Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2012-02-17 12:01:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2012-01-19 09:43:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes 2012-02-17 12:02:05.000000000 +0100 @@ -1,0 +2,56 @@ +Thu Feb 16 09:59:52 MST 2012 - [email protected] + +- Add a note in /etc/libvirt/qemu.conf describing administrator + vigilance required when enabling a lock manager such as sanlock + +------------------------------------------------------------------- +Thu Feb 16 09:01:58 MST 2012 - [email protected] + +- Recommend dmidecode if suse_version > 1110. dmidecode is used + by virConnectGetSysinfo. + +------------------------------------------------------------------- +Wed Feb 15 22:00:42 MST 2012 - [email protected] + +- Add upstream patches to fix issues with older PolicyKit + c05ec920-polkit0-build.patch + fcdfa31f-polkit0-auth.patch + +------------------------------------------------------------------- +Wed Feb 15 11:57:25 MST 2012 - [email protected] + +- Update to libvirt 0.9.10 + - Add support for sVirt in the LXC driver + - Add new API virDomainBlockRebase + - Add api to set and get domain metadata + - virDomainGetDiskErrors public API + - Add rawio attribute to disk element of domain XML + - Introduce virDomainPMSuspendForDuration API + - Add virStorageVolResize() API + - Add a virt-host-validate command to sanity check HV config + - Add new virDomainShutdownFlags API + - QEMU guest agent support + +------------------------------------------------------------------- +Wed Feb 8 11:12:28 MST 2012 - [email protected] + +- Fix libvirtd apparmor profile to work with libxenlight toolstack + Updated install-apparmor-profiles.patch + bnc#745890 + +------------------------------------------------------------------- +Wed Jan 25 14:40:32 MST 2012 - [email protected] + +- Fix init script packaging after enabling systemd support + +------------------------------------------------------------------- +Tue Jan 24 14:26:47 MST 2012 - [email protected] + +- Fix %files after enabling sanlock support + +------------------------------------------------------------------- +Wed Jan 18 15:58:57 MST 2012 - [email protected] + +- Enable libvirt integration with sanlock + +------------------------------------------------------------------- Old: ---- 9ae4ac7a-PolicyKit.patch libvirt-0.9.9.tar.bz2 New: ---- c05ec920-polkit0-build.patch fcdfa31f-polkit0-auth.patch libvirt-0.9.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -15,8 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - # For now, default to a full server + client build %define client_only 0 @@ -156,6 +154,11 @@ %define with_systemd 0%{!?_without_systemd:1} %endif +# Enable sanlock on openSUSE > 12.1 +%if 0%{?suse_version} > 1210 +%define with_sanlock 0%{!?_without_sanlock:%{server_drivers}} +%endif + # Disable some drivers when building without libvirt daemon. # The logic is the same as in configure.ac %if ! %{with_libvirtd} @@ -193,20 +196,21 @@ %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services -BuildRequires: python-devel +BuildRequires: bridge-utils +BuildRequires: fdupes +BuildRequires: gettext +BuildRequires: libgcrypt-devel +BuildRequires: libgnutls-devel +BuildRequires: libtasn1-devel +BuildRequires: libtool BuildRequires: libxml2-devel -BuildRequires: xhtml-dtd BuildRequires: libxslt -BuildRequires: readline-devel BuildRequires: ncurses-devel -BuildRequires: gettext -BuildRequires: libtasn1-devel -BuildRequires: libgnutls-devel -BuildRequires: libgcrypt-devel -BuildRequires: bridge-utils -BuildRequires: fdupes -BuildRequires: libtool pkg-config +BuildRequires: pkg-config +BuildRequires: python-devel BuildRequires: python-xml +BuildRequires: readline-devel +BuildRequires: xhtml-dtd # Only for directory ownership: BuildRequires: gtk-doc %if %{with_xen} || %{with_libxl} @@ -321,12 +325,11 @@ Name: libvirt Url: http://libvirt.org/ +Version: 0.9.10 +Release: 0 +Summary: A C toolkit to interact with the virtualization capabilities of Linux License: LGPL-2.1+ Group: Development/Libraries/C and C++ -AutoReqProv: yes -Version: 0.9.9 -Release: 1 -Summary: A C toolkit to interact with the virtualization capabilities of Linux Conflicts: kvm < 0.14.1 # The client side, i.e. shared libs and virsh are in a subpackage @@ -386,8 +389,12 @@ # For multipath support Recommends: device-mapper %endif +%if 0%{?suse_version} > 1110 +%ifarch i386 i586 i686 x86_64 ia64 # For virConnectGetSysinfo -Requires: dmidecode +Recommends: dmidecode +%endif +%endif # For service management %if %{with_systemd} %{?systemd_requires} @@ -398,7 +405,8 @@ Source2: libvirtd-relocation-server.fw Source99: baselibs.conf # Upstream patches -Patch0: 9ae4ac7a-PolicyKit.patch +Patch0: c05ec920-polkit0-build.patch +Patch1: fcdfa31f-polkit0-auth.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch @@ -433,7 +441,6 @@ Karel Zak <[email protected]> %package client -License: LGPL-2.1+ Summary: Client side library and utilities of the libvirt library Group: Development/Libraries/C and C++ Requires: readline @@ -460,7 +467,6 @@ Karel Zak <[email protected]> %package devel -License: LGPL-2.1+ Summary: A C toolkit to interact with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name}-client = %{version}-%{release} libxml2-devel @@ -482,7 +488,6 @@ Karel Zak <[email protected]> %package doc -License: LGPL-2.1+ Summary: A C toolkit to interact with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name}-client = %{version}-%{release} @@ -502,7 +507,6 @@ %if %{with_sanlock} %package lock-sanlock -License: LGPL-2.1+ Summary: Sanlock lock manager plugin for QEMU driver Group: Development/Libraries/C and C++ Requires: sanlock >= 1.8 @@ -517,7 +521,6 @@ %if %{with_python} %package python -License: LGPL-2.1+ Summary: A C toolkit to interact with the virtualization capabilities of Linux Group: Development/Libraries/C and C++ Requires: %{name}-client = %{version}-%{release} @@ -539,6 +542,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch100 -p1 %patch101 %patch102 -p1 @@ -654,6 +658,9 @@ %if ! %{with_sasl} %define _without_sasl --without-sasl %endif +%if ! %{with_avahi} +%define _without_avahi --without-avahi +%endif %if ! %{with_python} %define _without_python --without-python %endif @@ -708,6 +715,7 @@ %{?_without_dtrace} \ %{?_without_network} \ %{?_without_sasl} \ + %{?_without_avahi} \ %{?_without_python} \ %{?_without_libpcap} \ %{?_without_sanlock} \ @@ -724,13 +732,18 @@ %makeinstall SYSTEMD_UNIT_DIR=%{_unitdir} DOCS_DIR=%{_docdir}/%{name}-python EXAMPLE_DIR=%{_docdir}/%{name}-python/examples HTML_DIR=%{_docdir}/%{name} cp -a AUTHORS ChangeLog COPYING NEWS README TODO $RPM_BUILD_ROOT%{_docdir}/%{name}/ cd docs ; cp -a *.html $RPM_BUILD_ROOT%{_docdir}/%{name} ; cp -a *.png $RPM_BUILD_ROOT%{_docdir}/%{name} ; cd .. +rm -f $RPM_BUILD_ROOT%{_libdir}/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/*.a +rm -f $RPM_BUILD_ROOT%{py_sitedir}/*.la +rm -f $RPM_BUILD_ROOT%{py_sitedir}/*.a +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/lock-driver/*.la +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/lock-driver/*.a # remove currently unsupported locale(s) rm -rf $RPM_BUILD_ROOT/usr/share/locale/sr@latin %if 0%{?suse_version} < 1130 rm -rf $RPM_BUILD_ROOT/usr/share/locale/vi_VN %endif mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/libvirt -rm $RPM_BUILD_ROOT%{_libdir}/*.*a $RPM_BUILD_ROOT%{py_sitedir}/*.