debian/0000775000000000000000000000000013467340175007202 5ustar debian/libvirt0.install0000664000000000000000000000011013153725071012307 0ustar usr/lib/libvirt.so.* usr/lib/libvirt-qemu.so.* usr/lib/libvirt-lxc.so.* debian/patches/0000775000000000000000000000000013467340123010622 5ustar debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch0000664000000000000000000000143513153725071021755 0ustar From: =?UTF-8?q?Guido=20G=C3=BCnther?= Date: Mon, 4 Jun 2012 16:18:52 +0200 Subject: Reduce udevadm settle timeout to 10 seconds This isn't a proper fix but it will make virt-manager at least start. Closes: #663931 Index: libvirt-1.1.4/src/util/virutil.c =================================================================== --- libvirt-1.1.4.orig/src/util/virutil.c 2013-11-12 11:48:38.575866998 -0600 +++ libvirt-1.1.4/src/util/virutil.c 2013-11-12 11:48:38.563866998 -0600 @@ -1444,7 +1444,7 @@ void virFileWaitForDevices(void) { # ifdef UDEVADM - const char *const settleprog[] = { UDEVADM, "settle", NULL }; + const char *const settleprog[] = { UDEVADM, "settle", "--timeout=10", NULL }; # else const char *const settleprog[] = { UDEVSETTLE, NULL }; # endif debian/patches/CVE-2014-7823.patch0000664000000000000000000000543013153725071013250 0ustar Backport of: From b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Fri, 31 Oct 2014 22:14:07 -0600 Subject: [PATCH] CVE-2014-7823: dumpxml: security hole with migratable flag Commit 28f8dfd (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: Eric Blake --- src/libvirt-domain.c | 3 ++- src/remote/remote_protocol.x | 1 + 2 files changed, 3 insertions(+), 1 deletions(-) Index: libvirt-1.2.2/src/libvirt.c =================================================================== --- libvirt-1.2.2.orig/src/libvirt.c 2014-11-10 19:48:44.549787076 -0500 +++ libvirt-1.2.2/src/libvirt.c 2014-11-10 19:48:44.537786995 -0500 @@ -4251,7 +4251,8 @@ virCheckDomainReturn(domain, NULL); conn = domain->conn; - if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { + if ((conn->flags & VIR_CONNECT_RO) && + (flags & (VIR_DOMAIN_XML_SECURE | VIR_DOMAIN_XML_MIGRATABLE))) { virReportError(VIR_ERR_OPERATION_DENIED, "%s", _("virDomainGetXMLDesc with secure flag")); goto error; Index: libvirt-1.2.2/src/remote/remote_protocol.x =================================================================== --- libvirt-1.2.2.orig/src/remote/remote_protocol.x 2014-11-10 19:48:44.549787076 -0500 +++ libvirt-1.2.2/src/remote/remote_protocol.x 2014-11-10 19:48:44.545787049 -0500 @@ -3098,6 +3098,7 @@ * @generate: both * @acl: domain:read * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE + * @acl: domain:read_secure:VIR_DOMAIN_XML_MIGRATABLE */ REMOTE_PROC_DOMAIN_GET_XML_DESC = 14, debian/patches/md-clear.patch0000664000000000000000000000333013467340123013326 0ustar Backport of: From 538d873571d7a682852dc1d70e5f4478f4d64e85 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Fri, 5 Apr 2019 15:11:20 +0200 Subject: [PATCH] cpu_map: Define md-clear CPUID bit MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 The bit is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the VERW instruction. Signed-off-by: Paolo Bonzini Signed-off-by: Jiri Denemark Reviewed-by: Daniel P. Berrangé --- src/cpu_map/x86_features.xml | 3 +++ .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +- .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 + .../x86_64-cpuid-Xeon-Platinum-8268-host.xml | 1 + 7 files changed, 9 insertions(+), 1 deletions(-) Index: libvirt-1.3.1/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.3.1.orig/src/cpu/cpu_map.xml 2019-05-14 15:12:09.891761528 -0400 +++ libvirt-1.3.1/src/cpu/cpu_map.xml 2019-05-14 15:13:02.328081630 -0400 @@ -287,6 +287,9 @@ + + + debian/patches/libxl-support-sexpr-in-native-to-XML-conversion.patch0000664000000000000000000000705313153725071022765 0ustar From f68246ac94f7dd940ef85e0d4133d937c2b8f7a7 Mon Sep 17 00:00:00 2001 From: Jim Fehlig Date: Fri, 7 Mar 2014 10:31:45 -0700 Subject: [PATCH] libxl: support sexpr in native to XML conversion Supporting sexpr in connectDomainXMLFromNative in the libxl driver adds flexibility for users importing legacy Xen configuration into libvirt. E.g. this patch allows importing previous xend-managed domains from /var/lib/xend/domains//config.sxp into the libvirt libxl driver. (cherry-picked from v1.2.3-rc1 upstream) Signed-off-by: Stefan Bader --- src/libxl/libxl_driver.c | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index a79efcb..65d80a2 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -46,6 +46,7 @@ #include "libxl_driver.h" #include "libxl_conf.h" #include "xen_xm.h" +#include "xen_sxpr.h" #include "virtypedparam.h" #include "viruri.h" #include "virstring.h" @@ -62,6 +63,7 @@ #define LIBXL_DOM_REQ_HALT 4 #define LIBXL_CONFIG_FORMAT_XM "xen-xm" +#define LIBXL_CONFIG_FORMAT_SEXPR "xen-sxpr" /* Number of Xen scheduler parameters */ #define XEN_SCHED_CREDIT_NPARAM 2 @@ -2867,8 +2869,9 @@ libxlDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) } static char * -libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat, - const char * nativeConfig, +libxlConnectDomainXMLFromNative(virConnectPtr conn, + const char *nativeFormat, + const char *nativeConfig, unsigned int flags) { libxlDriverPrivatePtr driver = conn->privateData; @@ -2882,22 +2885,33 @@ libxlConnectDomainXMLFromNative(virConnectPtr conn, const char * nativeFormat, if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0) goto cleanup; - if (STRNEQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { + if (STREQ(nativeFormat, LIBXL_CONFIG_FORMAT_XM)) { + if (!(conf = virConfReadMem(nativeConfig, strlen(nativeConfig), 0))) + goto cleanup; + + if (!(def = xenParseXM(conf, + cfg->verInfo->xen_version_major, + cfg->caps))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("parsing xm config failed")); + goto cleanup; + } + } else if (STREQ(nativeFormat, LIBXL_CONFIG_FORMAT_SEXPR)) { + /* only support latest xend config format */ + if (!(def = xenParseSxprString(nativeConfig, + XEND_CONFIG_VERSION_3_1_0, + NULL, + -1))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("parsing sxpr config failed")); + goto cleanup; + } + } else { virReportError(VIR_ERR_INVALID_ARG, _("unsupported config type %s"), nativeFormat); goto cleanup; } - if (!(conf = virConfReadMem(nativeConfig, strlen(nativeConfig), 0))) - goto cleanup; - - if (!(def = xenParseXM(conf, - cfg->verInfo->xen_version_major, - cfg->caps))) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("parsing xm config failed")); - goto cleanup; - } - xml = virDomainDefFormat(def, VIR_DOMAIN_XML_INACTIVE); cleanup: -- 1.7.9.5 debian/patches/CVE-2014-8136.patch0000664000000000000000000000303313153725071013243 0ustar From f5a151754f2080598049baf5d68282f183a30f5c Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 8 Dec 2014 19:25:21 +0100 Subject: [PATCH] qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs Avoid leaving the domain locked on a failed ACL check in qemuDomainMigratePerform() and qemuDomainMigrateFinish2(). Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver). (cherry picked from commit 2bdcd29c713dfedd813c89f56ae98f6f3898313d) --- src/qemu/qemu_driver.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index eb82643..9afec73 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -10622,8 +10622,10 @@ qemuDomainMigratePerform(virDomainPtr dom, if (!(vm = qemuDomObjFromDomain(dom))) goto cleanup; - if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0) + if (virDomainMigratePerformEnsureACL(dom->conn, vm->def) < 0) { + virObjectUnlock(vm); goto cleanup; + } if (flags & VIR_MIGRATE_PEER2PEER) { dconnuri = uri; @@ -10670,8 +10672,10 @@ qemuDomainMigrateFinish2(virConnectPtr dconn, goto cleanup; } - if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0) + if (virDomainMigrateFinish2EnsureACL(dconn, vm->def) < 0) { + virObjectUnlock(vm); goto cleanup; + } /* Do not use cookies in v2 protocol, since the cookie * length was not sufficiently large, causing failures -- 1.7.1 debian/patches/netcf-daemon-fix-wrong-macro-name0000664000000000000000000000252013153725071017040 0ustar commit 98518178a235532c280b4a18a85d7b1323d09c7f Author: Osier Yang Date: Fri Jul 20 22:25:17 2012 +0800 daemon: Fix the wrong macro name WITH_INTERFACE is not defined, it should be WITH_NETCF there to load the interface driver. Eric posted patch weeks ago to resolve the problems in the whole build system, but it's not finalised yet: https://www.redhat.com/archives/libvir-list/2012-June/msg01299.html I'm going to simply fix the wrong macro name here so that the interface driver could loaded, and continue the work on the listing API for interface driver. diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index a7bb9dd..ffbe067 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -378,7 +378,7 @@ static void daemonInitialize(void) # ifdef WITH_NWFILTER virDriverLoadModule("nwfilter"); # endif -# ifdef WITH_INTERFACE +# ifdef WITH_NETCF virDriverLoadModule("interface"); # endif # ifdef WITH_QEMU diff --git a/tests/virdrivermoduletest.c b/tests/virdrivermoduletest.c index 8762de4..4d6e91e 100644 --- a/tests/virdrivermoduletest.c +++ b/tests/virdrivermoduletest.c @@ -79,7 +79,7 @@ mymain(void) #ifdef WITH_NWFILTER TEST("nwfilter", NULL); #endif -#ifdef WITH_INTERFACE +#ifdef WITH_NETCF TEST("interface", NULL); #endif #ifdef WITH_QEMU debian/patches/accomodate-new-qemu-migration-status-setup.patch0000664000000000000000000002465013153725071022154 0ustar From 82865cf73a498cc6897edd52bb2b82e034f2a20d Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Wed, 13 Nov 2013 13:44:05 -0600 Subject: [PATCH 1/1] accomodate new qemu migration status 'setup' Treat it as active, but don't try to query for status info yet. Signed-off-by: Serge Hallyn --- src/qemu/qemu_migration.c | 48 ++++++++++++++++++++++++++++---------------- src/qemu/qemu_monitor.c | 8 +++++--- src/qemu/qemu_monitor.h | 3 ++- src/qemu/qemu_monitor_json.c | 8 +++++++- src/qemu/qemu_monitor_text.c | 9 ++++++++- 5 files changed, 53 insertions(+), 23 deletions(-) Index: libvirt-1.1.4/src/qemu/qemu_migration.