From bae7a0fb849893422b958c10538c273a68226d35 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Fri, 3 Jul 2009 15:07:12 +0000 Subject: [PATCH] Upstream release of libvirt-0.6.5, Daniel --- .cvsignore | 1 + ...ssarily-try-to-change-a-file-context.patch | 47 ------- ...rtd-crash-with-bad-capabilities-data.patch | 130 ------------------ libvirt-0.6.4-fix-nosource-label.patch | 35 ----- libvirt-0.6.4-shared-readonly-label.patch | 97 ------------- libvirt.spec | 51 ++++--- sources | 1 + 7 files changed, 34 insertions(+), 328 deletions(-) delete mode 100644 libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch delete mode 100644 libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch delete mode 100644 libvirt-0.6.4-fix-nosource-label.patch delete mode 100644 libvirt-0.6.4-shared-readonly-label.patch diff --git a/.cvsignore b/.cvsignore index 63d6e7e..2dd9c35 100644 --- a/.cvsignore +++ b/.cvsignore @@ -8,3 +8,4 @@ libvirt-0.6.1.tar.gz libvirt-0.6.2.tar.gz libvirt-0.6.3.tar.gz libvirt-0.6.4.tar.gz +libvirt-0.6.5.tar.gz diff --git a/libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch b/libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch deleted file mode 100644 index 4669460..0000000 --- a/libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch +++ /dev/null @@ -1,47 +0,0 @@ -From ae4523336ac06e3ff7cc7b416fad9e57998c6b54 Mon Sep 17 00:00:00 2001 -From: Tim Waugh -Date: Fri, 3 Jul 2009 10:29:01 +0100 -Subject: [PATCH 2/3] Don't unnecessarily try to change a file context - -As pointed out by Tim Waugh here: - - https://bugzilla.redhat.com/507555 - -We shouldn't bother trying to set the context of a file if it already -matches what we want. - -(Fixed to use STREQ() and not use tabs, as pointed out by danpb) - -Signed-off-by: Mark McLoughlin ---- - src/security_selinux.c | 11 ++++++++++- - 1 files changed, 10 insertions(+), 1 deletions(-) - -diff --git a/src/security_selinux.c b/src/security_selinux.c -index db1c27d..c2015a1 100644 ---- a/src/security_selinux.c -+++ b/src/security_selinux.c -@@ -280,10 +280,19 @@ static int - SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) - { - char ebuf[1024]; -+ security_context_t econ; - - VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); - -- if(setfilecon(path, tcon) < 0) { -+ if (setfilecon(path, tcon) < 0) { -+ if (getfilecon(path, &econ) >= 0) { -+ if (STREQ(tcon, econ)) { -+ freecon(econ); -+ /* It's alright, there's nothing to change anyway. */ -+ return 0; -+ } -+ freecon(econ); -+ } - virSecurityReportError(conn, VIR_ERR_ERROR, - _("%s: unable to set security context " - "'\%s\' on %s: %s."), __func__, --- -1.6.2.5 - diff --git a/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch b/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch deleted file mode 100644 index c39447a..0000000 --- a/libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 80965bff6d46dea1808c8bbf02f50f0e289a0e65 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Mon, 29 Jun 2009 10:41:56 +0000 -Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data - ---- - src/qemu_driver.c | 80 +++++++++++++++++++++++++++++++++++----------------- - 1 files changed, 54 insertions(+), 26 deletions(-) - -diff -up libvirt-0.6.2/src/qemu_driver.c.bad-caps libvirt-0.6.2/src/qemu_driver.c ---- libvirt-0.6.2/src/qemu_driver.c.bad-caps 2009-07-03 10:07:03.275252815 +0100 -+++ libvirt-0.6.2/src/qemu_driver.c 2009-07-03 10:08:52.143502961 +0100 -@@ -360,12 +360,43 @@ next: - return 0; - } - -+ -+static int -+qemudSecurityCapsInit(virSecurityDriverPtr