Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2018-01-06 18:46:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Sat Jan 6 18:46:31 2018 rev:246 rq:561423 version:3.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2017-12-29 18:47:27.916249769 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new/libvirt.changes 2018-01-06 18:46:35.094533013 +0100 @@ -1,0 +2,14 @@ +Wed Jan 3 10:46:26 UTC 2018 - cbosdon...@suse.com + +- Fix apparmor rules for virt-aa-helper (bsc#1074265) + fix-virt-aa-helper-profile.patch +- Lift VirtualBox dependency version to include 5.2.x +- Update upstreamed patches + Removed patches: + * daemon-close-crasher.patch + * lxc-hostname.patch + Added patches: + * 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch + * b475a91b-add-virStringFilterChars-string-utility.patch + * faec1958-lxc-set-hostname-based-on-container-name.patch +------------------------------------------------------------------- Old: ---- daemon-close-crasher.patch lxc-hostname.patch New: ---- 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch b475a91b-add-virStringFilterChars-string-utility.patch faec1958-lxc-set-hostname-based-on-container-name.patch fix-virt-aa-helper-profile.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.33fvV5/_old 2018-01-06 18:46:37.406424988 +0100 +++ /var/tmp/diff_new_pack.33fvV5/_new 2018-01-06 18:46:37.414424614 +0100 @@ -1,7 +1,7 @@ # # spec file for package libvirt # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -312,9 +312,13 @@ Patch1: 69ed99c7-dom0-persistent.patch Patch2: 8599aedd-libvirt-guests-dom0-filter.patch Patch3: 0f33025a-virt-aa-helper-handle-more-disk-images.patch +Patch4: b475a91b-add-virStringFilterChars-string-utility.patch +Patch5: faec1958-lxc-set-hostname-based-on-container-name.patch +Patch6: 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch +Patch102: fix-virt-aa-helper-profile.patch # Need to go upstream Patch150: xen-pv-cdrom.patch Patch151: blockcopy-check-dst-identical-device.patch @@ -322,8 +326,6 @@ Patch153: ppc64le-canonical-name.patch Patch154: libxl-set-migration-constraints.patch Patch155: libxl-set-cach-mode.patch -Patch156: lxc-hostname.patch -Patch157: daemon-close-crasher.patch # Our patches Patch200: suse-libvirtd-disable-tls.patch Patch201: suse-libvirtd-sysconfig-settings.patch @@ -796,7 +798,7 @@ Requires: %{name}-daemon-driver-vbox = %{version}-%{release} # Specify supported virtualbox API explicitly. See ./src/vbox # Reference bsc#1017189 -Requires: virtualbox < 5.2 +Requires: virtualbox < 5.3 %description daemon-vbox Server side daemon and driver required to manage the virtualization @@ -893,16 +895,18 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %patch100 -p1 %patch101 -p1 +%patch102 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 %patch154 -p1 %patch155 -p1 -%patch156 -p1 -%patch157 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 ++++++ 2089ab21-netserver-close-clients-before-stopping-all-drivers.patch ++++++ >From 2089ab2112e763d6de5888e498afc4fbdc3376db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdon...@suse.com> Date: Wed, 20 Dec 2017 17:36:10 +0100 Subject: [PATCH] netserver: close clients before stopping all drivers So far clients were closed when disposing the daemon, after the state driver cleanup. This was leading to libvirtd crashing at shutdown due to missing driver. Moving the client close in virNetServerClose() fixes the problem. Reviewed-by: Erik Skultety <eskul...@redhat.com> --- src/rpc/virnetserver.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/rpc/virnetserver.c b/src/rpc/virnetserver.c index 2b76daab5..43f889e2a 100644 --- a/src/rpc/virnetserver.c +++ b/src/rpc/virnetserver.c @@ -774,10 +774,8 @@ void virNetServerDispose(void *obj) virObjectUnref(srv->programs[i]); VIR_FREE(srv->programs); - for (i = 0; i < srv->nclients; i++) { - virNetServerClientClose(srv->clients[i]); + for (i = 0; i < srv->nclients; i++) virObjectUnref(srv->clients[i]); - } VIR_FREE(srv->clients); VIR_FREE(srv->mdnsGroupName); @@ -796,6 +794,9 @@ void virNetServerClose(virNetServerPtr srv) for (i = 0; i < srv->nservices; i++) virNetServerServiceClose(srv->services[i]); + for (i = 0; i < srv->nclients; i++) + virNetServerClientClose(srv->clients[i]); + virObjectUnlock(srv); } -- 2.15.1 ++++++ b475a91b-add-virStringFilterChars-string-utility.patch ++++++ >From b475a91b7753281eb60b87f75b0055fe3c139276 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdon...@suse.com> Date: Mon, 18 Dec 2017 15:46:53 +0100 Subject: [PATCH 1/2] Add virStringFilterChars() string utility Add a function to filter a string based on a list of valid characters. --- src/libvirt_private.syms | 1 + src/util/virstring.c | 24 ++++++++++++++++++++++++ src/util/virstring.h | 1 + tests/virstringtest.