*a %find_lang %{name} %if %{with_network} install -d -m 0755 $RPM_BUILD_ROOT%{_localstatedir}/lib/libvirt/dnsmasq/ @@ -803,7 +816,7 @@ %endif %if %{with_systemd} %service_add_post libvirtd.service libvirt-guests.service -%else +%endif %if 0%{?sles_version} %{fillup_and_insserv -y libvirtd} %else # ! sles @@ -811,15 +824,13 @@ %endif %{fillup_only -n libvirt-guests} %endif -%endif %preun %if %{with_libvirtd} %if %{with_systemd} %service_del_preun libvirtd.service libvirt-guests.service -%else -%stop_on_removal libvirtd %endif +%stop_on_removal libvirtd %endif %postun @@ -827,9 +838,8 @@ %if %{with_libvirtd} %if %{with_systemd} %service_del_postun libvirtd.service libvirt-guests.service -%else -%restart_on_update libvirtd %endif +%restart_on_update libvirtd %endif %insserv_cleanup @@ -863,6 +873,11 @@ %endif %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd +%dir %{_datadir}/augeas/ +%dir %{_datadir}/augeas/lenses +%dir %{_datadir}/augeas/lenses/tests +%{_datadir}/augeas/lenses/libvirtd.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd.aug %if %{with_dtrace} %{_datadir}/systemtap/tapset/libvirt_probes.stp %{_datadir}/systemtap/tapset/libvirt_functions.stp @@ -879,13 +894,14 @@ %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy %endif %endif -%{_datadir}/augeas %if %{with_qemu} %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu %dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ %dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ +%{_datadir}/augeas/lenses/libvirtd_qemu.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %endif %if %{with_lxc} %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf @@ -893,6 +909,8 @@ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ %attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc +%{_datadir}/augeas/lenses/libvirtd_lxc.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug %endif %if %{with_uml} %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml @@ -929,10 +947,12 @@ %doc %{_mandir}/man1/virsh.1* %doc %{_mandir}/man1/virt-xml-validate.1* %doc %{_mandir}/man1/virt-pki-validate.1* +%doc %{_mandir}/man1/virt-host-validate.1* %config(noreplace) %{_sysconfdir}/libvirt/libvirt.conf %{_bindir}/virsh %{_bindir}/virt-xml-validate %{_bindir}/virt-pki-validate +%{_bindir}/virt-host-validate %dir %{_libdir}/%{name} %{_libdir}/lib*.so.* %{_localstatedir}/adm/fillup-templates/sysconfig.libvirt-guests @@ -983,15 +1003,19 @@ %files lock-sanlock %defattr(-, root, root) +%doc %{_mandir}/man8/virt-sanlock-cleanup.8* %if %{with_qemu} -%config(noreplace) %{_sysconfdir}/libvirt/qemu-sanlock.conf +%config(noreplace) %{_sysconfdir}/%{name}/qemu-sanlock.conf %endif -%attr(0755, root, root) %{_libdir}/libvirt/lock-driver/sanlock.so +%dir %{_libdir}/%{name}/lock-driver/ +%attr(0755, root, root) %{_libdir}/%{name}/lock-driver/sanlock.so +%dir %{_datadir}/augeas/ +%dir %{_datadir}/augeas/lenses +%dir %{_datadir}/augeas/lenses/tests %{_datadir}/augeas/lenses/libvirt_sanlock.aug %{_datadir}/augeas/lenses/tests/test_libvirt_sanlock.aug -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/sanlock +%dir %attr(0700, root, root) %{_localstatedir}/lib/%{name}/sanlock %{_sbindir}/virt-sanlock-cleanup -%{_mandir}/man8/virt-sanlock-cleanup.8* %endif %if %{with_python} ++++++ AF_PACKET.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,8 +1,8 @@ -Index: libvirt-0.9.9/src/util/virnetdev.c +Index: libvirt-0.9.10/src/util/virnetdev.c =================================================================== ---- libvirt-0.9.9.orig/src/util/virnetdev.c -+++ libvirt-0.9.9/src/util/virnetdev.c -@@ -84,7 +84,7 @@ static int virNetDevSetupControlFull(con +--- libvirt-0.9.10.orig/src/util/virnetdev.c ++++ libvirt-0.9.10/src/util/virnetdev.c +@@ -85,7 +85,7 @@ static int virNetDevSetupControlFull(con static int virNetDevSetupControl(const char *ifname, struct ifreq *ifr) { @@ -11,10 +11,10 @@ } #endif -Index: libvirt-0.9.9/src/util/virnetdevbridge.c +Index: libvirt-0.9.10/src/util/virnetdevbridge.c =================================================================== ---- libvirt-0.9.9.orig/src/util/virnetdevbridge.c -+++ libvirt-0.9.9/src/util/virnetdevbridge.c +--- libvirt-0.9.10.orig/src/util/virnetdevbridge.c ++++ libvirt-0.9.10/src/util/virnetdevbridge.c @@ -84,7 +84,7 @@ static int virNetDevSetupControlFull(con static int virNetDevSetupControl(const char *ifname, struct ifreq *ifr) ++++++ c05ec920-polkit0-build.patch ++++++ commit c05ec920219dc9fad9230c3cea7c1fb17d29ddc3 Author: Jim Fehlig <[email protected]> Date: Wed Feb 15 21:34:13 2012 -0700 Fix build with polkit0 Commit 8dd623b9 introduced a build error with --enable-compile-warnings=error remote.c:2593: error: unused variable 'rv' [-Wunused-variable] Pushing under build-breaker rule. Index: libvirt-0.9.10/daemon/remote.c =================================================================== --- libvirt-0.9.10.orig/daemon/remote.c +++ libvirt-0.9.10/daemon/remote.c @@ -2589,7 +2589,6 @@ remoteDispatchAuthPolkit(virNetServerPtr DBusError err; const char *action; char *ident = NULL; - int rv = -1; struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); ++++++ clone.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- src/lxc/lxc_container.c.orig +++ src/lxc/lxc_container.c -@@ -1345,6 +1345,9 @@ int lxcContainerStart(virDomainDefPtr de +@@ -1439,6 +1439,9 @@ int lxcContainerStart(virDomainDefPtr de ttyPaths, nttyPaths, handshakefd}; /* allocate a stack for the container */ @@ -12,7 +12,7 @@ if (VIR_ALLOC_N(stack, stacksize) < 0) { virReportOOMError(); return -1; -@@ -1363,7 +1366,11 @@ int lxcContainerStart(virDomainDefPtr de +@@ -1457,7 +1460,11 @@ int lxcContainerStart(virDomainDefPtr de cflags |= CLONE_NEWNET; } @@ -24,7 +24,7 @@ VIR_FREE(stack); VIR_DEBUG("clone() completed, new container PID is %d", pid); -@@ -1389,6 +1396,7 @@ int lxcContainerAvailable(int features) +@@ -1483,6 +1490,7 @@ int lxcContainerAvailable(int features) int cpid; char *childStack; char *stack; @@ -32,7 +32,7 @@ if (features & LXC_CONTAINER_FEATURE_USER) flags |= CLONE_NEWUSER; -@@ -1396,14 +1404,21 @@ int lxcContainerAvailable(int features) +@@ -1490,14 +1498,21 @@ int lxcContainerAvailable(int features) if (features & LXC_CONTAINER_FEATURE_NET) flags |= CLONE_NEWNET; ++++++ fcdfa31f-polkit0-auth.patch ++++++ >From a06fab953f99e778883618dd0aeaef8da5d5b32a Mon Sep 17 00:00:00 2001 From: Jim Fehlig <[email protected]> Date: Wed, 15 Feb 2012 10:01:50 -0700 Subject: [PATCH] Fix polkit0 authentication Commit 7033c5f2 introduced some bugs in polkit0 authentication. Fix libvirtd segfault in remoteDispatchAuthPolkit(). Fix polkit authentication bypass when caller UID = 0. --- daemon/remote.c | 20 +++++++++----------- 1 files changed, 9 insertions(+), 11 deletions(-) Index: libvirt-0.9.10/daemon/remote.c =================================================================== --- libvirt-0.9.10.orig/daemon/remote.c +++ libvirt-0.9.10/daemon/remote.c @@ -2052,16 +2052,16 @@ remoteDispatchAuthList(virNetServerPtr s } else if (callerUid == 0) { char *ident; if (virAsprintf(&ident, "pid:%lld,uid:%d", - (long long) callerPid, callerUid) == 0) { - VIR_INFO("Bypass polkit auth for privileged client %s", - ident); - if (virNetServerClientSetIdentity(client, ident) < 0) - virResetLastError(); - else - auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; - VIR_FREE(ident); + (long long) callerPid, callerUid) < 0) { + virReportOOMError(); + goto cleanup; } - rv = -1; + VIR_INFO("Bypass polkit auth for privileged client %s", ident); + if (virNetServerClientSetIdentity(client, ident) < 0) + virResetLastError(); + else + auth = VIR_NET_SERVER_SERVICE_AUTH_NONE; + VIR_FREE(ident); } } @@ -2592,8 +2592,6 @@ remoteDispatchAuthPolkit(virNetServerPtr struct daemonClientPrivate *priv = virNetServerClientGetPrivateData(client); - memset(ident, 0, sizeof ident); - virMutexLock(&priv->lock); action = virNetServerClientGetReadonly(client) ? ++++++ install-apparmor-profiles.