rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Upstream release of libvirt-0.6.5, Daniel

Browse Source
This commit is contained in:
Daniel Veillard 2009-07-03 15:07:12 +00:00
parent 36aee593bc
commit bae7a0fb84
7 changed files with 34 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -8,3 +8,4 @@ libvirt-0.6.1.tar.gz
libvirt-0.6.2.tar.gz
libvirt-0.6.3.tar.gz
libvirt-0.6.4.tar.gz
libvirt-0.6.5.tar.gz

47
libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch
View File

@ -1,47 +0,0 @@
From ae4523336ac06e3ff7cc7b416fad9e57998c6b54 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Fri, 3 Jul 2009 10:29:01 +0100
Subject: [PATCH 2/3] Don't unnecessarily try to change a file context
As pointed out by Tim Waugh here:
https://bugzilla.redhat.com/507555
We shouldn't bother trying to set the context of a file if it already
matches what we want.
(Fixed to use STREQ() and not use tabs, as pointed out by danpb)
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
---
src/security_selinux.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index db1c27d..c2015a1 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -280,10 +280,19 @@ static int
SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ security_context_t econ;
VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
- if(setfilecon(path, tcon) < 0) {
+ if (setfilecon(path, tcon) < 0) {
+ if (getfilecon(path, &econ) >= 0) {
+ if (STREQ(tcon, econ)) {
+ freecon(econ);
+ /* It's alright, there's nothing to change anyway. */
+ return 0;
+ }
+ freecon(econ);
+ }
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
"'\%s\' on %s: %s."), __func__,
--
1.6.2.5

130
libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
View File

@ -1,130 +0,0 @@
From 80965bff6d46dea1808c8bbf02f50f0e289a0e65 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 29 Jun 2009 10:41:56 +0000
Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
---
src/qemu_driver.c | 80 +++++++++++++++++++++++++++++++++++-----------------
1 files changed, 54 insertions(+), 26 deletions(-)
diff -up libvirt-0.6.2/src/qemu_driver.c.bad-caps libvirt-0.6.2/src/qemu_driver.c
--- libvirt-0.6.2/src/qemu_driver.c.bad-caps 2009-07-03 10:07:03.275252815 +0100
+++ libvirt-0.6.2/src/qemu_driver.c 2009-07-03 10:08:52.143502961 +0100
@@ -360,12 +360,43 @@ next:
return 0;
}
+
+static int
+qemudSecurityCapsInit(virSecurityDriverPtr secdrv,
+ virCapsPtr caps)
+{
+ const char *doi, *model;
+
+ doi = virSecurityDriverGetDOI(secdrv);
+ model = virSecurityDriverGetModel(secdrv);
+
+ caps->host.secModel.model = strdup(model);
+ if (!caps->host.secModel.model) {
+ char ebuf[1024];
+ VIR_ERROR(_("Failed to copy secModel model: %s"),
+ virStrerror(errno, ebuf, sizeof ebuf));
+ return -1;
+ }
+
+ caps->host.secModel.doi = strdup(doi);
+ if (!caps->host.secModel.doi) {
+ char ebuf[1024];
+ VIR_ERROR(_("Failed to copy secModel DOI: %s"),
+ virStrerror(errno, ebuf, sizeof ebuf));
+ return -1;
+ }
+
+ VIR_DEBUG("Initialized caps for security driver \"%s\" with "
+ "DOI \"%s\"", model, doi);
+
+ return 0;
+}
+
+
static int
qemudSecurityInit(struct qemud_driver *qemud_drv)
{
int ret;
- const char *doi, *model;
- virCapsPtr caps;
virSecurityDriverPtr security_drv;
ret = virSecurityDriverStartup(&security_drv,
@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *q
}
qemud_drv->securityDriver = security_drv;
- doi = virSecurityDriverGetDOI(security_drv);
- model = virSecurityDriverGetModel(security_drv);
- VIR_DEBUG("Initialized security driver \"%s\" with "
- "DOI \"%s\"", model, doi);
+ VIR_INFO("Initialized security driver %s", security_drv->name);
/*
* Add security policy host caps now that the security driver is
* initialized.
*/
- caps = qemud_drv->caps;
-
- caps->host.secModel.model = strdup(model);
- if (!caps->host.secModel.model) {
- char ebuf[1024];
- VIR_ERROR(_("Failed to copy secModel model: %s"),
- virStrerror(errno, ebuf, sizeof ebuf));
- return -1;
- }
+ return qemudSecurityCapsInit(security_drv, qemud_drv->caps);
+}
- caps->host.secModel.doi = strdup(doi);
- if (!caps->host.secModel.doi) {
- char ebuf[1024];
- VIR_ERROR(_("Failed to copy secModel DOI: %s"),
- virStrerror(errno, ebuf, sizeof ebuf));
- return -1;
- }
- return 0;
-}
/**
* qemudStartup:
@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPt
static char *qemudGetCapabilities(virConnectPtr conn) {
struct qemud_driver *driver = conn->privateData;
+ virCapsPtr caps;
char *xml = NULL;
qemuDriverLock(driver);
+ if ((caps = qemudCapsInit()) == NULL) {
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
+ if (qemu_driver->securityDriver &&
+ qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) {
+ virCapabilitiesFree(caps);
+ virReportOOMError(conn);
+ goto cleanup;
+ }
+
virCapabilitiesFree(qemu_driver->caps);
- if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
- (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+ qemu_driver->caps = caps;
+
+ if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
virReportOOMError(conn);
+
+cleanup:
qemuDriverUnlock(driver);
return xml;

