.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,44 +1 @@
-/passt-7ce9fd165f4f0c85e13dcaf4ff97c53d34b4a51d.tar.xz
+SOURCES/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz
-/passt-e2cae8f1c3651b1237a3042b4ba6211155aa58f1.tar.xz
-/passt-d6f865a40a2b70e8b18983fe091b4761183eaac4.tar.xz
-/passt-8978f6552b8cfae28b9d842db99b01aefb465812.tar.xz
-/passt-06aa26fcf398f5d19ab46e42996190d7f95e837a.tar.xz
-/passt-b3f359167be0ca9a6fea2554b2e2545177181269.tar.xz
-/passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.xz
-/passt-f21204494064e28e9f0bb20f71a6071bead0d0e8.tar.xz
-/passt-4129764ecaebf05a33e22d8d95bb3d8deaa14c14.tar.xz
-/passt-ace074cf491013d3f5174e9cfea705db311a278b.tar.xz
-/passt-4663ccc89a7fcbf9d901a80730ee925fc7f64c59.tar.xz
-/passt-4ddbcb9c0c555838b123c018a9ebc9b7e14a87e5.tar.xz
-/passt-c538ee8d695de053dc9da8965c85997a79fb6cb2.tar.xz
-/passt-7c7625ddff10e10a7486622b25e3a66bfcdd6c8b.tar.xz
-/passt-1297ae2873a02b4d6dd7423e49f0970a38977b3a.tar.xz
-/passt-70c0765b49e19b76639908a7686d8f795ba3ed24.tar.xz
-/passt-dd2349661933c4e9756e524ae9465f38b53b7557.tar.xz
-/passt-1ee2f7cada9e6f739a00d39bb9821f1ce3493d92.tar.xz
-/passt-b10b983fbd00634e275083c37446a538dbff0dbe.tar.xz
-/passt-96f8d55c4f5093fa59c168361c0428b53b6d2d06.tar.xz
-/passt-429e1a7e71ad9020f0e53bc467986c55bf5c0e38.tar.xz
-/passt-32660cea04f6e7c353435061b876575539ac8cd9.tar.xz
-/passt-289301b39c40dfb9f48f54d9848fbc19a17523ba.tar.xz
-/passt-0af928eaa020c1062fdc91598dfdc533966e2afe.tar.xz
-/passt-a7e4bfb857cb5d0e111ab74b6ace47eea15d2078.tar.xz
-/passt-ee58f37db060535bee298bc98f61497eac37f152.tar.xz
-/passt-05627dc5127bee9f4df77351575572d6f4ce4c7e.tar.xz
-/passt-f851084c96e0a932e51c15ad9551e2cd85362147.tar.xz
-/passt-74e6f48038e64bbdfa5fa265db330f95ce68c182.tar.xz
-/passt-56d9f6d588306301aed332ca926da91a816bafd1.tar.xz
-/passt-5ec3634b07215337c2e69d88f9b1d74711897d7d.tar.xz
-/passt-4f1709db1b61c14729a6313d860323ec65772a37.tar.xz
-/passt-b86afe3559c0bd3d24bc6fed7c60466cf141224c.tar.xz
-/passt-f091893c1ffe1a531989a599737031089f6cfcb4.tar.xz
-/passt-72884484b00dbab548da056972e28ddb85518386.tar.xz
-/passt-765eb0bf1651d20ca319eeb8b41ff35f52f2a29c.tar.xz
-/passt-1ee2ecade3f41e2a3e51c1e580b08cba977a7c8d.tar.xz
-/passt-57a21d2df1467302dee71ee9d5683a8b96e6ce7f.tar.xz
-/passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz
-/passt-238c69f9af458e41dea5ad8c988dbf65b05b5172.tar.xz
-/passt-4f2c8e79130ef3d6132e34c49746e397745f9d73.tar.xz
-/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz
-/passt-32f6212551c5db3b7b3548e8483e5d73f07a35ac.tar.xz
-/passt-8ec134109eb136432a29bdf5a14f8b1fd4e46208.tar.xz