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,7 +1,7 @@ -Index: libvirt-0.9.9/examples/apparmor/Makefile.am +Index: libvirt-0.9.10/examples/apparmor/Makefile.am =================================================================== ---- libvirt-0.9.9.orig/examples/apparmor/Makefile.am -+++ libvirt-0.9.9/examples/apparmor/Makefile.am +--- libvirt-0.9.10.orig/examples/apparmor/Makefile.am ++++ libvirt-0.9.10/examples/apparmor/Makefile.am @@ -1,8 +1,39 @@ ## Copyright (C) 2005-2011 Red Hat, Inc. ## See COPYING.LIB for the License of this software @@ -47,10 +47,10 @@ + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/libvirt/TEMPLATE + +endif -Index: libvirt-0.9.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in +Index: libvirt-0.9.10/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in =================================================================== --- /dev/null -+++ libvirt-0.9.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ libvirt-0.9.10/examples/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -0,0 +1,40 @@ +# Last Modified: Fri Aug 19 11:21:48 2011 +#include <tunables/global> @@ -92,9 +92,9 @@ + /var/lib/kvm/images/ r, + /var/lib/kvm/images/** r, +} -Index: libvirt-0.9.9/examples/apparmor/usr.lib.libvirt.virt-aa-helper +Index: libvirt-0.9.10/examples/apparmor/usr.lib.libvirt.virt-aa-helper =================================================================== ---- libvirt-0.9.9.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +--- libvirt-0.9.10.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ /dev/null @@ -1,38 +0,0 @@ -# Last Modified: Mon Apr 5 15:10:27 2010 @@ -135,9 +135,9 @@ - /var/lib/libvirt/images/ r, - /var/lib/libvirt/images/** r, -} -Index: libvirt-0.9.9/examples/apparmor/usr.sbin.libvirtd +Index: libvirt-0.9.10/examples/apparmor/usr.sbin.libvirtd =================================================================== ---- libvirt-0.9.9.orig/examples/apparmor/usr.sbin.libvirtd +--- libvirt-0.9.10.orig/examples/apparmor/usr.sbin.libvirtd +++ /dev/null @@ -1,52 +0,0 @@ -# Last Modified: Mon Apr 5 15:03:58 2010 @@ -192,11 +192,11 @@ - change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - -} -Index: libvirt-0.9.9/examples/apparmor/usr.sbin.libvirtd.in +Index: libvirt-0.9.10/examples/apparmor/usr.sbin.libvirtd.in =================================================================== --- /dev/null -+++ libvirt-0.9.9/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,54 @@ ++++ libvirt-0.9.10/examples/apparmor/usr.sbin.libvirtd.in +@@ -0,0 +1,57 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include <tunables/global> +@{LIBVIRT}="libvirt" @@ -221,6 +221,7 @@ + capability setpcap, + capability mknod, + capability fsetid, ++ capability ipc_lock, + + network inet stream, + network inet dgram, @@ -235,6 +236,8 @@ + /sbin/* Ux, + /usr/bin/* Ux, + /usr/sbin/* Ux, ++ /usr/lib/xen/bin/qemu-dm Ux, ++ /usr/lib/PolicyKit/polkit-read-auth-helper Px, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, @@ -251,10 +254,10 @@ + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} -Index: libvirt-0.9.9/examples/apparmor/libvirt-qemu +Index: libvirt-0.9.10/examples/apparmor/libvirt-qemu =================================================================== ---- libvirt-0.9.9.orig/examples/apparmor/libvirt-qemu -+++ libvirt-0.9.9/examples/apparmor/libvirt-qemu +--- libvirt-0.9.10.orig/examples/apparmor/libvirt-qemu ++++ libvirt-0.9.10/examples/apparmor/libvirt-qemu @@ -52,6 +52,7 @@ # access to firmware's etc /usr/share/kvm/** r, ++++++ libvirt-0.9.9.tar.bz2 -> libvirt-0.9.10.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/libvirt/libvirt-0.9.9.tar.bz2 /work/SRC/openSUSE:Factory/.libvirt.new/libvirt-0.9.10.tar.bz2 differ: char 11, line 1 ++++++ libvirt-suse-netcontrol.