rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Upstream release 0.10.2

Browse Source
This commit is contained in:
Daniel Veillard 2012-09-24 14:22:55 +08:00
parent b5548f62cb
commit f1867a5ecc
7 changed files with 49 additions and 809 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch
View File

@ -1,138 +0,0 @@
From db2aff6adaa405f0bc998c7bd3158fe43805ee60 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 20 Sep 2012 14:58:12 +0100
Subject: [PATCH 1/2] Make virSecurityDeviceLabelDefParseXML into generic
device <seclabel> parser.
This is just code motion, allowing us to reuse the same function to
parse the <seclabel> from character devices too.
However it also fixes a possible segfault in the original code if
VIR_ALLOC_N returns an error and the cleanup code (at the error:
label) tries to iterate over the unallocated array (thanks Michal
Privoznik for spotting this).
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
src/conf/domain_conf.c | 43 +++++++++++++++++++++++++------------------
1 file changed, 25 insertions(+), 18 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 947cc7a..26c2042 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3258,29 +3258,30 @@ error:
return -1;
}
+/* Parse the <seclabel> from a disk or character device. */
static int
-virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
+virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDefPtr **seclabels_rtn,
+ size_t *nseclabels_rtn,
virSecurityLabelDefPtr *vmSeclabels,
int nvmSeclabels, xmlXPathContextPtr ctxt)
{
+ virSecurityDeviceLabelDefPtr *seclabels;
+ size_t nseclabels = 0;
int n, i, j;
xmlNodePtr *list = NULL;
virSecurityLabelDefPtr vmDef = NULL;
char *model, *relabel, *label;
- if (def == NULL)
- return 0;
-
if ((n = virXPathNodeSet("./seclabel", ctxt, &list)) == 0)
return 0;
- def->nseclabels = n;
- if (VIR_ALLOC_N(def->seclabels, n) < 0) {
+ if (VIR_ALLOC_N(seclabels, n) < 0) {
virReportOOMError();
goto error;
}
+ nseclabels = n;
for (i = 0; i < n; i++) {
- if (VIR_ALLOC(def->seclabels[i]) < 0) {
+ if (VIR_ALLOC(seclabels[i]) < 0) {
virReportOOMError();
goto error;
}
@@ -3297,7 +3298,7 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
break;
}
}
- def->seclabels[i]->model = model;
+ seclabels[i]->model = model;
}
/* Can't use overrides if top-level doesn't allow relabeling. */
@@ -3311,9 +3312,9 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
relabel = virXMLPropString(list[i], "relabel");
if (relabel != NULL) {
if (STREQ(relabel, "yes")) {
- def->seclabels[i]->norelabel = false;
+ seclabels[i]->norelabel = false;
} else if (STREQ(relabel, "no")) {
- def->seclabels[i]->norelabel = true;
+ seclabels[i]->norelabel = true;
} else {
virReportError(VIR_ERR_XML_ERROR,
_("invalid security relabel value %s"),
@@ -3323,30 +3324,34 @@ virSecurityDeviceLabelDefParseXML(virDomainDiskDefPtr def,
}
VIR_FREE(relabel);
} else {
- def->seclabels[i]->norelabel = false;
+ seclabels[i]->norelabel = false;
}
ctxt->node = list[i];
label = virXPathStringLimit("string(./label)",
VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
- def->seclabels[i]->label = label;
+ seclabels[i]->label = label;
- if (label && def->seclabels[i]->norelabel) {
+ if (label && seclabels[i]->norelabel) {
virReportError(VIR_ERR_XML_ERROR,
_("Cannot specify a label if relabelling is "
"turned off. model=%s"),
- NULLSTR(def->seclabels[i]->model));
+ NULLSTR(seclabels[i]->model));
goto error;
}
}
VIR_FREE(list);
+
+ *nseclabels_rtn = nseclabels;
+ *seclabels_rtn = seclabels;
+
return 0;
error:
- for (i = 0; i < n; i++) {
- virSecurityDeviceLabelDefFree(def->seclabels[i]);
+ for (i = 0; i < nseclabels; i++) {
+ virSecurityDeviceLabelDefFree(seclabels[i]);
}
- VIR_FREE(def->seclabels);
+ VIR_FREE(seclabels);
VIR_FREE(list);
return -1;
}
@@ -3839,7 +3844,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
if (sourceNode) {
xmlNodePtr saved_node = ctxt->node;
ctxt->node = sourceNode;
- if (virSecurityDeviceLabelDefParseXML(def, vmSeclabels,
+ if (virSecurityDeviceLabelDefParseXML(&def->seclabels,
+ &def->nseclabels,
+ vmSeclabels,
nvmSeclabels,
ctxt) < 0)
goto error;
--
1.7.11.4

27
0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch
View File

@ -1,27 +0,0 @@
From 37865f1dead1fac2ee34af48f96d19d686296e04 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 13 Sep 2012 14:37:22 +0100
Subject: [PATCH] Use 'qemu-system-i386' as binary instead of 'qemu'.
