* Thu Nov 30 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.1.0-5

- kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955]
- kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955]
- Resolves: RHEL-955
  (Use allow-rpcs instead of block-rpcs in guest-agent.service)

qemu-ga.sysconfig

@@ -1,11 +1,19 @@
 # This is a systemd environment file, not a shell script.
 # It provides settings for "/lib/systemd/system/qemu-guest-agent.service".
 
-# Comma-separated blocked RPCs to disable, or empty list to enable all.
+# Guest agent command with comma-separated blocked RPCs to disable,
+# or empty list to enable all.
 #
 # You can get the list of RPC commands using "qemu-ga --block-rpcs='?'".
 # There should be no spaces between commas and commands in the block list.
-BLOCK_RPCS=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status
+# FILTER_RPC_ARGS="--block-rpcs=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status"
+
+# Guest agent command with comma-separated allowed RPCs to enable,
+# or empty list to disable all.
+#
+# You can get the list of RPC commands using "qemu-ga --allow-rpcs='?'".
+# There should be no spaces between commas and commands in the allow list.
+FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats"
 
 # Fsfreeze hook script specification.
 #

qemu-guest-agent.service

@@ -10,7 +10,7 @@ EnvironmentFile=/etc/sysconfig/qemu-ga
 ExecStart=/usr/bin/qemu-ga \
   --method=virtio-serial \
   --path=/dev/virtio-ports/org.qemu.guest_agent.0 \
-  --block-rpcs=${BLOCK_RPCS} \
+  ${FILTER_RPC_ARGS} \
   -F${FSFREEZE_HOOK_PATHNAME}
 Restart=always
 RestartSec=0

qemu-kvm.spec

@@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 8.1.0
-Release: 4%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 5%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -1286,6 +1286,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Thu Nov 30 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.1.0-5
+- kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955]
+- kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955]
+- Resolves: RHEL-955
+  (Use allow-rpcs instead of block-rpcs in guest-agent.service)
+
 * Mon Nov 13 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.1.0-4
 - kvm-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch [RHEL-2828]
 - kvm-Enable-igb-on-x86_64.patch [RHEL-1308]