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,7 +1,7 @@ -Index: libvirt-0.9.9/configure.ac +Index: libvirt-0.9.10/configure.ac =================================================================== ---- libvirt-0.9.9.orig/configure.ac -+++ libvirt-0.9.9/configure.ac +--- libvirt-0.9.10.orig/configure.ac ++++ libvirt-0.9.10/configure.ac @@ -63,6 +63,7 @@ AVAHI_REQUIRED="0.6.0" POLKIT_REQUIRED="0.6" PARTED_REQUIRED="1.8.0" @@ -10,7 +10,7 @@ UDEV_REQUIRED=145 PCIACCESS_REQUIRED=0.10.0 XMLRPC_REQUIRED=1.14.0 -@@ -1637,6 +1638,38 @@ AM_CONDITIONAL([WITH_NETCF], [test "$wit +@@ -1641,6 +1642,38 @@ AM_CONDITIONAL([WITH_NETCF], [test "$wit AC_SUBST([NETCF_CFLAGS]) AC_SUBST([NETCF_LIBS]) @@ -49,7 +49,7 @@ AC_ARG_WITH([secrets], AC_HELP_STRING([--with-secrets], [with local secrets management driver @<:@default=yes@:>@]),[],[with_secrets=yes]) -@@ -2565,6 +2598,7 @@ AC_MSG_NOTICE([ Remote: $with_remote]) +@@ -2592,6 +2625,7 @@ AC_MSG_NOTICE([ Remote: $with_remote]) AC_MSG_NOTICE([ Network: $with_network]) AC_MSG_NOTICE([Libvirtd: $with_libvirtd]) AC_MSG_NOTICE([ netcf: $with_netcf]) @@ -57,7 +57,7 @@ AC_MSG_NOTICE([ macvtap: $with_macvtap]) AC_MSG_NOTICE([virtport: $with_virtualport]) AC_MSG_NOTICE([]) -@@ -2696,6 +2730,11 @@ AC_MSG_NOTICE([ netcf: $NETCF_CFLAGS $ +@@ -2723,6 +2757,11 @@ AC_MSG_NOTICE([ netcf: $NETCF_CFLAGS $ else AC_MSG_NOTICE([ netcf: no]) fi @@ -69,10 +69,10 @@ if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS]) else -Index: libvirt-0.9.9/daemon/Makefile.am +Index: libvirt-0.9.10/daemon/Makefile.am =================================================================== ---- libvirt-0.9.9.orig/daemon/Makefile.am -+++ libvirt-0.9.9/daemon/Makefile.am +--- libvirt-0.9.10.orig/daemon/Makefile.am ++++ libvirt-0.9.10/daemon/Makefile.am @@ -143,6 +143,10 @@ endif if WITH_NETCF @@ -84,10 +84,10 @@ endif if WITH_NODE_DEVICES -Index: libvirt-0.9.9/daemon/libvirtd.c +Index: libvirt-0.9.10/daemon/libvirtd.c =================================================================== ---- libvirt-0.9.9.orig/daemon/libvirtd.c -+++ libvirt-0.9.9/daemon/libvirtd.c +--- libvirt-0.9.10.orig/daemon/libvirtd.c ++++ libvirt-0.9.10/daemon/libvirtd.c @@ -75,6 +75,10 @@ # endif # ifdef WITH_NETCF @@ -110,11 +110,11 @@ # endif # ifdef WITH_STORAGE_DIR storageRegister(); -Index: libvirt-0.9.9/src/Makefile.am +Index: libvirt-0.9.10/src/Makefile.am =================================================================== ---- libvirt-0.9.9.orig/src/Makefile.am -+++ libvirt-0.9.9/src/Makefile.am -@@ -955,6 +955,24 @@ libvirt_driver_interface_la_LIBADD += .. +--- libvirt-0.9.10.orig/src/Makefile.am ++++ libvirt-0.9.10/src/Makefile.am +@@ -960,6 +960,24 @@ libvirt_driver_interface_la_LIBADD += .. libvirt_driver_interface_la_LDFLAGS += -module -avoid-version endif libvirt_driver_interface_la_SOURCES = $(INTERFACE_DRIVER_SOURCES) @@ -139,10 +139,10 @@ endif if WITH_SECRETS -Index: libvirt-0.9.9/src/interface/netcf_driver.c +Index: libvirt-0.9.10/src/interface/netcf_driver.c =================================================================== ---- libvirt-0.9.9.orig/src/interface/netcf_driver.c -+++ libvirt-0.9.9/src/interface/netcf_driver.c +--- libvirt-0.9.10.orig/src/interface/netcf_driver.c ++++ libvirt-0.9.10/src/interface/netcf_driver.c @@ -23,7 +23,13 @@ #include <config.h> @@ -208,11 +208,11 @@ /* open netcf */ if (ncf_init(&driverState->netcf, NULL) != 0) { -Index: libvirt-0.9.9/tools/virsh.c +Index: libvirt-0.9.10/tools/virsh.c =================================================================== ---- libvirt-0.9.9.orig/tools/virsh.c -+++ libvirt-0.9.9/tools/virsh.c -@@ -18328,6 +18328,10 @@ vshShowVersion(vshControl *ctl ATTRIBUTE +--- libvirt-0.9.10.orig/tools/virsh.c ++++ libvirt-0.9.10/tools/virsh.c +@@ -19067,6 +19067,10 @@ vshShowVersion(vshControl *ctl ATTRIBUTE #endif #ifdef WITH_NETCF vshPrint(ctl, " Netcf"); ++++++ libvirtd-defaults.