---
src/qemu/qemu_capabilities.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index af3b0b2..179b3d2 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -244,8 +244,8 @@ static const struct qemu_feature_flags const arch_info_x86_64_flags [] = {
/* The archicture tables for supported QEMU archs */
static const struct qemu_arch_info const arch_info_hvm[] = {
- { "i686", 32, NULL, "qemu",
- "qemu-system-x86_64", arch_info_i686_flags, 4 },
+ { "i686", 32, NULL, "qemu-system-i386",
+ NULL, arch_info_i686_flags, 4 },
{ "x86_64", 64, NULL, "qemu-system-x86_64",
NULL, arch_info_x86_64_flags, 2 },
{ "arm", 32, NULL, "qemu-system-arm", NULL, NULL, 0 },
--
1.7.11.4

440
0002-Add-seclabel-to-character-devices.patch
View File

@ -1,440 +0,0 @@
From f8b08d0e961c7e10d87ee011ec7bf1f8fe7b1fbb Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 20 Sep 2012 14:16:17 +0100
Subject: [PATCH 2/2] Add <seclabel> to character devices.
This allows the user to control labelling of each character device
separately (the default is to inherit from the VM).
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
docs/formatdomain.html.in | 8 ++++
docs/schemas/domaincommon.rng | 3 ++
src/conf/domain_conf.c | 78 +++++++++++++++++++++++++++++++++--
src/conf/domain_conf.h | 6 +++
src/security/security_selinux.c | 90 +++++++++++++++++++++++++++++------------
5 files changed, 155 insertions(+), 30 deletions(-)
diff -ur libvirt-0.10.1.old/docs/formatdomain.html.in libvirt-0.10.1/docs/formatdomain.html.in
--- libvirt-0.10.1.old/docs/formatdomain.html.in 2012-08-31 11:01:18.000000000 +0100
+++ libvirt-0.10.1/docs/formatdomain.html.in 2012-09-21 18:46:30.795973766 +0100
@@ -3369,6 +3369,14 @@
</p>
<p>
+ The <code>source</code> element may contain an optional
+ <code>seclabel</code> to override the way that labelling
+ is done on the socket path. If this element is not present,
+ the <a href="#seclabel">security label is inherited from
+ the per-domain setting</a>.
+ </p>
+
+ <p>
Each character device element has an optional
sub-element <code>&lt;address&gt;</code> which can tie the
device to a
diff -ur libvirt-0.10.1.old/docs/schemas/domaincommon.rng libvirt-0.10.1/docs/schemas/domaincommon.rng
--- libvirt-0.10.1.old/docs/schemas/domaincommon.rng 2012-08-22 10:05:18.000000000 +0100
+++ libvirt-0.10.1/docs/schemas/domaincommon.rng 2012-09-21 18:46:30.802973900 +0100
@@ -2344,6 +2344,9 @@
<optional>
<attribute name="wiremode"/>
</optional>
+ <optional>
+ <ref name='devSeclabel'/>
+ </optional>
</element>
</zeroOrMore>
<optional>
diff -ur libvirt-0.10.1.old/src/conf/domain_conf.c libvirt-0.10.1/src/conf/domain_conf.c
--- libvirt-0.10.1.old/src/conf/domain_conf.c 2012-09-21 18:46:07.045533923 +0100
+++ libvirt-0.10.1/src/conf/domain_conf.c 2012-09-21 18:47:34.781159182 +0100
@@ -1257,6 +1257,8 @@
void virDomainChrDefFree(virDomainChrDefPtr def)
{
+ size_t i;
+
if (!def)
return;
@@ -1280,6 +1282,12 @@
virDomainChrSourceDefClear(&def->source);
virDomainDeviceInfoClear(&def->info);
+ if (def->seclabels) {
+ for (i = 0; i < def->nseclabels; i++)
+ virSecurityDeviceLabelDefFree(def->seclabels[i]);
+ VIR_FREE(def->seclabels);
+ }
+
VIR_FREE(def);
}
@@ -5264,7 +5272,11 @@
* <target>, which is used by <serial> but not <smartcard>). */
static int
virDomainChrSourceDefParseXML(virDomainChrSourceDefPtr def,
- xmlNodePtr cur, unsigned int flags)
