Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libvirt for openSUSE:Factory checked
in at 2023-02-09 16:22:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvirt (Old)
and /work/SRC/openSUSE:Factory/.libvirt.new.4462 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt"
Thu Feb 9 16:22:17 2023 rev:368 rq:1063894 version:9.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2023-01-25
17:50:19.238351380 +0100
+++ /work/SRC/openSUSE:Factory/.libvirt.new.4462/libvirt.changes
2023-02-09 16:22:30.730498202 +0100
@@ -1,0 +2,9 @@
+Wed Feb 8 18:01:55 UTC 2023 - James Fehlig <jfeh...@suse.com>
+
+- qemu: Fix umount of /dev in VM private namespace
+ c3f16cea-qemu-cleanup-label-on-umount-failure.patch,
+ 697c16e3-qemu_process-better-debug-message.patch,
+ 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch
+ boo#1207889
+
+-------------------------------------------------------------------
New:
----
5155ab4b-qemu_namespace-nested-mounts-when-umount.patch
697c16e3-qemu_process-better-debug-message.patch
c3f16cea-qemu-cleanup-label-on-umount-failure.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.eIUeUx/_old 2023-02-09 16:22:31.382501561 +0100
+++ /var/tmp/diff_new_pack.eIUeUx/_new 2023-02-09 16:22:31.386501581 +0100
@@ -306,6 +306,9 @@
# Upstream patches
Patch0: ef482951-apparmor-Allow-umount-dev.patch
Patch1: d6a8b9ee-qemu-Fix-managed-no-when-creating-ethdev.patch
+Patch2: c3f16cea-qemu-cleanup-label-on-umount-failure.patch
+Patch3: 697c16e3-qemu_process-better-debug-message.patch
+Patch4: 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
++++++ 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch ++++++
>From 927ddc0ec04e6a838fa807df4546e14f60927949 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mpriv...@redhat.com>
Date: Tue, 7 Feb 2023 15:06:32 +0100
Subject: [PATCH 3/3] qemu_namespace: Deal with nested mounts when umount()-ing
/dev
In one of recent commits (v9.0.0-rc1~106) I've made our QEMU
namespace code umount the original /dev. One of the reasons was
enhanced security, because previously we just mounted a tmpfs
over the original /dev. Thus a malicious QEMU could just
umount("/dev") and it would get to the original /dev with all
nodes.
Now, on some systems this introduced a regression:
failed to umount devfs on /dev: Device or resource busy
But how this could be? We've moved all file systems mounted under
/dev to a temporary location. Or have we? As it turns out, not
quite. If there are two file systems mounted on the same target,
e.g. like this:
mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/
then only the top most (i.e. the last one) is moved. See
qemuDomainUnshareNamespace() for more info.
Now, we could enhance our code to deal with these "doubled" mount
points. Or, since it is the top most file system that is
accessible anyways (and this one is preserved), we can
umount("/dev") in a recursive fashion.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
Fixes: 379c0ce4bfed8733dfbde557c359eecc5474ce38
Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
Reviewed-by: Jim Fehlig <jfeh...@suse.com>
(cherry picked from commit 5155ab4b2a704285505dfea6ffee8b980fdaa29e)
---
src/qemu/qemu_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvirt-9.0.0/src/qemu/qemu_namespace.c
===================================================================
--- libvirt-9.0.0.orig/src/qemu/qemu_namespace.c
+++ libvirt-9.0.0/src/qemu/qemu_namespace.c
@@ -777,7 +777,7 @@ qemuDomainUnshareNamespace(virQEMUDriver
}
#if defined(__linux__)
- if (umount("/dev") < 0) {
+ if (umount2("/dev", MNT_DETACH) < 0) {
virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
goto cleanup;
}
++++++ 697c16e3-qemu_process-better-debug-message.patch ++++++
>From dabff45cbba94d6dedf7319ba3f225d4bebef010 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mpriv...@redhat.com>
Date: Tue, 7 Feb 2023 10:34:40 +0100
Subject: [PATCH 2/3] qemu_process: Produce better debug message wrt domain
namespaces
When going through debug log of a domain startup process, one can
meet the following line:
debug : qemuProcessLaunch:7668 : Building mount namespace
But this is in fact wrong. Firstly, domain namespaces are just
enabled in domain's privateData. Secondly, the debug message says
nothing about actual state of namespace - whether it was enabled
or not.
Therefore, move the debug printing into
qemuProcessEnableDomainNamespaces() and tweak it so that the
actual value is reflected.
Signed-off-by: Michal Privoznik <mpriv...@redhat.com>
Reviewed-by: Jim Fehlig <jfeh...@suse.com>
(cherry picked from commit 697c16e39ae9a9e18ce7cad0729bf2293b12a307)
---
src/qemu/qemu_process.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: libvirt-9.0.0/src/qemu/qemu_process.c
===================================================================
--- libvirt-9.0.0.orig/src/qemu/qemu_process.c
+++ libvirt-9.0.0/src/qemu/qemu_process.c
@@ -7399,11 +7399,17 @@ qemuProcessEnableDomainNamespaces(virQEM
virDomainObj *vm)
{
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+ const char *state = "disabled";
if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) &&
qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0)
return -1;
+ if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
+ state = "enabled";
+
+ VIR_DEBUG("Mount namespace for domain name=%s is %s",
+ vm->def->name, state);
return 0;
}
@@ -7720,8 +7726,6 @@ qemuProcessLaunch(virConnectPtr conn,
qemuDomainLogContextMarkPosition(logCtxt);
- VIR_DEBUG("Building mount namespace");
-
if (qemuProcessEnableDomainNamespaces(driver, vm) < 0)
goto cleanup;
++++++ c3f16cea-qemu-cleanup-label-on-umount-failure.patch ++++++
>From aa144c00c1b8f1deee6f80f8de076d5bfac72811 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfeh...@suse.com>
Date: Mon, 6 Feb 2023 10:40:12 -0700
Subject: [PATCH 1/3] qemu: Jump to cleanup label on umount failure
Similar to other error paths in qemuDomainUnshareNamespace(), jump to
the cleanup label on umount error instead of directly returning -1.
Signed-off-by: Jim Fehlig <jfeh...@suse.com>
Reviewed-by: Michal Privoznik <mpriv...@redhat.com>
(cherry picked from commit c3f16cea3bef578c498c720aa90c677ee9511e2f)
---
src/qemu/qemu_namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvirt-9.0.0/src/qemu/qemu_namespace.c
===================================================================
--- libvirt-9.0.0.orig/src/qemu/qemu_namespace.c
+++ libvirt-9.0.0/src/qemu/qemu_namespace.c
@@ -779,7 +779,7 @@ qemuDomainUnshareNamespace(virQEMUDriver
#if defined(__linux__)
if (umount("/dev") < 0) {
virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
- return -1;
+ goto cleanup;
}
#endif /* !defined(__linux__) */
