Sync with v1.1.2-maint

Rebuild for libswan soname bump (bz #1009701)
CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
CVE-2013-4297: Invalid free in NBDDeviceAssociate (bz #1006505, bz #1006511)
Fix virsh block-commit abort (bz #1010056)
This commit is contained in:
Cole Robinson 2013-09-23 14:35:01 -04:00
parent 40d99010e1
commit adeaf839fd
21 changed files with 1228 additions and 42 deletions

View File

@ -1,7 +1,7 @@
From cc80f2dc06d46cb32a5cd6d12c6c47ddf64e72b6 Mon Sep 17 00:00:00 2001 From 0f30e63c7d763278204f99e10ba47b08457f1d41 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Mon, 2 Sep 2013 11:23:59 +0100 Date: Mon, 2 Sep 2013 11:23:59 +0100
Subject: [PATCH 1/8] qemu: Set QEMU_AUDIO_DRV=none with -nographic Subject: [PATCH] qemu: Set QEMU_AUDIO_DRV=none with -nographic
On my machine, a guest fails to boot if it has a sound card, but not On my machine, a guest fails to boot if it has a sound card, but not
graphical device/display is configured, because pulseaudio fails to graphical device/display is configured, because pulseaudio fails to
@ -3568,6 +3568,3 @@ index 29cf9c3..26038a0 100644
/usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor \ /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor \
unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \ unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -hda \
/dev/HostVG/QEMUGuest1 -net none -serial none -parallel none /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none
--
1.8.3.1

View File

@ -1,8 +1,7 @@
From 79c38961565eb2d352f101cbd6806314894614cb Mon Sep 17 00:00:00 2001 From 1bab38008dbfb16329e73b419fd9871e6f15990c Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:30 -0400 Date: Fri, 30 Aug 2013 12:41:30 -0400
Subject: [PATCH 2/8] domain_conf: Add default memballoon in PostParse Subject: [PATCH] domain_conf: Add default memballoon in PostParse callbacks
callbacks
This should be a no-op change for now. This should be a no-op change for now.
--- ---
@ -76,6 +75,3 @@ index cb64de6..6cb4f4f 100644
return 0; return 0;
} }
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 5ed47b89c6cb59c9ec5169bcc99a67e9a75fb2af Mon Sep 17 00:00:00 2001 From d85bc1315cc00800ed6d4a1baeda9a91c34e52c4 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:31 -0400 Date: Fri, 30 Aug 2013 12:41:31 -0400
Subject: [PATCH 3/8] qemu: Don't add default memballoon device on ARM Subject: [PATCH] qemu: Don't add default memballoon device on ARM
And add test cases for a basic working ARM guest. And add test cases for a basic working ARM guest.
--- ---
@ -189,6 +189,3 @@ index fac83b2..92433ef 100644
if (virTestGetDebug()) { if (virTestGetDebug()) {
char *caps_str; char *caps_str;
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 20f2f4c07d8e8d4373094473114ae16909fe4005 Mon Sep 17 00:00:00 2001 From c72361536b151a2b9bd839bd528671bafbd5dee2 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:32 -0400 Date: Fri, 30 Aug 2013 12:41:32 -0400
Subject: [PATCH 4/8] qemu: Fix specifying char devs for ARM Subject: [PATCH] qemu: Fix specifying char devs for ARM
QEMU ARM boards don't give us any way to explicitly wire in QEMU ARM boards don't give us any way to explicitly wire in
a -chardev, so use the old style -serial options. a -chardev, so use the old style -serial options.
@ -154,6 +154,3 @@ index dfe8142..abe0060 100644
if ((logfd = qemuDomainOpenLog(driver, vm, pos)) < 0) if ((logfd = qemuDomainOpenLog(driver, vm, pos)) < 0)
return -1; return -1;
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 5772cbdfb807842685d05665f285745ca79acc89 Mon Sep 17 00:00:00 2001 From c8e47add2fe77905523f6112ceb6b844337f6d3f Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:33 -0400 Date: Fri, 30 Aug 2013 12:41:33 -0400
Subject: [PATCH 5/8] qemu: Don't try to allocate PCI addresses for ARM Subject: [PATCH] qemu: Don't try to allocate PCI addresses for ARM
--- ---
src/qemu/qemu_command.c | 16 ++++++++++++++-- src/qemu/qemu_command.c | 16 ++++++++++++++--
@ -41,6 +41,3 @@ index a8e532c..87345c7 100644
} }
if (obj && obj->privateData) { if (obj && obj->privateData) {
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 019eccdb20e824aabb12da3699664ba2625ef4b4 Mon Sep 17 00:00:00 2001 From e534a73a71655d45a0b0af98b4b9b9176d701fb3 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:34 -0400 Date: Fri, 30 Aug 2013 12:41:34 -0400
Subject: [PATCH 6/8] domain_conf: Add disk bus=sd, wire it up for qemu Subject: [PATCH] domain_conf: Add disk bus=sd, wire it up for qemu
This corresponds to '-sd' and '-drive if=sd' on the qemu command line. This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
Needed for many ARM boards which don't provide any other way to Needed for many ARM boards which don't provide any other way to
@ -144,6 +144,3 @@ index 87345c7..6733709 100644
ignore_value(VIR_STRDUP(def->dst, "sda")); ignore_value(VIR_STRDUP(def->dst, "sda"));
} else if (def->bus == VIR_DOMAIN_DISK_BUS_VIRTIO) { } else if (def->bus == VIR_DOMAIN_DISK_BUS_VIRTIO) {
ignore_value(VIR_STRDUP(def->dst, "vda")); ignore_value(VIR_STRDUP(def->dst, "vda"));
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 7a73b81f1021c76d02fe54f927cd033fe949590f Mon Sep 17 00:00:00 2001 From b09ab6961b8dd60691839f0b1a5f259925819425 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:35 -0400 Date: Fri, 30 Aug 2013 12:41:35 -0400
Subject: [PATCH 7/8] qemu: Fix networking for ARM guests Subject: [PATCH] qemu: Fix networking for ARM guests
Similar to the chardev bit, ARM boards depend on the old style '-net nic' Similar to the chardev bit, ARM boards depend on the old style '-net nic'
for actually instantiating net devices. But we can't block out for actually instantiating net devices. But we can't block out
@ -204,6 +204,3 @@ index cb6106f..6ecabbf 100644
virObjectUnref(driver.config); virObjectUnref(driver.config);
virObjectUnref(driver.caps); virObjectUnref(driver.caps);
--
1.8.3.1