+ xmlNodePtr cur, unsigned int flags,
+ virDomainChrDefPtr chr_def,
+ xmlXPathContextPtr ctxt,
+ virSecurityLabelDefPtr* vmSeclabels,
+ int nvmSeclabels)
{
char *bindHost = NULL;
char *bindService = NULL;
@@ -5319,6 +5331,21 @@
if (def->type == VIR_DOMAIN_CHR_TYPE_UDP)
VIR_FREE(mode);
}
+
+ /* Check for an optional seclabel override in <source/>. */
+ if (chr_def) {
+ xmlNodePtr saved_node = ctxt->node;
+ ctxt->node = cur;
+ if (virSecurityDeviceLabelDefParseXML(&chr_def->seclabels,
+ &chr_def->nseclabels,
+ vmSeclabels,
+ nvmSeclabels,
+ ctxt) < 0) {
+ ctxt->node = saved_node;
+ goto error;
+ }
+ ctxt->node = saved_node;
+ }
} else if (xmlStrEqual(cur->name, BAD_CAST "protocol")) {
if (protocol == NULL)
protocol = virXMLPropString(cur, "type");
@@ -5512,7 +5539,10 @@
static virDomainChrDefPtr
virDomainChrDefParseXML(virCapsPtr caps,
virDomainDefPtr vmdef,
+ xmlXPathContextPtr ctxt,
xmlNodePtr node,
+ virSecurityLabelDefPtr* vmSeclabels,
+ int nvmSeclabels,
unsigned int flags)
{
xmlNodePtr cur;
@@ -5543,7 +5573,9 @@
}
cur = node->children;
- remaining = virDomainChrSourceDefParseXML(&def->source, cur, flags);
+ remaining = virDomainChrSourceDefParseXML(&def->source, cur, flags,
+ def, ctxt,
+ vmSeclabels, nvmSeclabels);
if (remaining < 0)
goto error;
if (remaining) {
@@ -5680,7 +5712,8 @@
}
cur = node->children;
- if (virDomainChrSourceDefParseXML(&def->data.passthru, cur, flags) < 0)
+ if (virDomainChrSourceDefParseXML(&def->data.passthru, cur, flags,
+ NULL, NULL, NULL, 0) < 0)
goto error;
if (def->data.passthru.type == VIR_DOMAIN_CHR_TYPE_SPICEVMC) {
@@ -7161,7 +7194,8 @@
if (xmlStrEqual(cur->name, BAD_CAST "source")) {
int remaining;
- remaining = virDomainChrSourceDefParseXML(&def->source.chr, cur, flags);
+ remaining = virDomainChrSourceDefParseXML(&def->source.chr, cur, flags,
+ NULL, NULL, NULL, 0);
if (remaining != 0)
goto error;
}
@@ -8974,7 +9008,10 @@
for (i = 0 ; i < n ; i++) {
virDomainChrDefPtr chr = virDomainChrDefParseXML(caps,
def,
+ ctxt,
nodes[i],
+ def->seclabels,
+ def->nseclabels,
flags);
if (!chr)
goto error;
@@ -9001,7 +9038,10 @@
for (i = 0 ; i < n ; i++) {
virDomainChrDefPtr chr = virDomainChrDefParseXML(caps,
def,
+ ctxt,
nodes[i],
+ def->seclabels,
+ def->nseclabels,
flags);
if (!chr)
goto error;
@@ -9031,7 +9071,10 @@
bool create_stub = true;
virDomainChrDefPtr chr = virDomainChrDefParseXML(caps,
def,
+ ctxt,
nodes[i],
+ def->seclabels,
+ def->nseclabels,
flags);
if (!chr)
goto error;
@@ -9107,7 +9150,10 @@
for (i = 0 ; i < n ; i++) {
virDomainChrDefPtr chr = virDomainChrDefParseXML(caps,
def,
+ ctxt,
nodes[i],
+ def->seclabels,
+ def->nseclabels,
flags);
if (!chr)
goto error;
@@ -12188,6 +12234,7 @@
const char *targetType = virDomainChrTargetTypeToString(def->deviceType,
def->targetType);
bool tty_compat;
+ size_t n;
int ret = 0;
@@ -12267,6 +12314,14 @@
return -1;
}
+ /* Security label overrides, if any. */
+ if (def->seclabels && def->nseclabels > 0) {
+ virBufferAdjustIndent(buf, 2);
+ for (n = 0; n < def->nseclabels; n++)
+ virSecurityDeviceLabelDefFormat(buf, def->seclabels[n]);
+ virBufferAdjustIndent(buf, -2);
+ }
+
virBufferAsprintf(buf, " </%s>\n", elementName);
return ret;
@@ -15032,6 +15087,21 @@
{
int i;
+ if (def == NULL)
+ return NULL;
+
+ for (i = 0; i < def->nseclabels; i++) {
+ if (STREQ_NULLABLE(def->seclabels[i]->model, model))