secdrv, -+ virCapsPtr caps) -+{ -+ const char *doi, *model; -+ -+ doi = virSecurityDriverGetDOI(secdrv); -+ model = virSecurityDriverGetModel(secdrv); -+ -+ caps->host.secModel.model = strdup(model); -+ if (!caps->host.secModel.model) { -+ char ebuf[1024]; -+ VIR_ERROR(_("Failed to copy secModel model: %s"), -+ virStrerror(errno, ebuf, sizeof ebuf)); -+ return -1; -+ } -+ -+ caps->host.secModel.doi = strdup(doi); -+ if (!caps->host.secModel.doi) { -+ char ebuf[1024]; -+ VIR_ERROR(_("Failed to copy secModel DOI: %s"), -+ virStrerror(errno, ebuf, sizeof ebuf)); -+ return -1; -+ } -+ -+ VIR_DEBUG("Initialized caps for security driver \"%s\" with " -+ "DOI \"%s\"", model, doi); -+ -+ return 0; -+} -+ -+ - static int - qemudSecurityInit(struct qemud_driver *qemud_drv) - { - int ret; -- const char *doi, *model; -- virCapsPtr caps; - virSecurityDriverPtr security_drv; - - ret = virSecurityDriverStartup(&security_drv, -@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *q - } - - qemud_drv->securityDriver = security_drv; -- doi = virSecurityDriverGetDOI(security_drv); -- model = virSecurityDriverGetModel(security_drv); - -- VIR_DEBUG("Initialized security driver \"%s\" with " -- "DOI \"%s\"", model, doi); -+ VIR_INFO("Initialized security driver %s", security_drv->name); - - /* - * Add security policy host caps now that the security driver is - * initialized. - */ -- caps = qemud_drv->caps; -- -- caps->host.secModel.model = strdup(model); -- if (!caps->host.secModel.model) { -- char ebuf[1024]; -- VIR_ERROR(_("Failed to copy secModel model: %s"), -- virStrerror(errno, ebuf, sizeof ebuf)); -- return -1; -- } -+ return qemudSecurityCapsInit(security_drv, qemud_drv->caps); -+} - -- caps->host.secModel.doi = strdup(doi); -- if (!caps->host.secModel.doi) { -- char ebuf[1024]; -- VIR_ERROR(_("Failed to copy secModel DOI: %s"), -- virStrerror(errno, ebuf, sizeof ebuf)); -- return -1; -- } - -- return 0; --} - - /** - * qemudStartup: -@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPt - - static char *qemudGetCapabilities(virConnectPtr conn) { - struct qemud_driver *driver = conn->privateData; -+ virCapsPtr caps; - char *xml = NULL; - - qemuDriverLock(driver); -+ if ((caps = qemudCapsInit()) == NULL) { -+ virReportOOMError(conn); -+ goto cleanup; -+ } -+ -+ if (qemu_driver->securityDriver && -+ qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) { -+ virCapabilitiesFree(caps); -+ virReportOOMError(conn); -+ goto cleanup; -+ } -+ - virCapabilitiesFree(qemu_driver->caps); -- if ((qemu_driver->caps = qemudCapsInit()) == NULL || -- (xml = virCapabilitiesFormatXML(driver->caps)) == NULL) -+ qemu_driver->caps = caps; -+ -+ if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL) - virReportOOMError(conn); -+ -+cleanup: - qemuDriverUnlock(driver); - - return xml; diff --git a/libvirt-0.6.4-fix-nosource-label.patch b/libvirt-0.6.4-fix-nosource-label.patch deleted file mode 100644 index 997559b..0000000 --- a/libvirt-0.6.4-fix-nosource-label.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 06f607a9c5cfd50433ae27cc7729c31f81d87f19 Mon Sep 17 00:00:00 2001 -From: Cole Robinson -Date: Fri, 3 Jul 2009 10:40:55 +0100 -Subject: [PATCH 3/3] Skip labelling if no src path present - -Fixes startup of guest's with sourceless cdrom devices. - -Patch originall posted here: - - https://bugzilla.redhat.com/499569 - -but never sent upstream. - -Signed-off-by: Mark McLoughlin ---- - src/security_selinux.