Hello community, here is the log from the commit of package libvirt for openSUSE:13.1 checked in at 2013-10-29 09:26:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/libvirt (Old) and /work/SRC/openSUSE:13.1/.libvirt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Changes: -------- --- /work/SRC/openSUSE:13.1/libvirt/libvirt.changes 2013-10-15 10:42:33.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.libvirt.new/libvirt.changes 2013-10-29 09:26:44.000000000 +0100 @@ -1,0 +2,58 @@ +Fri Oct 25 13:10:27 MDT 2013 - jfeh...@suse.com + +- libxl driver: fix initialization of VNC and SDL info for + HVM domains + libxl-hvm-vnc.patch + bnc#847566 +- Allow libvirtd apparmor profile to access /etc/xen/scripts/* + +------------------------------------------------------------------- +Tue Oct 22 21:37:08 MDT 2013 - jfeh...@suse.com + +- Fix file descriptor passing in python bindings + e350826c-python-fix-fd-passing.patch + rhb#1021434 + +------------------------------------------------------------------- +Tue Oct 22 14:37:08 MDT 2013 - cbosdon...@suse.com + +- Have systemd terminate the machine as a workaround of fdo#68370 + bd773e74-lxc-terminate-machine.patch + bnc#842834 + +------------------------------------------------------------------- +Tue Oct 22 12:28:03 MDT 2013 - jfeh...@suse.com + +- Spec file fixes to only package libvirt-login-shell when + building the LXC driver + +------------------------------------------------------------------- +Mon Oct 21 11:33:03 MDT 2013 - jfeh...@suse.com + +- CVE-2013-4400: Unsantized use of env variables allows privilege + escalation via virt-login-shell + ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, + b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, + 5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch + bnc#837609 +- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native + 57687fd6-CVE-2013-4401.patch + bnc#845704 + +------------------------------------------------------------------- +Fri Oct 18 14:42:39 MDT 2013 - jfeh...@suse.com + +- Move hypervisor-specific files out of libvirt-daemon package + and into libvirt-daemon-<hypervisor> subpackage + bnc#845851 +- conf: Don't crash on invalid chardev source definition + 79552754-libvirtd-chardev-crash.patch + bnc#845704, rhb#1012196 + +------------------------------------------------------------------- +Thu Oct 17 14:14:46 MDT 2013 - jfeh...@suse.com + +- Use newer libnl3 instead of libnl-1_1 + bnc#845540 + +------------------------------------------------------------------- New: ---- 3e2f27e1-CVE-2013-4400.patch 57687fd6-CVE-2013-4401.patch 5a0ea4b7-CVE-2013-4400.patch 79552754-libvirtd-chardev-crash.patch 843bdb2f-CVE-2013-4400.patch 8c3586ea-CVE-2013-4400.patch ae53e5d1-CVE-2013-4400.patch b7fcc799a-CVE-2013-4400.patch bd773e74-lxc-terminate-machine.patch e350826c-python-fix-fd-passing.patch libxl-hvm-vnc.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.YlQxdQ/_old 2013-10-29 09:26:44.000000000 +0100 +++ /var/tmp/diff_new_pack.YlQxdQ/_new 2013-10-29 09:26:44.000000000 +0100 @@ -314,7 +314,7 @@ %if 0%{?suse_version} < 1210 BuildRequires: libnl-devel %else -BuildRequires: libnl-1_1-devel +BuildRequires: libnl3-devel %endif %endif %if %{with_avahi} @@ -411,10 +411,21 @@ Patch5: e4697b92-CVE-2013-4311.patch Patch6: 8294aa0c-CVE-2013-4399.patch Patch7: 484cc321-fix-spice-migration.patch +Patch8: 79552754-libvirtd-chardev-crash.patch +Patch9: 57687fd6-CVE-2013-4401.patch +Patch10: ae53e5d1-CVE-2013-4400.patch +Patch11: 8c3586ea-CVE-2013-4400.patch +Patch12: b7fcc799a-CVE-2013-4400.patch +Patch13: 3e2f27e1-CVE-2013-4400.patch +Patch14: 5a0ea4b7-CVE-2013-4400.patch +Patch15: 843bdb2f-CVE-2013-4400.patch +Patch16: bd773e74-lxc-terminate-machine.patch +Patch17: e350826c-python-fix-fd-passing.patch # Need to go upstream Patch100: xen-name-for-devid.patch Patch101: clone.patch Patch102: xen-pv-cdrom.patch +Patch103: libxl-hvm-vnc.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: libvirtd-init-script.patch @@ -892,14 +903,18 @@ Includes the Sanlock lock manager plugin for the QEMU driver %endif +%if %{with_lxc} + %package login-shell -Summary: Login shell for containers +Summary: Login shell for connecting users to an LXC container Group: Development/Libraries/C and C++ Requires: %{name}-client = %{version}-%{release} %description login-shell -Povides virt-login-shell, a tool to execute a shell within a container -matching the users name +Provides the set-uid virt-login-shell binary that is used to +connect a user to an LXC container when they login, by switching +namespaces. +%endif %if %{with_python} @@ -926,9 +941,20 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 %patch100 -p1 %patch101 %patch102 -p1 +%patch103 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 @@ -1193,34 +1219,19 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter rm -rf $RPM_BUILD_ROOT%{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so %endif -%if %{with_lxc} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-lxc.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing LXC. -EOF -%else +%if ! %{with_lxc} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.lxc %endif -%if %{with_qemu} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-qemu.