||
+ stateFile = virNetworkConfigFile(driverState->stateDir,
|
||||
+ network->def->name);
|
||||
if (!stateFile)
|
||||
return -1;
|
||||
|
||||
@@ -3368,8 +3385,10 @@
|
||||
}
|
||||
|
||||
/* save current network state to disk */
|
||||
- if ((ret = virNetworkSaveStatus(NETWORK_STATE_DIR, network)) < 0)
|
||||
+ if ((ret = virNetworkSaveStatus(driverState->stateDir,
|
||||
+ network)) < 0) {
|
||||
goto cleanup;
|
||||
+ }
|
||||
}
|
||||
ret = 0;
|
||||
cleanup:
|
||||
@@ -4702,7 +4721,7 @@
|
||||
/* update sum of 'floor'-s of attached NICs */
|
||||
net->floor_sum += ifaceBand->in->floor;
|
||||
/* update status file */
|
||||
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
|
||||
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
|
||||
ignore_value(virBitmapClearBit(net->class_id, class_id));
|
||||
net->floor_sum -= ifaceBand->in->floor;
|
||||
iface->data.network.actual->class_id = 0;
|
||||
@@ -4748,7 +4767,7 @@
|
||||
ignore_value(virBitmapClearBit(net->class_id,
|
||||
iface->data.network.actual->class_id));
|
||||
/* update status file */
|
||||
- if (virNetworkSaveStatus(NETWORK_STATE_DIR, net) < 0) {
|
||||
+ if (virNetworkSaveStatus(driverState->stateDir, net) < 0) {
|
||||
net->floor_sum += ifaceBand->in->floor;
|
||||
ignore_value(virBitmapSetBit(net->class_id,
|
||||
iface->data.network.actual->class_id));
|
39
libvirt.spec
39
libvirt.spec
@ -340,8 +340,8 @@
|
||||
|
||||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 1.0.5
|
||||
Release: 3%{?dist}%{?extra_release}
|
||||
Version: 1.0.5.1
|
||||
Release: 1%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
@ -352,10 +352,6 @@ URL: http://libvirt.org/
|
||||
%endif
|
||||
Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
|
||||
|
||||
Patch1: libvirt-1.0.5-fix-network-driver-startup-qemu-session.patch
|
||||
# Fix stream operations like screenshot (bz #960879)
|
||||
Patch0002: 0002-Fix-iohelper-usage-with-streams-opened-for-read.patch
|
||||
|
||||
%if %{with_libvirtd}
|
||||
Requires: libvirt-daemon = %{version}-%{release}
|
||||
%if %{with_network}
|
||||
@ -722,6 +718,8 @@ Requires: numad
|
||||
%endif
|
||||
# libvirtd depends on 'messagebus' service
|
||||
Requires: dbus
|
||||
# For uid creation during pre
|
||||
Requires(pre): shadow-utils
|
||||
|
||||
%description daemon
|
||||
Server side daemon required to manage the virtualization capabilities
|
||||
@ -1085,9 +1083,6 @@ of recent versions of Linux (and other OSes).
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
# Fix stream operations like screenshot (bz #960879)
|
||||
%patch0002 -p1
|
||||
|
||||
%build
|
||||
%if ! %{with_xen}
|
||||
@ -1451,14 +1446,19 @@ make check
|
||||
%if %{with_libvirtd}
|
||||
%pre daemon
|
||||
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
|
||||
# Normally 'setup' adds this in /etc/passwd, but this is
|
||||
# here for case of upgrades from earlier Fedora/RHEL. This
|
||||
# UID/GID pair is reserved for qemu:qemu
|
||||
getent group kvm >/dev/null || groupadd -g 36 -r kvm
|
||||
getent group qemu >/dev/null || groupadd -g 107 -r qemu
|
||||
getent passwd qemu >/dev/null || \
|
||||
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
|
||||
-c "qemu user" qemu
|
||||
# We want soft static allocation of well-known ids, as disk images
|
||||
# are commonly shared across NFS mounts by id rather than name; see
|
||||
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
|
||||
getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
|
||||
getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
|
||||
if ! getent passwd qemu >/dev/null; then
|
||||
if ! getent passwd 107 >/dev/null; then
|
||||
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
|
||||
else
|
||||
useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
%endif
|
||||
|
||||
%post daemon
|
||||
@ -2005,6 +2005,11 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sun May 19 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5.1-1
|
||||
- Rebased to version 1.0.5.1
|
||||
- Follow updated packaging guidelines for user alloc (bz #924501)
|
||||
- CVE-2013-1962 Open files DoS (bz #963789, bz #953107)
|
||||
|
||||
* Tue May 14 2013 Cole Robinson <crobinso@redhat.com> - 1.0.5-3
|
||||
- Fix stream operations like screenshot (bz #960879)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user