Hello community,
here is the log from the commit of package libvirt for openSUSE:Factory
checked in at Mon Aug 29 11:28:02 CEST 2011.
--------
--- libvirt/libvirt.changes 2011-08-04 19:12:16.000000000 +0200
+++ /mounts/work_src_done/STABLE/libvirt/libvirt.changes 2011-08-25
04:34:18.000000000 +0200
@@ -1,0 +2,30 @@
+Wed Aug 24 20:29:37 MDT 2011 - jfeh...@novell.com
+
+- Add cgconfig to Should-{Start,Stop} in libvirtd init script
+ bnc#712245
+
+-------------------------------------------------------------------
+Fri Aug 19 15:21:39 MDT 2011 - jfeh...@suse.com
+
+- Fix apparmor profile location and content
+ update install-apparmor-profiles.patch
+ bnc#705668
+
+-------------------------------------------------------------------
+Wed Aug 17 16:24:17 MDT 2011 - jfeh...@suse.com
+
+- Fix libvirtd SIGHUP handler
+ 9e093f0b-libvirtd-sighup.patch
+
+-------------------------------------------------------------------
+Wed Aug 17 09:13:41 CEST 2011 - dmuel...@suse.de
+
+- add baselibs.conf to sources
+
+-------------------------------------------------------------------
+Mon Aug 8 15:21:42 MDT 2011 - jfeh...@suse.com
+
+- Enable apparmor security dirver, SLES bnc#705668
+ install-apparmor-profiles.patch
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
9e093f0b-libvirtd-sighup.patch
install-apparmor-profiles.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libvirt.spec ++++++
--- /var/tmp/diff_new_pack.iXnZ9L/_old 2011-08-29 11:22:06.000000000 +0200
+++ /var/tmp/diff_new_pack.iXnZ9L/_new 2011-08-29 11:22:06.000000000 +0200
@@ -58,7 +58,7 @@
%define with_storage_mpath 0%{!?_without_storage_mpath:%{server_drivers}}
%define with_numactl 0%{!?_without_numactl:%{server_drivers}}
%define with_selinux 0%{!?_without_selinux:%{server_drivers}}
-%define with_apparmor 0%{!?_without_apparmor:0}
+%define with_apparmor 0%{!?_without_apparmor:%{server_drivers}}
# A few optional bits off by default, we enable later
%define with_polkit 0%{!?_without_polkit:0}
@@ -295,7 +295,7 @@
Group: Development/Libraries/C and C++
AutoReqProv: yes
Version: 0.9.4
-Release: 1
+Release: 3
Summary: A C toolkit to interract with the virtualization capabilities
of Linux
# The client side, i.e. shared libs and virsh are in a subpackage
@@ -359,7 +359,9 @@
Source0: %{name}-%{version}.tar.bz2
Source1: libvirtd.init
Source2: libvirtd-relocation-server.fw
+Source99: baselibs.conf
# Upstream patches
+Patch0: 9e093f0b-libvirtd-sighup.patch
# Need to go upstream
Patch100: xen-name-for-devid.patch
Patch101: clone.patch
@@ -368,6 +370,9 @@
# Our patches
Patch200: libvirtd-defaults.patch
Patch201: use-init-script-redhat.patch
+%if %{with_apparmor}
+Patch250: install-apparmor-profiles.patch
+%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -476,12 +481,16 @@
%prep
%setup -q
+%patch0 -p1
%patch100 -p1
%patch101
%patch102 -p1
%patch103 -p1
%patch200 -p1
%patch201 -p1
+%if %{with_apparmor}
+%patch250 -p1
+%endif
%build
%if ! %{with_xen}
@@ -812,6 +821,16 @@
%attr(0755, root, root) %{_libdir}/%{name}/libvirt_iohelper
%doc %{_mandir}/man8/libvirtd.8*
%endif
+%if %{with_apparmor}
+%dir %{_sysconfdir}/apparmor.d
+%dir %{_sysconfdir}/apparmor.d/abstractions
+%dir %{_sysconfdir}/apparmor.d/libvirt
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.libvirtd
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.libvirt.virt-aa-helper
+%config(noreplace) %{_sysconfdir}/apparmor.d/abstractions/libvirt-qemu
+%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE
+%{_libdir}/%{name}/virt-aa-helper
+%endif
%config %{_fwdefdir}/libvirtd-relocation-server
%files client -f %{name}.lang
++++++ 9e093f0b-libvirtd-sighup.patch ++++++
commit 9e093f0b4cc5a5fc455a4893d73dc0f2c5355161
Author: Osier Yang <jy...@redhat.com>
Date: Mon Aug 15 15:40:46 2011 +0800
daemon: Fix regression of libvirtd reloading support
This is introduced by commit df0b57a95a, which forgot to
add signal handler for SIGHUP.