View File

@ -1,7 +1,7 @@
From 1ec41110747764f89f522e9e010326944da8d96d Mon Sep 17 00:00:00 2001 From cddd76962c2a0fcbb8c80240d234b7d0d657324d Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com> From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 30 Aug 2013 12:41:36 -0400 Date: Fri, 30 Aug 2013 12:41:36 -0400
Subject: [PATCH 8/8] qemu: Support virtio-mmio transport for virtio on ARM Subject: [PATCH] qemu: Support virtio-mmio transport for virtio on ARM
Starting with qemu 1.6, the qemu-system-arm vexpress-a9 model has a Starting with qemu 1.6, the qemu-system-arm vexpress-a9 model has a
hardcoded virtio-mmio transport which enables attaching all virtio hardcoded virtio-mmio transport which enables attaching all virtio
@ -446,6 +446,3 @@ index 6ecabbf..ae8cc3b 100644
virObjectUnref(driver.config); virObjectUnref(driver.config);
virObjectUnref(driver.caps); virObjectUnref(driver.caps);
--
1.8.3.1

View File

@ -0,0 +1,26 @@
From 580025d7a58ee4c07312d33aa78186dbe7e0d9ee Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 3 Sep 2013 18:56:06 +0200
Subject: [PATCH] virFileNBDDeviceAssociate: Avoid use of uninitialized
variable
The @qemunbd variable can be used uninitialized.
(cherry picked from commit 2dba0323ff0cec31bdcea9dd3b2428af297401f2)
---
src/util/virfile.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 2b07ac9..7af0843 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -732,7 +732,7 @@ int virFileNBDDeviceAssociate(const char *file,
char **dev)
{
char *nbddev;
- char *qemunbd;
+ char *qemunbd = NULL;
virCommandPtr cmd = NULL;
int ret = -1;
const char *fmtstr = NULL;

View File

@ -0,0 +1,23 @@
From a0ed55a9ab7c90723490363febabd27fa59877c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Sun, 1 Sep 2013 09:53:03 +0200
Subject: [PATCH] Fix AM_LDFLAGS typo (cherry picked from commit
fe502de3bcdd76a0d256206111945ca7e4f4388a)
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 636bcbc..19dfb81 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1455,7 +1455,7 @@ libvirt_driver_nwfilter_la_CFLAGS = \
-I$(top_srcdir)/src/access \
-I$(top_srcdir)/src/conf \
$(AM_CFLAGS)
-libvirt_driver_nwfilter_la_LDFLAGS = $(LD_AMFLAGS)
+libvirt_driver_nwfilter_la_LDFLAGS = $(AM_LDFLAGS)
libvirt_driver_nwfilter_la_LIBADD = $(LIBPCAP_LIBS) $(LIBNL_LIBS) $(DBUS_LIBS)
if WITH_DRIVER_MODULES
libvirt_driver_nwfilter_la_LIBADD += ../gnulib/lib/libgnu.la

View File

@ -0,0 +1,88 @@
From bd4e7f927fcc2edcba29e441973389ad845d648c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Sun, 1 Sep 2013 08:50:58 +0200
Subject: [PATCH] Pass AM_LDFLAGS to driver modules too
This gives us a RO got, otherwise Debian's lintian complains:
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
W: libvirt-sanlock: hardening-no-relro usr/lib/libvirt/lock-driver/sanlock.so
(cherry picked from commit f1f0e53b0814aab3c093f1219da95c0f836cdf4a)
---
src/Makefile.am | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 19dfb81..097682c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1000,7 +1000,7 @@ libvirt_driver_xen_la_LIBADD = libvirt_driver_xen_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_xen.la
libvirt_driver_xen_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_xen_la_LDFLAGS = -module -avoid-version
+libvirt_driver_xen_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_xen.la
# Stateful, so linked to daemon instead
@@ -1050,7 +1050,7 @@ libvirt_driver_vbox_la_LIBADD = libvirt_driver_vbox_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_vbox.la
libvirt_driver_vbox_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_vbox_la_LDFLAGS = -module -avoid-version
+libvirt_driver_vbox_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_vbox.la
# GPLv2-only license requries that it be linked into
@@ -1083,7 +1083,7 @@ libvirt_driver_libxl_la_LIBADD = libvirt_driver_libxl_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_libxl.la
libvirt_driver_libxl_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_libxl_la_LDFLAGS = -module -avoid-version
+libvirt_driver_libxl_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_libxl.la
# Stateful, so linked to daemon instead
@@ -1108,7 +1108,7 @@ libvirt_driver_qemu_la_LIBADD = libvirt_driver_qemu_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_qemu.la
libvirt_driver_qemu_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_qemu_la_LDFLAGS = -module -avoid-version
+libvirt_driver_qemu_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_qemu.la
# Stateful, so linked to daemon instead
@@ -1184,7 +1184,7 @@ libvirt_driver_uml_la_LIBADD = libvirt_driver_uml_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_uml.la
libvirt_driver_uml_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_uml_la_LDFLAGS = -module -avoid-version
+libvirt_driver_uml_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_uml.la
# Stateful, so linked to daemon instead
@@ -1361,7 +1361,7 @@ libvirt_driver_storage_la_LIBADD = libvirt_driver_storage_impl.la
if WITH_DRIVER_MODULES
mod_LTLIBRARIES += libvirt_driver_storage.la
libvirt_driver_storage_la_LIBADD += ../gnulib/lib/libgnu.la
-libvirt_driver_storage_la_LDFLAGS = -module -avoid-version
+libvirt_driver_storage_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
else
noinst_LTLIBRARIES += libvirt_driver_storage.la
# Stateful, so linked to daemon instead
@@ -2114,7 +2114,7 @@ if WITH_SANLOCK
lockdriver_LTLIBRARIES += sanlock.la
sanlock_la_SOURCES = $(LOCK_DRIVER_SANLOCK_SOURCES)
sanlock_la_CFLAGS = -I$(top_srcdir)/src/conf $(AM_CFLAGS)
-sanlock_la_LDFLAGS = -module -avoid-version
+sanlock_la_LDFLAGS = -module -avoid-version $(AM_LDFLAGS)
sanlock_la_LIBADD = -lsanlock_client \
../gnulib/lib/libgnu.la