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing QEMU/KVM. -EOF -%else +%if ! %{with_qemu} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu %endif -%if %{with_uml} -cat > $RPM_BUILD_ROOT%{_docdir}/libvirt/libvirt-daemon-uml.README << 'EOF' -Any empty package encapsulating requirements for a libvirtd capable -of managing UML. -EOF -%else +%if ! %{with_uml} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml %endif %if %{with_vbox} @@ -1414,36 +1425,6 @@ %{_datadir}/PolicyKit/policy/org.libvirt.unix.policy %endif %endif -%if %{with_qemu} -%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf -%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/ -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ -%{_datadir}/augeas/lenses/libvirtd_qemu.aug -%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug -%endif -%if %{with_lxc} -%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ -%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc -%{_datadir}/augeas/lenses/libvirtd_lxc.aug -%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug -%endif -%if %{with_uml} -%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/ -%endif -%if %{with_libxl} -%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ -%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ -%endif %if %{with_storage_disk} %attr(0755, root, root) %{_libdir}/%{name}/libvirt_parthelper %endif @@ -1553,6 +1534,8 @@ %defattr(-, root, root) %dir %{_libdir}/%{name}/connection-driver %{_libdir}/%{name}/connection-driver/libvirt_driver_libxl.so +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ %endif %if %{with_vbox} @@ -1567,21 +1550,38 @@ %files daemon-qemu %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-qemu.README +%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf +%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/ +%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ +%{_datadir}/augeas/lenses/libvirtd_qemu.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug %endif %if %{with_lxc} %files daemon-lxc %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-lxc.README +%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/lxc/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ +%attr(0755, root, root) %{_libdir}/%{name}/libvirt_lxc +%{_datadir}/augeas/lenses/libvirtd_lxc.aug +%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug %endif %if %{with_uml} %files daemon-uml %defattr(-, root, root) -%doc %{_docdir}/%{name}/libvirt-daemon-uml.README +%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.uml +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/uml/ +%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/ %endif %if %{with_xen} || %{with_libxl} @@ -1690,6 +1690,8 @@ %attr(0755, root, root) %{_libdir}/%{name}/libvirt_sanlock_helper %endif +%if %{with_lxc} + %files login-shell %defattr(-, root, root) %config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf @@ -1698,6 +1700,7 @@ # In the meantime, don't install setuid #%attr(4755, root, root) %{_bindir}/virt-login-shell %{_bindir}/virt-login-shell +%endif %if %{with_python} ++++++ 3e2f27e1-CVE-2013-4400.patch ++++++ commit 3e2f27e13b94f7302ad948bcacb5e02c859a25fc Author: Daniel P. Berrange <berra...@redhat.com> Date: Thu Oct 10 13:09:08 2013 +0100 Don't link virt-login-shell against libvirt.so (CVE-2013-4400) The libvirt.so library has far too many library deps to allow linking against it from setuid programs. Those libraries can do stuff in __attribute__((constructor) functions which is not setuid safe. The virt-login-shell needs to link directly against individual files that it uses, with all library deps turned off except for libxml2 and libselinux. Create a libvirt-setuid-rpc-client.la library which is linked to by virt-login-shell. A config-post.h file allows this library to disable all external deps except libselinux and libxml2. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Index: libvirt-1.1.2/Makefile.am =================================================================== --- libvirt-1.1.2.orig/Makefile.am +++ libvirt-1.1.2/Makefile.am @@ -31,6 +31,7 @@ XML_EXAMPLES = \ test/*.xml storage/*.xml))) EXTRA_DIST = \ + config-post.h \ ChangeLog-old \ libvirt.spec libvirt.spec.in \ mingw-libvirt.spec.in \ Index: libvirt-1.1.2/config-post.h =================================================================== --- /dev/null +++ libvirt-1.1.2/config-post.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2013 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +/* + * Since virt-login-shell will be setuid, we must do everything + * we can to avoid linking to other libraries. Many of them do + * unsafe things in functions marked __atttribute__((constructor)). + * The only way avoid to avoid such deps is to re-compile the + * functions with the code in question disabled, and for that we + * must override the main config.h rules. Hence this file :-( + */ + +#ifdef LIBVIRT_SETUID_RPC_CLIENT +# undef HAVE_LIBDEVMAPPER_H +# undef HAVE_LIBNL +# undef HAVE_LIBNL3 +# undef HAVE_LIBSASL2 +# undef WITH_CAPNG +# undef WITH_CURL +# undef WITH_DTRACE_PROBES +# undef WITH_GNUTLS +# undef WITH_MACVTAP +# undef WITH_NUMACTL +# undef WITH_SASL +# undef WITH_SSH2 +# undef WITH_VIRTUALPORT +# undef WITH_YAJL +# undef WITH_YAJL2 +#endif Index: libvirt-1.1.2/configure.ac =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac @@ -20,6 +20,7 @@ AC_INIT([libvirt], [1.1.2], [libvir-list