.passt.metadata

@@ -0,0 +1 @@
+6561fdc75b29dc6566bc1fb30b88d6846ef5e23b SOURCES/passt-a1e48a02ff3550eb7875a7df6726086e9b3a1213.tar.xz

0001-treewide-By-default-don-t-quit-source-after-migratio.patch

@@ -1,264 +0,0 @@
-From b0b5ce0a76cf7fec0b00405732fd94e0b34e8d84 Mon Sep 17 00:00:00 2001
-From: Stefano Brivio <sbrivio@redhat.com>
-Date: Thu, 17 Jul 2025 10:38:17 +0200
-Subject: [PATCH] treewide: By default, don't quit source after migration, keep
- sockets open
-
-We are hitting an issue in the KubeVirt integration where some data is
-still sent to the source instance even after migration is complete. As
-we exit, the kernel closes our sockets and resets connections. The
-resulting RST segments are sent to peers, effectively terminating
-connections that were meanwhile migrated.
-
-At the moment, this is not done intentionally, but in the future
-KubeVirt might enable OVN-Kubernetes features where source and
-destination nodes are explicitly getting mirrored traffic for a while,
-in order to decrease migration downtime.
-
-By default, don't quit after migration is completed on the source: the
-previous behaviour can be enabled with the new, but deprecated,
---migrate-exit option. After migration (as source), the -1 / --one-off
-option has no effect.
-
-Also, by default, keep migrated TCP sockets open (in repair mode) as
-long as we're running, and ignore events on any epoll descriptor
-representing data channels. The previous behaviour can be enabled with
-the new, equally deprecated, --migrate-no-linger option.
-
-By keeping sockets open, and not exiting, we prevent the kernel
-running on the source node to send out RST segments if further data
-reaches us.
-
-Reported-by: Nir Dothan <ndothan@redhat.com>
-Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-(cherry picked from commit a8782865c342eb2682cca292d5bf92b567344351)
----
- conf.c         | 22 ++++++++++++++++++++++
- flow.c         |  2 +-
- passt.1        | 29 +++++++++++++++++++++++++++++
- passt.h        |  4 ++++
- tcp.c          |  9 +++++++--
- tcp_conn.h     |  3 ++-
- test/lib/setup |  4 ++--
- vhost_user.c   |  9 +++++++--
- 8 files changed, 74 insertions(+), 8 deletions(-)
-
-diff --git a/conf.c b/conf.c
-index a6d7e22..1295d89 100644
---- a/conf.c
-+++ b/conf.c
-@@ -864,6 +864,14 @@ static void usage(const char *name, FILE *f, int status)
- 		FPRINTF(f,
- 			"  --repair-path PATH	path for passt-repair(1)\n"
- 			"    default: append '.repair' to UNIX domain path\n");
-+		FPRINTF(f,
-+			"  --migrate-exit	DEPRECATED:\n"
-+			"			source quits after migration\n"
-+			"    default: source keeps running after migration\n");
-+		FPRINTF(f,
-+			"  --migrate-no-linger	DEPRECATED:\n"
-+			"			close sockets on migration\n"
-+			"    default: keep sockets open, ignore events\n");
- 	}
- 
- 	FPRINTF(f,
-@@ -1468,6 +1476,8 @@ void conf(struct ctx *c, int argc, char **argv)
- 		{"socket-path",	required_argument,	NULL,		's' },
- 		{"fqdn",	required_argument,	NULL,		27 },
- 		{"repair-path",	required_argument,	NULL,		28 },
-+		{"migrate-exit", no_argument,		NULL,		29 },
-+		{"migrate-no-linger", no_argument,	NULL,		30 },
- 		{ 0 },
- 	};
- 	const char *optstring = "+dqfel:hs:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:";
-@@ -1683,6 +1693,18 @@ void conf(struct ctx *c, int argc, char **argv)
- 					   optarg))
- 				die("Invalid passt-repair path: %s", optarg);
- 
-+			break;
-+		case 29:
-+			if (c->mode != MODE_VU)
-+				die("--migrate-exit is for vhost-user mode only");
-+			c->migrate_exit = true;
-+
-+			break;
-+		case 30:
-+			if (c->mode != MODE_VU)
-+				die("--migrate-no-linger is for vhost-user mode only");
-+			c->migrate_no_linger = true;
-+
- 			break;
- 		case 'd':
- 			c->debug = 1;
-diff --git a/flow.c b/flow.c
-index 6a5c8aa..a4b65ea 100644
---- a/flow.c
-+++ b/flow.c
-@@ -1089,7 +1089,7 @@ int flow_migrate_source(struct ctx *c, const struct migrate_stage *stage,
- 	 * as EIO).
- 	 */
- 	foreach_established_tcp_flow(flow) {
--		rc = tcp_flow_migrate_source_ext(fd, &flow->tcp);
-+		rc = tcp_flow_migrate_source_ext(c, fd, &flow->tcp);
- 		if (rc) {
- 			flow_err(flow, "Can't send extended data: %s",
- 				 strerror_(-rc));
-diff --git a/passt.1 b/passt.1
-index 60066c2..cef98b2 100644
---- a/passt.1
-+++ b/passt.1
-@@ -439,6 +439,30 @@ Default, for \-\-vhost-user mode only, is to append \fI.repair\fR to the path
- chosen for the hypervisor UNIX domain socket. No socket is created if not in
- \-\-vhost-user mode.
- 
-+.TP
-+.BR \-\-migrate-exit (DEPRECATED)
-+Exit after a completed migration as source. By default, \fBpasst\fR keeps
-+running and the migrated guest can continue using its connection, or a new guest
-+can connect.
-+
-+Note that this configuration option is \fBdeprecated\fR and will be removed in a
-+future version. It is not expected to be of any use, and it simply reflects a
-+legacy behaviour. If you have any use for this, refer to \fBREPORTING BUGS\fR
-+below.
-+
-+.TP
-+.BR \-\-migrate-no-linger (DEPRECATED)
-+Close TCP sockets on the source instance once migration completes.
-+
-+By default, sockets are kept open, and events on data sockets are ignored, so
-+that any further message reaching sockets after the source migrated is silently
-+ignored, to avoid connection resets in case data is received after migration.
-+
-+Note that this configuration option is \fBdeprecated\fR and will be removed in a
-+future version. It is not expected to be of any use, and it simply reflects a
-+legacy behaviour. If you have any use for this, refer to \fBREPORTING BUGS\fR
-+below.
-+
- .TP
- .BR \-F ", " \-\-fd " " \fIFD
- Pass a pre-opened, connected socket to \fBpasst\fR. Usually the socket is opened
-@@ -454,6 +478,11 @@ is closed.
- Quit after handling a single client connection, that is, once the client closes
- the socket, or once we get a socket error.
- 
-+\fBNote\fR: this option has no effect after \fBpasst\fR completes a migration as
-+source, because, in that case, exiting would close sockets for active
-+connections, which would in turn cause connection resets if any further data is
-+received. See also the description of \fI\-\-migrate-no-linger\fR.
-+
- .TP
- .BR \-t ", " \-\-tcp-ports " " \fIspec
- Configure TCP port forwarding to guest. \fIspec\fR can be one of:
-diff --git a/passt.h b/passt.h
-index 8693794..4cfd6eb 100644
---- a/passt.h
-+++ b/passt.h
-@@ -241,6 +241,8 @@ struct ip6_ctx {
-  * @device_state_fd:	Device state migration channel
-  * @device_state_result: Device state migration result
-  * @migrate_target:	Are we the target, on the next migration request?
-+ * @migrate_no_linger:	Close sockets as we migrate them
-+ * @migrate_exit:	Exit (on source) once migration is complete
-  */
- struct ctx {
- 	enum passt_modes mode;
-@@ -318,6 +320,8 @@ struct ctx {
- 	int device_state_fd;
- 	int device_state_result;