+ return def->seclabels[i];
+ }
+ return NULL;
+}
+
+virSecurityDeviceLabelDefPtr
+virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model)
+{
+ int i;
+
if (def == NULL)
return NULL;
diff -ur libvirt-0.10.1.old/src/conf/domain_conf.h libvirt-0.10.1/src/conf/domain_conf.h
--- libvirt-0.10.1.old/src/conf/domain_conf.h 2012-08-31 13:14:44.000000000 +0100
+++ libvirt-0.10.1/src/conf/domain_conf.h 2012-09-21 18:46:30.832974475 +0100
@@ -953,6 +953,9 @@
virDomainChrSourceDef source;
virDomainDeviceInfo info;
+
+ size_t nseclabels;
+ virSecurityDeviceLabelDefPtr *seclabels;
};
enum virDomainSmartcardType {
@@ -2074,6 +2077,9 @@
virSecurityDeviceLabelDefPtr
virDomainDiskDefGetSecurityLabelDef(virDomainDiskDefPtr def, const char *model);
+virSecurityDeviceLabelDefPtr
+virDomainChrDefGetSecurityLabelDef(virDomainChrDefPtr def, const char *model);
+
virSecurityLabelDefPtr
virDomainDefAddSecurityLabelDef(virDomainDefPtr def, const char *model);
diff -ur libvirt-0.10.1.old/src/security/security_selinux.c libvirt-0.10.1/src/security/security_selinux.c
--- libvirt-0.10.1.old/src/security/security_selinux.c 2012-08-22 04:19:44.000000000 +0100
+++ libvirt-0.10.1/src/security/security_selinux.c 2012-09-21 18:46:30.834974513 +0100
@@ -1213,38 +1213,61 @@
static int
virSecuritySELinuxSetSecurityChardevLabel(virDomainDefPtr def,
- virDomainChrSourceDefPtr dev)
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr dev_source)
{
- virSecurityLabelDefPtr secdef;
+ virSecurityLabelDefPtr seclabel;
+ virSecurityDeviceLabelDefPtr chr_seclabel = NULL;
+ char *imagelabel = NULL;
char *in = NULL, *out = NULL;
int ret = -1;
- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
- if (secdef == NULL)
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (seclabel == NULL)
return -1;
- if (secdef->norelabel)
+ if (dev)
+ chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
+ SECURITY_SELINUX_NAME);
+
+ if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel))
return 0;
- switch (dev->type) {
+ if (chr_seclabel)
+ imagelabel = chr_seclabel->label;
+ if (!imagelabel)
+ imagelabel = seclabel->imagelabel;
+
+ switch (dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- ret = virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel);
+ ret = virSecuritySELinuxSetFilecon(dev_source->data.file.path,
+ imagelabel);
+ break;
+
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev_source->data.nix.listen) {
+ if (virSecuritySELinuxSetFilecon(dev_source->data.file.path,
+ imagelabel) < 0)
+ goto done;
+ }
+ ret = 0;
break;
case VIR_DOMAIN_CHR_TYPE_PIPE:
- if ((virAsprintf(&in, "%s.in", dev->data.file.path) < 0) ||
- (virAsprintf(&out, "%s.out", dev->data.file.path) < 0)) {
+ if ((virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0) ||
+ (virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0)) {
virReportOOMError();
goto done;
}
if (virFileExists(in) && virFileExists(out)) {
- if ((virSecuritySELinuxSetFilecon(in, secdef->imagelabel) < 0) ||
- (virSecuritySELinuxSetFilecon(out, secdef->imagelabel) < 0)) {
+ if ((virSecuritySELinuxSetFilecon(in, imagelabel) < 0) ||
+ (virSecuritySELinuxSetFilecon(out, imagelabel) < 0)) {
goto done;
}
- } else if (virSecuritySELinuxSetFilecon(dev->data.file.path, secdef->imagelabel) < 0) {
+ } else if (virSecuritySELinuxSetFilecon(dev_source->data.file.path,
+ imagelabel) < 0) {
goto done;