AC_CONFIG_SRCDIR([src/libvirt.c]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) +AH_BOTTOM([#include <config-post.h>]) AC_CONFIG_MACRO_DIR([m4]) dnl Make automake keep quiet about wildcards & other GNUmake-isms AM_INIT_AUTOMAKE([-Wno-portability tar-ustar]) Index: libvirt-1.1.2/daemon/Makefile.am =================================================================== --- libvirt-1.1.2.orig/daemon/Makefile.am +++ libvirt-1.1.2/daemon/Makefile.am @@ -18,6 +18,7 @@ INCLUDES = \ -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I$(top_builddir)/include -I$(top_srcdir)/include \ -I$(top_builddir)/src -I$(top_srcdir)/src \ -I$(top_srcdir)/src/util \ Index: libvirt-1.1.2/examples/domain-events/events-c/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/domain-events/events-c/Makefile.am +++ libvirt-1.1.2/examples/domain-events/events-c/Makefile.am @@ -15,7 +15,8 @@ ## <http://www.gnu.org/licenses/>. INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib + -I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) noinst_PROGRAMS = event-test event_test_CFLAGS = $(WARN_CFLAGS) event_test_SOURCES = event-test.c Index: libvirt-1.1.2/examples/hellolibvirt/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/hellolibvirt/Makefile.am +++ libvirt-1.1.2/examples/hellolibvirt/Makefile.am @@ -14,7 +14,7 @@ ## License along with this library. If not, see ## <http://www.gnu.org/licenses/>. -INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) noinst_PROGRAMS = hellolibvirt hellolibvirt_CFLAGS = $(WARN_CFLAGS) hellolibvirt_SOURCES = hellolibvirt.c Index: libvirt-1.1.2/examples/openauth/Makefile.am =================================================================== --- libvirt-1.1.2.orig/examples/openauth/Makefile.am +++ libvirt-1.1.2/examples/openauth/Makefile.am @@ -14,7 +14,7 @@ ## License along with this library. If not, see ## <http://www.gnu.org/licenses/>. -INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include +INCLUDES = -I$(top_builddir)/include -I$(top_srcdir)/include -I$(top_srcdir) noinst_PROGRAMS = openauth openauth_CFLAGS = $(WARN_CFLAGS) openauth_SOURCES = openauth.c Index: libvirt-1.1.2/gnulib/lib/Makefile.am =================================================================== --- libvirt-1.1.2.orig/gnulib/lib/Makefile.am +++ libvirt-1.1.2/gnulib/lib/Makefile.am @@ -27,4 +27,4 @@ noinst_LTLIBRARIES = include gnulib.mk -INCLUDES = $(GETTEXT_CPPFLAGS) +INCLUDES = -I$(top_srcdir) $(GETTEXT_CPPFLAGS) Index: libvirt-1.1.2/python/Makefile.am =================================================================== --- libvirt-1.1.2.orig/python/Makefile.am +++ libvirt-1.1.2/python/Makefile.am @@ -20,6 +20,7 @@ INCLUDES = \ $(PYTHON_INCLUDES) \ -I$(top_builddir)/gnulib/lib \ -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I$(top_builddir)/src \ -I$(top_srcdir)/src \ -I$(top_srcdir)/src/util \ Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -21,6 +21,7 @@ # that actually use them. Also keep GETTEXT_CPPFLAGS at the end. INCLUDES = -I../gnulib/lib \ -I$(top_srcdir)/gnulib/lib \ + -I$(top_srcdir) \ -I../include \ -I$(top_srcdir)/include \ -I$(top_srcdir)/src/util \ @@ -1917,6 +1918,77 @@ libvirt_lxc_la_LDFLAGS = \ libvirt_lxc_la_CFLAGS = $(AM_CFLAGS) libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD) +# Since virt-login-shell will be setuid, we must do everything +# we can to avoid linking to other libraries. Many of them do +# unsafe things in functions marked __atttribute__((constructor)). +# This library is built to include the bare minimum required to +# have a RPC client for local UNIX socket access only. We use +# the ../config-post.h header to disable all external deps that +# we don't want +if WITH_LXC +noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la + +libvirt_setuid_rpc_client_la_SOURCES = \ + util/viralloc.c \ + util/virbitmap.c \ + util/virbuffer.c \ + util/vircommand.c \ + util/virconf.c \ + util/virerror.c \ + util/virevent.c \ + util/vireventpoll.c \ + util/virfile.c \ + util/virhash.c \ + util/virhashcode.c \ + util/virjson.c \ + util/virlog.c \ + util/virobject.c \ + util/virpidfile.c \ + util/virprocess.c \ + util/virrandom.c \ + util/virsocketaddr.c \ + util/virstoragefile.c \ + util/virstring.c \ + util/virtime.c \ + util/virthread.c \ + util/virtypedparam.c \ + util/viruri.c \ + util/virutil.c \ + util/viruuid.c \ + conf/domain_event.c \ + rpc/virnetsocket.c \ + rpc/virnetsocket.h \ + rpc/virnetmessage.h \ + rpc/virnetmessage.c \ + rpc/virkeepalive.c \ + rpc/virkeepalive.h \ + rpc/virnetclient.c \ + rpc/virnetclientprogram.c \ + rpc/virnetclientstream.c \ + rpc/virnetprotocol.c \ + remote/remote_driver.c \ + remote/remote_protocol.c \ + remote/qemu_protocol.c \ + remote/lxc_protocol.c \ + datatypes.c \ + libvirt.c \ + libvirt-lxc.c \ + $(NULL) + +libvirt_setuid_rpc_client_la_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(LIBXML_LIBS) \ + $(SELINUX_LIBS) \ + $(NULL) +libvirt_setuid_rpc_client_la_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ + -I$(top_srcdir)/src/conf \ + -I$(top_srcdir)/src/rpc \ + $(AM_CFLAGS) \ + $(SELINUX_CFLAGS) \ + $(NULL) +endif WITH_LXC + lockdriverdir = $(libdir)/libvirt/lock-driver lockdriver_LTLIBRARIES = Index: libvirt-1.1.2/src/libvirt.c =================================================================== --- libvirt-1.1.2.orig/src/libvirt.c +++ libvirt-1.1.2/src/libvirt.c @@ -446,40 +446,46 @@ virGlobalInit(void) goto error; /* + * Note we must avoid everything except 'remote' driver + * for virt-login-shell usage + */ +#ifndef LIBVIRT_SETUID_RPC_CLIENT + /* * Note that the order is important: the first ones have a higher * priority when calling virConnectOpen. */ -#ifdef WITH_TEST +# ifdef WITH_TEST if (testRegister() == -1) goto error; -#endif -#ifdef WITH_OPENVZ +# endif +# ifdef WITH_OPENVZ if (openvzRegister() == -1) goto error; -#endif -#ifdef WITH_VMWARE +# endif +# ifdef WITH_VMWARE if (vmwareRegister() == -1) goto error; -#endif -#ifdef WITH_PHYP +# endif +# ifdef WITH_PHYP if (phypRegister() == -1) goto error; -#endif -#ifdef WITH_ESX +# endif +# ifdef WITH_ESX if (esxRegister() == -1) goto error; -#endif -#ifdef WITH_HYPERV +# endif +# ifdef WITH_HYPERV if (hypervRegister() == -1) goto error; -#endif -#ifdef WITH_XENAPI +# endif +# ifdef WITH_XENAPI if (xenapiRegister() == -1) goto error; -#endif -#ifdef WITH_PARALLELS +# endif +# ifdef WITH_PARALLELS if (parallelsRegister() == -1) goto error; +# endif #endif #ifdef WITH_REMOTE if (remoteRegister() == -1) Index: libvirt-1.1.2/tools/Makefile.am =================================================================== --- libvirt-1.1.2.orig/tools/Makefile.am +++ libvirt-1.1.2/tools/Makefile.am @@ -149,6 +149,11 @@ virt_host_validate_CFLAGS = \ $(COVERAGE_CFLAGS) \ $(NULL) +# Since virt-login-shell will be setuid, we must do everything +# we can to avoid linking to other libraries. Many of them do +# unsafe things in functions marked __atttribute__((constructor)). +# This we statically link to a library containing only the minimal +# libvirt client code, not libvirt.so itself. virt_login_shell_SOURCES = \ virt-login-shell.c @@ -159,11 +164,11 @@ virt_login_shell_LDFLAGS = \ virt_login_shell_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - ../src/libvirt.la \ - ../src/libvirt-lxc.la \ + ../src/libvirt-setuid-rpc-client.la \ ../gnulib/lib/libgnu.la virt_login_shell_CFLAGS = \ + -DLIBVIRT_SETUID_RPC_CLIENT \ $(WARN_CFLAGS) \ $(PIE_CFLAGS) \ $(COVERAGE_CFLAGS) ++++++ 57687fd6-CVE-2013-4401.patch ++++++ commit 57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c Author: Daniel P. Berrange <berra...@redhat.com> Date: Thu Oct 3 16:37:57 2013 +0100 Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401) The virConnectDomainXMLToNative API should require 'connect:write' not 'connect:read', since it will trigger execution of the QEMU binaries listed in the XML. Also make virConnectDomainXMLFromNative API require a full read-write connection and 'connect:write' permission. Although the current impl doesn't trigger execution of QEMU, we should not rely on that impl detail from an API permissioning POV. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Index: libvirt-1.1.2/src/libvirt.c =================================================================== --- libvirt-1.1.2.orig/src/libvirt.c +++ libvirt-1.1.2/src/libvirt.c @@ -4606,6 +4606,10 @@ char *virConnectDomainXMLFromNative(virC virDispatchError(NULL); return NULL; } + if (conn->flags & VIR_CONNECT_RO) { + virLibDomainError(VIR_ERR_OPERATION_DENIED, __FUNCTION__); + goto error; + } virCheckNonNullArgGoto(nativeFormat, error); virCheckNonNullArgGoto(nativeConfig, error); Index: libvirt-1.1.2/src/remote/remote_protocol.x =================================================================== --- libvirt-1.1.2.orig/src/remote/remote_protocol.x +++ libvirt-1.1.2/src/remote/remote_protocol.x @@ -3812,13 +3812,13 @@ enum remote_procedure { /** * @generate: both - * @acl: connect:read + * @acl: connect:write */ REMOTE_PROC_CONNECT_DOMAIN_XML_FROM_NATIVE = 135, /** * @generate: both - * @acl: connect:read + * @acl: connect:write */ REMOTE_PROC_CONNECT_DOMAIN_XML_TO_NATIVE = 136, ++++++ 5a0ea4b7-CVE-2013-4400.patch ++++++ commit 5a0ea4b7b9af2231ed161b94f9af65375c6ee9c2 Author: Jim Fehlig <jfeh...@suse.com> Date: Mon Oct 21 15:36:11 2013 -0600 build: fix linking virt-login-shell After commit 3e2f27e1, I've noticed build failures of virt-login-shell when libapparmor-devel is installed on the build host CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status I was about to commit an easy fix under the build-breaker rule (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it makes sense (build-fix-2.patch). Should I just stick with the simple fix, or is something along the lines of patch 2 preferred? Regards, Jim >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001 From: Jim Fehlig <jfeh...@suse.com> Date: Mon, 21 Oct 2013 15:30:02 -0600 Subject: [PATCH] build: fix virt-login-shell build with apparmor With libapparmor-devel installed, virt-login-shell fails to link CCLD virt-login-shell ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec': /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile' collect2: error: ld returned 1 exit status Fix by linking libvirt_setuid_rpc_client with previously determined SECDRIVER_LIBS in src/Makefile.am. While at it, introduce SECDRIVER_CFLAGS and use both throughout src/Makefile.am where it makes sense. Signed-off-by: Jim Fehlig <jfeh...