- 	bool migrate_target;
-+	bool migrate_no_linger;
-+	bool migrate_exit;
- };
- 
- void proto_update_l2_buf(const unsigned char *eth_d,
-diff --git a/tcp.c b/tcp.c
-index 0ac298a..1b22f70 100644
---- a/tcp.c
-+++ b/tcp.c
-@@ -3284,12 +3284,14 @@ int tcp_flow_migrate_source(int fd, struct tcp_tap_conn *conn)
- 
- /**
-  * tcp_flow_migrate_source_ext() - Dump queues, close sockets, send final data
-+ * @c:		Execution context
-  * @fd:		Descriptor for state migration
-  * @conn:	Pointer to the TCP connection structure
-  *
-  * Return: 0 on success, negative (not -EIO) on failure, -EIO on sending failure
-  */
--int tcp_flow_migrate_source_ext(int fd, const struct tcp_tap_conn *conn)
-+int tcp_flow_migrate_source_ext(const struct ctx *c,
-+				int fd, const struct tcp_tap_conn *conn)
- {
- 	uint32_t peek_offset = conn->seq_to_tap - conn->seq_ack_from_tap;
- 	struct tcp_tap_transfer_ext *t = &migrate_ext[FLOW_IDX(conn)];
-@@ -3334,7 +3336,10 @@ int tcp_flow_migrate_source_ext(int fd, const struct tcp_tap_conn *conn)
- 	if ((rc = tcp_flow_dump_seq(conn, &t->seq_rcv)))
- 		goto fail;
- 
--	close(s);
-+	if (c->migrate_no_linger)
-+		close(s);
-+	else
-+		epoll_del(c, s);
- 
- 	/* Adjustments unrelated to FIN segments: sequence numbers we dumped are
- 	 * based on the end of the queues.
-diff --git a/tcp_conn.h b/tcp_conn.h
-index 35d813d..38b5c54 100644
---- a/tcp_conn.h
-+++ b/tcp_conn.h
-@@ -236,7 +236,8 @@ int tcp_flow_repair_on(struct ctx *c, const struct tcp_tap_conn *conn);
- int tcp_flow_repair_off(struct ctx *c, const struct tcp_tap_conn *conn);
- 
- int tcp_flow_migrate_source(int fd, struct tcp_tap_conn *conn);
--int tcp_flow_migrate_source_ext(int fd, const struct tcp_tap_conn *conn);
-+int tcp_flow_migrate_source_ext(const struct ctx *c, int fd,
-+				const struct tcp_tap_conn *conn);
- 
- int tcp_flow_migrate_target(struct ctx *c, int fd);
- int tcp_flow_migrate_target_ext(struct ctx *c, struct tcp_tap_conn *conn, int fd);
-diff --git a/test/lib/setup b/test/lib/setup
-index 575bc21..5994598 100755
---- a/test/lib/setup
-+++ b/test/lib/setup
-@@ -350,7 +350,7 @@ setup_migrate() {
- 
- 	sleep 1
- 
--	__opts="--vhost-user"
-+	__opts="--vhost-user --migrate-exit --migrate-no-linger"
- 	[ ${PCAP} -eq 1 ] && __opts="${__opts} -p ${LOGDIR}/passt_1.pcap"
- 	[ ${DEBUG} -eq 1 ] && __opts="${__opts} -d"
- 	[ ${TRACE} -eq 1 ] && __opts="${__opts} --trace"
-@@ -360,7 +360,7 @@ setup_migrate() {
- 
- 	context_run_bg passt_repair_1 "./passt-repair ${STATESETUP}/passt_1.socket.repair"
- 
--	__opts="--vhost-user"
-+	__opts="--vhost-user --migrate-exit --migrate-no-linger"
- 	[ ${PCAP} -eq 1 ] && __opts="${__opts} -p ${LOGDIR}/passt_2.pcap"
- 	[ ${DEBUG} -eq 1 ] && __opts="${__opts} -d"
- 	[ ${TRACE} -eq 1 ] && __opts="${__opts} --trace"
-diff --git a/vhost_user.c b/vhost_user.c
-index 105f77a..c4d3a52 100644
---- a/vhost_user.c
-+++ b/vhost_user.c
-@@ -1208,7 +1208,12 @@ void vu_control_handler(struct vu_dev *vdev, int fd, uint32_t events)
- 	if (msg.hdr.request == VHOST_USER_CHECK_DEVICE_STATE &&
- 	    vdev->context->device_state_result == 0 &&
- 	    !vdev->context->migrate_target) {
--		info("Migration complete, exiting");
--		_exit(EXIT_SUCCESS);
-+		if (vdev->context->migrate_exit) {
-+			info("Migration complete, exiting");
-+			_exit(EXIT_SUCCESS);
-+		}
-+
-+		info("Migration complete");
-+		vdev->context->one_off = false;
- 	}
- }
--- 
-2.47.1
-