View File

@ -0,0 +1,125 @@
From bcba68498f698dedfdc83687c72e0e6dd7dc0e96 Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 13 Sep 2013 10:11:26 -0600
Subject: [PATCH] build: fix build with latest rawhide kernel headers
Bother those kernel developers. In the latest rawhide, kernel
and glibc have now been unified so that <netinet/in.h> and
<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
not self-contained. Because of the latest header change, the
build is failing with:
checking for linux/param.h... no
configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
with details:
In file included from conftest.c:561:0:
/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
struct in6_addr flr_dst;
We need a workaround to avoid our workaround :)
* configure.ac (NETINET_LINUX_WORKAROUND): New test.
* src/util/virnetdevbridge.c (includes): Use it.
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit e62e0094dcd0ca1484491a9cc62919473b647f11)
---
configure.ac | 39 +++++++++++++++++++++++++++++----------
src/util/virnetdevbridge.c | 24 ++++++++++++++----------
2 files changed, 43 insertions(+), 20 deletions(-)
diff --git a/configure.ac b/configure.ac
index f853e03..1956717 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1003,18 +1003,37 @@ dnl check for kernel headers required by src/bridge.c
dnl
if test "$with_linux" = "yes"; then
if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then
+ # Various kernel versions have headers that are not self-standing, but
+ # yet are incompatible with the corresponding glibc headers. In order
+ # to guarantee compilation across a wide range of versions (from RHEL 5
+ # to rawhide), we first have to probe whether glibc and kernel can be
+ # used in tandem; and if not, provide workarounds that ensure that
+ # ABI-compatible IPv6 types are present for use by the kernel headers.
+ # These probes mirror the usage in virnetdevbridge.c
+ AC_CACHE_CHECK(
+ [whether <linux/*.h> and <netinet/*.h> headers are compatible],
+ [lv_cv_netinet_linux_compatible],
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <netinet/in.h>
+ #include <linux/in6.h>
+ ]])],
+ [lv_cv_netinet_linux_compatible=yes],
+ [lv_cv_netinet_linux_compatible=no])])
+ if test "x$lv_cv_netinet_linux_compatible" != xyes; then
+ AC_DEFINE([NETINET_LINUX_WORKAROUND], [1],
+ [define to 1 if Linux kernel headers require a workaround to avoid
+ compilation errors when mixed with glibc netinet headers])
+ fi
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
[AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])],
- [[/* The kernel folks broke their headers when used with particular
- * glibc versions; although the structs are ABI compatible, the
- * C type system doesn't like struct redefinitions. We work around
- * the problem here in the same manner as in virnetdevbridge.c. */
- #include <netinet/in.h>
- #define in6_addr in6_addr_
- #define sockaddr_in6 sockaddr_in6_
- #define ipv6_mreq ipv6_mreq_
- #define in6addr_any in6addr_any_
- #define in6addr_loopback in6addr_loopback_
+ [[#include <netinet/in.h>
+ #if NETINET_LINUX_WORKAROUND
+ # define in6_addr in6_addr_
+ # define sockaddr_in6 sockaddr_in6_
+ # define ipv6_mreq ipv6_mreq_
+ # define in6addr_any in6addr_any_
+ # define in6addr_loopback in6addr_loopback_
+ #endif
#include <linux/in6.h>
]])
fi
diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
index e4daa27..1a3740a 100644
--- a/src/util/virnetdevbridge.c
+++ b/src/util/virnetdevbridge.c
@@ -39,22 +39,26 @@
#ifdef __linux__
# include <linux/sockios.h>
# include <linux/param.h> /* HZ */
+# if NETINET_LINUX_WORKAROUND
/* Depending on the version of kernel vs. glibc, there may be a collision
* between <net/in.h> and kernel IPv6 structures. The different types
* are ABI compatible, but choke the C type system; work around it by
* using temporary redefinitions. */
-# define in6_addr in6_addr_
-# define sockaddr_in6 sockaddr_in6_
-# define ipv6_mreq ipv6_mreq_
-# define in6addr_any in6addr_any_
-# define in6addr_loopback in6addr_loopback_
+# define in6_addr in6_addr_
+# define sockaddr_in6 sockaddr_in6_
+# define ipv6_mreq ipv6_mreq_
+# define in6addr_any in6addr_any_
+# define in6addr_loopback in6addr_loopback_
+# endif
# include <linux/in6.h>
# include <linux/if_bridge.h> /* SYSFS_BRIDGE_ATTR */
-# undef in6_addr
-# undef sockaddr_in6
-# undef ipv6_mreq
-# undef in6addr_any
-# undef in6addr_loopback
+# if NETINET_LINUX_WORKAROUND
+# undef in6_addr
+# undef sockaddr_in6
+# undef ipv6_mreq
+# undef in6addr_any
+# undef in6addr_loopback
+# endif
# define JIFFIES_TO_MS(j) (((j)*1000)/HZ)
# define MS_TO_JIFFIES(ms) (((ms)*HZ)/1000)