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 18d0f2adf..6662c8dac 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2755,6 +2755,7 @@ virStrcpy; virStrdup; virStringBufferIsPrintable; virStringEncodeBase64; +virStringFilterChars; virStringHasChars; virStringHasControlChars; virStringIsEmpty; diff --git a/src/util/virstring.c b/src/util/virstring.c index 0cb06bdc9..1c58df915 100644 --- a/src/util/virstring.c +++ b/src/util/virstring.c @@ -1293,6 +1293,30 @@ virStringStripControlChars(char *str) str[j] = '\0'; } +/** + * virStringFilterChars: + * @str: the string to strip + * @valid: the valid characters for the string + * + * Modify the string in-place to remove the characters that aren't + * in the list of valid ones. + */ +void +virStringFilterChars(char *str, const char *valid) +{ + size_t len, i, j; + + if (!str) + return; + + len = strlen(str); + for (i = 0, j = 0; i < len; i++) { + if (strchr(valid, str[i])) + str[j++] = str[i]; + } + str[j] = '\0'; +} + /** * virStringToUpper: * @str: string to capitalize diff --git a/src/util/virstring.h b/src/util/virstring.h index b19abaf9f..8af054bce 100644 --- a/src/util/virstring.h +++ b/src/util/virstring.h @@ -293,6 +293,7 @@ bool virStringHasChars(const char *str, const char *chars); bool virStringHasControlChars(const char *str); void virStringStripControlChars(char *str); +void virStringFilterChars(char *str, const char *valid); bool virStringIsPrintable(const char *str); bool virStringBufferIsPrintable(const uint8_t *buf, size_t buflen); diff --git a/tests/virstringtest.c b/tests/virstringtest.c index 320f7a398..e8518ede1 100644 --- a/tests/virstringtest.c +++ b/tests/virstringtest.c @@ -767,6 +767,36 @@ static int testStripControlChars(const void *args) return ret; } +struct testFilterData { + const char *string; + const char *valid; + const char *result; +}; + +static int testFilterChars(const void *args) +{ + const struct testFilterData *data = args; + int ret = -1; + char *res = NULL; + + if (VIR_STRDUP(res, data->string) < 0) + goto cleanup; + + virStringFilterChars(res, data->valid); + + if (STRNEQ_NULLABLE(res, data->result)) { + fprintf(stderr, "Returned '%s', expected '%s'\n", + NULLSTR(res), NULLSTR(data->result)); + goto cleanup; + } + + ret = 0; + + cleanup: + VIR_FREE(res); + return ret; +} + static int mymain(void) { @@ -1085,6 +1115,22 @@ mymain(void) TEST_STRIP_CONTROL_CHARS("\x01H\x02" "E\x03L\x04L\x05O", "HELLO"); TEST_STRIP_CONTROL_CHARS("\x01\x02\x03\x04HELL\x05O", "HELLO"); TEST_STRIP_CONTROL_CHARS("\nhello \x01\x07hello\t", "\nhello hello\t"); + +#define TEST_FILTER_CHARS(str, filter, res) \ + do { \ + struct testFilterData filterData = { \ + .string = str, \ + .valid = filter, \ + .result = res, \ + }; \ + if (virTestRun("Filter chars from " #str, \ + testFilterChars, &filterData) < 0) \ + ret = -1; \ + } while (0) + + TEST_FILTER_CHARS(NULL, NULL, NULL); + TEST_FILTER_CHARS("hello 123 hello", "helo", "hellohello"); + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; } -- 2.15.1 ++++++ faec1958-lxc-set-hostname-based-on-container-name.patch ++++++ >From faec1958614bfcdb535b1bcc0ddac8cde4516e1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdon...@suse.com> Date: Mon, 18 Dec 2017 15:48:33 +0100 Subject: [PATCH 2/2] lxc: set a hostname based on the container name Set a transient hostname on containers. The hostname is computed from the container name, only keeping the valid characters [a-zA-Z0-9-] in it. This filtering is based on RFC 1123 and allows a digit to start the hostname. --- src/lxc/lxc_container.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b7216d6ee..96fceaf1b 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -2159,6 +2159,37 @@ static int lxcContainerSetUserGroup(virCommandPtr cmd, return 0; } +static const char hostname_validchars[] = + "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789-"; + +static int lxcContainerSetHostname(virDomainDefPtr def) +{ + int ret = -1; + char *name = NULL; + char *hostname = NULL; + + /* Filter the VM name to get a valid hostname */ + if (VIR_STRDUP(name, def->name) < 0) + goto cleanup; + + /* RFC 1123 allows 0-9 digits as a first character in hostname */ + virStringFilterChars(name, hostname_validchars); + hostname = name; + if (strlen(name) > 0 && name[0] == '-') + hostname = name + 1; + + if (sethostname(hostname, strlen(hostname)) < 0) { + virReportSystemError(errno, "%s", _("Failed to set hostname")); + goto cleanup; + } + ret = 0; + + cleanup: + VIR_FREE(name); + return ret; +} /** * lxcContainerChild: @@ -2269,6 +2300,10 @@ static int lxcContainerChild(void *data) goto cleanup; } + if (lxcContainerSetHostname(vmDef) < 0) + goto cleanup; + + /* drop a set of root capabilities */ if (lxcContainerDropCapabilities(vmDef, !!hasReboot) < 0) goto cleanup; -- 2.15.1 ++++++ fix-virt-aa-helper-profile.patch ++++++ >From 29eed5ffb8776f4e4ecf6dc6b3ee7f320f679e7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdon...@suse.com> Date: Tue, 2 Jan 2018 09:54:46 +0100 Subject: [PATCH] apparmor: fix virt-aa-helper profile Fix rule introduced by commit 0f33025a: * to handle /var/run not being a symlink to /run * to be properly parsed: missing comma at the end. --- examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper index 9c822b644..105f09e43 100644 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /var/lib/libvirt/images/** r, /{media,mnt,opt,srv}/** r, # For virt-sandbox - /run/libvirt/**/[sv]d[a-z] r + /{,var/}run/libvirt/**/[sv]d[a-z] r, /**.img r, /**.raw r, -- 2.15.1