A simple reproduce method:
1) Create a domain XML under /etc/libvirt/qemu
2) % kill -SIGHUP $(pidof libvirtd)
3) % virsh list --all (the new created domain XML is not listed)
Index: libvirt-0.9.4/daemon/libvirtd.c
===================================================================
--- libvirt-0.9.4.orig/daemon/libvirtd.c
+++ libvirt-0.9.4/daemon/libvirtd.c
@@ -1139,6 +1139,17 @@ static void daemonShutdownHandler(virNet
virNetServerQuit(srv);
}
+static void daemonReloadHandler(virNetServerPtr srv ATTRIBUTE_UNUSED,
+ siginfo_t *sig ATTRIBUTE_UNUSED,
+ void *opaque ATTRIBUTE_UNUSED)
+{
+ VIR_INFO("Reloading configuration on SIGHUP");
+ virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
+ VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL);
+ if (virStateReload() < 0)
+ VIR_WARN("Error while reloading drivers");
+}
+
static int daemonSetupSignals(virNetServerPtr srv)
{
if (virNetServerAddSignalHandler(srv, SIGINT, daemonShutdownHandler, NULL)
< 0)
@@ -1147,6 +1158,8 @@ static int daemonSetupSignals(virNetServ
return -1;
if (virNetServerAddSignalHandler(srv, SIGTERM, daemonShutdownHandler,
NULL) < 0)
return -1;
+ if (virNetServerAddSignalHandler(srv, SIGHUP, daemonReloadHandler, NULL) <
0)
+ return -1;
return 0;