View File

@ -0,0 +1,154 @@
From 2fb7c4d202da975a1498fd205cc3e1bc49595d3c Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Thu, 22 Aug 2013 16:00:01 +0100
Subject: [PATCH] Also store user & group ID values in virIdentity
Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176)
---
src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
src/util/viridentity.c | 23 +++++++++++++++++++----
src/util/viridentity.h | 2 ++
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 83d5cf1..19c4100 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
char *processid = NULL;
char *processtime = NULL;
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
#if WITH_SASL
char *saslname = NULL;
#endif
@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
if (!(username = virGetUserName(uid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)uid) < 0)
+ goto cleanup;
if (!(groupname = virGetGroupName(gid)))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)gid) < 0)
+ goto cleanup;
if (virAsprintf(&processid, "%llu",
(unsigned long long)pid) < 0)
goto cleanup;
@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
+ if (userid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
if (groupname &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (groupid &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (processid &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(processid);
VIR_FREE(processtime);
VIR_FREE(seccontext);
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 781f660..03c375b 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
virIdentityPtr virIdentityGetSystem(void)
{
char *username = NULL;
+ char *userid = NULL;
char *groupname = NULL;
+ char *groupid = NULL;
char *seccontext = NULL;
virIdentityPtr ret = NULL;
#if WITH_SELINUX
@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
if (!(username = virGetUserName(getuid())))
goto cleanup;
+ if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
+ goto cleanup;
+
if (!(groupname = virGetGroupName(getgid())))
goto cleanup;
+ if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
+ goto cleanup;
#if WITH_SELINUX
if (getcon(&con) < 0) {
@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
if (!(ret = virIdentityNew()))
goto cleanup;
- if (username &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
username) < 0)
goto error;
- if (groupname &&
- virIdentitySetAttr(ret,
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ userid) < 0)
+ goto error;
+ if (virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
groupname) < 0)
goto error;
+ if (virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ groupid) < 0)
+ goto error;
if (seccontext &&
virIdentitySetAttr(ret,
VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
cleanup:
VIR_FREE(username);
+ VIR_FREE(userid);
VIR_FREE(groupname);
+ VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
return ret;
diff --git a/src/util/viridentity.h b/src/util/viridentity.h
index 4bae8d6..a240c2d 100644
--- a/src/util/viridentity.h
+++ b/src/util/viridentity.h
@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
typedef enum {
VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
VIR_IDENTITY_ATTR_SASL_USER_NAME,

View File

@ -0,0 +1,68 @@
From fe544fd4c18d6982e652a1d5cd016816c609b72c Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 28 Aug 2013 15:22:05 +0100
Subject: [PATCH] Ensure system identity includes process start time
The polkit access driver will want to use the process start
time field. This was already set for network identities, but
not for the system identity.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit e65667c0c6e016d42abea077e31628ae43f57b74)
---
src/util/viridentity.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/util/viridentity.c b/src/util/viridentity.c
index 03c375b..f681f85 100644
--- a/src/util/viridentity.c
+++ b/src/util/viridentity.c
@@ -35,6 +35,7 @@
#include "virthread.h"
#include "virutil.h"
#include "virstring.h"
+#include "virprocess.h"
#define VIR_FROM_THIS VIR_FROM_IDENTITY
@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
security_context_t con;
#endif
char *processid = NULL;
+ unsigned long long timestamp;
+ char *processtime = NULL;
if (virAsprintf(&processid, "%llu",
(unsigned long long)getpid()) < 0)
goto cleanup;
+ if (virProcessGetStartTime(getpid(), &timestamp) < 0)
+ goto cleanup;
+
+ if (timestamp != 0 &&
+ virAsprintf(&processtime, "%llu", timestamp) < 0)
+ goto cleanup;
+
if (!(username = virGetUserName(getuid())))
goto cleanup;
if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
processid) < 0)
goto error;
+ if (processtime &&
+ virIdentitySetAttr(ret,
+ VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
+ processtime) < 0)
+ goto error;
cleanup:
VIR_FREE(username);
@@ -206,6 +221,7 @@ cleanup:
VIR_FREE(groupid);
VIR_FREE(seccontext);
VIR_FREE(processid);
+ VIR_FREE(processtime);
return ret;
error:

View File

@ -0,0 +1,178 @@
From dcba8ce65b0ee9f18dca6ac4bdbb57f5cbcc75c6 Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 28 Aug 2013 15:25:40 +0100
Subject: [PATCH] Add support for using 3-arg pkcheck syntax for process
(CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.
To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.
This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'
Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 922b7fda77b094dbf022d625238262ea05335666)
---
configure.ac | 8 ++++++++
daemon/remote.c | 22 ++++++++++++++++++---
libvirt.spec.in | 3 +--
src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
4 files changed, 63 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1956717..8baf6fa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1203,6 +1203,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
if test "x$PKCHECK_PATH" != "x" ; then
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
+ AC_MSG_CHECKING([whether pkcheck supports uid value])
+ pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
+ if test "x$pkcheck_supports_uid" = "xtrue"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
+ else
+ AC_MSG_RESULT([no])
+ fi
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
[use PolicyKit for UNIX socket access checks])
AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
diff --git a/daemon/remote.c b/daemon/remote.c
index 6ace7af..b5395dd 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2738,10 +2738,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
+ bool supportsuid = false;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+ static bool polkitInsecureWarned;
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2763,14 +2765,28 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
goto authfail;
}
+ if (timestamp == 0) {
+ VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
+ (long long)callerPid);
+ goto authfail;
+ }
+
VIR_INFO("Checking PID %lld running as %d",
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
- if (timestamp != 0) {
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = true;
+# endif
+ if (supportsuid) {
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+ (long long) callerPid, timestamp, (unsigned long) callerUid);
} else {
- virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
}
virCommandAddArg(cmd, "--allow-user-interaction");
diff --git a/libvirt.spec.in b/libvirt.spec.in
index e94901a..b9c8c91 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -508,8 +508,7 @@ BuildRequires: cyrus-sasl-devel
%endif
%if %{with_polkit}
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
-# Only need the binary, not -devel
-BuildRequires: polkit >= 0.93
+BuildRequires: polkit-devel >= 0.93
%else
BuildRequires: PolicyKit-devel >= 0.6
%endif
diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
index 4c76e64..bb170b5 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -72,8 +72,12 @@ static char *
virAccessDriverPolkitFormatProcess(const char *actionid)
{
virIdentityPtr identity = virIdentityGetCurrent();
- const char *process = NULL;
+ const char *callerPid = NULL;
+ const char *callerTime = NULL;
+ const char *callerUid = NULL;
char *ret = NULL;
+ bool supportsuid = false;
+ static bool polkitInsecureWarned;
if (!identity) {
virAccessError(VIR_ERR_ACCESS_DENIED,
@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
actionid);
return NULL;
}
- if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
+ goto cleanup;
+ if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
goto cleanup;
- if (!process) {
+ if (!callerPid) {
virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
_("No UNIX process ID available"));
goto cleanup;
}
-
- if (VIR_STRDUP(ret, process) < 0)
+ if (!callerTime) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX process start time available"));
+ goto cleanup;
+ }
+ if (!callerUid) {
+ virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("No UNIX caller UID available"));
goto cleanup;
+ }
+
+#ifdef PKCHECK_SUPPORTS_UID
+ supportsuid = true;
+#endif
+ if (supportsuid) {
+ if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
+ goto cleanup;
+ } else {
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
+ }
+ if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
+ goto cleanup;
+ }
cleanup:
virObjectUnref(identity);

View File

@ -0,0 +1,38 @@
From 3bee40f9bd3b3c11d782b79eb90f46087d3ab9be Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 3 Sep 2013 16:52:06 +0100
Subject: [PATCH] Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
The 'stats' variable was not initialized to NULL, so if some
early validation of the RPC call fails, it is possible to jump
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
This is a security flaw, since the API can be called from a
readonly connection which can trigger the validation checks.
This was introduced in release v0.9.1 onwards by
commit 158ba8730e44b7dd07a21ab90499996c5dec080a
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Wed Apr 13 16:21:35 2011 +0100
Merge all returns paths from dispatcher into single path
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit e7f400a110e2e3673b96518170bfea0855dd82c0)
---
daemon/remote.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index b5395dd..afd9fb5 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1146,7 +1146,7 @@ remoteDispatchDomainMemoryStats(virNetServerPtr server ATTRIBUTE_UNUSED,
remote_domain_memory_stats_ret *ret)
{
virDomainPtr dom = NULL;
- struct _virDomainMemoryStat *stats;
+ struct _virDomainMemoryStat *stats = NULL;
int nr_stats;
size_t i;
int rv = -1;

View File

@ -0,0 +1,59 @@
From f19543baee399bf6b3d91da38fa0b7025f233dee Mon Sep 17 00:00:00 2001
From: Simone Gotti <simone.gotti@gmail.com>
Date: Thu, 19 Sep 2013 15:08:29 +0200
Subject: [PATCH] virsh: add missing "async" option in opts_block_commit
After commit 8aecd351266a66efa59b7f7be77bf66693d99ce0 it'll detect
that a required option is not defined and it will assert and exit with:
virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.
Problem has been latent since commit ed23b106.
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit fe64499dd14315b2d9d62cdf421bd3c97a46b7ac)
---
tools/virsh-domain.c | 4 ++++
tools/virsh.pod | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 568d61d..da6ab87 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -1544,6 +1544,10 @@ static const vshCmdOptDef opts_block_commit[] = {
.type = VSH_OT_INT,
.help = N_("with --wait, abort if copy exceeds timeout (in seconds)")
},
+ {.name = "async",
+ .type = VSH_OT_BOOL,
+ .help = N_("with --wait, don't wait for cancel to finish")
+ },
{.name = NULL}
};
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 0ae5178..2864f3d 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -737,7 +737,7 @@ I<domif-setlink>) will accept the MAC address printed by this command.
=item B<blockcommit> I<domain> I<path> [I<bandwidth>]
{[I<base>] | [I<--shallow>]} [I<top>] [I<--delete>]
-[I<--wait> [I<--verbose>] [I<--timeout> B<seconds>]]
+[I<--wait> [I<--verbose>] [I<--timeout> B<seconds>] [I<--async>]]
Reduce the length of a backing image chain, by committing changes at the
top of the chain (snapshot or delta files) into backing images. By
@@ -756,7 +756,10 @@ operation can be checked with B<blockjob>. However, if I<--wait> is
specified, then this command will block until the operation completes,
or cancel the operation if the optional I<timeout> in seconds elapses
or SIGINT is sent (usually with C<Ctrl-C>). Using I<--verbose> along
-with I<--wait> will produce periodic status updates.
+with I<--wait> will produce periodic status updates. If job cancellation
+is triggered, I<--async> will return control to the user as fast as
+possible, otherwise the command may continue to block a little while
+longer until the job is done cleaning up.
I<path> specifies fully-qualified path of the disk; it corresponds
to a unique target name (<target dev='name'/>) or source file (<source

