diff --git a/libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch b/libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch
new file mode 100644
index 0000000..203f201
--- /dev/null
+++ b/libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch
@@ -0,0 +1,73 @@
+From: Mark McLoughlin <markmc@redhat.com>
+Subject: [PATCH] chown kernel/initrd before spawning qemu
+
+If we're running qemu unprivileged, we need to chown any supplied kernel
+or initrd before spawning it.
+
+* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
+ qemuDomainSetFileOwnership(), pass it a path string instead of a disk
+ definition and use it for chowning the kernel/initrd in
+ qemuDomainSetAllDeviceOwnership()
+---
+ src/qemu_driver.c | 20 ++++++++++++--------
+ 1 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 412b68d..bd58435 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1684,18 +1684,18 @@ static int qemuDomainSetHostdevOwnership(virConnectPtr conn,
+
+ }
+
+-static int qemuDomainSetDiskOwnership(virConnectPtr conn,
+- virDomainDiskDefPtr def,
++static int qemuDomainSetFileOwnership(virConnectPtr conn,
++ const char *path,
+ uid_t uid, gid_t gid)
+ {
+
+- if (!def->src)
++ if (!path)
+ return 0;
+
+- VIR_DEBUG("Setting ownership on %s to %d:%d", def->src, uid, gid);
+- if (chown(def->src, uid, gid) < 0) {
++ VIR_DEBUG("Setting ownership on %s to %d:%d", path, uid, gid);
++ if (chown(path, uid, gid) < 0) {
+ virReportSystemError(conn, errno, _("cannot set ownership on %s"),
+- def->src);
++ path);
+ return -1;
+ }
+ return 0;
+@@ -1725,7 +1725,7 @@ static int qemuDomainSetDeviceOwnership(virConnectPtr conn,
+ (def->data.disk->readonly || def->data.disk->shared))
+ return 0;
+
+- return qemuDomainSetDiskOwnership(conn, def->data.disk, uid, gid);
++ return qemuDomainSetFileOwnership(conn, def->data.disk->src, uid, gid);
+
+ case VIR_DOMAIN_DEVICE_HOSTDEV:
+ return qemuDomainSetHostdevOwnership(conn, def->data.hostdev, uid, gid);
+@@ -1753,12 +1753,16 @@ static int qemuDomainSetAllDeviceOwnership(virConnectPtr conn,
+ uid = restore ? 0 : driver->user;
+ gid = restore ? 0 : driver->group;
+
++ if (qemuDomainSetFileOwnership(conn, def->os.kernel, uid, gid) < 0 ||
++ qemuDomainSetFileOwnership(conn, def->os.initrd, uid, gid) < 0)
++ return -1;
++
+ for (i = 0 ; i < def->ndisks ; i++) {
+ if (restore &&
+ (def->disks[i]->readonly || def->disks[i]->shared))
+ continue;
+
+- if (qemuDomainSetDiskOwnership(conn, def->disks[i], uid, gid) < 0)
++ if (qemuDomainSetFileOwnership(conn, def->disks[i]->src, uid, gid) < 0)
+ return -1;
+ }
+
+--
+1.6.2.5
+
diff --git a/libvirt.spec b/libvirt.spec
index c93cd32..7a8da9b 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -78,11 +78,14 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.7.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: libvirt-%{version}.tar.gz
+# Make sure qemu can access kernel/initrd (bug #516034)
+Patch01: libvirt-0.7.0-chown-kernel-initrd-before-spawning-qemu.patch
+
# Temporary hack till PulseAudio autostart problems are sorted
# out when SELinux enforcing (bz 486112)
Patch200: libvirt-0.6.4-svirt-sound.patch
@@ -252,6 +255,8 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
+%patch01 -p1
+
%patch200 -p0
%build
@@ -497,7 +502,7 @@ fi
%dir %{_localstatedir}/lib/libvirt/
%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
+%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/
%dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
%if %{with_qemu}
@@ -612,7 +617,11 @@ fi
%endif
%changelog
-* Wed Aug 5 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-1.fc12
+* Thu Aug 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.0-2
+- Make sure qemu can access kernel/initrd (bug #516034)
+- Set perms on /var/lib/libvirt/boot to 0711 (bug #516034)
+
+* Wed Aug 5 2009 Daniel Veillard <veillard@redhat.com> - 0.7.0-1
- Upstream release of 0.7.0
- ESX, VBox3, Power Hypervisor drivers
- new net filesystem glusterfs