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_migration.c 2013-11-13 20:47:05.100085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_migration.c 2013-11-13 20:47:05.092085000 +0100 @@ -1614,7 +1614,7 @@ enum qemuDomainAsyncJob asyncJob) { qemuDomainObjPrivatePtr priv = vm->privateData; - int ret; + int ret, setting_up; qemuMonitorMigrationStatus status; memset(&status, 0, sizeof(status)); @@ -1624,7 +1624,7 @@ /* Guest already exited; nothing further to update. */ return -1; } - ret = qemuMonitorGetMigrationStatus(priv->mon, &status); + ret = qemuMonitorGetMigrationStatus(priv->mon, &status, &setting_up); qemuDomainObjExitMonitor(driver, vm); @@ -1645,21 +1645,35 @@ break; case QEMU_MONITOR_MIGRATION_STATUS_ACTIVE: - priv->job.info.fileTotal = priv->job.status.disk_total; - priv->job.info.fileRemaining = priv->job.status.disk_remaining; - priv->job.info.fileProcessed = priv->job.status.disk_transferred; - - priv->job.info.memTotal = priv->job.status.ram_total; - priv->job.info.memRemaining = priv->job.status.ram_remaining; - priv->job.info.memProcessed = priv->job.status.ram_transferred; - - priv->job.info.dataTotal = - priv->job.status.ram_total + priv->job.status.disk_total; - priv->job.info.dataRemaining = - priv->job.status.ram_remaining + priv->job.status.disk_remaining; - priv->job.info.dataProcessed = - priv->job.status.ram_transferred + - priv->job.status.disk_transferred; + if (setting_up) { + priv->job.info.fileTotal = -1; + priv->job.info.fileRemaining = -1; + priv->job.info.fileProcessed = 0; + + priv->job.info.memTotal = -1; + priv->job.info.memRemaining = -1; + priv->job.info.memProcessed = 0; + + priv->job.info.dataTotal = -1; + priv->job.info.dataRemaining = -1; + priv->job.info.dataProcessed = 0; + } else { + priv->job.info.fileTotal = priv->job.status.disk_total; + priv->job.info.fileRemaining = priv->job.status.disk_remaining; + priv->job.info.fileProcessed = priv->job.status.disk_transferred; + + priv->job.info.memTotal = priv->job.status.ram_total; + priv->job.info.memRemaining = priv->job.status.ram_remaining; + priv->job.info.memProcessed = priv->job.status.ram_transferred; + + priv->job.info.dataTotal = + priv->job.status.ram_total + priv->job.status.disk_total; + priv->job.info.dataRemaining = + priv->job.status.ram_remaining + priv->job.status.disk_remaining; + priv->job.info.dataProcessed = + priv->job.status.ram_transferred + + priv->job.status.disk_transferred; + } ret = 0; break; Index: libvirt-1.1.4/src/qemu/qemu_monitor.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor.c 2013-11-13 20:47:05.100085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor.c 2013-11-13 20:57:06.932085000 +0100 @@ -2087,7 +2087,8 @@ int qemuMonitorGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status) + qemuMonitorMigrationStatusPtr status, + int *setting_up) { int ret; VIR_DEBUG("mon=%p", mon); @@ -2098,10 +2099,11 @@ return -1; } + *setting_up = 0; if (mon->json) - ret = qemuMonitorJSONGetMigrationStatus(mon, status); + ret = qemuMonitorJSONGetMigrationStatus(mon, status, setting_up); else - ret = qemuMonitorTextGetMigrationStatus(mon, status); + ret = qemuMonitorTextGetMigrationStatus(mon, status, setting_up); return ret; } Index: libvirt-1.1.4/src/qemu/qemu_monitor.h =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor.h 2013-11-13 20:47:05.100085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor.h 2013-11-13 20:47:05.096085000 +0100 @@ -432,7 +432,8 @@ }; int qemuMonitorGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status); + qemuMonitorMigrationStatusPtr status, + int *setting_up); int qemuMonitorGetSpiceMigrationStatus(qemuMonitorPtr mon, bool *spice_migrated); Index: libvirt-1.1.4/src/qemu/qemu_monitor_json.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor_json.c 2013-11-13 20:47:05.100085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor_json.c 2013-11-13 21:02:16.492085000 +0100 @@ -2351,7 +2351,8 @@ static int qemuMonitorJSONGetMigrationStatusReply(virJSONValuePtr reply, - qemuMonitorMigrationStatusPtr status) + qemuMonitorMigrationStatusPtr status, + int *setting_up) { virJSONValuePtr ret; const char *statusstr; @@ -2369,6 +2370,11 @@ return -1; } + if (strncmp(statusstr, "setup", 5) == 0) { + status->status = QEMU_MONITOR_MIGRATION_STATUS_ACTIVE; + *setting_up = 1; + return 0; + } status->status = qemuMonitorMigrationStatusTypeFromString(statusstr); if (status->status < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -2509,7 +2515,8 @@ int qemuMonitorJSONGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status) + qemuMonitorMigrationStatusPtr status, + int *setting_up) { int ret; virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("query-migrate", @@ -2527,7 +2534,7 @@ ret = qemuMonitorJSONCheckError(cmd, reply); if (ret == 0 && - qemuMonitorJSONGetMigrationStatusReply(reply, status) < 0) + qemuMonitorJSONGetMigrationStatusReply(reply, status, &setting_up) < 0) ret = -1; if (ret < 0) Index: libvirt-1.1.4/src/qemu/qemu_monitor_text.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor_text.c 2013-11-13 20:47:05.100085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor_text.c 2013-11-13 20:47:05.096085000 +0100 @@ -1419,7 +1419,8 @@ #define MIGRATION_DISK_TOTAL_PREFIX "total disk: " int qemuMonitorTextGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status) + qemuMonitorMigrationStatusPtr status, + int *setting_up) { char *reply; char *tmp; @@ -1441,6 +1442,12 @@ } *end = '\0'; + if (strncmp(tmp, "setup", 5) == 0) { + status->status = QEMU_MONITOR_MIGRATION_STATUS_ACTIVE; + *setting_up = 1; + goto done; + } + status->status = qemuMonitorMigrationStatusTypeFromString(tmp); if (status->status < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, Index: libvirt-1.1.4/tests/qemumonitorjsontest.c =================================================================== --- libvirt-1.1.4.orig/tests/qemumonitorjsontest.c 2013-10-18 23:15:06.000000000 +0200 +++ libvirt-1.1.4/tests/qemumonitorjsontest.c 2013-11-13 20:58:46.348085000 +0100 @@ -1660,7 +1660,7 @@ { virDomainXMLOptionPtr xmlopt = (virDomainXMLOptionPtr)data; qemuMonitorTestPtr test = qemuMonitorTestNewSimple(true, xmlopt); - int ret = -1; + int ret = -1, setting_up; qemuMonitorMigrationStatus status, expectedStatus; if (!test) @@ -1689,7 +1689,7 @@ "}") < 0) goto cleanup; - if (qemuMonitorJSONGetMigrationStatus(qemuMonitorTestGetMonitor(test), &status) < 0) + if (qemuMonitorJSONGetMigrationStatus(qemuMonitorTestGetMonitor(test), &status, &setting_up) < 0) goto cleanup; if (memcmp(&status, &expectedStatus, sizeof(status)) != 0) { Index: libvirt-1.1.4/src/qemu/qemu_monitor_json.h =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor_json.h 2013-11-13 21:00:07.052085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor_json.h 2013-11-13 21:00:42.028085000 +0100 @@ -130,7 +130,8 @@ unsigned long long cacheSize); int qemuMonitorJSONGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status); + qemuMonitorMigrationStatusPtr status, + int *setting_up); int qemuMonitorJSONGetMigrationCapability(qemuMonitorPtr mon, qemuMonitorMigrationCaps capability); Index: libvirt-1.1.4/src/qemu/qemu_monitor_text.h =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor_text.h 2013-11-13 21:00:15.432085000 +0100 +++ libvirt-1.1.4/src/qemu/qemu_monitor_text.h 2013-11-13 21:01:00.124085000 +0100 @@ -117,7 +117,8 @@ unsigned long long downtime); int qemuMonitorTextGetMigrationStatus(qemuMonitorPtr mon, - qemuMonitorMigrationStatusPtr status); + qemuMonitorMigrationStatusPtr status, + int *setting_up); int qemuMonitorTextMigrate(qemuMonitorPtr mon, unsigned int flags, debian/patches/9021-fix-uint64_t.patch0000664000000000000000000000107213153725071014475 0ustar Author: Serge Hallyn Description: include stdint.h to provide a definition for uint64_t, which is now used in linux/fs.h. Forwarded: no Index: libvirt-1.1.4/src/lxc/lxc_container.c =================================================================== --- libvirt-1.1.4.orig/src/lxc/lxc_container.c 2013-11-12 11:48:35.607867024 -0600 +++ libvirt-1.1.4/src/lxc/lxc_container.c 2013-11-12 11:48:35.595867025 -0600 @@ -42,6 +42,7 @@ #include /* For MS_MOVE */ +#include #include #if WITH_CAPNG debian/patches/build-work-around-broken-kernel-header0000664000000000000000000020353513153725071020105 0ustar Description: build: work around broken kernel header configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since linux/if_bridge.h uses it without declaring it. src/util/virnetdevbridge.c: Include pre-req header. configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over non-standard ip6.h. Author: Eric Blake Forwarded: no Origin: upstream Index: libvirt-1.0.1/configure.ac =================================================================== --- libvirt-1.0.1.orig/configure.ac 2013-01-22 10:43:08.080737288 -0600 +++ libvirt-1.0.1/configure.ac 2013-01-22 10:43:08.056737289 -0600 @@ -958,8 +958,10 @@ dnl if test "$with_linux" = "yes"; then if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then - AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],, - AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])) + AC_CHECK_HEADERS([linux/param.h linux/sockios.h netinet/in.h linux/if_bridge.h linux/if_tun.h],, + [AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])], + [[#include + ]]) fi fi Index: libvirt-1.0.1/src/util/virnetdevbridge.c =================================================================== --- libvirt-1.0.1.orig/src/util/virnetdevbridge.c 2013-01-22 10:43:08.080737288 -0600 +++ libvirt-1.0.1/src/util/virnetdevbridge.c 2013-01-22 10:43:08.060737289 -0600 @@ -32,6 +32,7 @@ #include #include #include +#include #ifdef __linux__ # include Index: libvirt-1.0.1/configure =================================================================== --- libvirt-1.0.1.orig/configure 2013-01-22 10:43:08.080737288 -0600 +++ libvirt-1.0.1/configure 2013-01-22 10:43:08.076737288 -0600 @@ -1,13 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for libvirt 1.0.1. +# Generated by GNU Autoconf 2.69 for libvirt 1.0.1. # # Report bugs to . # # -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software -# Foundation, Inc. +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation @@ -136,6 +134,31 @@ # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh @@ -169,7 +192,8 @@ else exitcode=1; echo positional parameters were not saved. fi -test x\$exitcode = x0 || exit 1" +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && @@ -222,21 +246,25 @@ if test "x$CONFIG_SHELL" != x; then : - # We cannot yet assume a decent shell, so we have to provide a - # neutralization value for shells without unset; and this also - # works around shells that cannot unset nonexistent variables. - # Preserve -v and -x to the replacement shell. - BASH_ENV=/dev/null - ENV=/dev/null - (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV - export CONFIG_SHELL - case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; - esac - exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 fi if test x$as_have_required = xno; then : @@ -339,6 +367,14 @@ } # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take @@ -460,6 +496,10 @@ chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). @@ -494,16 +534,16 @@ # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. + # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -p' + as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else - as_ln_s='cp -p' + as_ln_s='cp -pR' fi else - as_ln_s='cp -p' + as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null @@ -515,28 +555,8 @@ as_mkdir_p=false fi -if test -x / >/dev/null 2>&1; then - as_test_x='test -x' -else - if ls -dL / >/dev/null 2>&1; then - as_ls_L_option=L - else - as_ls_L_option= - fi - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then - test -d "$1/."; - else - case $1 in #( - -*)set "./$1";; - esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -fi -as_executable_p=$as_test_x +as_test_x='test -x' +as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" @@ -2830,8 +2850,6 @@ if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used" >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi @@ -3284,9 +3302,9 @@ if $ac_init_version; then cat <<\_ACEOF libvirt configure 1.0.1 -generated by GNU Autoconf 2.68 +generated by GNU Autoconf 2.69 -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -3563,7 +3581,7 @@ test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || - $as_test_x conftest$ac_exeext + test -x conftest$ac_exeext }; then : ac_retval=0 else @@ -3777,7 +3795,8 @@ main () { static int test_array [1 - 2 * !