}
ret = 0;
@@ -1263,30 +1286,44 @@
static int
virSecuritySELinuxRestoreSecurityChardevLabel(virDomainDefPtr def,
- virDomainChrSourceDefPtr dev)
+ virDomainChrDefPtr dev,
+ virDomainChrSourceDefPtr dev_source)
{
- virSecurityLabelDefPtr secdef;
+ virSecurityLabelDefPtr seclabel;
+ virSecurityDeviceLabelDefPtr chr_seclabel = NULL;
char *in = NULL, *out = NULL;
int ret = -1;
- secdef = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
- if (secdef == NULL)
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
+ if (seclabel == NULL)
return -1;
- if (secdef->norelabel)
+ if (dev)
+ chr_seclabel = virDomainChrDefGetSecurityLabelDef(dev,
+ SECURITY_SELINUX_NAME);
+ if (seclabel->norelabel || (chr_seclabel && chr_seclabel->norelabel))
return 0;
- switch (dev->type) {
+ switch (dev_source->type) {
case VIR_DOMAIN_CHR_TYPE_DEV:
case VIR_DOMAIN_CHR_TYPE_FILE:
- if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0)
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0)
goto done;
ret = 0;
break;
+
+ case VIR_DOMAIN_CHR_TYPE_UNIX:
+ if (!dev_source->data.nix.listen) {
+ if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0)
+ goto done;
+ }
+ ret = 0;
+ break;
+
case VIR_DOMAIN_CHR_TYPE_PIPE:
- if ((virAsprintf(&out, "%s.out", dev->data.file.path) < 0) ||
- (virAsprintf(&in, "%s.in", dev->data.file.path) < 0)) {
+ if ((virAsprintf(&out, "%s.out", dev_source->data.file.path) < 0) ||
+ (virAsprintf(&in, "%s.in", dev_source->data.file.path) < 0)) {
virReportOOMError();
goto done;
}
@@ -1295,7 +1332,7 @@
(virSecuritySELinuxRestoreSecurityFileLabel(in) < 0)) {
goto done;
}
- } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev->data.file.path) < 0) {
+ } else if (virSecuritySELinuxRestoreSecurityFileLabel(dev_source->data.file.path) < 0) {
goto done;
}
ret = 0;
@@ -1323,7 +1360,8 @@
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->source);
+ return virSecuritySELinuxRestoreSecurityChardevLabel(def, dev,
+ &dev->source);
}
@@ -1345,7 +1383,7 @@
return virSecuritySELinuxRestoreSecurityFileLabel(database);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return virSecuritySELinuxRestoreSecurityChardevLabel(def, &dev->data.passthru);
+ return virSecuritySELinuxRestoreSecurityChardevLabel(def, NULL, &dev->data.passthru);
default:
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -1703,7 +1741,7 @@
dev->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL)
return 0;
- return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->source);
+ return virSecuritySELinuxSetSecurityChardevLabel(def, dev, &dev->source);
}
@@ -1727,7 +1765,7 @@
return virSecuritySELinuxSetFilecon(database, data->content_context);
case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
- return virSecuritySELinuxSetSecurityChardevLabel(def, &dev->data.passthru);
+ return virSecuritySELinuxSetSecurityChardevLabel(def, NULL, &dev->data.passthru);
default:
virReportError(VIR_ERR_INTERNAL_ERROR,

125
libvirt-dnsmasq-drop-filterwin2k.patch
View File

@ -1,125 +0,0 @@
commit f20b7dbe633acf7df9921027c6ca4f0b97918c8c
Author: Gene Czarcinski <gene@czarc.net>
Date: Thu Sep 6 12:08:22 2012 -0400
remove dnsmasq command line parameter "--filterwin2k"
This patch removed the "--filterwin2k" dnsmasq command line
parameter which was unnecessary for domain specification,
possibly blocked some usage, and was command line clutter.