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/src/security_selinux.c b/src/security_selinux.c -index c2015a1..eb8d308 100644 ---- a/src/security_selinux.c -+++ b/src/security_selinux.c -@@ -342,6 +342,9 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn, - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - -+ if (!disk->src) -+ return 0; -+ - if (disk->shared) { - return SELinuxSetFilecon(conn, disk->src, default_image_context); - } else if (disk->readonly) { --- -1.6.2.5 - diff --git a/libvirt-0.6.4-shared-readonly-label.patch b/libvirt-0.6.4-shared-readonly-label.patch deleted file mode 100644 index 688c549..0000000 --- a/libvirt-0.6.4-shared-readonly-label.patch +++ /dev/null @@ -1,97 +0,0 @@ -From e700e17c3989d32e04ef98c63ac9b9414fefb366 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Fri, 3 Jul 2009 10:24:50 +0100 -Subject: [PATCH 1/3] Re-label shared and readonly images - -This patch was posted ages ago here: - - https://bugzilla.redhat.com/493692 - -But was never posted upstream AFAICT. - -Signed-off-by: Mark McLoughlin ---- - src/security_selinux.c | 27 +++++++++++++++++---------- - 1 files changed, 17 insertions(+), 10 deletions(-) - -diff --git a/src/security_selinux.c b/src/security_selinux.c -index ac317d7..db1c27d 100644 ---- a/src/security_selinux.c -+++ b/src/security_selinux.c -@@ -24,11 +24,12 @@ - #include "virterror_internal.h" - #include "util.h" - #include "memory.h" -- -+#include "logging.h" - - #define VIR_FROM_THIS VIR_FROM_SECURITY - - static char default_domain_context[1024]; -+static char default_content_context[1024]; - static char default_image_context[1024]; - #define SECURITY_SELINUX_VOID_DOI "0" - #define SECURITY_SELINUX_NAME "selinux" -@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn) - close(fd); - - ptr = strchrnul(default_image_context, '\n'); -- *ptr = '\0'; -- -+ if (*ptr == '\n') { -+ *ptr = '\0'; -+ strcpy(default_content_context, ptr+1); -+ ptr = strchrnul(default_content_context, '\n'); -+ if (*ptr == '\n') -+ *ptr = '\0'; -+ } - return 0; - } - -@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon) - { - char ebuf[1024]; - -+ VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon); -+ - if(setfilecon(path, tcon) < 0) { - virSecurityReportError(conn, VIR_ERR_ERROR, - _("%s: unable to set security context " -@@ -299,9 +307,6 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn, - char *newpath = NULL; - const char *path = disk->src; - -- if (disk->readonly || disk->shared) -- return 0; -- - if ((err = virFileResolveLink(path, &newpath)) < 0) { - virReportSystemError(conn, err, - _("cannot resolve symlink %s"), path); -@@ -328,8 +333,13 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn, - { - const virSecurityLabelDefPtr secdef = &vm->def->seclabel; - -- if (secdef->imagelabel) -+ if (disk->shared) { -+ return SELinuxSetFilecon(conn, disk->src, default_image_context); -+ } else if (disk->readonly) { -+ return SELinuxSetFilecon(conn, disk->src, default_content_context); -+ } else if (secdef->imagelabel) { - return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel); -+ } - - return 0; - } -@@ -403,9 +413,6 @@ SELinuxSetSecurityLabel(virConnectPtr conn, - - if (secdef->imagelabel) { - for (i = 0 ; i < vm->def->ndisks ; i++) { -- if (vm->def->disks[i]->readonly || -- vm->def->disks[i]->shared) continue; -- - if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0) - return -1; - } --- -1.6.2.5 - diff --git a/libvirt.spec b/libvirt.spec index 3c20452..9cfb3af 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -12,13 +12,15 @@ %define with_python 0%{!?_without_python:1} %define with_libvirtd 0%{!?_without_libvirtd:1} %define with_uml 0%{!?