diff --git a/.cvsignore b/.cvsignore index a2440df..1b0673b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -12,3 +12,4 @@ libvirt-0.6.5.tar.gz libvirt-0.7.0.tar.gz libvirt-0.7.1.tar.gz libvirt-0.7.2.tar.gz +libvirt-0.7.3.tar.gz diff --git a/libvirt-logrotate-avoid-compressing-small-logs.patch b/libvirt-logrotate-avoid-compressing-small-logs.patch deleted file mode 100644 index e5359ef..0000000 --- a/libvirt-logrotate-avoid-compressing-small-logs.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d7cca87f6c5ad2316934af8ecb95829b95b662c6 Mon Sep 17 00:00:00 2001 -From: Dan Kenigsberg -Date: Wed, 21 Oct 2009 13:56:04 +0200 -Subject: [PATCH] Do not log rotate very small logs - -Without this, after few weeks without use, each defined domain grows a -tail of empty gzipped logs, instead of keeping just the last log of -interest. - -* daemon/libvirtd.logrotate.in: only rotate when the log is over 100 KBytes - -(cherry picked from commit b03fe2d0aefb57a096a102bf23375f0a167ca189) - -Fedora-patch: libvirt-logrotate-avoid-compressing-small-logs.patch ---- - daemon/libvirtd.logrotate.in | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/daemon/libvirtd.logrotate.in b/daemon/libvirtd.logrotate.in -index 093651c..0c51fd3 100644 ---- a/daemon/libvirtd.logrotate.in -+++ b/daemon/libvirtd.logrotate.in -@@ -5,4 +5,5 @@ - compress - delaycompress - copytruncate -+ minsize 100k - } --- -1.6.5.2 - diff --git a/libvirt-qemu-machine-type-fixes2.patch b/libvirt-qemu-machine-type-fixes2.patch deleted file mode 100644 index a449b45..0000000 --- a/libvirt-qemu-machine-type-fixes2.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b7b6a28eb9eae641762de9408a90971d849ce92e Mon Sep 17 00:00:00 2001 -From: Mark McLoughlin -Date: Thu, 15 Oct 2009 12:09:17 +0100 -Subject: [PATCH] Don't copy old machines from a domain which has none - -If the the qemu and kvm binaries are the same, we don't include machine -types in the kvm domain info. - -However, the code which refreshes the machine types info from the -previous capabilities structure first looks at the kvm domain's info, -finds it matches and then copies the empty machine types list over -for the top-level qemu domain. - -That doesn't make sense, we shouldn't copy an empty machin types list. - -* src/qemu/qemu_conf.c: qemudGetOldMachinesFromInfo(): don't copy an - empty machine types list. - -(cherry picked from commit 2210f8a3a8e2774ca4fb8b42e21899e5b85ca913) - -Fedora-patch: libvirt-qemu-machine-type-fixes2.patch ---- - src/qemu/qemu_conf.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c -index ac63570..b881f1e 100644 ---- a/src/qemu/qemu_conf.c -+++ b/src/qemu/qemu_conf.c -@@ -505,6 +505,9 @@ qemudGetOldMachinesFromInfo(virCapsGuestDomainInfoPtr info, - virCapsGuestMachinePtr *list; - int i; - -+ if (!info->nmachines) -+ return 0; -+ - if (!info->emulator || !STREQ(emulator, info->emulator)) - return 0; - --- -1.6.5.2 - diff --git a/libvirt-qemu-save-restore-2.patch b/libvirt-qemu-save-restore-2.patch deleted file mode 100644 index 907008c..0000000 --- a/libvirt-qemu-save-restore-2.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 096fc1216eb2654bbff376dcc5bb8177d6498f82 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Thu, 19 Nov 2009 12:16:30 +0000 -Subject: [PATCH] Fix labelling on QEMU restore images - -Even though QEMU does not directly open the saved image when -restoring, it must be correctly labelled to allow QEMU to -read from it because labelling is passed around with open -file descriptors. - -The labelling should not allow writing to the saved image -again, only reading. - -* src/qemu/qemu_driver.c: Label the save image when restoring -* src/security/security_driver.h: Add a virSecurityDomainSetSavedStateLabelRO - method for labelling a saved image for restore -* src/security/security_selinux.c: Implement labelling of RO - save images for restore - -Fedora-patch: libvirt-qemu-save-restore-2.patch ---- - src/qemu/qemu_driver.c | 11 ++++++++++- - src/security/security_driver.h | 5 +++++ - src/security/security_selinux.c | 11 +++++++++++ - 3 files changed, 26 insertions(+), 1 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 171ac8f..e6abb05 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -3266,7 +3266,7 @@ static int