From c11eb5441f629fc87f41207e107930723a9e1762 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 30 Nov 2023 23:55:09 -0500
Subject: [PATCH] * Thu Nov 30 2023 Miroslav Rezanina <mrezanin@redhat.com> -
 8.1.0-5

- kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955]
- kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955]
- Resolves: RHEL-955
  (Use allow-rpcs instead of block-rpcs in guest-agent.service)
---
 qemu-ga.sysconfig        | 12 ++++++++++--
 qemu-guest-agent.service |  2 +-
 qemu-kvm.spec            |  8 +++++++-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/qemu-ga.sysconfig b/qemu-ga.sysconfig
index a78b428..736b471 100644
--- a/qemu-ga.sysconfig
+++ b/qemu-ga.sysconfig
@@ -1,11 +1,19 @@
 # This is a systemd environment file, not a shell script.
 # It provides settings for "/lib/systemd/system/qemu-guest-agent.service".
 
-# Comma-separated blocked RPCs to disable, or empty list to enable all.
+# Guest agent command with comma-separated blocked RPCs to disable,
+# or empty list to enable all.
 #
 # You can get the list of RPC commands using "qemu-ga --block-rpcs='?'".
 # There should be no spaces between commas and commands in the block list.
-BLOCK_RPCS=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status
+# FILTER_RPC_ARGS="--block-rpcs=guest-file-open,guest-file-close,guest-file-read,guest-file-write,guest-file-seek,guest-file-flush,guest-exec,guest-exec-status"
+
+# Guest agent command with comma-separated allowed RPCs to enable,
+# or empty list to disable all.
+#
+# You can get the list of RPC commands using "qemu-ga --allow-rpcs='?'".
+# There should be no spaces between commas and commands in the allow list.
+FILTER_RPC_ARGS="--allow-rpcs=guest-sync-delimited,guest-sync,guest-ping,guest-get-time,guest-set-time,guest-info,guest-shutdown,guest-fsfreeze-status,guest-fsfreeze-freeze,guest-fsfreeze-freeze-list,guest-fsfreeze-thaw,guest-fstrim,guest-suspend-disk,guest-suspend-ram,guest-suspend-hybrid,guest-network-get-interfaces,guest-get-vcpus,guest-set-vcpus,guest-get-disks,guest-get-fsinfo,guest-set-user-password,guest-get-memory-blocks,guest-set-memory-blocks,guest-get-memory-block-info,guest-get-host-name,guest-get-users,guest-get-timezone,guest-get-osinfo,guest-get-devices,guest-ssh-get-authorized-keys,guest-ssh-add-authorized-keys,guest-ssh-remove-authorized-keys,guest-get-diskstats,guest-get-cpustats"
 
 # Fsfreeze hook script specification.
 #
diff --git a/qemu-guest-agent.service b/qemu-guest-agent.service
index 244da02..f74ebd0 100644
--- a/qemu-guest-agent.service
+++ b/qemu-guest-agent.service
@@ -10,7 +10,7 @@ EnvironmentFile=/etc/sysconfig/qemu-ga
 ExecStart=/usr/bin/qemu-ga \
   --method=virtio-serial \
   --path=/dev/virtio-ports/org.qemu.guest_agent.0 \
-  --block-rpcs=${BLOCK_RPCS} \
+  ${FILTER_RPC_ARGS} \
   -F${FSFREEZE_HOOK_PATHNAME}
 Restart=always
 RestartSec=0
diff --git a/qemu-kvm.spec b/qemu-kvm.spec
index 7ffee41..9a00fb8 100644
--- a/qemu-kvm.spec
+++ b/qemu-kvm.spec
@@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 8.1.0
-Release: 4%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 5%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -1286,6 +1286,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Thu Nov 30 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.1.0-5
+- kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955]
+- kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955]
+- Resolves: RHEL-955
+  (Use allow-rpcs instead of block-rpcs in guest-agent.service)
+
 * Mon Nov 13 2023 Miroslav Rezanina <mrezanin@redhat.com> - 8.1.0-4
 - kvm-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch [RHEL-2828]
 - kvm-Enable-igb-on-x86_64.patch [RHEL-1308]