_without_uml:1} +%define with_one 0%{!?_without_one:1} %define with_network 0%{!?_without_network:1} %define with_storage_fs 0%{!?_without_storage_fs:1} %define with_storage_lvm 0%{!?_without_storage_lvm:1} %define with_storage_iscsi 0%{!?_without_storage_iscsi:1} %define with_storage_disk 0%{!?_without_storage_disk:1} %define with_numactl 0%{!?_without_numactl:1} - +# default to off +%define with_capng 0%{!?_without_capng:0} # Xen is available only on i386 x86_64 ia64 %ifnarch i386 i586 i686 x86_64 ia64 @@ -40,35 +42,31 @@ %define with_xen_proxy 0 %endif +%if 0%{?fedora} >= 12 +%define with_capng 0%{!?_without_capng:1} +%endif + # # If building on RHEL switch on the specific support # for the specific Xen version # %if 0%{?fedora} -%define with_rhel5 0 +%define with_rhel5 0 %else -%define with_rhel5 1 +%define with_rhel5 1 %define with_polkit 0 +%define with_one 0 %endif Summary: Library providing a simple API virtualization Name: libvirt -Version: 0.6.4 -Release: 4%{?dist}%{?extra_release} +Version: 0.6.5 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: libvirt-%{version}.tar.gz -# Handle shared/readonly image labelling (bug #493692) -Patch1: libvirt-0.6.4-shared-readonly-label.patch -# Don't unnecessarily try to change a file context (bug #507555) -Patch2: libvirt-0.6.4-do-not-unnecessarily-try-to-change-a-file-context.patch -# Don't try to label a disk with no path (e.g. empty cdrom) (bug #499569) -Patch3: libvirt-0.6.4-fix-nosource-label.patch -# Fix libvirtd crash with bad capabilities data (bug #505635) -Patch4 :libvirt-0.6.4-fix-libvirtd-crash-with-bad-capabilities-data.patch - # Temporary hack till PulseAudio autostart problems are sorted # out when SELinux enforcing (bz 486112) Patch200: libvirt-0.6.4-svirt-sound.patch @@ -128,6 +126,9 @@ Requires: libselinux %if %{with_xen} BuildRequires: xen-devel %endif +%if %{with_one} +BuildRequires: xmlrpc-c-devel >= 1.14.0 +%endif BuildRequires: libxml2-devel BuildRequires: xhtml1-dtds BuildRequires: readline-devel @@ -141,6 +142,9 @@ BuildRequires: avahi-devel BuildRequires: libselinux-devel BuildRequires: dnsmasq BuildRequires: bridge-utils +%if %{with_qemu} +BuildRequires: qemu +%endif %if %{with_sasl} BuildRequires: cyrus-sasl-devel %endif @@ -176,6 +180,10 @@ BuildRequires: parted-devel # For QEMU/LXC numa info BuildRequires: numactl-devel %endif +%if %{with_capng} +BuildRequires: capng-devel >= 0.5.0 +%endif + Obsoletes: libvir <= 0.2 Provides: libvir = %{version}-%{release} @@ -219,11 +227,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 - %patch200 -p0 mv NEWS NEWS.old @@ -274,6 +277,10 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS %define _without_uml --without-uml %endif +%if ! %{with_one} +%define _without_one --without-one +%endif + %if %{with_rhel5} %define _with_rhel5_api --with-rhel5-api %endif @@ -313,6 +320,7 @@ iconv -f ISO-8859-1 -t UTF-8 < NEWS.old > NEWS %{?_without_python} \ %{?_without_libvirtd} \ %{?_without_uml} \ + %{?_without_one} \ %{?_without_network} \ %{?_with_rhel5_api} \ %{?_without_storage_fs} \ @@ -553,6 +561,11 @@ fi %endif %changelog +* Fri Jul 3 2009 Daniel Veillard - 0.6.5-1.fc12 +- Upstream release of 0.6.5 +- OpenNebula driver +- many bug fixes + * Fri Jul 3 2009 Mark McLoughlin - 0.6.4-4.fc12 - Fix libvirtd crash with bad capabilities data (bug #505635) diff --git a/sources b/sources index 4bf0ae1..96e9088 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ 344a6913a94582ea3ab0ad75a9bfef22 libvirt-0.6.4.tar.gz +4117001afbb6fc13a9e48ad1531b2add libvirt-0.6.5.tar.gz