qemudDomainSave(virDomainPtr dom, - - if (driver->securityDriver && - driver->securityDriver->domainRestoreSavedStateLabel && -- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1) -+ driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1) - goto cleanup; - - ret = 0; -@@ -3813,6 +3813,11 @@ static int qemudDomainRestore(virConnectPtr conn, - } - def = NULL; - -+ if (driver->securityDriver && -+ driver->securityDriver->domainSetSavedStateLabelRO && -+ driver->securityDriver->domainSetSavedStateLabelRO(conn, vm, path) == -1) -+ goto cleanup; -+ - if (header.version == 2) { - const char *intermediate_argv[3] = { NULL, "-dc", NULL }; - const char *prog = qemudSaveCompressionTypeToString(header.compressed); -@@ -3847,6 +3852,10 @@ static int qemudDomainRestore(virConnectPtr conn, - close(intermediatefd); - close(fd); - fd = -1; -+ if (driver->securityDriver && -+ driver->securityDriver->domainRestoreSavedStateLabel && -+ driver->securityDriver->domainRestoreSavedStateLabel(conn, vm, path) == -1) -+ VIR_WARN("Unable to restore labelling on %s", path); - if (ret < 0) { - if (!vm->persistent) { - virDomainRemoveInactive(&driver->domains, -diff --git a/src/security/security_driver.h b/src/security/security_driver.h -index 5514962..5144976 100644 ---- a/src/security/security_driver.h -+++ b/src/security/security_driver.h -@@ -45,7 +45,11 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn, - typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn, - virDomainObjPtr vm, - const char *savefile); -+typedef int (*virSecurityDomainSetSavedStateLabelRO) (virConnectPtr conn, -+ virDomainObjPtr vm, -+ const char *savefile); - typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn, -+ virDomainObjPtr vm, - const char *savefile); - typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn, - virDomainObjPtr sec); -@@ -77,6 +81,7 @@ struct _virSecurityDriver { - virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel; - virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel; - virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel; -+ virSecurityDomainSetSavedStateLabelRO domainSetSavedStateLabelRO; - virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; - - /* -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index 4f2d1d3..0c130e5 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -639,7 +639,17 @@ SELinuxSetSavedStateLabel(virConnectPtr conn, - - - static int -+SELinuxSetSavedStateLabelRO(virConnectPtr conn, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, -+ const char *savefile) -+{ -+ return SELinuxSetFilecon(conn, savefile, default_content_context); -+} -+ -+ -+static int - SELinuxRestoreSavedStateLabel(virConnectPtr conn, -+ virDomainObjPtr vm ATTRIBUTE_UNUSED, - const char *savefile) - { - return SELinuxRestoreSecurityFileLabel(conn, savefile); -@@ -716,5 +726,6 @@ virSecurityDriver virSELinuxSecurityDriver = { - .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel, - .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel, - .domainSetSavedStateLabel = SELinuxSetSavedStateLabel, -+ .domainSetSavedStateLabelRO = SELinuxSetSavedStateLabelRO, - .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel, - }; --- -1.6.5.2 - diff --git a/libvirt-qemu-save-restore.patch b/libvirt-qemu-save-restore.patch deleted file mode 100644 index d08715a..0000000 --- a/libvirt-qemu-save-restore.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 1151cdcad3f4b68478b076832843338256b94644 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange -Date: Wed, 11 Nov 2009 12:07:00 +0000 -Subject: [PATCH] Fix save and restore with non-privileged guests and SELinux - -When running qemu:///system instance, libvirtd runs as root, -but QEMU may optionally be configured to run non-root. When -then saving a guest to a state file, the file is initially -created as root, and thus QEMU cannot write to it. It is also -missing labelling required to allow access via SELinux. - -* src/qemu/qemu_driver.c: Set ownership on save image before - running migrate command in virDomainSave impl. Call out to - security driver to set save image labelling -* src/security/security_driver.h: Add driver APIs for setting - and restoring saved state file labelling -* src/security/security_selinux.c: Implement saved state file - labelling for SELinux - -(cherry picked from commit bc0010b3d149df00406b82c37eb59874d8525af4) - -Fedora-patch: libvirt-qemu-save-restore.patch ---- - src/qemu/qemu_driver.c | 35 ++++++++++++++++++++++++++++++++--- - src/security/security_driver.h | 7 +++++++ - src/security/security_selinux.c | 23 +++++++++++++++++++++++ - 3 files changed, 62 insertions(+), 3 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index c544c4b..171ac8f 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -3146,6 +3146,7 @@ static int qemudDomainSave(virDomainPtr dom, - char *xml = NULL; - struct qemud_save_header header; - int ret = -1; -+ int rc; - virDomainEventPtr event = NULL; - - memset(&header, 0, sizeof(header)); -@@ -3226,9 +3227,22 @@ static int qemudDomainSave(virDomainPtr dom, - } - fd = -1; - -+ if (driver->privileged && -+ chown(path, driver->user, driver->group) < 0) { -+ virReportSystemError(NULL, errno, -+ _("unable to set ownership of '%s' to user %d:%d"), -+ path, driver->user, driver->group); -+ goto cleanup; -+ } -+ -+ if (driver->securityDriver && -+ driver->securityDriver->domainSetSavedStateLabel && -+ driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1) -+ goto cleanup; -+ - if (header.compressed == QEMUD_SAVE_FORMAT_RAW) { - const char *args[] = { "cat", NULL }; -- ret = qemuMonitorMigrateToCommand(vm, 0, args, path); -+ rc = qemuMonitorMigrateToCommand(vm, 0, args, path); - } else { - const char *prog = qemudSaveCompressionTypeToString(header.compressed); - const char *args[] = { -@@ -3236,12 +3250,27 @@ static int qemudDomainSave(virDomainPtr dom, - "-c", - NULL - }; -- ret = qemuMonitorMigrateToCommand(vm, 0, args, path); -+ rc = qemuMonitorMigrateToCommand(vm, 0, args, path); - } - -- if (ret < 0) -+ if (rc < 0) - goto cleanup; - -+ if (driver->privileged && -+ chown(path, 0, 0) < 0) { -+ virReportSystemError(NULL, errno, -+ _("unable to set ownership of '%s' to user %d:%d"), -+ path, 0, 0); -+ goto cleanup; -+ } -+ -+ if (driver->securityDriver && -+ driver->securityDriver->domainRestoreSavedStateLabel && -+ driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1) -+ goto cleanup; -+ -+ ret = 0; -+ - /* Shut it down */ - qemudShutdownVMDaemon(dom->conn, driver, vm); - event = virDomainEventNewFromObj(vm, -diff --git a/src/security/security_driver.h b/src/security/security_driver.h -index fde2978..5514962 100644 ---- a/src/security/security_driver.h -+++ b/src/security/security_driver.h -@@ -42,6 +42,11 @@ typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn, - typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn, - virDomainObjPtr vm, - virDomainHostdevDefPtr dev); -+typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn, -+ virDomainObjPtr vm, -+ const char *savefile); -+typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn, -+ const char *savefile); - typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn, - virDomainObjPtr sec); - typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn, -@@ -71,6 +76,8 @@ struct _virSecurityDriver { - virSecurityDomainRestoreLabel domainRestoreSecurityLabel; - virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel; - virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel; -+ virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel; -+ virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel; - - /* - * This is internally managed driver state and should only be accessed -diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c -index 7e0f71a..4f2d1d3 100644 ---- a/src/security/security_selinux.c -+++ b/src/security/security_selinux.c -@@ -525,6 +525,7 @@ done: - return ret; - } - -+ - static int - SELinuxRestoreSecurityPCILabel(virConnectPtr conn, - pciDevice *dev ATTRIBUTE_UNUSED, -@@ -625,6 +626,26 @@ SELinuxRestoreSecurityLabel(virConnectPtr conn, - return rc; - } - -+ -+static int -+SELinuxSetSavedStateLabel(virConnectPtr conn, -+ virDomainObjPtr vm, -+ const char *savefile) -+{ -+ const virSecurityLabelDefPtr secdef = &vm->def->seclabel; -+ -+ return SELinuxSetFilecon(conn, savefile, secdef->imagelabel); -+} -+ -+ -+static int -+SELinuxRestoreSavedStateLabel(virConnectPtr conn, -+ const char *savefile) -+{ -+ return SELinuxRestoreSecurityFileLabel(conn, savefile); -+} -+ -+ - static int - SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def) - { -@@ -694,4 +715,6 @@ virSecurityDriver virSELinuxSecurityDriver = { - .domainSetSecurityLabel = SELinuxSetSecurityLabel, - .