README.md

@@ -1,3 +0,0 @@
-# passt
-
-The passt package

SOURCES/0001-selinux-Drop-user_namespace-create-allow-rules.patch

@@ -0,0 +1,51 @@
+From 6977619743bbc602a865f79562b59a80921d6063 Mon Sep 17 00:00:00 2001
+From: Stefano Brivio <sbrivio@redhat.com>
+Date: Mon, 21 Aug 2023 17:52:28 +0200
+Subject: [PATCH] selinux: Drop user_namespace create allow rules
+
+Those are incompatible with current el9 kernels. I introduced them
+upstream with commit 62059058cf24 ("selinux: Fix user namespace
+creation after breaking kernel change"), in turn as a result of
+kernel commit ed5d44d42c95 ("selinux: Implement userns_create hook"),
+but on current el9 kernels (which lack the hook) they result in
+failures such as:
+
+  Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/passt/cil:103
+  Failed to resolve AST
+  /usr/sbin/semodule:  Failed!
+  Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/200/pasta/cil:104
+  Failed to resolve AST
+  /usr/sbin/semodule:  Failed!
+
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+---
+ contrib/selinux/passt.te | 1 -
+ contrib/selinux/pasta.te | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/contrib/selinux/passt.te b/contrib/selinux/passt.te
+index c6cea34..131fadc 100644
+--- a/contrib/selinux/passt.te
++++ b/contrib/selinux/passt.te
+@@ -92,7 +92,6 @@ allow syslogd_t self:cap_userns sys_ptrace;
+ allow passt_t self:process setcap;
+ allow passt_t self:capability { sys_tty_config setpcap net_bind_service setuid setgid};
+ allow passt_t self:cap_userns { setpcap sys_admin sys_ptrace };
+-allow passt_t self:user_namespace create;
+ 
+ auth_read_passwd(passt_t)
+ 
+diff --git a/contrib/selinux/pasta.te b/contrib/selinux/pasta.te
+index 69be081..892edae 100644
+--- a/contrib/selinux/pasta.te
++++ b/contrib/selinux/pasta.te
+@@ -110,7 +110,6 @@ init_daemon_domain(pasta_t, pasta_exec_t)
+ 
+ allow pasta_t self:capability { setpcap net_bind_service sys_tty_config dac_read_search net_admin sys_resource setuid setgid };
+ allow pasta_t self:cap_userns { setpcap sys_admin sys_ptrace net_admin net_bind_service };
+-allow pasta_t self:user_namespace create;
+ 
+ auth_read_passwd(pasta_t)
+ 
+-- 
+2.39.2