Gene Czarcinski <gene@czarc.net>
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 53eebed..808c843 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -543,7 +543,7 @@ networkBuildDnsmasqArgv(virNetworkObjPtr network,
/* need to specify local even if no domain specified */
virCommandAddArgFormat(cmd, "--local=/%s/",
network->def->domain ? network->def->domain : "");
- virCommandAddArgList(cmd, "--domain-needed", "--filterwin2k", NULL);
+ virCommandAddArg(cmd, "--domain-needed");
if (pidfile)
virCommandAddArgPair(cmd, "--pid-file", pidfile);
diff --git a/tests/networkxml2argvdata/isolated-network.argv b/tests/networkxml2argvdata/isolated-network.argv
index 276f42a..048c72b 100644
--- a/tests/networkxml2argvdata/isolated-network.argv
+++ b/tests/networkxml2argvdata/isolated-network.argv
@@ -1,5 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo --dhcp-option=3 --no-resolv \
--listen-address 192.168.152.1 \
--dhcp-range 192.168.152.2,192.168.152.254 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-hosts.argv b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
index 8040e2a..03a0676 100644
--- a/tests/networkxml2argvdata/nat-network-dns-hosts.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-hosts.argv
@@ -1,4 +1,4 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
---local=/example.com/ --domain-needed --filterwin2k \
+--local=/example.com/ --domain-needed \
--conf-file= --except-interface lo --listen-address 192.168.122.1 \
--expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
index bb50fd6..a1e4200 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record-minimal.argv
@@ -1,7 +1,7 @@
@DNSMASQ@ \
--strict-order \
--bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo \
--srv-host=name.tcp.,,,, \
--listen-address 192.168.122.1 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
index 36498f2..8af38c4 100644
--- a/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-srv-record.argv
@@ -1,7 +1,7 @@
@DNSMASQ@ \
--strict-order \
--bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo \
--srv-host=name.tcp.test-domain-name,.,1024,10,10 \
--listen-address 192.168.122.1 \
diff --git a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
index 2a6c799..404b56a 100644
--- a/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
+++ b/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
@@ -1,5 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo --txt-record=example,example value \
--listen-address 192.168.122.1 --listen-address 192.168.123.1 \
--listen-address 2001:db8:ac10:fe01::1 \
diff --git a/tests/networkxml2argvdata/nat-network.argv b/tests/networkxml2argvdata/nat-network.argv
index 265b931..1dc8f73 100644
--- a/tests/networkxml2argvdata/nat-network.argv
+++ b/tests/networkxml2argvdata/nat-network.argv
@@ -1,5 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1 \
--listen-address 192.168.123.1 --listen-address 2001:db8:ac10:fe01::1 \
--listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
diff --git a/tests/networkxml2argvdata/netboot-network.argv b/tests/networkxml2argvdata/netboot-network.argv
index 4f998d5..5a85ec2 100644
--- a/tests/networkxml2argvdata/netboot-network.argv
+++ b/tests/networkxml2argvdata/netboot-network.argv
@@ -1,5 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
---local=/example.com/ --domain-needed --filterwin2k --conf-file= \
+--local=/example.com/ --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1 \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
diff --git a/tests/networkxml2argvdata/netboot-proxy-network.argv b/tests/networkxml2argvdata/netboot-proxy-network.argv
index 89319ef..36836b0 100644
--- a/tests/networkxml2argvdata/netboot-proxy-network.argv
+++ b/tests/networkxml2argvdata/netboot-proxy-network.argv
@@ -1,5 +1,5 @@
@DNSMASQ@ --strict-order --bind-interfaces --domain=example.com \
---local=/example.com/ --domain-needed --filterwin2k --conf-file= \
+--local=/example.com/ --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1 \
--dhcp-range 192.168.122.2,192.168.122.254 \
--dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