@suse.com> Index: libvirt-1.1.2/src/Makefile.am =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am @@ -49,11 +49,14 @@ nodist_conf_DATA = THREAD_LIBS = $(LIB_PTHREAD) $(LTLIBMULTITHREAD) +SECDRIVER_CFLAGS = SECDRIVER_LIBS = if WITH_SECDRIVER_SELINUX +SECDRIVER_CFLAGS += $(SELINUX_CFLAGS) SECDRIVER_LIBS += $(SELINUX_LIBS) endif if WITH_SECDRIVER_APPARMOR +SECDRIVER_CFLAGS += $(APPARMOR_CFLAGS) SECDRIVER_LIBS += $(APPARMOR_LIBS) endif @@ -1978,14 +1981,14 @@ libvirt_setuid_rpc_client_la_SOURCES = libvirt_setuid_rpc_client_la_LDFLAGS = \ $(AM_LDFLAGS) \ $(LIBXML_LIBS) \ - $(SELINUX_LIBS) \ + $(SECDRIVER_LIBS) \ $(NULL) libvirt_setuid_rpc_client_la_CFLAGS = \ -DLIBVIRT_SETUID_RPC_CLIENT \ -I$(top_srcdir)/src/conf \ -I$(top_srcdir)/src/rpc \ $(AM_CFLAGS) \ - $(SELINUX_CFLAGS) \ + $(SECDRIVER_CFLAGS) \ $(NULL) endif WITH_LXC @@ -2268,6 +2271,7 @@ libvirt_net_rpc_la_LDFLAGS = \ $(GNUTLS_LIBS) \ $(SASL_LIBS) \ $(SSH2_LIBS)\ + $(SECDRIVER_LIBS) \ $(AM_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) @@ -2410,12 +2414,7 @@ if WITH_BLKID libvirt_lxc_CFLAGS += $(BLKID_CFLAGS) libvirt_lxc_LDADD += $(BLKID_LIBS) endif -if WITH_SECDRIVER_SELINUX -libvirt_lxc_CFLAGS += $(SELINUX_CFLAGS) -endif -if WITH_SECDRIVER_APPARMOR -libvirt_lxc_CFLAGS += $(APPARMOR_CFLAGS) -endif +libvirt_lxc_CFLAGS += $(SECDRIVER_CFLAGS) endif endif EXTRA_DIST += $(LXC_CONTROLLER_SOURCES) ++++++ 79552754-libvirtd-chardev-crash.patch ++++++ commit 795527548fea79902ea4ce32747e069944cf3e61 Author: Peter Krempa <pkre...@redhat.com> Date: Thu Sep 26 08:12:39 2013 +0200 conf: Don't crash on invalid chardev source definition of RNGs and other Since commit 297c99a5 an invalid source definition XML of a character device that is used as backend for RNG devices, smartcards and redirdevs causes crash of the daemon when parsing such a definition. The device types mentioned above are not a part of a regular character device but are backends for other types. Thus when parsing such device NULL is passed as the argument @chr_def. Later when checking the validity of the definition @chr_def was dereferenced when parsing a UNIX socket backend with missing path of the socket and crashed the daemon. Sample offending configuration: <devices> ... <rng model='virtio'> <backend model='egd' type='unix'> <source mode='bind' service='1024'/> </backend> </rng> </devices> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196 Index: libvirt-1.1.2/src/conf/domain_conf.c =================================================================== --- libvirt-1.1.2.orig/src/conf/domain_conf.c +++ libvirt-1.1.2/src/conf/domain_conf.c @@ -7026,7 +7026,8 @@ virDomainChrSourceDefParseXML(virDomainC case VIR_DOMAIN_CHR_TYPE_UNIX: /* path can be auto generated */ if (!path && - chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO) { + (!chr_def || + chr_def->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Missing source path attribute for char device")); goto error; Index: libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml =================================================================== --- /dev/null +++ libvirt-1.1.2/tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-egd-crash.xml @@ -0,0 +1,27 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219100</memory> + <currentMemory unit='KiB'>219100</currentMemory> + <vcpu placement='static' cpuset='1-4,8-20,525'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <controller type='usb' index='0'/> + <controller type='pci' index='0' model='pci-root'/> + <memballoon model='virtio'/> + <rng model='virtio'> + <backend model='egd' type='unix'> + <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1012196 --> + <source mode='connect' host='1.2.3.4' service='1234'/> + </backend> + </rng> + </devices> +</domain> Index: libvirt-1.1.2/tests/qemuxml2argvtest.c =================================================================== --- libvirt-1.1.2.orig/tests/qemuxml2argvtest.c +++ libvirt-1.1.2/tests/qemuxml2argvtest.c @@ -973,6 +973,8 @@ mymain(void) QEMU_CAPS_OBJECT_RNG_RANDOM); DO_TEST("virtio-rng-egd", QEMU_CAPS_DEVICE, QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD); + DO_TEST_PARSE_ERROR("virtio-rng-egd-crash", QEMU_CAPS_DEVICE, + QEMU_CAPS_DEVICE_VIRTIO_RNG, QEMU_CAPS_OBJECT_RNG_EGD); DO_TEST("virtio-rng-ccw", QEMU_CAPS_DEVICE, QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DRIVE, QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW, ++++++ 843bdb2f-CVE-2013-4400.patch ++++++ commit 843bdb2f8a3364637cda2911624149525188843f Author: Jim Fehlig <jfeh...@suse.com> Date: Mon Oct 21 23:12:22 2013 -0600 build: fix build of virt-login-shell on systems with older gnutls On systems where gnutls uses libgcrypt, I'm seeing the following build failure libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function) ... Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h Index: libvirt-1.1.2/config-post.h =================================================================== --- libvirt-1.1.2.orig/config-post.h +++ libvirt-1.1.2/config-post.h @@ -34,6 +34,7 @@ # undef WITH_CURL # undef WITH_DTRACE_PROBES # undef WITH_GNUTLS +# undef WITH_GNUTLS_GCRYPT # undef WITH_MACVTAP # undef WITH_NUMACTL # undef WITH_SASL ++++++ 8c3586ea-CVE-2013-4400.patch ++++++ commit 8c3586ea755c40d5e01b22cb7b5c1e668cdec994 Author: Daniel P. Berrange <berra...@redhat.com> Date: Wed Oct 9 10:59:36 2013 +0100 Only allow 'stderr' log output when running setuid (CVE-2013-4400) We must not allow file/syslog/journald log outputs when running setuid since they can be abused to do bad things. In particular the 'file' output can be used to overwrite files. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Index: libvirt-1.1.2/src/util/virlog.c =================================================================== --- libvirt-1.1.2.orig/src/util/virlog.c +++ libvirt-1.1.2/src/util/virlog.c @@ -1318,6 +1318,9 @@ int virLogPriorityFromSyslog(int priorit * Multiple output can be defined in a single @output, they just need to be * separated by spaces. * + * If running in setuid mode, then only the 'stderr' output will + * be allowed + * * Returns the number of output parsed and installed or -1 in case of error */ int @@ -1329,6 +1332,7 @@ virLogParseOutputs(const char *outputs) virLogPriority prio; int ret = -1; int count = 0; + bool isSUID = virIsSUID(); if (cur == NULL) return -1; @@ -1348,6 +1352,8 @@ virLogParseOutputs(const char *outputs) if (virLogAddOutputToStderr(prio) == 0) count++; } else if (STREQLEN(cur, "syslog", 6)) { + if (isSUID) + goto cleanup; cur += 6; if (*cur != ':') goto cleanup; @@ -1365,6 +1371,8 @@ virLogParseOutputs(const char *outputs) VIR_FREE(name); #endif /* HAVE_SYSLOG_H */ } else if (STREQLEN(cur, "file", 4)) { + if (isSUID) + goto cleanup; cur += 4; if (*cur != ':') goto cleanup; @@ -1385,6 +1393,8 @@ virLogParseOutputs(const char *outputs) VIR_FREE(name); VIR_FREE(abspath); } else if (STREQLEN(cur, "journald", 8)) { + if (isSUID) + goto cleanup; cur += 8; #if USE_JOURNALD if (virLogAddOutputToJournald(prio) == 0) ++++++ ae53e5d1-CVE-2013-4400.patch ++++++ commit ae53e5d10e434e07079d7e3ba11ec654ba6a256e Author: Daniel P. Berrange <berra...@redhat.com> Date: Wed Oct 9 10:52:39 2013 +0100 Add helpers for getting env vars in a setuid environment Care must be taken accessing env variables when running setuid. Introduce a virGetEnvAllowSUID for env vars which are safe to use in a setuid environment, and another virGetEnvBlockSUID for vars which are not safe. Also add a virIsSUID helper method for any other non-env var code to use. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -2042,6 +2042,8 @@ virFindFCHostCapableVport; virFormatIntDecimal; virGetDeviceID; virGetDeviceUnprivSGIO; +virGetEnvAllowSUID; +virGetEnvBlockSUID; virGetFCHostNameByWWN; virGetGroupID; virGetGroupList; @@ -2060,6 +2062,7 @@ virIndexToDiskName; virIsCapableFCHost; virIsCapableVport; virIsDevMapperDevice; +virIsSUID; virManageVport; virParseNumber; virParseOwnershipIds; Index: libvirt-1.1.2/src/util/virutil.c =================================================================== --- libvirt-1.1.2.orig/src/util/virutil.c +++ libvirt-1.1.2/src/util/virutil.c @@ -2116,3 +2116,42 @@ cleanup: return rc; } + + +/** + * virGetEnvBlockSUID: + * @name: the environment variable name + * + * Obtain an environment variable which is unsafe to + * use when running setuid. If running setuid, a NULL + * value will be returned + */ +const char *virGetEnvBlockSUID(const char *name) +{ + return secure_getenv(name); +} + + +/** + * virGetEnvBlockSUID: + * @name: the environment variable name + * + * Obtain an environment variable which is safe to + * use when running setuid. The value will be returned + * even when running setuid + */ +const char *virGetEnvAllowSUID(const char *name) +{ + return getenv(name); +} + + +/** + * virIsSUID: + * Return a true value if running setuid. Does not + * check for elevated capabilities bits. + */ +bool virIsSUID(void) +{ + return getuid() != geteuid(); +} Index: libvirt-1.1.2/src/util/virutil.h =================================================================== --- libvirt-1.1.2.orig/src/util/virutil.h +++ libvirt-1.1.2/src/util/virutil.h @@ -172,4 +172,8 @@ int virCompareLimitUlong(unsigned long l int virParseOwnershipIds(const char *label, uid_t *uidPtr, gid_t *gidPtr); +const char *virGetEnvBlockSUID(const char *name); +const char *virGetEnvAllowSUID(const char *name); +bool virIsSUID(void); + #endif /* __VIR_UTIL_H__ */ ++++++ b7fcc799a-CVE-2013-4400.patch ++++++ commit b7fcc799ad5d8f3e55b89b94e599903e3c092467 Author: Daniel P. Berrange <berra...@redhat.com> Date: Wed Oct 9 15:14:34 2013 +0100 Close all non-stdio FDs in virt-login-shell (CVE-2013-4400) We don't want to inherit any FDs in the new namespace except for the stdio FDs. Explicitly close them all, just in case some do not have the close-on-exec flag set. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Index: libvirt-1.1.2/tools/virt-login-shell.c =================================================================== --- libvirt-1.1.2.orig/tools/virt-login-shell.c +++ libvirt-1.1.2/tools/virt-login-shell.c @@ -313,6 +313,18 @@ main(int argc, char **argv) if (cpid == 0) { pid_t ccpid; + int openmax = sysconf(_SC_OPEN_MAX); + int fd; + if (openmax < 0) { + virReportSystemError(errno, "%s", + _("sysconf(_SC_OPEN_MAX) failed")); + return EXIT_FAILURE; + } + for (fd = 3; fd < openmax; fd++) { + int tmpfd = fd; + VIR_MASS_CLOSE(tmpfd); + } + /* Fork once because we don't want to affect * virt-login-shell's namespace itself */ ++++++ bd773e74-lxc-terminate-machine.patch ++++++ commit bd773e74f0d1d1b9ebbfcaa645178316b4f2265c Author: Cédric Bosdonnat <cbosdon...@suse.com> Date: Mon Sep 30 16:46:29 2013 +0200 LXC: workaround machined uncleaned data with containers running systemd. The problem is described by [0] but its effect on libvirt is that starting a container with a full distro running systemd after having stopped it simply fails. The container cleanup now calls the machined Terminate function to make sure that everything is in order for the next run. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370 Index: libvirt-1.1.2/src/libvirt_private.syms =================================================================== --- libvirt-1.1.2.orig/src/libvirt_private.syms +++ libvirt-1.1.2/src/libvirt_private.syms @@ -1940,8 +1940,10 @@ virSysinfoSetup; # util/virsystemd.h virSystemdCreateMachine; +virSystemdMakeMachineName; virSystemdMakeScopeName; virSystemdMakeSliceName; +virSystemdTerminateMachine; # util/virthread.h Index: libvirt-1.1.2/src/lxc/lxc_process.c =================================================================== --- libvirt-1.1.2.orig/src/lxc/lxc_process.c +++ libvirt-1.1.2/src/lxc/lxc_process.c @@ -50,6 +50,7 @@ #include "virstring.h" #include "viratomic.h" #include "virprocess.h" +#include "virsystemd.h" #define VIR_FROM_THIS VIR_FROM_LXC @@ -210,6 +211,13 @@ static void virLXCProcessCleanup(virLXCD virCgroupFree(&priv->cgroup); } + /* Get machined to terminate the machine as it may not have cleaned it + * properly. See https://bugs.freedesktop.org/show_bug.cgi?id=68370 for + * the bug we are working around here. + */ + virSystemdTerminateMachine(vm->def->name, "lxc", true); + + /* now that we know it's stopped call the hook if present */ if (virHookPresent(VIR_HOOK_DRIVER_LXC)) { char *xml = virDomainDefFormat(vm->def, 0); Index: libvirt-1.1.2/src/util/virsystemd.c =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.c +++ libvirt-1.1.2/src/util/virsystemd.c @@ -116,6 +116,27 @@ char *virSystemdMakeSliceName(const char return virBufferContentAndReset(&buf); } +char *virSystemdMakeMachineName(const char *name, + const char *drivername, + bool privileged) +{ + char *machinename = NULL; + char *username = NULL; + if (privileged) { + if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) + goto cleanup; + } else { + if (!(username = virGetUserName(geteuid()))) + goto cleanup; + if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) + goto cleanup; + } + +cleanup: + VIR_FREE(username); + + return machinename; +} /** * virSystemdCreateMachine: @@ -142,7 +163,6 @@ int virSystemdCreateMachine(const char * DBusConnection *conn; char *machinename = NULL; char *creatorname = NULL; - char *username = NULL; char *slicename = NULL; if (!virDBusHasSystemBus()) @@ -150,15 +170,8 @@ int virSystemdCreateMachine(const char * conn = virDBusGetSystemBus(); - if (privileged) { - if (virAsprintf(&machinename, "%s-%s", drivername, name) < 0) - goto cleanup; - } else { - if (!(username = virGetUserName(geteuid()))) - goto cleanup; - if (virAsprintf(&machinename, "%s-%s-%s", username, drivername, name) < 0) - goto cleanup; - } + if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) + goto cleanup; if (virAsprintf(&creatorname, "libvirt-%s", drivername) < 0) goto cleanup; @@ -241,8 +254,52 @@ int virSystemdCreateMachine(const char * ret = 0; cleanup: - VIR_FREE(username); VIR_FREE(creatorname); VIR_FREE(machinename); return ret; } + +int virSystemdTerminateMachine(const char *name, + const char *drivername, + bool privileged) +{ + int ret; + DBusConnection *conn; + char *machinename = NULL; + + if(!virDBusHasSystemBus()) + return -2; + + conn = virDBusGetSystemBus(); + + ret = -1; + if (!(machinename = virSystemdMakeMachineName(name, drivername, privileged))) + goto cleanup; + + /* + * The systemd DBus API we're invoking has the + * following signature + * + * TerminateMachine(in s name); + * + * @name a host unique name for the machine. shows up + * in 'ps' listing & similar + */ + + VIR_DEBUG("Attempting to terminate machine via systemd"); + if (virDBusCallMethod(conn, + NULL, + "org.freedesktop.machine1", + "/org/freedesktop/machine1", + "org.freedesktop.machine1.Manager", + "TerminateMachine", + "s", + machinename) < 0) + goto cleanup; + + ret = 0; + +cleanup: + VIR_FREE(machinename); + return ret; +} Index: libvirt-1.1.2/src/util/virsystemd.h =================================================================== --- libvirt-1.1.2.orig/src/util/virsystemd.h +++ libvirt-1.1.2/src/util/virsystemd.h @@ -29,6 +29,10 @@ char *virSystemdMakeScopeName(const char const char *slicename); char *virSystemdMakeSliceName(const char *partition); +char *virSystemdMakeMachineName(const char *name, + const char *drivername, + bool privileged); + int virSystemdCreateMachine(const char *name, const char *drivername, bool privileged, @@ -38,4 +42,8 @@ int virSystemdCreateMachine(const char * bool iscontainer, const char *partition); +int virSystemdTerminateMachine(const char *name, + const char *drivername, + bool privileged); + #endif /* __VIR_SYSTEMD_H__ */ Index: libvirt-1.1.2/tests/virsystemdtest.c =================================================================== --- libvirt-1.1.2.orig/tests/virsystemdtest.c +++ libvirt-1.1.2/tests/virsystemdtest.c @@ -51,6 +51,18 @@ static int testCreateContainer(const voi return 0; } +static int testTerminateContainer(const void *opaque ATTRIBUTE_UNUSED) +{ + if (virSystemdTerminateMachine("demo", + "lxc", + true) < 0) { + fprintf(stderr, "%s", "Failed to terminate LXC machine\n"); + return -1; + } + + return 0; +} + static int testCreateMachine(const void *opaque ATTRIBUTE_UNUSED) { unsigned