}
++++++ install-apparmor-profiles.patch ++++++
Index: libvirt-0.9.4/examples/apparmor/Makefile.am
===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/Makefile.am
+++ libvirt-0.9.4/examples/apparmor/Makefile.am
@@ -1,8 +1,39 @@
## Copyright (C) 2005-2011 Red Hat, Inc.
## See COPYING.LIB for the License of this software
-EXTRA_DIST= \
- TEMPLATE \
- libvirt-qemu \
- usr.lib.libvirt.virt-aa-helper \
- usr.sbin.libvirtd
+EXTRA_DIST= \
+ TEMPLATE \
+ libvirt-qemu \
+ usr.lib.libvirt.virt-aa-helper.in \
+ usr.sbin.libvirtd.in
+
+if WITH_SECDRIVER_APPARMOR
+
+usr.lib.libvirt.virt-aa-helper: usr.lib.libvirt.virt-aa-helper.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+usr.sbin.libvirtd: usr.sbin.libvirtd.in
+ sed \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ < $< > $@-t
+ mv $@-t $@
+
+install-data-local: usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/
+ $(INSTALL_DATA) usr.lib.libvirt.virt-aa-helper
$(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ $(INSTALL_DATA) usr.sbin.libvirtd
$(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt
+ $(INSTALL_DATA) TEMPLATE
$(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+ mkdir -p $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions
+ $(INSTALL_DATA) libvirt-qemu
$(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+
+uninstall-local::
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.lib.libvirt.virt-aa-helper
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.sbin.libvirtd
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/libvirt-qemu
+ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE
+
+endif
Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
===================================================================
--- /dev/null
+++ libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -0,0 +1,40 @@
+# Last Modified: Fri Aug 19 11:21:48 2011
+#include <tunables/global>
+
+@libdir@/libvirt/virt-aa-helper {
+ #include <abstractions/base>
+
+ # needed for searching directories
+ capability dac_override,
+ capability dac_read_search,
+
+ # needed for when disk is on a network filesystem
+ network inet,
+
+ deny @{PROC}/[0-9]*/mounts r,
+ @{PROC}/filesystems r,
+
+ # for hostdev
+ /sys/devices/ r,
+ /sys/devices/** r,
+
+ @libdir@/libvirt/virt-aa-helper mr,
+ /sbin/apparmor_parser Ux,
+
+ /etc/apparmor.d/libvirt/* r,
+
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*
rw,
+
+ # for backingstore -- allow access to non-hidden files in @{HOME} as well
+ # as storage pools
+ audit deny @{HOME}/.* mrwkl,
+ audit deny @{HOME}/.*/ rw,
+ audit deny @{HOME}/.*/** mrwkl,
+ audit deny @{HOME}/bin/ rw,
+ audit deny @{HOME}/bin/** mrwkl,
+ @{HOME}/ r,
+ @{HOME}/** r,
+ /var/lib/libvirt/images/ r,
+ /var/lib/libvirt/images/** r,
+ /var/lib/kvm/images/ r,
+ /var/lib/kvm/images/** r,
+}
Index: libvirt-0.9.4/examples/apparmor/usr.lib.libvirt.virt-aa-helper
===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ /dev/null
@@ -1,38 +0,0 @@
-# Last Modified: Mon Apr 5 15:10:27 2010
-#include <tunables/global>
-
-/usr/lib/libvirt/virt-aa-helper {
- #include <abstractions/base>
-
- # needed for searching directories
- capability dac_override,
- capability dac_read_search,
-
- # needed for when disk is on a network filesystem
- network inet,
-
- deny @{PROC}/[0-9]*/mounts r,
- @{PROC}/filesystems r,
-
- # for hostdev
- /sys/devices/ r,
- /sys/devices/** r,
-
- /usr/lib/libvirt/virt-aa-helper mr,
- /sbin/apparmor_parser Ux,
-
- /etc/apparmor.d/libvirt/* r,
-
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*
rw,
-
- # for backingstore -- allow access to non-hidden files in @{HOME} as well
- # as storage pools
- audit deny @{HOME}/.* mrwkl,
- audit deny @{HOME}/.*/ rw,
- audit deny @{HOME}/.*/** mrwkl,
- audit deny @{HOME}/bin/ rw,
- audit deny @{HOME}/bin/** mrwkl,
- @{HOME}/ r,
- @{HOME}/** r,
- /var/lib/libvirt/images/ r,
- /var/lib/libvirt/images/** r,
-}
Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/usr.sbin.libvirtd
+++ /dev/null
@@ -1,52 +0,0 @@
-# Last Modified: Mon Apr 5 15:03:58 2010
-#include <tunables/global>
-@{LIBVIRT}="libvirt"
-
-/usr/sbin/libvirtd {
- #include <abstractions/base>
-
- capability kill,
- capability net_admin,
- capability net_raw,
- capability setgid,
- capability sys_admin,
- capability sys_module,
- capability sys_ptrace,
- capability sys_nice,
- capability sys_chroot,
- capability setuid,
- capability dac_override,
- capability dac_read_search,
- capability fowner,
- capability chown,
- capability setpcap,
- capability mknod,
- capability fsetid,
-
- network inet stream,
- network inet dgram,
- network inet6 stream,
- network inet6 dgram,
-
- # Very lenient profile for libvirtd since we want to first focus on confining
- # the guests. Guests will have a very restricted profile.