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,7 +1,7 @@ -Index: libvirt-0.9.9/daemon/libvirtd.conf +Index: libvirt-0.9.10/daemon/libvirtd.conf =================================================================== ---- libvirt-0.9.9.orig/daemon/libvirtd.conf -+++ libvirt-0.9.9/daemon/libvirtd.conf +--- libvirt-0.9.10.orig/daemon/libvirtd.conf ++++ libvirt-0.9.10/daemon/libvirtd.conf @@ -18,8 +18,8 @@ # It is necessary to setup a CA and issue server certificates before # using this capability. @@ -28,10 +28,10 @@ # Override the default mDNS advertizement name. This must be # unique on the immediate broadcast network. -Index: libvirt-0.9.9/daemon/libvirtd.c +Index: libvirt-0.9.10/daemon/libvirtd.c =================================================================== ---- libvirt-0.9.9.orig/daemon/libvirtd.c -+++ libvirt-0.9.9/daemon/libvirtd.c +--- libvirt-0.9.10.orig/daemon/libvirtd.c ++++ libvirt-0.9.10/daemon/libvirtd.c @@ -871,7 +871,7 @@ daemonConfigNew(bool privileged ATTRIBUT return NULL; } ++++++ relax-qemu-usergroup-check.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -7,11 +7,11 @@ daemon. Then the qemu driver would only be loaded when needed, which would never be the case on a xen-only configuration. -Index: libvirt-0.9.9/src/qemu/qemu_conf.c +Index: libvirt-0.9.10/src/qemu/qemu_conf.c =================================================================== ---- libvirt-0.9.9.orig/src/qemu/qemu_conf.c -+++ libvirt-0.9.9/src/qemu/qemu_conf.c -@@ -255,9 +255,7 @@ int qemudLoadDriverConfig(struct qemud_d +--- libvirt-0.9.10.orig/src/qemu/qemu_conf.c ++++ libvirt-0.9.10/src/qemu/qemu_conf.c +@@ -266,9 +266,7 @@ int qemudLoadDriverConfig(struct qemud_d return -1; } if (virGetUserID(user, &driver->user) < 0) { @@ -22,7 +22,7 @@ } VIR_FREE(user); -@@ -270,9 +268,7 @@ int qemudLoadDriverConfig(struct qemud_d +@@ -281,9 +279,7 @@ int qemudLoadDriverConfig(struct qemud_d return -1; } if (virGetGroupID(group, &driver->group) < 0) { ++++++ suse-qemu-conf.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,7 +1,7 @@ -Index: libvirt-0.9.9/src/qemu/qemu.conf +Index: libvirt-0.9.10/src/qemu/qemu.conf =================================================================== ---- libvirt-0.9.9.orig/src/qemu/qemu.conf -+++ libvirt-0.9.9/src/qemu/qemu.conf +--- libvirt-0.9.10.orig/src/qemu/qemu.conf ++++ libvirt-0.9.10/src/qemu/qemu.conf @@ -136,7 +136,16 @@ # leaving SELinux enabled for the host in general, then set this # to 'none' instead. @@ -17,5 +17,21 @@ +# security_driver = "apparmor" +security_driver = "none" + # If set to non-zero, then the default security labeling + # will make guests confined. If set to zero, then guests +@@ -316,6 +325,15 @@ + # max_processes = 0 + # max_files = 0 - # The user ID for QEMU processes run by the system instance. ++# SUSE note: ++# Many lock managers, sanlock included, will kill the resources ++# they protect when terminated. E.g. the sanlock daemon will kill ++# any virtual machines for which it holds disk leases when the ++# daemon is stopped or restarted. Administrators must be vigilant ++# when enabling a lock manager since simply updating the manager ++# may cause it to be restarted, potentially killing the resources ++# it protects. ++# + # To enable 'Sanlock' project based locking of the file + # content (to prevent two VMs writing to the same + # disk), uncomment this ++++++ use-init-script-redhat.