35
libvirt-0.6.4-fix-nosource-label.patch
View File

@ -1,35 +0,0 @@
From 06f607a9c5cfd50433ae27cc7729c31f81d87f19 Mon Sep 17 00:00:00 2001
From: Cole Robinson <crobinso@redhat.com>
Date: Fri, 3 Jul 2009 10:40:55 +0100
Subject: [PATCH 3/3] Skip labelling if no src path present
Fixes startup of guest's with sourceless cdrom devices.
Patch originall posted here:
https://bugzilla.redhat.com/499569
but never sent upstream.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
---
src/security_selinux.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index c2015a1..eb8d308 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -342,6 +342,9 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ if (!disk->src)
+ return 0;
+
if (disk->shared) {
return SELinuxSetFilecon(conn, disk->src, default_image_context);
} else if (disk->readonly) {
--
1.6.2.5

97
libvirt-0.6.4-shared-readonly-label.patch
View File

@ -1,97 +0,0 @@
From e700e17c3989d32e04ef98c63ac9b9414fefb366 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 3 Jul 2009 10:24:50 +0100
Subject: [PATCH 1/3] Re-label shared and readonly images
This patch was posted ages ago here:
https://bugzilla.redhat.com/493692
But was never posted upstream AFAICT.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
---
src/security_selinux.c | 27 +++++++++++++++++----------
1 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/security_selinux.c b/src/security_selinux.c
index ac317d7..db1c27d 100644
--- a/src/security_selinux.c
+++ b/src/security_selinux.c
@@ -24,11 +24,12 @@
#include "virterror_internal.h"
#include "util.h"
#include "memory.h"
-
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
static char default_domain_context[1024];
+static char default_content_context[1024];
static char default_image_context[1024];
#define SECURITY_SELINUX_VOID_DOI "0"
#define SECURITY_SELINUX_NAME "selinux"
@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn)
close(fd);
ptr = strchrnul(default_image_context, '\n');
- *ptr = '\0';
-
+ if (*ptr == '\n') {
+ *ptr = '\0';
+ strcpy(default_content_context, ptr+1);
+ ptr = strchrnul(default_content_context, '\n');
+ if (*ptr == '\n')
+ *ptr = '\0';
+ }
return 0;
}
@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
{
char ebuf[1024];
+ VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
+
if(setfilecon(path, tcon) < 0) {
virSecurityReportError(conn, VIR_ERR_ERROR,
_("%s: unable to set security context "
@@ -299,9 +307,6 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
char *newpath = NULL;
const char *path = disk->src;
- if (disk->readonly || disk->shared)
- return 0;
-
if ((err = virFileResolveLink(path, &newpath)) < 0) {
virReportSystemError(conn, err,
_("cannot resolve symlink %s"), path);
@@ -328,8 +333,13 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
- if (secdef->imagelabel)
+ if (disk->shared) {
+ return SELinuxSetFilecon(conn, disk->src, default_image_context);
+ } else if (disk->readonly) {
+ return SELinuxSetFilecon(conn, disk->src, default_content_context);
+ } else if (secdef->imagelabel) {
return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
+ }
return 0;
}
@@ -403,9 +413,6 @@ SELinuxSetSecurityLabel(virConnectPtr conn,
if (secdef->imagelabel) {
for (i = 0 ; i < vm->def->ndisks ; i++) {
- if (vm->def->disks[i]->readonly ||
- vm->def->disks[i]->shared) continue;
-
if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
return -1;
}
--
1.6.2.5