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel, - .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel, -+ .domainSetSavedStateLabel = SELinuxSetSavedStateLabel, -+ .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel, - }; --- -1.6.5.2 - diff --git a/libvirt.spec b/libvirt.spec index 11212d2..fd38d72 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -53,12 +53,13 @@ %define with_storage_mpath 0%{!?_without_storage_mpath:%{server_drivers}} %define with_numactl 0%{!?_without_numactl:%{server_drivers}} %define with_selinux 0%{!?_without_selinux:%{server_drivers}} -%define with_hal 0%{!?_without_hal:%{server_drivers}} # A few optional bits off by default, we enable later %define with_polkit 0%{!?_without_polkit:0} %define with_capng 0%{!?_without_capng:0} %define with_netcf 0%{!?_without_netcf:0} +%define with_udev 0%{!?_without_udev:0} +%define with_hal 0%{!?_without_hal:0} # Non-server/HV driver defaults which are always enabled %define with_python 0%{!?_without_python:1} @@ -133,6 +134,13 @@ %define with_netcf 0%{!?_without_netcf:%{server_drivers}} %endif +# udev is used to manage host devices in Fedora 12 / RHEL-6 or newer +%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +%define with_udev 0%{!?_without_udev:%{server_drivers}} +%else +%define with_hal 0%{!?_without_hal:%{server_drivers}} +%endif + # Force QEMU to run as non-root %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 %define qemu_user qemu @@ -154,22 +162,11 @@ Summary: Library providing a simple API virtualization Name: libvirt -Version: 0.7.2 -Release: 6%{?dist}%{?extra_release} +Version: 0.7.3 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz - -# Fix qemu machine types handling -Patch01: libvirt-qemu-machine-type-fixes2.patch - -# Avoid compressing small log files (#531030) -Patch02: libvirt-logrotate-avoid-compressing-small-logs.patch - -# Fix QEMU save/restore permissions / labelling -Patch03: libvirt-qemu-save-restore.patch -Patch04: libvirt-qemu-save-restore-2.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root URL: http://libvirt.org/ BuildRequires: python-devel @@ -190,6 +187,9 @@ Requires: iptables %if %{with_hal} Requires: hal %endif +%if %{with_udev} +Requires: udev >= 145 +%endif %if %{with_polkit} %if 0%{?fedora} >= 12 || 0%{?rhel} >=6 Requires: polkit >= 0.93 @@ -253,6 +253,10 @@ BuildRequires: gnutls-devel %if %{with_hal} BuildRequires: hal-devel %endif +%if %{with_udev} +BuildRequires: libudev-devel >= 145 +BuildRequires: libpciaccess-devel >= 0.10.9 +%endif %if %{with_avahi} BuildRequires: avahi-devel %endif @@ -323,7 +327,7 @@ BuildRequires: libcap-ng-devel >= 0.5.0 BuildRequires: libssh2-devel %endif %if %{with_netcf} -BuildRequires: netcf-devel +BuildRequires: netcf-devel > 0.1.4 %endif # Fedora build root suckage @@ -382,11 +386,6 @@ of recent versions of Linux (and other OSes). %prep %setup -q -%patch01 -p1 -%patch02 -p1 -%patch03 -p1 -%patch04 -p1 - %build %if ! %{with_xen} %define _without_xen --without-xen @@ -492,6 +491,10 @@ of recent versions of Linux (and other OSes). %define _without_hal --without-hal %endif +%if ! %{with_udev} +%define _without_udev --without-udev +%endif + %configure %{?_without_xen} \ %{?_without_qemu} \ %{?_without_openvz} \ @@ -518,6 +521,7 @@ of recent versions of Linux (and other OSes). %{?_without_netcf} \ %{?_without_selinux} \ %{?_without_hal} \ + %{?_without_udev} \ --with-qemu-user=%{qemu_user} \ --with-qemu-group=%{qemu_group} \ --with-init-script=redhat \ @@ -798,6 +802,14 @@ fi %endif %changelog +* Fri Nov 20 2009 Daniel Veillard - 0.7.3-1 +- udev node device backend +- API to check object properties +- better QEmu monitor processing +- MAC address based port filtering for qemu +- support IPv6 and multiple addresses per interfaces +- a lot of fixes + * Thu Nov 19 2009 Daniel P. Berrange - 0.7.2-6 - Really fix restore file labelling this time diff --git a/sources b/sources index de98120..b89d0b3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -133aead8c46c0601b6b37e024c6aa86a libvirt-0.7.2.tar.gz +2a3035c221a0020d64ef2f07676053da libvirt-0.7.3.tar.gz