(($2) >= 0)]; -test_array [0] = 0 +test_array [0] = 0; +return test_array [0]; ; return 0; @@ -3793,7 +3812,8 @@ main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0 +test_array [0] = 0; +return test_array [0]; ; return 0; @@ -3819,7 +3839,8 @@ main () { static int test_array [1 - 2 * !(($2) < 0)]; -test_array [0] = 0 +test_array [0] = 0; +return test_array [0]; ; return 0; @@ -3835,7 +3856,8 @@ main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; -test_array [0] = 0 +test_array [0] = 0; +return test_array [0]; ; return 0; @@ -3869,7 +3891,8 @@ main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0 +test_array [0] = 0; +return test_array [0]; ; return 0; @@ -3988,7 +4011,7 @@ running configure, to aid debugging if configure makes a mistake. It was created by libvirt $as_me 1.0.1, which was -generated by GNU Autoconf 2.68. Invocation command line was +generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4527,7 +4550,7 @@ # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. @@ -4696,7 +4719,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4736,7 +4759,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -4787,7 +4810,7 @@ test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do - { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ @@ -4841,7 +4864,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5322,7 +5345,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5362,7 +5385,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5415,7 +5438,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5456,7 +5479,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue @@ -5514,7 +5537,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -5558,7 +5581,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -6004,8 +6027,7 @@ /* end confdefs.h. */ #include #include -#include -#include +struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); @@ -6438,7 +6460,7 @@ for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue + as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in @@ -6504,7 +6526,7 @@ for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue + as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in @@ -6604,7 +6626,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="${ac_tool_prefix}ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -6644,7 +6666,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -6711,7 +6733,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -6751,7 +6773,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -7237,9 +7259,9 @@ if test "$GCC" != yes; then ac_save_CC=$CC while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. @@ -7248,8 +7270,8 @@ incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main () { @@ -7258,16 +7280,16 @@ return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext - break + break done CC=$ac_save_CC rm -f conftest.$ac_ext @@ -7294,8 +7316,8 @@ incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main () { @@ -7318,8 +7340,8 @@ incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main () { @@ -7363,8 +7385,8 @@ incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main () { @@ -7387,8 +7409,8 @@ incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; int main () { @@ -7571,7 +7593,7 @@ return 0; } _ACEOF -for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99 +for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : @@ -7611,8 +7633,7 @@ /* end confdefs.h. */ #include #include -#include -#include +struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); @@ -8986,8 +9007,8 @@ $as_echo "#define C_ALLOCA 1" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether 'alloca.c' needs Cray hooks" >&5 -$as_echo_n "checking whether 'alloca.c' needs Cray hooks... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5 +$as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; } if ${ac_cv_os_cray+:} false; then : $as_echo_n "(cached) " >&6 else @@ -46914,7 +46935,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AS="${ac_tool_prefix}as" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -46954,7 +46975,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AS="as" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47006,7 +47027,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47046,7 +47067,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47098,7 +47119,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47138,7 +47159,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47313,7 +47334,7 @@ for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue + as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in @@ -47392,7 +47413,7 @@ for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue + as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in @@ -47648,7 +47669,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -47692,7 +47713,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48116,7 +48137,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48156,7 +48177,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48459,7 +48480,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48499,7 +48520,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48599,7 +48620,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48643,7 +48664,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48768,7 +48789,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48808,7 +48829,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48867,7 +48888,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -48907,7 +48928,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49556,7 +49577,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49596,7 +49617,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49676,7 +49697,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49716,7 +49737,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49768,7 +49789,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49808,7 +49829,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49860,7 +49881,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49900,7 +49921,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49952,7 +49973,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -49992,7 +50013,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -50044,7 +50065,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -50084,7 +50105,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -55052,10 +55073,9 @@ # This should be < 256 really. Currently we're down to 4096, # but using 1024 bytes sized buffers (mostly for virStrerror) # stops us from going down further - as_gl_Warn=`$as_echo "gl_cv_warn_c_-Wframe-larger-than=4096" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wframe-larger-than=4096" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wframe-larger-than=4096" >&5 $as_echo_n "checking whether C compiler handles -Wframe-larger-than=4096... " >&6; } -if eval \${$as_gl_Warn+:} false; then : +if ${gl_cv_warn_c__Wframe_larger_than_4096+:} false; then : $as_echo_n "(cached) " >&6 else @@ -55073,18 +55093,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_gl_Warn=yes" + gl_cv_warn_c__Wframe_larger_than_4096=yes else - eval "$as_gl_Warn=no" + gl_cv_warn_c__Wframe_larger_than_4096=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$gl_save_compiler_FLAGS" fi -eval ac_res=\$$as_gl_Warn - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_gl_Warn"\" = x"yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wframe_larger_than_4096" >&5 +$as_echo "$gl_cv_warn_c__Wframe_larger_than_4096" >&6; } +if test "x$gl_cv_warn_c__Wframe_larger_than_4096" = xyes; then : as_fn_append WARN_CFLAGS " -Wframe-larger-than=4096" fi @@ -55134,10 +55153,9 @@ fi - as_gl_Warn=`$as_echo "gl_cv_warn_c_--param=ssp-buffer-size=4" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles --param=ssp-buffer-size=4" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles --param=ssp-buffer-size=4" >&5 $as_echo_n "checking whether C compiler handles --param=ssp-buffer-size=4... " >&6; } -if eval \${$as_gl_Warn+:} false; then : +if ${gl_cv_warn_c___param_ssp_buffer_size_4+:} false; then : $as_echo_n "(cached) " >&6 else @@ -55155,18 +55173,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_gl_Warn=yes" + gl_cv_warn_c___param_ssp_buffer_size_4=yes else - eval "$as_gl_Warn=no" + gl_cv_warn_c___param_ssp_buffer_size_4=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$gl_save_compiler_FLAGS" fi -eval ac_res=\$$as_gl_Warn - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_gl_Warn"\" = x"yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c___param_ssp_buffer_size_4" >&5 +$as_echo "$gl_cv_warn_c___param_ssp_buffer_size_4" >&6; } +if test "x$gl_cv_warn_c___param_ssp_buffer_size_4" = xyes; then : as_fn_append WARN_CFLAGS " --param=ssp-buffer-size=4" fi @@ -55353,10 +55370,9 @@ # We should eventually enable this, but right now there are at # least 75 functions triggering warnings. - as_gl_Warn=`$as_echo "gl_cv_warn_c_-Wno-suggest-attribute=pure" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-suggest-attribute=pure" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-suggest-attribute=pure" >&5 $as_echo_n "checking whether C compiler handles -Wno-suggest-attribute=pure... " >&6; } -if eval \${$as_gl_Warn+:} false; then : +if ${gl_cv_warn_c__Wno_suggest_attribute_pure+:} false; then : $as_echo_n "(cached) " >&6 else @@ -55374,26 +55390,24 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_gl_Warn=yes" + gl_cv_warn_c__Wno_suggest_attribute_pure=yes else - eval "$as_gl_Warn=no" + gl_cv_warn_c__Wno_suggest_attribute_pure=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$gl_save_compiler_FLAGS" fi -eval ac_res=\$$as_gl_Warn - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_gl_Warn"\" = x"yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wno_suggest_attribute_pure" >&5 +$as_echo "$gl_cv_warn_c__Wno_suggest_attribute_pure" >&6; } +if test "x$gl_cv_warn_c__Wno_suggest_attribute_pure" = xyes; then : as_fn_append WARN_CFLAGS " -Wno-suggest-attribute=pure" fi - as_gl_Warn=`$as_echo "gl_cv_warn_c_-Wno-suggest-attribute=const" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-suggest-attribute=const" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-suggest-attribute=const" >&5 $as_echo_n "checking whether C compiler handles -Wno-suggest-attribute=const... " >&6; } -if eval \${$as_gl_Warn+:} false; then : +if ${gl_cv_warn_c__Wno_suggest_attribute_const+:} false; then : $as_echo_n "(cached) " >&6 else @@ -55411,18 +55425,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_gl_Warn=yes" + gl_cv_warn_c__Wno_suggest_attribute_const=yes else - eval "$as_gl_Warn=no" + gl_cv_warn_c__Wno_suggest_attribute_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext CFLAGS="$gl_save_compiler_FLAGS" fi -eval ac_res=\$$as_gl_Warn - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_gl_Warn"\" = x"yes"; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wno_suggest_attribute_const" >&5 +$as_echo "$gl_cv_warn_c__Wno_suggest_attribute_const" >&6; } +if test "x$gl_cv_warn_c__Wno_suggest_attribute_const" = xyes; then : as_fn_append WARN_CFLAGS " -Wno-suggest-attribute=const" fi @@ -55920,7 +55933,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_RPCGEN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -55979,7 +55992,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XMLLINT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56020,7 +56033,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XMLCATALOG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56061,7 +56074,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56102,7 +56115,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_AUGPARSE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56146,7 +56159,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DNSMASQ="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56188,7 +56201,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_RADVD="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56230,7 +56243,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_BRCTL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56272,7 +56285,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_TC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56314,7 +56327,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_UDEVADM="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56355,7 +56368,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_UDEVSETTLE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56396,7 +56409,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MODPROBE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56438,7 +56451,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_OVSVSCTL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56480,7 +56493,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SCRUB="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -56952,7 +56965,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP_PATH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -57000,7 +57013,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPTABLES_PATH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -57048,7 +57061,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP6TABLES_PATH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -57096,7 +57109,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_EBTABLES_PATH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -58044,10 +58057,12 @@ if test "$with_linux" = "yes"; then if test "$with_qemu" = "yes" || test "$with_lxc" = "yes" ; then - for ac_header in linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h + for ac_header in linux/param.h linux/sockios.h netinet/in.h linux/if_bridge.h linux/if_tun.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include + +" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 @@ -58089,7 +58104,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -58132,7 +58147,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -58644,7 +58659,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_QEMU="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -59231,7 +59246,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKCHECK_PATH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -59401,7 +59416,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_POLKIT_AUTH="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -60360,7 +60375,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DTRACE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -60579,7 +60594,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_NUMAD="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -61859,7 +61874,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MOUNT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -61900,7 +61915,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_UMOUNT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -61941,7 +61956,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MKFS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62026,7 +62041,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SHOWMOUNT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62075,7 +62090,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PVCREATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62116,7 +62131,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_VGCREATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62157,7 +62172,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_LVCREATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62198,7 +62213,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PVREMOVE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62239,7 +62254,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_VGREMOVE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62280,7 +62295,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_LVREMOVE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62321,7 +62336,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_LVCHANGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62362,7 +62377,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_VGCHANGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62403,7 +62418,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_VGSCAN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62444,7 +62459,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PVS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62485,7 +62500,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_VGS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62526,7 +62541,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_LVS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62678,7 +62693,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ISCSIADM="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62822,7 +62837,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_COLLIE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62905,7 +62920,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PARTED="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -62946,7 +62961,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_DMSETUP="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -63762,7 +63777,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -63971,7 +63986,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -64302,7 +64317,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -66009,7 +66024,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_WINDRES="${ac_tool_prefix}windres" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -66049,7 +66064,7 @@ IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_WINDRES="windres" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 @@ -68043,16 +68058,16 @@ # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. + # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -p' + as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else - as_ln_s='cp -p' + as_ln_s='cp -pR' fi else - as_ln_s='cp -p' + as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null @@ -68112,28 +68127,16 @@ as_mkdir_p=false fi -if test -x / >/dev/null 2>&1; then - as_test_x='test -x' -else - if ls -dL / >/dev/null 2>&1; then - as_ls_L_option=L - else - as_ls_L_option= - fi - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then - test -d "$1/."; - else - case $1 in #( - -*)set "./$1";; - esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -fi -as_executable_p=$as_test_x + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" @@ -68155,7 +68158,7 @@ # values after options handling. ac_log=" This file was extended by libvirt $as_me 1.0.1, which was -generated by GNU Autoconf 2.68. Invocation command line was +generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -68226,10 +68229,10 @@ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ libvirt config.status 1.0.1 -configured by $0, generated by GNU Autoconf 2.68, +configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" -Copyright (C) 2010 Free Software Foundation, Inc. +Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -68320,7 +68323,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then - set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' debian/patches/CVE-2017-5715-ibrs-2.patch0000664000000000000000000000326313232426031014337 0ustar Backport of: From 6b7e7d1cc24a28a9f5ece8626f807189647d14b4 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Mon, 8 Jan 2018 20:53:25 +0100 Subject: [PATCH] cpu: Add Nehalem-IBRS CPU model This is a variant of Nehalem with indirect branch prediction protection. The only difference between Nehalem and Nehalem-IBRS is the added "spec-ctrl" feature. Thus the diff matches QEMU, but the new CPU model itself is different. The QEMU's versions of both models contain "vme" feature, while this feature is missing in libvirt's models. While we can't change the existing Nehalem CPU model, we could add "vme" to Nehalem-IBRS to make it similar to QEMU, but doing so would fool our CPU detecting code so that any Nehalem CPU with "vme" feature would be detected as Nehalem-IBRS CPU without spec-ctrl. Not adding "vme" to Nehalem-IBRS is safe as QEMU will just provide the feature anyway, which matches what happens with Nehalem (and new enough machine types). Signed-off-by: Jiri Denemark Reviewed-by: Pavel Hrdina --- src/cpu/cpu_map.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-01-25 14:11:48.602367288 -0500 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-01-25 14:12:14.966399008 -0500 @@ -488,6 +488,11 @@ + + + + + debian/patches/prevent-lxc-shutdown-host.patch0000664000000000000000000000615413153725071016745 0ustar Description: Prevent lxc container from shutting down the host Author: Chuck Short Forwarded: No diff -Naurp libvirt-1.0.2.orig/src/lxc/lxc_driver.c libvirt-1.0.2/src/lxc/lxc_driver.c --- libvirt-1.0.2.orig/src/lxc/lxc_driver.c 2013-01-24 10:18:58.000000000 -0600 +++ libvirt-1.0.2/src/lxc/lxc_driver.c 2013-03-25 09:22:22.421907213 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2012 Red Hat, Inc. + * Copyright (C) 2010-2013 Red Hat, Inc. * Copyright IBM Corp. 2008 * * lxc_driver.c: linux container driver functions @@ -2761,13 +2761,19 @@ lxcDomainShutdownFlags(virDomainPtr dom, virLXCDriverPtr driver = dom->conn->privateData; virLXCDomainObjPrivatePtr priv; virDomainObjPtr vm; + virDomainFSDefPtr root; char *vroot = NULL; int ret = -1; - int rc; + int rc = 0; + bool methodSignal; + bool methodInitctl; virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL | VIR_DOMAIN_SHUTDOWN_SIGNAL, -1); + methodSignal = !!(flags & VIR_DOMAIN_SHUTDOWN_SIGNAL); + methodInitctl = !!