View File

@ -0,0 +1,38 @@
From b4e1fb2febb00173b1489634262169554e8f6a1d Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Sep 2013 12:46:25 +0100
Subject: [PATCH] Fix typo in identity code which is pre-requisite for
CVE-2013-4311
The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code
commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 22 16:00:01 2013 +0100
Also store user & group ID values in virIdentity
This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/rpc/virnetserverclient.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 19c4100..0b9ab52 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -678,7 +678,7 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
goto cleanup;
if (!(groupname = virGetGroupName(gid)))
goto cleanup;
- if (virAsprintf(&userid, "%d", (int)gid) < 0)
+ if (virAsprintf(&groupid, "%d", (int)gid) < 0)
goto cleanup;
if (virAsprintf(&processid, "%llu",
(unsigned long long)pid) < 0)

View File

@ -0,0 +1,69 @@
From 9e7cec4d755341cfb4c27c16aa59b22135612f0e Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Sep 2013 12:46:26 +0100
Subject: [PATCH] Add a virNetSocketNewConnectSockFD method
To allow creation of a virNetSocketPtr instance from a pre-opened
socketpair FD, add a virNetSocketNewConnectSockFD method.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
src/libvirt_private.syms | 1 +
src/rpc/virnetsocket.c | 18 ++++++++++++++++++
src/rpc/virnetsocket.h | 2 ++
3 files changed, 21 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 35f0f1b..873d93d 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1008,6 +1008,7 @@ virNetSocketLocalAddrString;
virNetSocketNewConnectCommand;
virNetSocketNewConnectExternal;
virNetSocketNewConnectLibSSH2;
+virNetSocketNewConnectSockFD;
virNetSocketNewConnectSSH;
virNetSocketNewConnectTCP;
virNetSocketNewConnectUNIX;
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index ae81512..b311aae 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -884,6 +884,24 @@ int virNetSocketNewConnectExternal(const char **cmdargv,
}
+int virNetSocketNewConnectSockFD(int sockfd,
+ virNetSocketPtr *retsock)
+{
+ virSocketAddr localAddr;
+
+ localAddr.len = sizeof(localAddr.data);
+ if (getsockname(sockfd, &localAddr.data.sa, &localAddr.len) < 0) {
+ virReportSystemError(errno, "%s", _("Unable to get local socket name"));
+ return -1;
+ }
+
+ if (!(*retsock = virNetSocketNew(&localAddr, NULL, true, sockfd, -1, -1)))
+ return -1;
+
+ return 0;
+}
+
+
virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object)
{
virSocketAddr localAddr;
diff --git a/src/rpc/virnetsocket.h b/src/rpc/virnetsocket.h
index ca9ae91..86bc2f6 100644
--- a/src/rpc/virnetsocket.h
+++ b/src/rpc/virnetsocket.h
@@ -97,6 +97,8 @@ int virNetSocketNewConnectLibSSH2(const char *host,
int virNetSocketNewConnectExternal(const char **cmdargv,
virNetSocketPtr *addr);
+int virNetSocketNewConnectSockFD(int sockfd,
+ virNetSocketPtr *retsock);
virNetSocketPtr virNetSocketNewPostExecRestart(virJSONValuePtr object);