51
libvirt.spec
View File

@ -12,13 +12,15 @@
%define with_python 0%{!?_without_python:1}
%define with_libvirtd 0%{!?_without_libvirtd:1}
%define with_uml 0%{!?_without_uml:1}
%define with_one 0%{!?_without_one:1}
%define with_network 0%{!?_without_network:1}
%define with_storage_fs 0%{!?_without_storage_fs:1}
%define with_storage_lvm 0%{!?_without_storage_lvm:1}
%define with_storage_iscsi 0%{!?_without_storage_iscsi:1}
%define with_storage_disk 0%{!?_without_storage_disk:1}
%define with_numactl 0%{!?_without_numactl:1}
# default to off
%define with_capng 0%{!?_without_capng:0}
# Xen is available only on i386 x86_64 ia64
%ifnarch i386 i586 i686 x86_64 ia64
@ -40,35 +42,31 @@
%define with_xen_proxy 0
%endif
%if 0%{?fedora} >= 12
%define with_capng 0%{!?_without_capng:1}
%endif
#
# If building on RHEL switch on the specific support
# for the specific Xen version
#
%if 0%{?fedora}
%define with_rhel5 0
%define with_rhel5 0
%else
%define with_rhel5 1
%define with_rhel5 1
%define with_polkit 0
%define with_one 0
%endif
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.6.4
Release: 4%{?dist}%{?extra_release}
Version: 0.6.5
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
# Handle shared/readonly image labelling (bug #493692)
Patch1: libvirt-0.6.4-shared-readonly-label.patch
# Don't unnecessarily try to change a file context (bug #507555)
Patch2: libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch
# Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569)
Patch3: libvirt-0.6.4-fix-nosource-label.patch
# Fix libvirtd crash with bad capabilities data (bug #505635)
Patch4 :libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch
# Temporary hack till PulseAudio autostart problems are sorted
# out when SELinux enforcing (bz 486112)
Patch200: libvirt-0.6.4-svirt-sound.patch
@ -128,6 +126,9 @@ Requires: libselinux
%if %{with_xen}
BuildRequires: xen-devel
%endif
%if %{with_one}
BuildRequires: xmlrpc-c-devel >= 1.14.0
%endif
BuildRequires: libxml2-devel
BuildRequires: xhtml1-dtds
BuildRequires: readline-devel
@ -141,6 +142,9 @@ BuildRequires: avahi-devel
BuildRequires: libselinux-devel
BuildRequires: dnsmasq
BuildRequires: bridge-utils
%if %{with_qemu}
BuildRequires: qemu
%endif
%if %{with_sasl}
BuildRequires: cyrus-sasl-devel
%endif
@ -176,6 +180,10 @@ BuildRequires: parted-devel
# For QEMU/LXC numa info
BuildRequires: numactl-devel
%endif
%if %{with_capng}
BuildRequires: capng-devel >= 0.5.0
%endif
Obsoletes: libvir <= 0.2
Provides: libvir = %{version}-%{release}
@ -219,11 +227,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch200 -p0
mv NEWS NEWS.old
@ -274,6 +277,10 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
%define _without_uml --without-uml
%endif
%if ! %{with_one}
%define _without_one --without-one
%endif
%if %{with_rhel5}
%define _with_rhel5_api --with-rhel5-api
%endif
@ -313,6 +320,7 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS
%{?_without_python} \
%{?_without_libvirtd} \
%{?_without_uml} \
%{?_without_one} \
%{?_without_network} \
%{?_with_rhel5_api} \
%{?_without_storage_fs} \
@ -553,6 +561,11 @@ fi
%endif
%changelog
* Fri Jul 3 2009 Daniel Veillard <veillard@redhat.com> - 0.6.5-1.fc12
- Upstream release of 0.6.5
- OpenNebula driver
- many bug fixes
* Fri Jul 3 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-4.fc12
- Fix libvirtd crash with bad capabilities data (bug #505635)

1
sources
View File

@ -1 +1,2 @@
344a6913a94582ea3ab0ad75a9bfef22 libvirt-0.6.4.tar.gz
4117001afbb6fc13a9e48ad1531b2add libvirt-0.6.5.tar.gz