(flags & VIR_DOMAIN_SHUTDOWN_INITCTL); + lxcDriverLock(driver); vm = virDomainFindByUUID(&driver->domains, dom->uuid); lxcDriverUnlock(driver); @@ -2781,6 +2787,7 @@ lxcDomainShutdownFlags(virDomainPtr dom, } priv = vm->privateData; + root = virDomainGetRootFilesystem(vm->def); if (!virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, @@ -2800,27 +2807,31 @@ lxcDomainShutdownFlags(virDomainPtr dom, goto cleanup; } - if (flags == 0 || - (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) { - if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, - vroot)) < 0) { + if (root && root->src) { + if (flags == 0) + methodSignal = methodInitctl = true; + } else if (methodInitctl) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("Cannot shutdown container using initctl " + "without separated namespace")); + goto cleanup; + } else { + methodSignal = true; + } + + if (methodInitctl) { + rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, vroot); + if (rc < 0) goto cleanup; - } - if (rc == 0 && flags != 0 && - ((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) { + if (rc == 0 && !methodSignal) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Container does not provide an initctl pipe")); goto cleanup; } - } else { - rc = 0; } - - if (rc == 0 && - (flags == 0 || - (flags & VIR_DOMAIN_SHUTDOWN_SIGNAL))) { - if (kill(priv->initpid, SIGTERM) < 0 && - errno != ESRCH) { + if (rc == 0 && methodSignal) { + ret = kill(priv->initpid, SIGTERM); + if (ret < 0 && errno != ESRCH) { virReportSystemError(errno, _("Unable to send SIGTERM to init pid %llu"), (unsigned long long)priv->initpid); debian/patches/CVE-2018-3639-2.patch0000664000000000000000000000343413301322442013404 0ustar Backport of: From 9267342206ce17f6933d57a3128cdc504d5945c9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P.=20Berrang=C3=A9?= Date: Mon, 21 May 2018 23:05:08 +0100 Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Some AMD processors only support a non-architectural means of enabling Speculative Store Bypass Disable. To allow simplified handling in virtual environments, hypervisors will expose an architectural definition through CPUID bit 0x80000008_EBX[25]. This needs to be exposed to guest OS running on AMD x86 hosts to allow them to protect against CVE-2018-3639. Note that since this CPUID bit won't be present in the host CPUID results on physical hosts, it will not be enabled automatically in guests configured with "host-model" CPU unless using QEMU version >= 2.9.0. Thus for older versions of QEMU, this feature must be manually enabled using policy=force. Guests using the "host-passthrough" CPU mode do not need special handling. Signed-off-by: Daniel P. Berrangé Reviewed-by: Jiri Denemark --- src/cpu/cpu_map.xml | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-05-23 13:30:08.085708761 -0400 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-05-23 13:30:08.081708756 -0400 @@ -337,6 +337,9 @@ + + + debian/patches/add-armhf-sysinfo-infomration.patch0000664000000000000000000001120413153725071017500 0ustar diff -Naurp libvirt-0.9.13.orig/src/util/sysinfo.c libvirt-0.9.13/src/util/sysinfo.c --- libvirt-0.9.13.orig/src/util/sysinfo.c 2012-06-26 20:44:39.000000000 -0500 +++ libvirt-0.9.13/src/util/sysinfo.c 2012-07-19 11:07:27.616440473 -0500 @@ -242,6 +242,163 @@ no_memory: return NULL; } +#elif defined(__arm__) +static int +virSysinfoParseSystem(const char *base, virSysinfoDefPtr ret) +{ + char *eol = NULL; + const char *cur; + + if ((cur = strstr(base, "Hardware")) == NULL) + return 0; + + base = cur; + /* Account for format 'Hardware : XXXX'*/ + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((ret->system_family = strndup(cur, eol - cur)) == NULL)) + goto no_memory; + + if ((cur= strstr(base, "Revision")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && ((ret->system_version = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + if ((cur = strstr(base, "Serial")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && ((ret->system_serial = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + return 0; + +no_memory: + return -1; +} + +static int +virSysinfoParseProcessor(const char *base, virSysinfoDefPtr ret) +{ + const char *cur; + char *eol, *tmp_base; + virSysinfoProcessorDefPtr processor; + + while ((tmp_base = strstr(base, "Processor")) != NULL) { + base = tmp_base; + eol = strchr(base, '\n'); + cur = strchr(base, ':') + 1; + + if (VIR_EXPAND_N(ret->processor, ret->nprocessor, 1) < 0) { + goto no_memory; + } + processor = &ret->processor[ret->nprocessor - 1]; + + virSkipSpaces(&cur); + if (eol && + ((processor->processor_socket_destination = strndup + (cur, eol - cur)) == NULL)) + goto no_memory; + + if ((cur = strstr(base, "CPU implementer")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((processor->processor_manufacturer = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + if ((cur = strstr(base, "CPU architecture")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((processor->processor_type = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + if ((cur = strstr(base, "CPU variant")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((processor->processor_family = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + if ((cur = strstr(base, "CPU part")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((processor->processor_part_number = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + if ((cur = strstr(base, "CPU revision")) != NULL) { + cur = strchr(cur, ':') + 1; + eol = strchr(cur, '\n'); + virSkipSpaces(&cur); + if (eol && + ((processor->processor_version = strndup(cur, eol - cur)) + == NULL)) + goto no_memory; + } + + base = cur; + } + + return 0; + +no_memory: + return -1; +} + +/* virSysinfoRead for ARMHF + * Gathers sysinfo data from /proc/cpuinfo */ +virSysinfoDefPtr +virSysinfoRead(void) { + virSysinfoDefPtr ret = NULL; + char *outbuf = NULL; + + if (VIR_ALLOC(ret) < 0) + goto no_memory; + + if (virFileReadAll(CPUINFO, 2048, &outbuf) < 0) { + virSmbiosReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to open %s"), CPUINFO); + return NULL; + } + + ret->nprocessor = 0; + ret->processor = NULL; + if (virSysinfoParseProcessor(outbuf, ret) < 0) + goto no_memory; + + if (virSysinfoParseSystem(outbuf, ret) < 0) + goto no_memory; + + return ret; + +no_memory: + VIR_FREE(outbuf); + return NULL; +} + + #elif defined(__s390__) || defined(__s390x__) static int debian/patches/libxl-Check-for-control_d-string-to-decide-about-dom.patch0000664000000000000000000000374613153725071023574 0ustar From 63203dc790819b07dbe529254aee65c77eab6865 Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Wed, 12 Mar 2014 11:37:16 +0100 Subject: [PATCH] libxl: Check for control_d string to decide about dom0 As soon as any guest mounts xenfs to /proc/xen, there is a capabilities file in that directory. However it returns nothing when reading from it. Change the test to actually check the contents of the file. BugLink: http://bugs.launchpad.net/bugs/1248025 Signed-off-by: Stefan Bader --- src/libxl/libxl_driver.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) Index: libvirt-1.2.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_driver.c 2014-03-17 13:07:05.000000000 +0100 +++ libvirt-1.2.2/src/libxl/libxl_driver.c 2014-03-17 13:39:34.501563979 +0100 @@ -941,8 +941,8 @@ libxlDriverShouldLoad(bool privileged) { bool ret = false; virCommandPtr cmd; - char *output; int status; + char *output = NULL; /* Don't load if non-root */ if (!privileged) { @@ -950,8 +950,22 @@ libxlDriverShouldLoad(bool privileged) return ret; } - /* Don't load if not running on a Xen control domain (dom0) */ if (!virFileExists("/proc/xen/capabilities")) { + VIR_INFO("Disabling driver as /proc/xen/capabilities does not exist"); + return false; + } + /* + * Don't load if not running on a Xen control domain (dom0). It is not + * sufficient to check for the file to exist as any guest can mount + * xenfs to /proc/xen. + */ + status = virFileReadAll("/proc/xen/capabilities", 10, &output); + if (status >= 0) { + status = strncmp(output, "control_d", 9); + } + VIR_FREE(output); + output = NULL; + if (status) { VIR_INFO("No Xen capabilities detected, probably not running " "in a Xen Dom0. Disabling libxenlight driver"); debian/patches/support-incoming-qemu-kvm0000664000000000000000000000651213153725071015627 0ustar Description: Support incoming migration from 12.04 This implements a new flag in /etc/libvirt/qemu.conf, 'allow_incoming_qemukvm', default false. When true, then any incoming migration of machine type pc-1.0 is assumed to come from qemu-kvm in precise. This depends on the qemu patch by Alex Bligh. Author: Serge Hallyn Forwarded: no Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1291321 Changelog: oct 6 2014 [seh]: rename assume_incoming_qemukvm to allow_incoming_qemukvm. Index: libvirt-1.2.2/src/qemu/qemu_conf.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_conf.c +++ libvirt-1.2.2/src/qemu/qemu_conf.c @@ -229,6 +229,8 @@ virQEMUDriverConfigPtr virQEMUDriverConf cfg->migrationPortMin = QEMU_MIGRATION_PORT_MIN; cfg->migrationPortMax = QEMU_MIGRATION_PORT_MAX; + cfg->allow_incoming_qemukvm = false; + #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R /* For privileged driver, try and find hugepage mount automatically. * Non-privileged driver requires admin to create a dir for the @@ -352,6 +354,7 @@ int virQEMUDriverConfigLoadFile(virQEMUD goto cleanup; \ } + GET_VALUE_BOOL("allow_incoming_qemukvm", cfg->allow_incoming_qemukvm); GET_VALUE_BOOL("vnc_auto_unix_socket", cfg->vncAutoUnixSocket); GET_VALUE_BOOL("vnc_tls", cfg->vncTLS); GET_VALUE_BOOL("vnc_tls_x509_verify", cfg->vncTLSx509verify); Index: libvirt-1.2.2/src/qemu/qemu_conf.h =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_conf.h +++ libvirt-1.2.2/src/qemu/qemu_conf.h @@ -164,6 +164,9 @@ struct _virQEMUDriverConfig { char *migrationAddress; int migrationPortMin; int migrationPortMax; + + /* Whether incoming pc-1.0 migration should come from qemu-kvm */ + bool allow_incoming_qemukvm; }; /* Main driver state */ Index: libvirt-1.2.2/src/qemu/qemu_migration.