From b20a5c6d3b20bea457d0e8e44fbdc405a2007a48 Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Thu, 30 Jul 2009 17:02:50 +0000 Subject: [PATCH] * Thu Jul 30 2009 Mark McLoughlin - 0.7.0-0.8.gite195b43 - Add patch from upstream to fix qemu pidfile perms problem --- ...ix-permissions-problem-starting-qemu.patch | 71 +++++++++++++++++++ libvirt.spec | 10 ++- 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 libvirt-fix-permissions-problem-starting-qemu.patch diff --git a/libvirt-fix-permissions-problem-starting-qemu.patch b/libvirt-fix-permissions-problem-starting-qemu.patch new file mode 100644 index 0000000..0e01ce1 --- /dev/null +++ b/libvirt-fix-permissions-problem-starting-qemu.patch @@ -0,0 +1,71 @@ +From: "Daniel P. Berrange" +Subject: PATCH: Fix permissions problem starting QEMU + +There is a minor bug when running QEMU non-root, and having +capng enabled. libvirt is unable to write the PID file in +/var/run/libvirt/qemu, since its now owned by 'qemu', but +libvirtd has dropped all capabilties at this point. The fix +is to delay dropping capabilities until after the PID file +has been created. We should also be sure to kill the child +if writing the PID file fails + +* src/util.c: Don't drop capabilities until after the PID file has + been written. Kill off child if writing the PID file fails + +* src/qemu_driver.c: Remove bogus trailing '/' in state dir + +diff --git a/src/qemu_driver.c b/src/qemu_driver.c +index 9fb8506..26897d3 100644 +--- a/src/qemu_driver.c ++++ b/src/qemu_driver.c +@@ -468,7 +468,7 @@ qemudStartup(int privileged) { + goto out_of_memory; + + if (virAsprintf(&qemu_driver->stateDir, +- "%s/run/libvirt/qemu/", LOCAL_STATE_DIR) == -1) ++ "%s/run/libvirt/qemu", LOCAL_STATE_DIR) == -1) + goto out_of_memory; + } else { + uid_t uid = geteuid(); +diff --git a/src/util.c b/src/util.c +index ee64b28..39aae24 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -513,12 +513,6 @@ __virExec(virConnectPtr conn, + if ((hook)(data) != 0) + _exit(1); + +- /* The hook above may need todo something privileged, so +- * we delay clearing capabilities until now */ +- if ((flags & VIR_EXEC_CLEAR_CAPS) && +- virClearCapabilities() < 0) +- _exit(1); +- + /* Daemonize as late as possible, so the parent process can detect + * the above errors with wait* */ + if (flags & VIR_EXEC_DAEMON) { +@@ -543,6 +537,9 @@ __virExec(virConnectPtr conn, + + if (pid > 0) { + if (pidfile && virFileWritePidPath(pidfile,pid)) { ++ kill(pid, SIGTERM); ++ usleep(500*1000); ++ kill(pid, SIGTERM); + virReportSystemError(conn, errno, + "%s", _("could not write pidfile")); + _exit(1); +@@ -551,6 +548,12 @@ __virExec(virConnectPtr conn, + } + } + ++ /* The steps above may need todo something privileged, so ++ * we delay clearing capabilities until the last minute */ ++ if ((flags & VIR_EXEC_CLEAR_CAPS) && ++ virClearCapabilities() < 0) ++ _exit(1); ++ + if (envp) + execve(argv[0], (char **) argv, (char**)envp); + else + + diff --git a/libvirt.spec b/libvirt.spec index a0cdfae..4a0a00c 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -78,11 +78,14 @@ Summary: Library providing a simple API virtualization Name: libvirt Version: 0.7.0 -Release: 0.7.gite195b43%{?dist}%{?extra_release} +Release: 0.8.gite195b43%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: libvirt-0.7.0-0.6.gite195b43.tar.gz +# Should be in 0.7.0 +Patch01: libvirt-fix-permissions-problem-starting-qemu.patch + # Temporary hack till PulseAudio autostart problems are sorted # out when SELinux enforcing (bz 486112) Patch200: libvirt-0.6.4-svirt-sound.patch @@ -252,6 +255,8 @@ of recent versions of Linux (and other OSes). %prep %setup -q +%patch01 -p1 + %patch200 -p0 %build @@ -612,6 +617,9 @@ fi %endif %changelog +* Thu Jul 30 2009 Mark McLoughlin - 0.7.0-0.8.gite195b43 +- Add patch from upstream to fix qemu pidfile perms problem + * Thu Jul 30 2009 Daniel P. Berrange - 0.7.0-0.7.gite195b43 - Create qemu/kvm user & group to fix upgrades