commit kubevirt for openSUSE:Factory

Wed, 03 Jan 2024 05:54:44 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package kubevirt for openSUSE:Factory 
checked in at 2024-01-03 14:53:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubevirt (Old)
 and      /work/SRC/openSUSE:Factory/.kubevirt.new.28375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "kubevirt"

Wed Jan  3 14:53:54 2024 rev:69 rq:1136512 version:1.1.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/kubevirt/kubevirt.changes        2023-11-17 
20:51:02.464440892 +0100
+++ /work/SRC/openSUSE:Factory/.kubevirt.new.28375/kubevirt.changes     
2024-01-03 14:54:03.594001649 +0100
@@ -1,0 +2,8 @@
+Wed Jan  3 09:53:18 UTC 2024 - Vasily Ulyanov <vasily.ulya...@suse.com>
+
+- Fix seccomp profile for post-copy migration
+  0004-seccomp-Use-Names-field-to-define-the-syscall.patch
+- Set ExclusiveArch conditionally depending on the distro
+- Remove SLE15 SP4 from the distro check (end of general support)
+
+-------------------------------------------------------------------

New:
----
  0004-seccomp-Use-Names-field-to-define-the-syscall.patch

BETA DEBUG BEGIN:
  New:- Fix seccomp profile for post-copy migration
  0004-seccomp-Use-Names-field-to-define-the-syscall.patch
- Set ExclusiveArch conditionally depending on the distro
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ kubevirt.spec ++++++
--- /var/tmp/diff_new_pack.1yKHVL/_old  2024-01-03 14:54:04.250025599 +0100
+++ /var/tmp/diff_new_pack.1yKHVL/_new  2024-01-03 14:54:04.250025599 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package kubevirt
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,19 @@
 #
 
 
+%if 0%{?sle_version} && !0%{?is_opensuse}
+# SLE
+%define _exclusive_arch x86_64
+%else
+%if 0%{?suse_version} == 1600
+# ALP
+%define _exclusive_arch x86_64
+%else
+# TW
+%define _exclusive_arch x86_64 aarch64
+%endif
+%endif
+
 Name:           kubevirt
 Version:        1.1.0
 Release:        0
@@ -31,6 +44,7 @@
 Patch1:         0001-Update-google.golang.org-grpc-to-1.56.3.patch
 Patch2:         0002-virt-launcher-fix-qemu-non-root-path.patch
 Patch3:         0003-cgroupsv2-reconstruct-device-allowlist.patch
+Patch4:         0004-seccomp-Use-Names-field-to-define-the-syscall.patch
 BuildRequires:  glibc-devel-static
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
@@ -38,7 +52,7 @@
 BuildRequires:  sed
 BuildRequires:  golang(API) >= 1.19
 BuildRequires:  pkgconfig(libvirt)
-ExclusiveArch:  x86_64 aarch64
+ExclusiveArch:  %{_exclusive_arch}
 
 %description
 Kubevirt is a virtual machine management add-on for Kubernetes
@@ -165,11 +179,6 @@
 #
 distro='%{?sle_version}:%{?is_opensuse}%{!?is_opensuse:0}'
 case "${distro}" in
-150400:0)
-    tagprefix=suse/sles/15.4
-    labelprefix=com.suse.kubevirt
-    registry=registry.suse.com
-    ;;
 150500:0)
     tagprefix=suse/sles/15.5
     labelprefix=com.suse.kubevirt
@@ -186,14 +195,14 @@
     registry=registry.opensuse.org
     ;;
 *)
-    %if 0%{?suse_version} == 1600
+%if 0%{?suse_version} == 1600
         tagprefix=alp/kubevirt
         labelprefix=com.suse.kubevirt
         registry=registry.suse.com
-    %else
+%else
         echo "Unsupported distro: ${distro}" >&2
         exit 1
-    %endif
+%endif
     ;;
 esac
 

++++++ 0004-seccomp-Use-Names-field-to-define-the-syscall.patch ++++++
>From 0564fc86b7387d2c3b9f16a5f712ed3282c894e5 Mon Sep 17 00:00:00 2001
From: Vasiliy Ulyanov <vulya...@suse.de>
Date: Fri, 15 Dec 2023 13:22:10 +0100
Subject: [PATCH] seccomp: Use 'Names' field to define the syscall

Apparently, 'Name' has been deprecated in favour of 'Names'. Some
container runtimes do not handle 'Name' and thus fail to correctly set
the profile for seccomp.

Signed-off-by: Vasiliy Ulyanov <vulya...@suse.de>
---
 pkg/virt-handler/seccomp/seccomp.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/virt-handler/seccomp/seccomp.go 
b/pkg/virt-handler/seccomp/seccomp.go
index abc20b24af9e..f2ff71ac0bcc 100644
--- a/pkg/virt-handler/seccomp/seccomp.go
+++ b/pkg/virt-handler/seccomp/seccomp.go
@@ -70,7 +70,7 @@ func defaultProfile() *seccomp.Seccomp {
        }
 
        profile.Syscalls = append(profile.Syscalls, &seccomp.Syscall{
-               Name:   "userfaultfd",
+               Names:  []string{"userfaultfd"},
                Action: seccomp.ActAllow,
                Args:   []*seccomp.Arg{},
        })

Reply via email to