SPECS/passt.spec

@@ -7,19 +7,19 @@
 # Copyright (c) 2022 Red Hat GmbH
 # Author: Stefano Brivio <sbrivio@redhat.com>
 
-%global git_hash 8ec134109eb136432a29bdf5a14f8b1fd4e46208
+%global git_hash a1e48a02ff3550eb7875a7df6726086e9b3a1213
 %global selinuxtype targeted
 
 Name:		passt
-Version:	0^20250512.g8ec1341
+Version:	0^20250217.ga1e48a0
-Release:	2%{?dist}
+Release:	1%{?dist}
 Summary:	User-mode networking daemons for virtual machines and namespaces
 License:	GPL-2.0-or-later AND BSD-3-Clause
 Group:		System Environment/Daemons
 URL:		https://passt.top/
 Source:		https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
 
-Patch1:		0001-treewide-By-default-don-t-quit-source-after-migratio.patch
+Patch1:		0001-selinux-Drop-user_namespace-create-allow-rules.patch
 
 BuildRequires:	gcc, make, git, checkpolicy, selinux-policy-devel
 Requires:	(%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
@@ -132,141 +132,92 @@ fi
 %{_datadir}/selinux/packages/%{selinuxtype}/passt-repair.pp
 
 %changelog
-* Tue Jul 29 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250512.g8ec1341-2
-- Resolves: RHEL-106425
-
-* Tue May 13 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250512.g8ec1341-1
-- Resolves: RHEL-84285
-
-* Thu Mar 20 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250320.g32f6212-1
-- Resolves: RHEL-84285
-
 * Mon Feb 17 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250217.ga1e48a0-1
-- Resolves: RHEL-79788
+- Resolves: RHEL-79787
 
 * Wed Jan 22 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-3
-- Resolves: RHEL-75657
+- Resolves: RHEL-75654
 
 * Tue Jan 21 2025 Stefano Brivio <sbrivio@redhat.com> - 0^20250121.g4f2c8e7-1
-- Resolves: RHEL-75657
+- Resolves: RHEL-75654
 
 * Thu Nov 21 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20241121.g238c69f-1
-- Resolves: RHEL-67556
+- Resolves: RHEL-65502
-
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0^20240806.gee36266-3
-- Bump release for October 2024 mass rebuild:
-  Resolves: RHEL-64018
 
 * Wed Aug 14 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-2
-- Resolves: RHEL-54269
+- Resolves: RHEL-54268
 
 * Wed Aug  7 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806.gee36266-1
-- Resolves: RHEL-53190
+- Resolves: RHEL-53189
 
 * Fri Aug  2 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240726.g57a21d2-1
-- Resolves: RHEL-52639
+- Resolves: RHEL-52638
 
 * Mon Jun 24 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240624.g1ee2eca-1
-- Resolves: RHEL-44838
+- Resolves: RHEL-44837
-
-* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0^20240523.g765eb0b-2
-- Bump release for June 2024 mass rebuild
-
-* Thu May 23 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240523.g765eb0b-1
-- Resolves: RHEL-36045
 
 * Wed May 22 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240510.g7288448-1
 - Resolves: RHEL-37647
 
-* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0^20231230.gf091893-3
+* Fri Dec 15 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- Resolves: RHEL-19590
 
-* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0^20231230.gf091893-2
+* Tue Aug 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+- Switch to copies instead of links for pasta: previous workaround unreliable
+- Resolves: RHELPLAN-155811
 
-* Sat Dec 30 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231230.gf091893-1
+* Tue Aug 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-3
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_12_04.b86afe3..2023_12_30.f091893
+- Explicit restorecon in scriptlet as rpm(8) mix up contexts with hard links
+- Resolves: RHELPLAN-155811
 
-* Mon Dec  4 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
+* Mon Aug 21 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-2
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_19.4f1709d..2023_12_04.b86afe3
+- Drop user_namespace create allow rule, incompatible with current el9 kernel
+- Resolves: RHELPLAN-155811
 