- /** rwmkl,
-
- /bin/* Ux,
- /sbin/* Ux,
- /usr/bin/* Ux,
- /usr/sbin/* Ux,
-
- # force the use of virt-aa-helper
- audit deny /sbin/apparmor_parser rwxl,
- audit deny /etc/apparmor.d/libvirt/** wxl,
- audit deny /sys/kernel/security/apparmor/features rwxl,
- audit deny /sys/kernel/security/apparmor/matching rwxl,
- audit deny /sys/kernel/security/apparmor/.* rwxl,
- /sys/kernel/security/apparmor/profiles r,
- /usr/lib/libvirt/* PUxr,
-
- # allow changing to our UUID-based named profiles
- change_profile ->
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
-
-}
Index: libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in
===================================================================
--- /dev/null
+++ libvirt-0.9.4/examples/apparmor/usr.sbin.libvirtd.in
@@ -0,0 +1,52 @@
+# Last Modified: Fri Aug 19 11:20:36 2011
+#include <tunables/global>
+@{LIBVIRT}="libvirt"
+
+/usr/sbin/libvirtd {
+ #include <abstractions/base>
+
+ capability kill,
+ capability net_admin,
+ capability net_raw,
+ capability setgid,
+ capability sys_admin,
+ capability sys_module,
+ capability sys_ptrace,
+ capability sys_nice,
+ capability sys_chroot,
+ capability setuid,
+ capability dac_override,
+ capability dac_read_search,
+ capability fowner,
+ capability chown,
+ capability setpcap,
+ capability mknod,
+ capability fsetid,
+
+ network inet stream,
+ network inet dgram,
+ network inet6 stream,
+ network inet6 dgram,
+
+ # Very lenient profile for libvirtd since we want to first focus on confining
+ # the guests. Guests will have a very restricted profile.
+ /** rwmkl,
+
+ /bin/* Ux,
+ /sbin/* Ux,
+ /usr/bin/* Ux,
+ /usr/sbin/* Ux,
+
+ # force the use of virt-aa-helper
+ audit deny /sbin/apparmor_parser rwxl,
+ audit deny /etc/apparmor.d/libvirt/** wxl,
+ audit deny /sys/kernel/security/apparmor/features rwxl,
+ audit deny /sys/kernel/security/apparmor/matching rwxl,
+ audit deny /sys/kernel/security/apparmor/.* rwxl,
+ /sys/kernel/security/apparmor/profiles r,
+ @libdir@/libvirt/* Pxr,
+
+ # allow changing to our UUID-based named profiles
+ change_profile ->
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+
+}
Index: libvirt-0.9.4/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-0.9.4.orig/examples/apparmor/libvirt-qemu
+++ libvirt-0.9.4/examples/apparmor/libvirt-qemu
@@ -52,6 +52,7 @@
# access to firmware's etc
/usr/share/kvm/** r,
/usr/share/qemu/** r,
+ /usr/share/qemu-kvm/** r,
/usr/share/bochs/** r,
/usr/share/openbios/** r,
/usr/share/openhackware/** r,
@@ -65,6 +66,7 @@
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
+ /usr/bin/qemu-kvm rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
++++++ libvirtd.init ++++++
--- /var/tmp/diff_new_pack.iXnZ9L/_old 2011-08-29 11:22:06.000000000 +0200
+++ /var/tmp/diff_new_pack.iXnZ9L/_new 2011-08-29 11:22:06.000000000 +0200
@@ -6,10 +6,10 @@
### BEGIN INIT INFO
# Provides: libvirtd
# Required-Start: $network $remote_fs
-# Should-Start: xend
+# Should-Start: xend cgconfig
# Default-Start: 3 5
# Required-Stop: $network $remote_fs
-# Should-Stop: xend
+# Should-Stop: xend cgconfig
# Default-Stop: 0 1 2 4 6
# Short-Description: daemon for libvirt virtualization API
# Description: This is a daemon for managing QEMU guest instances
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