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_migration.c +++ libvirt-1.2.2/src/qemu/qemu_migration.c @@ -2101,6 +2101,16 @@ static char if (!qemuDomainDefCheckABIStability(driver, vm->def, def)) goto cleanup; + if (driver->config->allow_incoming_qemukvm) { + if (STREQ_NULLABLE(vm->def->os.machine, "pc-1.0")) { + VIR_FREE(vm->def->os.machine); + VIR_FREE(def->os.machine); + if (VIR_STRDUP(vm->def->os.machine, "pc-1.0-precise") < 0 || + VIR_STRDUP(def->os.machine, "pc-1.0-precise") < 0) + goto cleanup; + } + } + rv = qemuDomainDefFormatLive(driver, def, false, true); } else { rv = qemuDomainDefFormatLive(driver, vm->def, false, true); @@ -2431,6 +2441,14 @@ qemuMigrationPrepareAny(virQEMUDriverPtr goto endjob; } + if (driver->config->allow_incoming_qemukvm) { + if (STREQ_NULLABLE(vm->def->os.machine, "pc-1.0")) { + VIR_FREE(vm->def->os.machine); + if (VIR_STRDUP(vm->def->os.machine, "pc-1.0-precise") < 0) + goto endjob; + } + } + /* Start the QEMU daemon, with the same command-line arguments plus * -incoming $migrateFrom */ debian/patches/storage_backend_rbd-correct-arg-order-to-rbd_create30000664000000000000000000000211513153725071022621 0ustar commit 4cd508ba4fc3cc33c72629fe8b9012e73d8dd8bf Author: Steven McDonald Date: Tue Apr 29 12:19:01 2014 +1000 storage_backend_rbd: Correct argument order to rbd_create3 The stripe_unit and stripe_count arguments are passed to rbd_create3 in the wrong order, resulting in a stripe size of 1 byte with 4194304 stripes on newly created RBD volumes. https://bugzilla.redhat.com/show_bug.cgi?id=1092208 Signed-off-by: Steven McDonald Index: libvirt-1.2.2/src/storage/storage_backend_rbd.c =================================================================== --- libvirt-1.2.2.orig/src/storage/storage_backend_rbd.c +++ libvirt-1.2.2/src/storage/storage_backend_rbd.c @@ -491,7 +491,7 @@ static int virStorageBackendRBDCreateIma uint64_t stripe_unit = 4194304; if (rbd_create3(io, name, capacity, features, &order, - stripe_count, stripe_unit) < 0) { + stripe_unit, stripe_count) < 0) { #else if (rbd_create(io, name, capacity, &order) < 0) { #endif debian/patches/Add_RESUME_event_listener_to_qemu_monitor.patch0000664000000000000000000001455113153725071022030 0ustar commit aedfcce33e4c2f266668a39fd655574fe34f1265 Author: Andres Lagar-Cavilla Date: Mon Jan 7 16:25:01 2013 -0500 Add RESUME event listener to qemu monitor. Perform all the appropriate plumbing. When qemu/KVM VMs are paused manually through a monitor not-owned by libvirt, libvirt will think of them as "paused" event after they are resumed and effectively running. With this patch the discrepancy goes away. This is meant to address bug 892791. Signed-off-by: Andres Lagar-Cavilla Index: libvirt-1.0.1/src/qemu/qemu_monitor.c =================================================================== --- libvirt-1.0.1.orig/src/qemu/qemu_monitor.c 2013-01-22 18:00:00.982487116 +0000 +++ libvirt-1.0.1/src/qemu/qemu_monitor.c 2013-01-22 18:00:00.978487116 +0000 @@ -1022,6 +1022,16 @@ } +int qemuMonitorEmitResume(qemuMonitorPtr mon) +{ + int ret = -1; + VIR_DEBUG("mon=%p", mon); + + QEMU_MONITOR_CALLBACK(mon, ret, domainResume, mon->vm); + return ret; +} + + int qemuMonitorEmitRTCChange(qemuMonitorPtr mon, long long offset) { int ret = -1; Index: libvirt-1.0.1/src/qemu/qemu_monitor.h =================================================================== --- libvirt-1.0.1.orig/src/qemu/qemu_monitor.h 2013-01-22 18:00:00.982487116 +0000 +++ libvirt-1.0.1/src/qemu/qemu_monitor.h 2013-01-22 18:00:00.978487116 +0000 @@ -97,6 +97,8 @@ virDomainObjPtr vm); int (*domainStop)(qemuMonitorPtr mon, virDomainObjPtr vm); + int (*domainResume)(qemuMonitorPtr mon, + virDomainObjPtr vm); int (*domainRTCChange)(qemuMonitorPtr mon, virDomainObjPtr vm, long long offset); @@ -187,6 +189,7 @@ int qemuMonitorEmitReset(qemuMonitorPtr mon); int qemuMonitorEmitPowerdown(qemuMonitorPtr mon); int qemuMonitorEmitStop(qemuMonitorPtr mon); +int qemuMonitorEmitResume(qemuMonitorPtr mon); int qemuMonitorEmitRTCChange(qemuMonitorPtr mon, long long offset); int qemuMonitorEmitWatchdog(qemuMonitorPtr mon, int action); int qemuMonitorEmitIOError(qemuMonitorPtr mon, Index: libvirt-1.0.1/src/qemu/qemu_monitor_json.c =================================================================== --- libvirt-1.0.1.orig/src/qemu/qemu_monitor_json.c 2013-01-22 18:00:00.982487116 +0000 +++ libvirt-1.0.1/src/qemu/qemu_monitor_json.c 2013-01-22 18:00:00.982487116 +0000 @@ -55,6 +55,7 @@ static void qemuMonitorJSONHandleReset(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandlePowerdown(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleStop(qemuMonitorPtr mon, virJSONValuePtr data); +static void qemuMonitorJSONHandleResume(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleRTCChange(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleWatchdog(qemuMonitorPtr mon, virJSONValuePtr data); static void qemuMonitorJSONHandleIOError(qemuMonitorPtr mon, virJSONValuePtr data); @@ -87,6 +88,7 @@ { "DEVICE_TRAY_MOVED", qemuMonitorJSONHandleTrayChange, }, { "POWERDOWN", qemuMonitorJSONHandlePowerdown, }, { "RESET", qemuMonitorJSONHandleReset, }, + { "RESUME", qemuMonitorJSONHandleResume, }, { "RTC_CHANGE", qemuMonitorJSONHandleRTCChange, }, { "SHUTDOWN", qemuMonitorJSONHandleShutdown, }, { "SPICE_CONNECTED", qemuMonitorJSONHandleSPICEConnect, }, @@ -589,6 +591,11 @@ qemuMonitorEmitStop(mon); } +static void qemuMonitorJSONHandleResume(qemuMonitorPtr mon, virJSONValuePtr data ATTRIBUTE_UNUSED) +{ + qemuMonitorEmitResume(mon); +} + static void qemuMonitorJSONHandleRTCChange(qemuMonitorPtr mon, virJSONValuePtr data) { long long offset = 0; Index: libvirt-1.0.1/src/qemu/qemu_process.c =================================================================== --- libvirt-1.0.1.orig/src/qemu/qemu_process.c 2013-01-22 18:00:00.982487116 +0000 +++ libvirt-1.0.1/src/qemu/qemu_process.c 2013-01-22 18:00:00.982487116 +0000 @@ -737,6 +737,61 @@ static int +qemuProcessHandleResume(qemuMonitorPtr mon ATTRIBUTE_UNUSED, + virDomainObjPtr vm) +{ + virQEMUDriverPtr driver = qemu_driver; + virDomainEventPtr event = NULL; + + virDomainObjLock(vm); + if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) { + qemuDomainObjPrivatePtr priv = vm->privateData; + + if (priv->gotShutdown) { + VIR_DEBUG("Ignoring RESUME event after SHUTDOWN"); + goto unlock; + } + + VIR_DEBUG("Transitioned guest %s out of paused into resumed state", + vm->def->name); + + virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, + VIR_DOMAIN_RUNNING_UNPAUSED); + event = virDomainEventNewFromObj(vm, + VIR_DOMAIN_EVENT_RESUMED, + VIR_DOMAIN_EVENT_RESUMED_UNPAUSED); + + VIR_DEBUG("Using lock state '%s' on resume event", NULLSTR(priv->lockState)); + if (virDomainLockProcessResume(driver->lockManager, driver->uri, + vm, priv->lockState) < 0) { + /* Don't free priv->lockState on error, because we need + * to make sure we have state still present if the user + * tries to resume again + */ + goto unlock; + } + VIR_FREE(priv->lockState); + + if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0) { + VIR_WARN("Unable to save status on vm %s after state change", + vm->def->name); + } + } + +unlock: + virDomainObjUnlock(vm); + + if (event) { + qemuDriverLock(driver); + qemuDomainEventQueue(driver, event); + qemuDriverUnlock(driver); + } + + return 0; +} + + +static int qemuProcessHandleRTCChange(qemuMonitorPtr mon ATTRIBUTE_UNUSED, virDomainObjPtr vm, long long offset) @@ -1251,6 +1306,7 @@ .diskSecretLookup = qemuProcessFindVolumeQcowPassphrase, .domainShutdown = qemuProcessHandleShutdown, .domainStop = qemuProcessHandleStop, + .domainResume = qemuProcessHandleResume, .domainReset = qemuProcessHandleReset, .domainRTCChange = qemuProcessHandleRTCChange, .domainWatchdog = qemuProcessHandleWatchdog, debian/patches/libxl-set-vfb0-data-in-build-config.patch0000664000000000000000000001251213153725071020256 0ustar From: Stefan Bader Date: Thu, 27 Mar 2014 16:01:18 +0100 Subject: libxl: Implement basic video device selection This started as an investigation into an issue where libvirt (using the libxl driver) and the Xen host, like an old couple, could not agree on who is responsible for selecting the VNC port to use. Things usually (and a bit surprisingly) did work because, just like that old couple, they had the same idea on what to do by default. However it was possible that this ended up in a big argument. The problem is that display information exists in two different places: in the vfbs list and in the build info. And for launching the device model, only the latter is used. But that never gets initialized from libvirt. So Xen allows the device model to select a default port while libvirt thinks it has told Xen that this is done by libvirt (though the vfbs config). While fixing that, I made a stab at actually evaluating the configuration of the video device. So that it is now possible to at least decide between a Cirrus or standard VGA emulation and to modify the VRAM within certain limits using libvirt. Signed-off-by: Stefan Bader Index: libvirt-1.2.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_conf.c 2014-03-26 16:24:45.711193823 +0100 +++ libvirt-1.2.2/src/libxl/libxl_conf.c 2014-03-27 16:00:50.057693270 +0100 @@ -1179,6 +1179,82 @@ error: return NULL; } +static void +libxlSetBuildGraphics(virDomainDefPtr def, libxl_domain_config *d_config) +{ + libxl_domain_build_info *b_info = &d_config->b_info; + + /* + * Take the first defined video device (graphics card) to display + * on the first graphics device (display). + * Right now only type and vram info is used and anything beside + * type xen and vga is mapped to cirrus. + */ + if (def->nvideos) { + unsigned int min_vram = 8 * 1024; + + switch (def->videos[0]->type) { + case VIR_DOMAIN_VIDEO_TYPE_VGA: + case VIR_DOMAIN_VIDEO_TYPE_XEN: + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_STD; + /* + * Libxl enforces a minimal VRAM size of 8M when using + * LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN_TRADITIONAL or + * 16M for LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN. + * Avoid build failures and go with the minimum if less + * is specified. + */ + switch (b_info->device_model_version) { + case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN_TRADITIONAL: + min_vram = 8 * 1024; + break; + case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN: + default: + min_vram = 16 * 1024; + } + break; + default: + /* + * Ignore any other device type and use Cirrus. Again fix + * up the minimal VRAM to what libxl expects. + */ + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_CIRRUS; + switch (b_info->device_model_version) { + case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN_TRADITIONAL: + min_vram = 4 * 1024; /* Actually the max, too */ + break; + case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN: + default: + min_vram = 8 * 1024; + } + } + b_info->video_memkb = (def->videos[0]->vram > min_vram) ? + def->videos[0]->vram : + LIBXL_MEMKB_DEFAULT; + } else { + libxl_defbool_set(&b_info->u.hvm.nographic, 1); + } + + /* + * When making the list of displays, only VNC and SDL types were + * taken into account. So it seems sensible to connect the default + * video device to the first in the vfb list. + * + * FIXME: Copy the structures and fixing the strings feels a bit dirty. + */ + if (d_config->num_vfbs) { + libxl_device_vfb *vfb0 = &d_config->vfbs[0]; + + b_info->u.hvm.vnc = vfb0->vnc; + VIR_STRDUP(b_info->u.hvm.vnc.listen, vfb0->vnc.listen); + VIR_STRDUP(b_info->u.hvm.vnc.passwd, vfb0->vnc.passwd); + b_info->u.hvm.sdl = vfb0->sdl; + VIR_STRDUP(b_info->u.hvm.sdl.display, vfb0->sdl.display); + VIR_STRDUP(b_info->u.hvm.sdl.xauthority, vfb0->sdl.xauthority); + VIR_STRDUP(b_info->u.hvm.keymap, vfb0->keymap); + } +} + int libxlBuildDomainConfig(libxlDriverPrivatePtr driver, virDomainObjPtr vm, libxl_domain_config *d_config) @@ -1203,6 +1279,15 @@ libxlBuildDomainConfig(libxlDriverPrivat if (libxlMakeVfbList(driver, def, d_config) < 0) return -1; + /* + * Now that any potential VFBs are defined, it is time to update the + * build info with the data of the primary display. Some day libxl + * might implicitely do so but as it does not right now, better be + * explicit. + */ + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM) + libxlSetBuildGraphics(def, d_config); + d_config->on_reboot = def->onReboot; d_config->on_poweroff = def->onPoweroff; d_config->on_crash = def->onCrash; debian/patches/9029-ovs-delete-port-if-it-exists-when-adding-new-one0000664000000000000000000000303713153725071022257 0ustar commit 33445ce8446d9d061a1620cd8ec5e81fcca127d9 Author: Chunhe Li Date: Mon