diff --git a/tests/networkxml2argvdata/routed-network.argv b/tests/networkxml2argvdata/routed-network.argv
index ac43991..77e802f 100644
--- a/tests/networkxml2argvdata/routed-network.argv
+++ b/tests/networkxml2argvdata/routed-network.argv
@@ -1,3 +1,3 @@
@DNSMASQ@ --strict-order --bind-interfaces \
---local=// --domain-needed --filterwin2k --conf-file= \
+--local=// --domain-needed --conf-file= \
--except-interface lo --listen-address 192.168.122.1\

52
libvirt-fix-unwanted-connection-closing.patch
View File

@ -1,52 +0,0 @@
commit 164c03d33bd9d58844921888560baf3f156a1f05
Author: Christophe Fergeau <cfergeau@redhat.com>
Date: Mon Sep 10 12:17:07 2012 +0200
Fix unwanted closing of libvirt client connection
e5a1bee07 introduced a regression in Boxes: when Boxes is left idle
(it's still doing some libvirt calls in the background), the
libvirt connection gets closed after a few minutes. What happens is
that this code in virNetClientIOHandleOutput gets triggered:
if (!thecall)
return -1; /* Shouldn't happen, but you never know... */
and after the changes in e5a1bee07, this causes the libvirt connection
to be closed.
Upon further investigation, what happens is that
virNetClientIOHandleOutput is called from gvir_event_handle_dispatch
in libvirt-glib, which is triggered because the client fd became
writable. However, between the times gvir_event_handle_dispatch
is called, and the time the client lock is grabbed and
virNetClientIOHandleOutput is called, another thread runs and
completes the current call. 'thecall' is then NULL when the first
thread gets to run virNetClientIOHandleOutput.
After describing this situation on IRC, danpb suggested this:
11:37 < danpb> In that case I think the correct thing would be to change
'return -1' above to 'return 0' since that's not actually an
error - its a rare, but expected event
which is what this patch is doing. I've tested it against master
libvirt, and I didn't get disconnected in ~10 minutes while this
happens in less than 5 minutes without this patch.
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 43a9814..727ed67 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -1205,7 +1205,10 @@ virNetClientIOHandleOutput(virNetClientPtr client)
thecall = thecall->next;
if (!thecall)
- return -1; /* Shouldn't happen, but you never know... */
+ return 0; /* This can happen if another thread raced with us and
+ * completed the call between the time this thread woke
+ * up from poll()ing and the time we locked the client
+ */
while (thecall) {
ssize_t ret = virNetClientIOWriteMessage(client, thecall);

74
libvirt.spec
View File

@ -70,6 +70,7 @@
%define with_parallels 0%{!?_without_parallels:1}
# Then the secondary host drivers, which run inside libvirtd
%define with_interface 0%{!?_without_interface:%{server_drivers}}
%define with_network 0%{!?_without_network:%{server_drivers}}
%define with_storage_fs 0%{!?_without_storage_fs:%{server_drivers}}
%define with_storage_lvm 0%{!?_without_storage_lvm:%{server_drivers}}
@ -207,6 +208,11 @@
%define with_hal 0%{!?_without_hal:%{server_drivers}}
%endif
# interface requires netcf
%if ! 0%{?with_netcf}
%define with_interface 0
%endif
# Enable yajl library for JSON mode with QEMU
%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6
%define with_yajl 0%{!?_without_yajl:%{server_drivers}}
@ -226,6 +232,7 @@
# Disable some drivers when building without libvirt daemon.
# The logic is the same as in configure.ac
%if ! %{with_libvirtd}
%define with_interface 0
%define with_network 0
%define with_qemu 0
%define with_lxc 0
@ -281,12 +288,6 @@
%define with_nodedev 0
%endif
%if %{with_netcf}
%define with_interface 1
%else
%define with_interface 0
%endif
%if %{with_storage_fs} || %{with_storage_mpath} || %{with_storage_iscsi} || %{with_storage_lvm} || %{with_storage_disk}
%define with_storage 1
%else
@ -314,8 +315,8 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 0.10.1
Release: 5%{?dist}%{?extra_release}
Version: 0.10.2
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -325,15 +326,6 @@ URL: http://libvirt.org/