View File

@ -0,0 +1,305 @@
From 7e1b75ca5d4127a86ff1eaa0dfe37b485eeb0a7a Mon Sep 17 00:00:00 2001
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 23 Sep 2013 12:46:27 +0100
Subject: [PATCH] Add test case for virNetServerClient object identity code
Start a test case for the virNetServerClient object, which
initially checks the creation of a virIdentityPtr object.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
cfg.mk | 2 +-
tests/Makefile.am | 14 +++-
tests/virnetserverclientmock.c | 64 +++++++++++++++++
tests/virnetserverclienttest.c | 159 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 237 insertions(+), 2 deletions(-)
create mode 100644 tests/virnetserverclientmock.c
create mode 100644 tests/virnetserverclienttest.c
diff --git a/cfg.mk b/cfg.mk
index 9a9616c..7f817ef 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -939,7 +939,7 @@ exclude_file_name_regexp--sc_prohibit_asprintf = \
^(bootstrap.conf$$|src/util/virstring\.[ch]$$|examples/domain-events/events-c/event-test\.c$$|tests/vircgroupmock\.c$$)
exclude_file_name_regexp--sc_prohibit_strdup = \
- ^(docs/|examples/|python/|src/util/virstring\.c$$)
+ ^(docs/|examples/|python/|src/util/virstring\.c|tests/virnetserverclientmock.c$$)
exclude_file_name_regexp--sc_prohibit_close = \
(\.p[yl]$$|^docs/|^(src/util/virfile\.c|src/libvirt\.c|tests/vircgroupmock\.c)$$)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c800179..ae99b38 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -114,7 +114,7 @@ test_programs = virshtest sockettest \
nodeinfotest virbuftest \
commandtest seclabeltest \
virhashtest virnetmessagetest virnetsockettest \
- viratomictest \
+ viratomictest virnetserverclienttest \
utiltest shunloadtest \
virtimetest viruritest virkeyfiletest \
virauthconfigtest \
@@ -281,6 +281,7 @@ EXTRA_DIST += $(test_scripts)
test_libraries = libshunload.la \
libvirportallocatormock.la \
+ virnetserverclientmock.la \
vircgroupmock.la \
$(NULL)
if WITH_QEMU
@@ -611,6 +612,17 @@ virnetsockettest_SOURCES = \
virnetsockettest.c testutils.h testutils.c
virnetsockettest_LDADD = $(LDADDS)
+virnetserverclienttest_SOURCES = \
+ virnetserverclienttest.c \
+ testutils.h testutils.c
+virnetserverclienttest_LDADD = $(LDADDS)
+
+virnetserverclientmock_la_SOURCES = \
+ virnetserverclientmock.c
+virnetserverclientmock_la_CFLAGS = $(AM_CFLAGS)
+virnetserverclientmock_la_LDFLAGS = -module -avoid-version \
+ -rpath /evil/libtool/hack/to/force/shared/lib/creation
+
if WITH_GNUTLS
virnettlscontexttest_SOURCES = \
virnettlscontexttest.c \
diff --git a/tests/virnetserverclientmock.c b/tests/virnetserverclientmock.c
new file mode 100644
index 0000000..caef1e3
--- /dev/null
+++ b/tests/virnetserverclientmock.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange@redhat.com>
+ */
+
+#include <config.h>
+
+#include "rpc/virnetsocket.h"
+#include "virutil.h"
+#include "internal.h"
+
+int virEventAddTimeout(int frequency ATTRIBUTE_UNUSED,
+ virEventTimeoutCallback cb ATTRIBUTE_UNUSED,
+ void *opaque ATTRIBUTE_UNUSED,
+ virFreeCallback ff ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
+int virNetSocketGetUNIXIdentity(virNetSocketPtr sock ATTRIBUTE_UNUSED,
+ uid_t *uid,
+ gid_t *gid,
+ pid_t *pid,
+ unsigned long long *timestamp)
+{
+ *uid = 666;
+ *gid = 7337;
+ *pid = 42;
+ *timestamp = 12345678;
+ return 0;
+}
+
+char *virGetUserName(uid_t uid ATTRIBUTE_UNUSED)
+{
+ return strdup("astrochicken");
+}
+
+char *virGetGroupName(gid_t gid ATTRIBUTE_UNUSED)
+{
+ return strdup("fictionalusers");
+}
+
+int virNetSocketGetSELinuxContext(virNetSocketPtr sock ATTRIBUTE_UNUSED,
+ char **context)
+{
+ if (!(*context = strdup("foo_u:bar_r:wizz_t:s0-s0:c0.c1023")))
+ return -1;
+ return 0;
+}
diff --git a/tests/virnetserverclienttest.c b/tests/virnetserverclienttest.c
new file mode 100644
index 0000000..1ddff3e
--- /dev/null
+++ b/tests/virnetserverclienttest.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Daniel P. Berrange <berrange@redhat.com>
+ */
+
+#include <config.h>
+
+#include "testutils.h"
+#include "virerror.h"
+#include "rpc/virnetserverclient.h"
+
+#define VIR_FROM_THIS VIR_FROM_RPC
+
+#ifdef HAVE_SOCKETPAIR
+static int testIdentity(const void *opaque ATTRIBUTE_UNUSED)
+{
+ int sv[2];
+ int ret = -1;
+ virNetSocketPtr sock = NULL;
+ virNetServerClientPtr client = NULL;
+ virIdentityPtr ident = NULL;
+ const char *gotUsername = NULL;
+ const char *gotUserID = NULL;
+ const char *gotGroupname = NULL;
+ const char *gotGroupID = NULL;
+ const char *gotSELinuxContext = NULL;
+
+ if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) < 0) {
+ virReportSystemError(errno, "%s",
+ "Cannot create socket pair");
+ return -1;
+ }
+
+ if (virNetSocketNewConnectSockFD(sv[0], &sock) < 0) {
+ virDispatchError(NULL);
+ goto cleanup;
+ }
+ sv[0] = -1;
+
+ if (!(client = virNetServerClientNew(sock, 0, false, 1,
+# ifdef WITH_GNUTLS
+ NULL,
+# endif
+ NULL, NULL, NULL, NULL))) {
+ virDispatchError(NULL);
+ goto cleanup;
+ }
+
+ if (!(ident = virNetServerClientGetIdentity(client))) {
+ fprintf(stderr, "Failed to create identity\n");
+ goto cleanup;
+ }
+
+ if (virIdentityGetAttr(ident,
+ VIR_IDENTITY_ATTR_UNIX_USER_NAME,
+ &gotUsername) < 0) {
+ fprintf(stderr, "Missing username in identity\n");
+ goto cleanup;
+ }
+ if (STRNEQ_NULLABLE("astrochicken", gotUsername)) {
+ fprintf(stderr, "Want username 'astrochicken' got '%s'\n",
+ NULLSTR(gotUsername));
+ goto cleanup;
+ }
+
+ if (virIdentityGetAttr(ident,
+ VIR_IDENTITY_ATTR_UNIX_USER_ID,
+ &gotUserID) < 0) {
+ fprintf(stderr, "Missing user ID in identity\n");
+ goto cleanup;
+ }
+ if (STRNEQ_NULLABLE("666", gotUserID)) {
+ fprintf(stderr, "Want username '666' got '%s'\n",
+ NULLSTR(gotUserID));
+ goto cleanup;
+ }
+
+ if (virIdentityGetAttr(ident,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
+ &gotGroupname) < 0) {
+ fprintf(stderr, "Missing groupname in identity\n");
+ goto cleanup;
+ }
+ if (STRNEQ_NULLABLE("fictionalusers", gotGroupname)) {
+ fprintf(stderr, "Want groupname 'fictionalusers' got '%s'\n",
+ NULLSTR(gotGroupname));
+ goto cleanup;
+ }
+
+ if (virIdentityGetAttr(ident,
+ VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
+ &gotGroupID) < 0) {
+ fprintf(stderr, "Missing group ID in identity\n");
+ goto cleanup;
+ }
+ if (STRNEQ_NULLABLE("7337", gotGroupID)) {
+ fprintf(stderr, "Want groupname '7337' got '%s'\n",
+ NULLSTR(gotGroupID));
+ goto cleanup;
+ }
+
+ if (virIdentityGetAttr(ident,
+ VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
+ &gotSELinuxContext) < 0) {
+ fprintf(stderr, "Missing SELinux context in identity\n");
+ goto cleanup;
+ }
+ if (STRNEQ_NULLABLE("foo_u:bar_r:wizz_t:s0-s0:c0.c1023", gotSELinuxContext)) {
+ fprintf(stderr, "Want groupname 'foo_u:bar_r:wizz_t:s0-s0:c0.c1023' got '%s'\n",
+ NULLSTR(gotGroupID));
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ virObjectUnref(sock);
+ virObjectUnref(client);
+ virObjectUnref(ident);
+ VIR_FORCE_CLOSE(sv[0]);
+ VIR_FORCE_CLOSE(sv[1]);
+ return ret;
+}
+
+
+static int
+mymain(void)
+{
+ int ret = 0;
+
+
+ if (virtTestRun("Identity", 1,
+ testIdentity, NULL) < 0)
+ ret = -1;
+
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+#else
+static int
+mymain(void)
+{
+ return AM_TEST_SKIP;
+}
+#endif
+VIRT_TEST_MAIN_PRELOAD(mymain, abs_builddir "/.libs/virnetserverclientmock.so")