-* Sun Nov 19 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231119.g4f1709d-1
+* Sat Aug 19 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_10.5ec3634..2023_11_19.4f1709d
+- Rebase from Fedora 39
+- Resolves: RHELPLAN-155811
 
-* Fri Nov 10 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231110.g5ec3634-1
+* Sun Jun 11 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-4
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_11_07.74e6f48..2023_11_10.5ec3634
+- Drop (pointless) patches 20, 21, 22, actually apply changes to the spec file!
+- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
+- Don't install useless SELinux interface file for pasta (rhbz#2183106)
 
-* Tue Nov  7 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231107.g56d9f6d-1
+* Fri Apr 28 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-3
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_10_04.f851084..2023_11_07.56d9f6d
+- Refresh SELinux labels in scriptlets, require -selinux package (rhbz#2183089)
-- SELinux: allow passt_t to use unconfined_t UNIX domain sockets for
+- Don't install useless SELinux interface file for pasta (rhbz#2183106)
-  --fd option (https://bugzilla.redhat.com/show_bug.cgi?id=2247221)
 
-* Wed Oct  4 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231004.gf851084-1
+* Thu Mar 16 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-2
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_09_08.05627dc..2023_10_04.f851084
+- udp: Actually use host resolver to forward DNS queries (rhbz#2177075)
+- conf: Split add_dns{4,6}() out of get_dns() (rhbz#2177075)
+- conf, udp: Allow any loopback address to be used as resolver (rhbz#2177075)
+- tcp, tcp_splice: Get rid of false positive CWE-394 Coverity warning from fls() (rhbz#2177084)
+- tcp: Avoid false (but convoluted) positive Coverity CWE-476 warning (rhbz#2177084)
+- tcp: Avoid (theoretical) resource leak (CWE-772) Coverity warning (rhbz#2177084)
+- Fix definitions of SOCKET_MAX, TCP_MAX_CONNS (rhbz#2177084)
+- doc/demo: Fix and suppress ShellCheck warnings (rhbz#2177084)
+- contrib/selinux: Drop duplicate init_daemon_domain() rule (rhbz#2176813)
+- contrib/selinux: Let passt write to stdout and stderr when it starts (rhbz#2176813)
+- contrib/selinux: Allow binding and connecting to all UDP and TCP ports (rhbz#2176813)
+- contrib/selinux: Let interface users set paths for log, PID, socket files (rhbz#2176813)
+- contrib/selinux: Drop "example" from headers: this is the actual policy (rhbz#2176813)
+- contrib/selinux: Drop unused passt_read_data() interface (rhbz#2176813)
+- contrib/selinux: Split interfaces into smaller bits (rhbz#2176813)
+- fedora: Install SELinux interface files to shared include directory (rhbz#2176813)
+- tcp, udp, util: Pass socket creation errors all the way up (rhbz#2177080)
+- tcp, udp: Fix partial success return codes in {tcp,udp}_sock_init() (rhbz#2177080)
+- conf: Terminate on EMFILE or ENFILE on sockets for port mapping (rhbz#2177080)
+- tcp: Clamp MSS value when queueing data to tap, also for pasta (rhbz#2177083)
+- Fix up SELinux labels on install/uninstall, require matching -selinux package (rhbz#2176813)
+- Resolves: rhbz#2177075 rhbz#2177084 rhbz#2177080 rhbz#2177083 rhbz#2176813
 
-* Fri Sep  8 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230908.g05627dc-1
+* Wed Feb 22 2023 Camilla Conte <cconte@redhat.com> - 0^20230222.g4ddbcb9-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_09_07.ee58f37..2023_09_08.05627dc
+- Import from fedora to CentOS/RHEL
+- Resolves: rhbz#2172244
 