Jul 14 12:37:50 2014 +0200 openvswitch: Delete port if it exists while adding a new one If the openvswitch service is stopped, and is followed by destroying a VM, the openvswitch bridge translates into a state where it doesn't recover the port configuration. While it successfully fetches data from the internal DB, since the corresponding virtual interface does not exists anymore the whole recovery process fails leaving restarted VM with inability to connect to the bridge. The following set of commands will trigger the problem: virsh start vm service openvswitch-switch stop virsh destroy vm service openvswitch-switch start virsh start vm Signed-off-by: Chunhe Li Signed-off-by: Michal Privoznik diff --git a/src/util/virnetdevopenvswitch.c b/src/util/virnetdevopenvswitch.c index 9bcbfb1..8ea1def 100644 --- a/src/util/virnetdevopenvswitch.c +++ b/src/util/virnetdevopenvswitch.c @@ -84,8 +84,8 @@ int virNetDevOpenvswitchAddPort(const char *brname, const char *ifname, cmd = virCommandNew(OVSVSCTL); - virCommandAddArgList(cmd, "--timeout=5", "--", "--may-exist", "add-port", - brname, ifname, NULL); + virCommandAddArgList(cmd, "--timeout=5", "--", "--if-exists", "del-port", + ifname, "--", "add-port", brname, ifname, NULL); if (virtVlan && virtVlan->nTags > 0) { debian/patches/ubuntu-libxl-qemu-nopath.patch0000664000000000000000000000310013153725071016524 0ustar From: Stefan Bader Date: Mon, 15 Jul 2013 14:17:59 +0200 Subject: libxl: Ommit full path for qemu and hvmloader Create xenlight configurations without full paths to the binaries. This allows the xen framework to figure it out itself. We already use the same approach for the xm stack. Signed-off-by: Stefan Bader Index: libvirt-1.1.4/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.1.4.orig/src/libxl/libxl_conf.c 2013-11-12 11:48:40.239866983 -0600 +++ libvirt-1.1.4/src/libxl/libxl_conf.c 2013-11-12 11:48:40.223866983 -0600 @@ -366,12 +366,9 @@ if ((guest = virCapabilitiesAddGuest(caps, guest_archs[i].hvm ? "hvm" : "xen", guest_archs[i].arch, - ((hostarch == VIR_ARCH_X86_64) ? - "/usr/lib64/xen/bin/qemu-dm" : - "/usr/lib/xen/bin/qemu-dm"), + "qemu-dm", (guest_archs[i].hvm ? - "/usr/lib/xen/boot/hvmloader" : - NULL), + "hvmloader" : NULL), 1, machines)) == NULL) { virCapabilitiesFreeMachines(machines, 1); debian/patches/9034-complete-9p-support0000664000000000000000000000141013153725071015007 0ustar Description: virt-aa-helper: add l to 9p file options Author: Serge Hallyn Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1378434 Forwarded: no Index: libvirt-1.2.2/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.2.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.2/src/security/virt-aa-helper.c @@ -1071,7 +1071,7 @@ get_files(vahControl * ctl) ctl->def->fss[i]->src){ virDomainFSDefPtr fs = ctl->def->fss[i]; - if (vah_add_path(&buf, fs->src, fs->readonly ? "r" : "rw", true) != 0) + if (vah_add_path(&buf, fs->src, fs->readonly ? "r" : "rwl", true) != 0) goto cleanup; } } debian/patches/apparmor-allow-hugepages0000664000000000000000000001706413153725071015461 0ustar Description: add security hook for permitting hugetlbfs access When a qemu domain is backed by huge pages, apparmor needs to grant the domain rw access to files under the hugetlbfs mount point. Add a hook, called in qemu_process.c, which ends up adding the read-write access through virt-aa-helper. Qemu will be creating a randomly named file under the mountpoint and unlinking it as soon as it has mmap()d it, therefore we cannot predict the full pathname, but for the same reason it is generally safe to provide access to $path/**. Author: Serge Hallyn Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/646468 Forwarded: yes Index: libvirt/src/qemu/qemu_process.c =================================================================== --- libvirt.orig/src/qemu/qemu_process.c 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/qemu/qemu_process.c 2012-12-06 11:57:58.234773649 -0600 @@ -3475,6 +3475,15 @@ } virDomainAuditSecurityLabel(vm, true); + if (driver->hugepage_path && vm->def->mem.hugepage_backed) { + if (virSecurityManagerSetHugepages(driver->securityManager, + vm->def, driver->hugepage_path) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("Unable to set huge path in security driver")); + goto cleanup; + } + } + /* Ensure no historical cgroup for this VM is lying around bogus * settings */ VIR_DEBUG("Ensuring no historical cgroup is lying around"); Index: libvirt/src/security/security_apparmor.c =================================================================== --- libvirt.orig/src/security/security_apparmor.c 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/security/security_apparmor.c 2012-12-06 11:58:23.286774213 -0600 @@ -840,6 +840,31 @@ } static int +ApparmorSetHugepages(virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *path) +{ + const virSecurityLabelDefPtr secdef = + virDomainDefGetSecurityLabelDef(def, SECURITY_APPARMOR_NAME); + int ret = -1; + virBuffer buf = VIR_BUFFER_INITIALIZER; + char *newpath; + + if (!secdef) + return -1; + + if (secdef->imagelabel == NULL) + return 0; + + virBufferAsprintf(&buf, "%s/**", path); + newpath = virBufferCurrentContent(&buf); + if (newpath) + ret = reload_profile(mgr, def, newpath, true); + virBufferFreeAndReset(&buf); + return ret; +} + +static int AppArmorSetFDLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, int fd) @@ -908,4 +933,6 @@ .domainSetSecurityImageFDLabel = AppArmorSetFDLabel, .domainSetSecurityTapFDLabel = AppArmorSetFDLabel, + + .domainSetSecurityHugepages = ApparmorSetHugepages, }; Index: libvirt/src/security/security_manager.c =================================================================== --- libvirt.orig/src/security/security_manager.c 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/security/security_manager.c 2012-12-06 11:57:58.238773649 -0600 @@ -511,3 +511,13 @@ list[1] = NULL; return list; } + +int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + if (mgr->drv->domainSetSecurityHugepages) + return mgr->drv->domainSetSecurityHugepages(mgr, vm, path); + + return 0; +} Index: libvirt/src/security/security_manager.h =================================================================== --- libvirt.orig/src/security/security_manager.h 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/security/security_manager.h 2012-12-06 11:57:58.238773649 -0600 @@ -112,5 +112,8 @@ virDomainDefPtr vm); virSecurityManagerPtr* virSecurityManagerGetNested(virSecurityManagerPtr mgr); +int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr, + virDomainDefPtr sec, + const char *hugepages_path); #endif /* VIR_SECURITY_MANAGER_H__ */ Index: libvirt/src/security/security_driver.h =================================================================== --- libvirt.orig/src/security/security_driver.h 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/security/security_driver.h 2012-12-06 11:57:58.238773649 -0600 @@ -100,6 +100,9 @@ int fd); typedef char *(*virSecurityDomainGetMountOptions) (virSecurityManagerPtr mgr, virDomainDefPtr def); +typedef int (*virSecurityDomainSetHugepages) (virSecurityManagerPtr mgr, + virDomainDefPtr def, + const char *path); struct _virSecurityDriver { size_t privateDataLen; @@ -140,6 +143,7 @@ virSecurityDomainSetTapFDLabel domainSetSecurityTapFDLabel; virSecurityDomainGetMountOptions domainGetSecurityMountOptions; + virSecurityDomainSetHugepages domainSetSecurityHugepages; }; virSecurityDriverPtr virSecurityDriverLookup(const char *name, Index: libvirt/src/libvirt_private.syms =================================================================== --- libvirt.orig/src/libvirt_private.syms 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/libvirt_private.syms 2012-12-06 11:57:58.238773649 -0600 @@ -1052,6 +1052,7 @@ virSecurityManagerStackAddNested; virSecurityManagerVerify; virSecurityManagerGetMountOptions; +virSecurityManagerSetHugepages; # sexpr.h sexpr_append; Index: libvirt/src/security/security_stack.c =================================================================== --- libvirt.orig/src/security/security_stack.c 2012-12-06 11:50:48.354763986 -0600 +++ libvirt/src/security/security_stack.c 2012-12-06 11:57:58.238773649 -0600 @@ -462,6 +462,23 @@ return rc; } +static int +virSecurityStackSetHugepages(virSecurityManagerPtr mgr, + virDomainDefPtr vm, + const char *path) +{ + virSecurityStackDataPtr priv = virSecurityManagerGetPrivateData(mgr); + virSecurityStackItemPtr item = priv->itemsHead; + int rc = 0; + + for (; item; item = item->next) { + if (virSecurityManagerSetHugepages(item->securityManager, vm, path) < 0) + rc = -1; + } + + return rc; +} + static char *virSecurityStackGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr vm ATTRIBUTE_UNUSED) { return NULL; @@ -529,4 +546,6 @@ .domainSetSecurityTapFDLabel = virSecurityStackSetTapFDLabel, .domainGetSecurityMountOptions = virSecurityStackGetMountOptions, + + .domainSetSecurityHugepages = virSecurityStackSetHugepages, }; Index: libvirt/tests/virt-aa-helper-test =================================================================== --- libvirt.orig/tests/virt-aa-helper-test 2012-12-05 16:37:34.027369000 -0600 +++ libvirt/tests/virt-aa-helper-test 2012-12-11 13:59:23.103803317 -0600 @@ -316,6 +316,9 @@ sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,g" "$template_xml" > "$test_xml" testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" "$template_xml" > "$test_xml" +testme "0" "hugepages" "-r -u $valid_uuid -F /run/hugepages/kvm/\*\*" "$test_xml" + testme "0" "help" "-h" echo "" >$output debian/patches/CVE-2014-3657.patch0000664000000000000000000000203213153725071013244 0ustar From fc22b2e74890873848b43fffae43025d22053669 Mon Sep 17 00:00:00 2001 From: Pavel Hrdina Date: Mon, 22 Sep 2014 18:19:07 +0200 Subject: [PATCH] domain_conf: fix domain deadlock If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: Pavel Hrdina --- src/conf/domain_conf.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Index: libvirt-1.2.2/src/conf/domain_conf.c =================================================================== --- libvirt-1.2.2.orig/src/conf/domain_conf.c 2014-11-10 19:48:32.001702781 -0500 +++ libvirt-1.2.2/src/conf/domain_conf.c 2014-11-10 19:48:31.993702727 -0500 @@ -19112,7 +19112,7 @@ /* just count the machines */ if (!data->domains) { data->ndomains++; - return; + goto cleanup; } if (!