View File

@ -13,6 +13,9 @@
# touch configure.ac or Makefile.am. # touch configure.ac or Makefile.am.
%{!?enable_autotools:%define enable_autotools 0} %{!?enable_autotools:%define enable_autotools 0}
# Drop after libvirt-1.1.3 is rebased
%define enable_autotools 1
# A client only build will create a libvirt.so only containing # A client only build will create a libvirt.so only containing
# the generic RPC driver, and test driver and no libvirtd # the generic RPC driver, and test driver and no libvirtd
# Default to a full server + client build # Default to a full server + client build
@ -366,7 +369,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 1.1.2 Version: 1.1.2
Release: 2%{?dist}%{?extra_release} Release: 3%{?dist}%{?extra_release}
License: LGPLv2+ License: LGPLv2+
Group: Development/Libraries Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -387,6 +390,20 @@ Patch0006: 0006-domain_conf-Add-disk-bus-sd-wire-it-up-for-qemu.patch
Patch0007: 0007-qemu-Fix-networking-for-ARM-guests.patch Patch0007: 0007-qemu-Fix-networking-for-ARM-guests.patch
Patch0008: 0008-qemu-Support-virtio-mmio-transport-for-virtio-on-ARM.patch Patch0008: 0008-qemu-Support-virtio-mmio-transport-for-virtio-on-ARM.patch
# Sync with v1.1.2-maint
Patch0101: 0101-virFileNBDDeviceAssociate-Avoid-use-of-uninitialized.patch
Patch0102: 0102-Fix-AM_LDFLAGS-typo.patch
Patch0103: 0103-Pass-AM_LDFLAGS-to-driver-modules-too.patch
Patch0104: 0104-build-fix-build-with-latest-rawhide-kernel-headers.patch
Patch0105: 0105-Also-store-user-group-ID-values-in-virIdentity.patch
Patch0106: 0106-Ensure-system-identity-includes-process-start-time.patch
Patch0107: 0107-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
Patch0108: 0108-Fix-crash-in-remoteDispatchDomainMemoryStats-CVE-201.patch
Patch0109: 0109-virsh-add-missing-async-option-in-opts_block_commit.patch
Patch0110: 0110-Fix-typo-in-identity-code-which-is-pre-requisite-for.patch
Patch0111: 0111-Add-a-virNetSocketNewConnectSockFD-method.patch
Patch0112: 0112-Add-test-case-for-virNetServerClient-object-identity.patch
%if %{with_libvirtd} %if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
%if %{with_network} %if %{with_network}
@ -608,6 +625,7 @@ BuildRequires: audit-libs-devel
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
%endif %endif
%if %{with_storage_fs} %if %{with_storage_fs}
# For mount/umount in FS driver # For mount/umount in FS driver
BuildRequires: util-linux BuildRequires: util-linux
@ -1172,6 +1190,20 @@ of recent versions of Linux (and other OSes).
%patch0007 -p1 %patch0007 -p1
%patch0008 -p1 %patch0008 -p1
# Sync with v1.1.2-maint
%patch0101 -p1
%patch0102 -p1
%patch0103 -p1
%patch0104 -p1
%patch0105 -p1
%patch0106 -p1
%patch0107 -p1
%patch0108 -p1
%patch0109 -p1
%patch0110 -p1
%patch0111 -p1
%patch0112 -p1
%build %build
%if ! %{with_xen} %if ! %{with_xen}
%define _without_xen --without-xen %define _without_xen --without-xen
@ -2125,6 +2157,14 @@ fi
%endif %endif
%changelog %changelog
* Mon Sep 23 2013 Cole Robinson <crobinso@redhat.com> - 1.1.2-3
- Sync with v1.1.2-maint
- Rebuild for libswan soname bump (bz #1009701)
- CVE-2013-4311: Insecure polkit usage (bz #1009539, bz #1005332)
- CVE-2013-4296: Invalid free memory stats (bz #1006173, bz #1009667)
- CVE-2013-4297: Invalid free in NBDDeviceAssociate (bz #1006505, bz #1006511)
- Fix virsh block-commit abort (bz #1010056)
* Wed Sep 18 2013 Daniel P. Berrange <berrange@redhat.com> - 1.1.2-2 * Wed Sep 18 2013 Daniel P. Berrange <berrange@redhat.com> - 1.1.2-2
- Rebuild for soname break in openswman package - Rebuild for soname break in openswman package