char uuid[VIR_UUID_BUFLEN] = { @@ -74,6 +86,18 @@ static int testCreateMachine(const void return 0; } +static int testTerminateMachine(const void *opaque ATTRIBUTE_UNUSED) +{ + if (virSystemdTerminateMachine("demo", + "qemu", + false) < 0) { + fprintf(stderr, "%s", "Failed to terminate KVM machine\n"); + return -1; + } + + return 0; +} + static int testCreateNoSystemd(const void *opaque ATTRIBUTE_UNUSED) { unsigned char uuid[VIR_UUID_BUFLEN] = { @@ -177,8 +201,12 @@ mymain(void) if (virtTestRun("Test create container ", 1, testCreateContainer, NULL) < 0) ret = -1; + if (virtTestRun("Test terminate container ", 1, testTerminateContainer, NULL) < 0) + ret = -1; if (virtTestRun("Test create machine ", 1, testCreateMachine, NULL) < 0) ret = -1; + if (virtTestRun("Test terminate machine ", 1, testTerminateMachine, NULL) < 0) + ret = -1; if (virtTestRun("Test create no systemd ", 1, testCreateNoSystemd, NULL) < 0) ret = -1; if (virtTestRun("Test create bad systemd ", 1, testCreateBadSystemd, NULL) < 0) ++++++ e350826c-python-fix-fd-passing.patch ++++++ commit e350826c653b20dd271ab99075d2f224c7451356 Author: Marian Neagul <mar...@info.uvt.ro> Date: Tue Oct 22 16:03:39 2013 +0100 python: Fix Create*WithFiles filefd passing Commit d76227be added functions virDomainCreateWithFiles and virDomainCreateXMLWithFiles, but there was a little piece missing in python bindings. This patch fixes proper passing of file descriptors in the overwrites of these functions. Index: libvirt-1.1.2/python/libvirt-override.c =================================================================== --- libvirt-1.1.2.orig/python/libvirt-override.c +++ libvirt-1.1.2/python/libvirt-override.c @@ -7149,6 +7149,10 @@ libvirt_virDomainCreateXMLWithFiles(PyOb if (libvirt_intUnwrap(pyfd, &fd) < 0) goto cleanup; + + files[i] = fd; + + files[i] = fd; } LIBVIRT_BEGIN_ALLOW_THREADS; ++++++ install-apparmor-profiles.patch ++++++ --- /var/tmp/diff_new_pack.YlQxdQ/_old 2013-10-29 09:26:45.000000000 +0100 +++ /var/tmp/diff_new_pack.YlQxdQ/_new 2013-10-29 09:26:45.000000000 +0100 @@ -203,7 +203,7 @@ =================================================================== --- /dev/null +++ libvirt-1.1.2/examples/apparmor/usr.sbin.libvirtd.in -@@ -0,0 +1,59 @@ +@@ -0,0 +1,60 @@ +# Last Modified: Fri Aug 19 11:20:36 2011 +#include <tunables/global> +@{LIBVIRT}="libvirt" @@ -255,6 +255,7 @@ + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, ++ /etc/xen/scripts/* rx, + @libdir@/libvirt/* Pxr, + @libdir@/libvirt/libvirt_parthelper Ux, + @libdir@/libvirt/libvirt_iohelper Ux, ++++++ libvirt-suse-netcontrol.patch ++++++ --- /var/tmp/diff_new_pack.YlQxdQ/_old 2013-10-29 09:26:45.000000000 +0100 +++ /var/tmp/diff_new_pack.YlQxdQ/_new 2013-10-29 09:26:45.000000000 +0100 @@ -2,7 +2,7 @@ =================================================================== --- libvirt-1.1.2.orig/configure.ac +++ libvirt-1.1.2/configure.ac -@@ -173,6 +173,7 @@ LIBVIRT_CHECK_DBUS +@@ -174,6 +174,7 @@ LIBVIRT_CHECK_DBUS LIBVIRT_CHECK_FUSE LIBVIRT_CHECK_HAL LIBVIRT_CHECK_NETCF @@ -10,7 +10,7 @@ LIBVIRT_CHECK_NUMACTL LIBVIRT_CHECK_OPENWSMAN LIBVIRT_CHECK_PCIACCESS -@@ -2296,11 +2297,12 @@ if test "$with_libvirtd" = "no" ; then +@@ -2297,11 +2298,12 @@ if test "$with_libvirtd" = "no" ; then with_interface=no fi @@ -26,7 +26,7 @@ esac if test "$with_interface" = "yes" ; then -@@ -2608,6 +2610,7 @@ LIBVIRT_RESULT_DBUS +@@ -2609,6 +2611,7 @@ LIBVIRT_RESULT_DBUS LIBVIRT_RESULT_FUSE LIBVIRT_RESULT_HAL LIBVIRT_RESULT_NETCF @@ -38,7 +38,7 @@ =================================================================== --- libvirt-1.1.2.orig/src/Makefile.am +++ libvirt-1.1.2/src/Makefile.am -@@ -750,6 +750,10 @@ if WITH_NETCF +@@ -754,6 +754,10 @@ if WITH_NETCF INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_netcf.c endif @@ -49,7 +49,7 @@ if WITH_UDEV INTERFACE_DRIVER_SOURCES += \ interface/interface_backend_udev.c -@@ -1310,11 +1314,16 @@ if WITH_NETCF +@@ -1314,11 +1318,16 @@ if WITH_NETCF libvirt_driver_interface_la_CFLAGS += $(NETCF_CFLAGS) libvirt_driver_interface_la_LIBADD += $(NETCF_LIBS) else ++++++ libxl-hvm-vnc.patch ++++++ Index: libvirt-1.1.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.1.2.orig/src/libxl/libxl_conf.c +++ libvirt-1.1.2/src/libxl/libxl_conf.c @@ -524,6 +524,30 @@ libxlMakeChrdevStr(virDomainChrDefPtr de } static int +libxlFixupDomBuildInfo(virDomainDefPtr def, libxl_domain_config *d_config) +{ + libxl_domain_build_info *b_info = &d_config->b_info; + int hvm = STREQ(def->os.type, "hvm"); + libxl_device_vfb vfb; + + if (!hvm) + return 0; + + if (d_config->num_vfbs) { + vfb = d_config->vfbs[0]; + if (libxl_defbool_val(vfb.vnc.enable)) + memcpy(&b_info->u.hvm.vnc, &vfb.vnc, sizeof(libxl_vnc_info)); + else if (libxl_defbool_val(vfb.sdl.enable)) + memcpy(&b_info->u.hvm.sdl, &vfb.sdl, sizeof(libxl_sdl_info)); + else + return -1; + } + + return 0; +} + + +static int libxlMakeDomBuildInfo(virDomainObjPtr vm, libxl_domain_config *d_config) { virDomainDefPtr def = vm->def; @@ -1025,6 +1049,9 @@ libxlBuildDomainConfig(libxlDriverPrivat if (libxlMakeVfbList(driver, def, d_config) < 0) return -1; + if (libxlFixupDomBuildInfo(def, d_config) < 0) + return -1; + d_config->on_reboot = def->onReboot; d_config->on_poweroff = def->onPoweroff; d_config->on_crash = def->onCrash; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org