diff --git a/0001-qemu_namespace-Be-tolerant-to-non-existent-files-whe.patch b/0001-qemu_namespace-Be-tolerant-to-non-existent-files-whe.patch new file mode 100644 index 0000000..70c4156 --- /dev/null +++ b/0001-qemu_namespace-Be-tolerant-to-non-existent-files-whe.patch @@ -0,0 +1,79 @@ +From 8abd1ffed18394a6212c469cb2c7b6cc28a122d2 Mon Sep 17 00:00:00 2001 +From: Michal Privoznik <mprivozn@redhat.com> +Date: Thu, 3 Sep 2020 18:07:43 +0200 +Subject: [PATCH] qemu_namespace: Be tolerant to non-existent files when + populating /dev +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In 6.7.0 release I've changed how domain namespace is built and +populated. Previously it used to be done from a pre-exec hook +(ran in the forked off child, just before dropping all privileges +and exec()-ing QEMU), which not only meant we had to have two +different code paths for creating a node in domain's namespace +(one for this pre-exec hook, the other for hotplug ran from the +daemon), it also proved problematic because it was leaking FDs +into QEMU process. + +To mitigate this problem, we've not only ditched libdevmapper +from the NS population process, I've also dropped the pre-exec +code and let the NS be populated from the daemon (using the +hotplug code). But, I was not careful when doing so, because the +pre-exec code was tolerant to files that doesn't exist, while +this new code isn't. For instance, the very first thing that is +done when the new NS is created is it's populated with +@defaultDeviceACL which contain files like /dev/null, /dev/zero, +/dev/random and /dev/kvm (and others). While the rest will +probably exist every time, /dev/kvm might not and thus the new +code I wrote has to be tolerant to that. + +Of course, users can override the @defaultDeviceACL (by setting +cgroup_device_acl in qemu.conf) and remove /dev/kvm (which is +acceptable workaround), but we definitely want libvirt to work +out of the box even on hosts without KVM. + +Fixes: 9048dc4e627ddf33996084167bece7b5fb83b0bc +Reported-by: Daniel P. Berrangé <berrange@redhat.com> +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +--- + src/qemu/qemu_namespace.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c +index 454d6a7b4d..87f4fd8d58 100644 +--- a/src/qemu/qemu_namespace.c ++++ b/src/qemu/qemu_namespace.c +@@ -1094,6 +1094,9 @@ qemuNamespaceMknodItemInit(qemuNamespaceMknodItemPtr item, + item->file = file; + + if (g_lstat(file, &item->sb) < 0) { ++ if (errno == ENOENT) ++ return -2; ++ + virReportSystemError(errno, + _("Unable to access %s"), file); + return -1; +@@ -1168,9 +1171,16 @@ qemuNamespacePrepareOneItem(qemuNamespaceMknodDataPtr data, + + while (1) { + qemuNamespaceMknodItem item = { 0 }; ++ int rc; + +- if (qemuNamespaceMknodItemInit(&item, cfg, vm, next) < 0) ++ rc = qemuNamespaceMknodItemInit(&item, cfg, vm, next); ++ if (rc == -2) { ++ /* @file doesn't exist. We can break here. */ ++ break; ++ } else if (rc < 0) { ++ /* Some other (critical) error. */ + return -1; ++ } + + if (STRPREFIX(next, QEMU_DEVPREFIX)) { + for (i = 0; i < ndevMountsPath; i++) { +-- +2.26.2 + diff --git a/libvirt.spec b/libvirt.spec index a44b073..363500a 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -211,7 +211,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.7.0 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPLv2+ URL: https://libvirt.org/ @@ -219,6 +219,7 @@ URL: https://libvirt.org/ %define mainturl stable_updates/ %endif Source: https://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz +Patch1: 0001-qemu_namespace-Be-tolerant-to-non-existent-files-whe.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -1964,6 +1965,9 @@ exit 0 %changelog +* Fri Sep 4 2020 Daniel P. Berrangé <berrange@redhat.com> - 6.7.0-2 +- Fix QEMU start when KVM is not loaded (rhbz#1875327) + * Tue Sep 01 2020 Cole Robinson <crobinso@redhat.com> - 6.7.0-1 - Update to version 6.7.0