-* Thu Sep  7 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230907.gee58f37-1
+* Wed Nov 16 2022 Miroslav Rezanina <mrezanin@redhat.com> - 0^20221110.g4129764-1
-- Replace pasta hard links by separate builds
+- Import from fedora to CentOS/RHEL
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_08_23.a7e4bfb..2023_09_07.ee58f37
+- Resolves: rhbz#2131015
-
-* Wed Aug 23 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230823.ga7e4bfb-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_08_18.0af928e..2023_08_23.a7e4bfb
-
-* Fri Aug 18 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230818.g0af928e-1
-- Install pasta as hard link to ensure SELinux file context match
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_27.289301b..2023_08_18.0af928e
-
-* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0^20230627.g289301b-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Jun 27 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230627.g289301b-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_25.32660ce..2023_06_27.289301b
-
-* Sun Jun 25 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230625.g32660ce-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_06_03.429e1a7..2023_06_25.32660ce
-
-* Sat Jun  3 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230603.g429e1a7-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_05_09.96f8d55..2023_06_03.429e1a7
-
-* Tue May  9 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230509.g96f8d55-1
-- Relicense to GPL 2.0, or any later version
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_29.b10b983..2023_05_09.96f8d55
-
-* Wed Mar 29 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230329.gb10b983-1
-- Adjust path for SELinux policy and interface file to latest guidelines
-- Don't install useless SELinux interface file for pasta
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_21.1ee2f7c..2023_03_29.b10b983
-
-* Tue Mar 21 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230321.g1ee2f7c-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_17.dd23496..2023_03_21.1ee2f7c
-
-* Fri Mar 17 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230317.gdd23496-1
-- Refresh SELinux labels in scriptlets, require -selinux package
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_10.70c0765..2023_03_17.dd23496
-
-* Fri Mar 10 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230310.g70c0765-1
-- Install SELinux interface files to shared include directory
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_03_09.7c7625d..2023_03_10.70c0765
-
-* Thu Mar  9 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230309.g7c7625d-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_27.c538ee8..2023_03_09.7c7625d
-
-* Mon Feb 27 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230227.gc538ee8-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_22.4ddbcb9..2023_02_27.c538ee8
-
-* Wed Feb 22 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230222.g4ddbcb9-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2023_02_16.4663ccc..2023_02_22.4ddbcb9
-
-* Thu Feb 16 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20230216.g4663ccc-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_16.ace074c..2023_02_16.4663ccc
-
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0^20221116.gace074c-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Wed Nov 16 2022 Stefano Brivio <sbrivio@redhat.com> - 0^20221116.gace074c-1
-- Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_10.4129764..2022_11_16.ace074c
 
 * Thu Nov 10 2022 Stefano Brivio <sbrivio@redhat.com> - 0^20221110.g4129764-1
 - Upstream changes: https://passt.top/passt/log/?qt=range&q=2022_11_04.e308018..2022_11_10.4129764

gating.yaml

@@ -1,8 +0,0 @@
-# recipients: kvmqe-ci, yfu, lkotek, leiyang
---- !Policy
-product_versions:
-  - rhel-10
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: kvm-ci.passt.x86_64.brew-build.gating.tier1.functional}
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

sources

@@ -1 +0,0 @@
-SHA512 (passt-8ec134109eb136432a29bdf5a14f8b1fd4e46208.tar.xz) = 3a63f3f62aae06ae0da2293808223f539bca1a030131c50499d5de2daa96faf887fd486b6aa71d627b5ede6de6f5310876150983a3e77fbaf9926e69af56bdab

tier1-gating.fmf

@@ -1,10 +0,0 @@
-summary: Internal tests plan
-plan:
-  import:
-      url: https://gitlab.cee.redhat.com/libvirt-auto/libvirt-tmt-test.git
-      ref: master
-      name: /libvirt_tmt_test/plans/passt
-adjust:
-    enabled: false
-    when: distro == centos-stream or distro == fedora
-