%define mainturl stable_updates/
%endif
Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
# Drop unneeded dnsmasq --filterwin2k
Patch1: %{name}-dnsmasq-drop-filterwin2k.patch
# Fix unwanted connection closing, needed for boxes
Patch2: %{name}-fix-unwanted-connection-closing.patch
# Fix qemu -> qemu-system-i386 (RHBZ#857026).
Patch3: 0001-Use-qemu-system-i386-as-binary-instead-of-qemu.patch
# Upstream patches to label sockets for SELinux (RHBZ#853393).
Patch4: 0001-Make-virSecurityDeviceLabelDefParseXML-into-generic-.patch
Patch5: 0002-Add-seclabel-to-character-devices.patch
%if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release}
@ -1044,11 +1036,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
%if ! %{with_xen}
@ -1127,6 +1114,10 @@ of recent versions of Linux (and other OSes).
%define _with_rhel5_api --with-rhel5-api
%endif
%if ! %{with_interface}
%define _without_interface --without-interface
%endif
%if ! %{with_network}
%define _without_network --without-network
%endif
@ -1226,9 +1217,7 @@ of recent versions of Linux (and other OSes).
%define with_packager_version --with-packager-version="%{release}"
%if %{with_systemd}
# We use 'systemd+redhat', so if someone installs upstart or
# legacy init scripts, they can still start libvirtd, etc
%define init_scripts --with-init_script=systemd+redhat
%define init_scripts --with-init_script=systemd
%else
%define init_scripts --with-init_script=redhat
%endif
@ -1236,6 +1225,15 @@ of recent versions of Linux (and other OSes).
%if 0%{?enable_autotools}
autoreconf -if
%endif
%if %{with_selinux}
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%define with_selinux_mount --with-selinux-mount="/sys/fs/selinux"
%else
%define with_selinux_mount --with-selinux-mount="/selinux"
%endif
%endif
%configure %{?_without_xen} \
%{?_without_qemu} \
%{?_without_openvz} \
@ -1254,6 +1252,7 @@ autoreconf -if
%{?_without_hyperv} \
%{?_without_vmware} \
%{?_without_parallels} \
%{?_without_interface} \
%{?_without_network} \
%{?_with_rhel5_api} \
%{?_without_storage_fs} \
@ -1268,6 +1267,7 @@ autoreconf -if
%{?_without_capng} \
%{?_without_netcf} \
%{?_without_selinux} \
%{?_with_selinux_mount} \
%{?_without_hal} \
%{?_without_udev} \
%{?_without_yajl} \
@ -1356,6 +1356,8 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml
mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} \
$RPM_BUILD_ROOT%{_datadir}/doc/libvirt-docs-%{version}
sed -i -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/libvirt-guests
%clean
rm -fr %{buildroot}
@ -1565,9 +1567,10 @@ fi
%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
%{_sysconfdir}/rc.d/init.d/libvirtd
%if %{with_systemd}
%{_unitdir}/libvirtd.service
%else
%{_sysconfdir}/rc.d/init.d/libvirtd
%endif
%doc daemon/libvirtd.upstart
%config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
@ -1876,6 +1879,25 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sysctl.d/libvirtd
%endif
%changelog
* Mon Sep 24 2012 Daniel Veillard <veillard@redhat.com> - 0.10.2-1
- Upstream release 0.10.2
- network: define new API virNetworkUpdate
- add support for QEmu sandbox support
- blockjob: add virDomainBlockCommit
- New APIs to get/set Node memory parameters
- new API virConnectListAllSecrets
- new API virConnectListAllNWFilters
- new API virConnectListAllNodeDevices
- parallels: add support of containers to the driver
- new API virConnectListAllInterfaces
- new API virConnectListAllNetworks
- new API virStoragePoolListAllVolumes
- Add PMSUSPENDED life cycle event
- new API virStorageListAllStoragePools
- Add per-guest S3/S4 state configuration
- qemu: Support for Block Device IO Limits
- a lot of bug fixes, improvements and portability work
* Fri Sep 21 2012 Richard W.M. Jones <rjones@redhat.com> - 0.10.1-5
- Add (upstream) patches to label sockets for SELinux (RHBZ#853393).

2
sources
View File

@ -1 +1 @@
5f628e53437b0b0e78477904ba3310af libvirt-0.10.1.tar.gz
a5e50860d9da238ba270b528411c4a0d libvirt-0.10.2.tar.gz