diff --git a/kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch b/kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch new file mode 100644 index 0000000..967adc1 --- /dev/null +++ b/kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch @@ -0,0 +1,40 @@ +From 97e10c2ccc8dc29019d6d22de1d23c55fea0f6c4 Mon Sep 17 00:00:00 2001 +From: Dehan Meng +Date: Wed, 21 Aug 2024 14:55:01 +0800 +Subject: [PATCH] qemu-guest-agent: Update the logfile path of + qga-fsfreeze-hook.log + +RH-Author: 6-dehan +RH-MergeRequest: 265: qemu-guest-agent: Update the logfile path of qga-fsfreeze-hook.log +RH-Jira: RHEL-52250 +RH-Acked-by: Konstantin Kostiuk +RH-Acked-by: Miroslav Rezanina +RH-Commit: [1/1] 7c5cfb882dbc277becb7daa2c5d6b8eff3d601b2 (6-dehan/src_centosupstream_qemu-kvm) + +selinux context 'system_u:object_r:virt_qemu_ga_log_t:s0', it +should be changed to '/var/log/qemu-ga/qga-fsfreeze-hook.log'. And +it's worth to mention that this is RHEL-only change for matching +existing SELinux boolean and policy. + +Jira: https://issues.redhat.com/browse/RHEL-52250 +Signed-off-by: Dehan Meng +--- + scripts/qemu-guest-agent/fsfreeze-hook | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/qemu-guest-agent/fsfreeze-hook b/scripts/qemu-guest-agent/fsfreeze-hook +index e9b84ec028..70536ba3e3 100755 +--- a/scripts/qemu-guest-agent/fsfreeze-hook ++++ b/scripts/qemu-guest-agent/fsfreeze-hook +@@ -7,7 +7,7 @@ + # "freeze" argument before the filesystem is frozen. And for fsfreeze-thaw + # request, it is issued with "thaw" argument after filesystem is thawed. + +-LOGFILE=/var/log/qga-fsfreeze-hook.log ++LOGFILE=/var/log/qemu-ga/qga-fsfreeze-hook.log + FSFREEZE_D=$(dirname -- "$(realpath $0)")/fsfreeze-hook.d + + # Check whether file $1 is a backup or rpm-generated file and should be ignored +-- +2.39.3 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 5159c7b..723e782 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 9.0.0 -Release: 8%{?rcrel}%{?dist}%{?cc_suffix} +Release: 9%{?rcrel}%{?dist}%{?cc_suffix} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch 15 used for RHEL 8 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5) @@ -428,6 +428,8 @@ Patch134: kvm-nbd-server-CVE-2024-7409-Cap-default-max-connections.patch Patch135: kvm-nbd-server-CVE-2024-7409-Drop-non-negotiating-client.patch # For RHEL-52617 - CVE-2024-7409 qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-9.5] Patch136: kvm-nbd-server-CVE-2024-7409-Close-stray-clients-at-serv.patch +# For RHEL-52250 - fsfreeze hooks break on the systems first restorecon +Patch137: kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch %if %{have_clang} BuildRequires: clang @@ -1494,6 +1496,11 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %endif %changelog +* Mon Aug 26 2024 Miroslav Rezanina - 9.0.0-9 +- kvm-qemu-guest-agent-Update-the-logfile-path-of-qga-fsfr.patch [RHEL-52250] +- Resolves: RHEL-52250 + (fsfreeze hooks break on the systems first restorecon) + * Wed Aug 14 2024 Miroslav Rezanina - 9.0.0-8 - kvm-introduce-pc_rhel_9_5_compat.patch [RHEL-39544] - kvm-target-i386-add-guest-phys-bits-cpu-property.patch [RHEL-39544]