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,8 +1,8 @@ -Index: libvirt-0.9.9/tools/Makefile.am +Index: libvirt-0.9.10/tools/Makefile.am =================================================================== ---- libvirt-0.9.9.orig/tools/Makefile.am -+++ libvirt-0.9.9/tools/Makefile.am -@@ -153,24 +153,22 @@ install-data-local: install-init install +--- libvirt-0.9.10.orig/tools/Makefile.am ++++ libvirt-0.9.10/tools/Makefile.am +@@ -182,24 +182,22 @@ install-data-local: install-init install uninstall-local: uninstall-init uninstall-systemd install-sysconfig: @@ -33,10 +33,10 @@ if LIBVIRT_INIT_SCRIPT_RED_HAT -Index: libvirt-0.9.9/tools/libvirt-guests.sysconf +Index: libvirt-0.9.10/tools/libvirt-guests.sysconf =================================================================== ---- libvirt-0.9.9.orig/tools/libvirt-guests.sysconf -+++ libvirt-0.9.9/tools/libvirt-guests.sysconf +--- libvirt-0.9.10.orig/tools/libvirt-guests.sysconf ++++ libvirt-0.9.10/tools/libvirt-guests.sysconf @@ -1,18 +1,28 @@ +## Path: System/Virtualization/libvirt + @@ -87,10 +87,10 @@ # If non-zero, try to bypass the file system cache when saving and # restoring guests, even though this may give slower operation for # some file systems. -Index: libvirt-0.9.9/tools/libvirt-guests.init.sh +Index: libvirt-0.9.10/tools/libvirt-guests.init.sh =================================================================== ---- libvirt-0.9.9.orig/tools/libvirt-guests.init.sh -+++ libvirt-0.9.9/tools/libvirt-guests.init.sh +--- libvirt-0.9.10.orig/tools/libvirt-guests.init.sh ++++ libvirt-0.9.10/tools/libvirt-guests.init.sh @@ -4,10 +4,10 @@ # ### BEGIN INIT INFO @@ -233,10 +233,10 @@ esac -exit $RETVAL +rc_exit -Index: libvirt-0.9.9/daemon/Makefile.am +Index: libvirt-0.9.10/daemon/Makefile.am =================================================================== ---- libvirt-0.9.9.orig/daemon/Makefile.am -+++ libvirt-0.9.9/daemon/Makefile.am +--- libvirt-0.9.10.orig/daemon/Makefile.am ++++ libvirt-0.9.10/daemon/Makefile.am @@ -249,34 +249,23 @@ uninstall-logrotate: rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || : @@ -275,10 +275,10 @@ else install-init-redhat: uninstall-init-redhat: -Index: libvirt-0.9.9/daemon/libvirtd.sysconf +Index: libvirt-0.9.10/daemon/libvirtd.sysconf =================================================================== ---- libvirt-0.9.9.orig/daemon/libvirtd.sysconf -+++ libvirt-0.9.9/daemon/libvirtd.sysconf +--- libvirt-0.9.10.orig/daemon/libvirtd.sysconf ++++ libvirt-0.9.10/daemon/libvirtd.sysconf @@ -1,16 +1,25 @@ +## Path: System/Virtualization/libvirt + ++++++ xen-name-for-devid.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -13,10 +13,10 @@ This approach allows removing a disk when domain is inactive. We obviously can't search xenstore when the domain is inactive. -Index: libvirt-0.9.9/src/xen/xend_internal.c +Index: libvirt-0.9.10/src/xen/xend_internal.c =================================================================== ---- libvirt-0.9.9.orig/src/xen/xend_internal.c -+++ libvirt-0.9.9/src/xen/xend_internal.c +--- libvirt-0.9.10.orig/src/xen/xend_internal.c ++++ libvirt-0.9.10/src/xen/xend_internal.c @@ -60,6 +60,7 @@ static int ++++++ xen-pv-cdrom.patch ++++++ --- /var/tmp/diff_new_pack.qPD8WB/_old 2012-02-17 12:02:07.000000000 +0100 +++ /var/tmp/diff_new_pack.qPD8WB/_new 2012-02-17 12:02:07.000000000 +0100 @@ -1,8 +1,8 @@ -Index: libvirt-0.9.9/src/xenxs/xen_sxpr.c +Index: libvirt-0.9.10/src/xenxs/xen_sxpr.c =================================================================== ---- libvirt-0.9.9.orig/src/xenxs/xen_sxpr.c -+++ libvirt-0.9.9/src/xenxs/xen_sxpr.c -@@ -329,7 +329,7 @@ error: +--- libvirt-0.9.10.orig/src/xenxs/xen_sxpr.c ++++ libvirt-0.9.10/src/xenxs/xen_sxpr.c +@@ -340,7 +340,7 @@ error: static int xenParseSxprDisks(virDomainDefPtr def, const struct sexpr *root, @@ -11,7 +11,7 @@ int xendConfigVersion) { const struct sexpr *cur, *node; -@@ -380,7 +380,6 @@ xenParseSxprDisks(virDomainDefPtr def, +@@ -391,7 +391,6 @@ xenParseSxprDisks(virDomainDefPtr def, /* There is a case without the uname to the CD-ROM device */ offset = strchr(dst, ':'); if (!offset || -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