(dom = virGetDomain(data->conn, vm->def->name, vm->def->uuid))) { debian/patches/series0000664000000000000000000000434313467340123012043 0ustar 9002-default_uri_virsh_to_system.patch remove-RHism.diff.patch Don-t-enable-default-network-on-boot.patch Allow-libvirt-group-to-access-the-socket.patch fix-Debian-specific-path-to-hvm-loader.patch patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch Disable-failing-virnetsockettest.patch Don-t-fail-if-we-can-t-setup-avahi.patch 9004-libvirtd-group-name.patch 9020-lp545795.patch 9021-fix-uint64_t.patch enable-kvm-spice.patch dnsmasq-as-priv-user storage-default-permission-mode-to-0711 Reduce-udevadm-settle-timeout-to-10-seconds.patch fix-ubuntu-xen-qemu-dm-path.patch ubuntu-libxl-qemu-nopath.patch ubuntu-xend-probe.patch accomodate-new-qemu-migration-status-setup.patch 9025-apparmor-allow-access-to-filesystem-mounts add-a-mutex-to-serialize-updates-to-fw.patch libxl-Check-for-control_d-string-to-decide-about-dom.patch arm-cpu-baseline.patch libxl-Create-log-directory-earlier.patch libxl-do-not-use-virdomain-id.patch libxl-set-disk-format-for-cdrom.patch libxl-set-vfb0-data-in-build-config.patch libxl-support-sexpr-in-native-to-XML-conversion.patch libxl-Support-PV-consoles.patch 9026-fix-apparmor-profile-for-vfio-pci-passthrough 9027-virt-aa-helper-allow-access-to-vhost-net CVE-2014-0179.patch CVE-2014-3633.patch 9029-ovs-delete-port-if-it-exists-when-adding-new-one 9030-virsh-add-keepalive-in-new-vshconnect-fn 9031-cmdmigrate-move-vshconnect-before-vshwatchjob 9032-virsh-initialize-vsh-data-in-cmdmigrate support-incoming-qemu-kvm CVE-2014-3657.patch CVE-2014-7823.patch 9034-complete-9p-support numa-cgroups-fix-cpuset-mems-init.patch 9035-qemu-snapshot-save-persistent-domain-config 9036-dont-fail-without-cpu-model.patch Support-incoming-migration-from-13.10-hosts.patch qemu-filterref-crash.patch storage_backend_rbd-correct-arg-order-to-rbd_create3 fix_libvirtd_killed_by_sigsegv.patch CVE-2014-8136.patch CVE-2015-0236.patch CVE-2015-5313.patch fix-util-don-t-fail-if-no-portdata-is-found.patch reject-blockcommit-of-active-layer.patch virt-aa-helper-add-trusty-guest-agent-rule.patch CVE-2017-5715-ibrs-1.patch CVE-2017-5715-ibrs-2.patch CVE-2017-5715-ibrs-3.patch CVE-2017-5715-ibrs-4.patch CVE-2017-5715-ibrs-7.patch CVE-2018-5748.patch CVE-2016-5008.patch CVE-2018-1064.patch CVE-2018-3639-1.patch CVE-2018-3639-2.patch md-clear.patch debian/patches/qemu-relax-hard-rss-limit.patch0000664000000000000000000000554313153725071016570 0ustar commit 3c83df679e8feab939c08b1f97c48f9290a5b8cd Author: Michal Privoznik Date: Tue Jan 8 10:15:49 2013 +0100 qemu: Relax hard RSS limit Currently, if there's no hard memory limit defined for a domain, libvirt tries to calculate one, based on domain definition and magic equation and set it upon the domain startup. The rationale behind was, if there's a memory leak or exploit in qemu, we should prevent the host system trashing. However, the equation was too tightening, as it didn't reflect what the kernel counts into the memory used by a process. Since many hosts do have a swap, nobody hasn't noticed anything, because if hard memory limit is reached, process can continue allocating memory on a swap. However, if there is no swap on the host, the process gets killed by OOM killer. In our case, the qemu process it is. To prevent this, we need to relax the hard RSS limit. Moreover, we should reflect more precisely the kernel way of accounting the memory for process. That is, even the kernel caches are counted within the memory used by a process (within cgroups at least). Hence the magic equation has to be changed: limit = 1.5 * (domain memory + total video memory) + (32MB for cache per each disk) + 200MB Index: libvirt-1.0.1/src/qemu/qemu_cgroup.c =================================================================== --- libvirt-1.0.1.orig/src/qemu/qemu_cgroup.c 2013-01-24 13:00:44.055665777 -0600 +++ libvirt-1.0.1/src/qemu/qemu_cgroup.c 2013-01-24 13:00:44.051665777 -0600 @@ -342,15 +342,18 @@ unsigned long long hard_limit = vm->def->mem.hard_limit; if (!hard_limit) { - /* If there is no hard_limit set, set a reasonable - * one to avoid system trashing caused by exploited qemu. - * As 'reasonable limit' has been chosen: - * (1 + k) * (domain memory + total video memory) + F - * where k = 0.02 and F = 200MB. */ + /* If there is no hard_limit set, set a reasonable one to avoid + * system trashing caused by exploited qemu. As 'reasonable limit' + * has been chosen: + * (1 + k) * (domain memory + total video memory) + (32MB for + * cache per each disk) + F + * where k = 0.5 and F = 200MB. The cache for disks is important as + * kernel cache on the host side counts into the RSS limit. */ hard_limit = vm->def->mem.max_balloon; for (i = 0; i < vm->def->nvideos; i++) hard_limit += vm->def->videos[i]->vram; - hard_limit = hard_limit * 1.02 + 204800; + hard_limit = hard_limit * 1.5 + 204800; + hard_limit += vm->def->ndisks * 32768; } rc = virCgroupSetMemoryHardLimit(cgroup, hard_limit); debian/patches/reject-blockcommit-of-active-layer.patch0000664000000000000000000000403213153725071020405 0ustar Description: qemu: reject rather than hang on blockcommit of active layer qemu 2.0 added the ability to commit the active layer, but slightly differently than what libvirt had been anticipating in its implementation of the virDomainBlockCommit call. As a result, if you attempt to do a 'virsh blockcommit $dom vda', qemu gets into a state where it is waiting on libvirt to end the job, while libvirt is waiting on qemu to end the job, and the guest is effectively hung with regards to further commands for that block device. I have patches coming down the pipeline that will add full support for blockcommit of the active layer when coupled with qemu 2.0 or later; but they depend on Peter's improvements to block job handling and form enough of a new feature that they are not ready for inclusion in the 1.2.5 release. So for now, just reject the attempt, rather than letting the user get stuck. This is no worse than the behavior of qemu 1.7 rejecting the job. * src/qemu/qemu_driver.c (qemuDomainBlockCommit): Reject active commit. Signed-off-by: Eric Blake Origin: upstream, commit: e6bcbcd32c70ae394e7b6a530012fe8b07a59b5d Bug-Ubuntu: https://launchpad.net/bugs/1317491 Reviewed-By: Rafael David Tinoco Last-Update: 2017-02-22 --- libvirt-1.2.2.orig/src/qemu/qemu_driver.c +++ libvirt-1.2.2/src/qemu/qemu_driver.c @@ -15341,6 +15341,16 @@ qemuDomainBlockCommit(virDomainPtr dom, top, path); goto endjob; } + + /* FIXME: qemu 2.0 supports active commit, but as a two-stage + * process; qemu 2.1 is further improving active commit. We need + * to start supporting it in libvirt. */ + if (top_meta == disk->backingChain) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("committing the active layer not supported yet")); + goto endjob; + } + if (!top_meta || !top_meta->backingStore) { virReportError(VIR_ERR_INVALID_ARG, _("top '%s' in chain for '%s' has no backing file"), debian/patches/9027-virt-aa-helper-allow-access-to-vhost-net0000664000000000000000000000332513153725071020710 0ustar commit c7abe7448c746cf0e3a6b7fab80e083afba5d5ae Author: Serge Hallyn Date: Wed Jun 18 03:20:59 2014 +0000 virt-aa-helper: allow access to /dev/vhost-net if needed Only allow the access if it is a KVM domain which has a NIC which wants non-userspace networking. This addresses https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1322568 Signed-off-by: Serge Hallyn Index: libvirt-1.2.2/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.2.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.2/src/security/virt-aa-helper.c @@ -900,7 +900,7 @@ get_files(vahControl * ctl) size_t i; char *uuid; char uuidstr[VIR_UUID_STRING_BUFLEN]; - bool needsVfio = false; + bool needsVfio = false, needsvhost = false; /* verify uuid is same as what we were given on the command line */ virUUIDFormat(ctl->def->uuid, uuidstr); @@ -1076,6 +1076,21 @@ get_files(vahControl * ctl) } } + if (ctl->def->virtType == VIR_DOMAIN_VIRT_KVM) { + for (i = 0; i < ctl->def->nnets; i++) { + virDomainNetDefPtr net = ctl->def->nets[i]; + if (net && net->model) { + if (net->driver.virtio.name == VIR_DOMAIN_NET_BACKEND_TYPE_QEMU) + continue; + if (STRNEQ(net->model, "virtio")) + continue; + } + needsvhost = true; + } + } + if (needsvhost) + virBufferAddLit(&buf, " /dev/vhost-net rw,\n"); + if (needsVfio) { virBufferAddLit(&buf, " /dev/vfio/vfio rw,\n"); virBufferAddLit(&buf, " /dev/vfio/[0-9]* rw,\n"); debian/patches/fix-ubuntu-xen-qemu-dm-path.patch0000664000000000000000000002303113153725071017036 0ustar Description: Make hvmloader and qemu-dm paths relative This is a refresh for the patch of the same name we were already carrying but did just replace absolute paths by other absolute ones which broke again. Forwarded: not-needed Origin: vendor, https://launchpadlibrarian.net/117536009/fix-ubuntu-xen-qemu-dm-path.patch Bug-Ubuntu: http://bugs.launchpad.net/bugs/914788 Author: George Dunlap Index: libvirt-1.1.4/src/xen/xen_hypervisor.c =================================================================== --- libvirt-1.1.4.orig/src/xen/xen_hypervisor.c 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/src/xen/xen_hypervisor.c 2013-11-12 11:48:39.163866993 -0600 @@ -2140,10 +2140,10 @@ guest_archs[i].hvm ? "hvm" : "xen", guest_archs[i].arch, (hostarch == VIR_ARCH_X86_64 ? - "/usr/lib64/xen/bin/qemu-dm" : - "/usr/lib/xen/bin/qemu-dm"), + "qemu-dm" : + "qemu-dm"), (guest_archs[i].hvm ? - "/usr/lib/xen-default/boot/hvmloader" : + "hvmloader" : NULL), 1, machines)) == NULL) { Index: libvirt-1.1.4/tests/xencapsdata/xen-x86_64-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-x86_64-hvm.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-x86_64-hvm.xml 2013-11-12 11:48:39.163866993 -0600 @@ -20,7 +20,7 @@ xen 64 - /usr/lib64/xen/bin/qemu-dm + qemu-dm xenpv @@ -31,8 +31,8 @@ hvm 32 - /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv @@ -49,8 +49,8 @@ hvm 64 - /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64-be-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64-be-hvm.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64-be-hvm.xml 2013-11-12 11:48:39.163866993 -0600 @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -31,8 +31,8 @@ hvm 64 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64-be.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64-be.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64-be.xml 2013-11-12 11:48:39.163866993 -0600 @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64.xml 2013-11-12 11:48:39.163866993 -0600 @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/tests/xencapsdata/xen-ppc64.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ppc64.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ppc64.xml 2013-11-12 11:48:39.163866993 -0600 @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/tests/xencapsdata/xen-x86_64.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-x86_64.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-x86_64.xml 2013-11-12 11:48:39.167866993 -0600 @@ -20,7 +20,7 @@ xen 64 - /usr/lib64/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/tests/xencapsdata/xen-i686-pae.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-i686-pae.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-i686-pae.xml 2013-11-12 11:48:39.167866993 -0600 @@ -20,7 +20,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/tests/xencapsdata/xen-i686-pae-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-i686-pae-hvm.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-i686-pae-hvm.xml 2013-11-12 11:48:39.167866993 -0600 @@ -20,7 +20,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -34,8 +34,8 @@ hvm 32 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64-hvm.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64-hvm.xml 2013-11-12 11:48:39.167866993 -0600 @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -28,8 +28,8 @@ hvm 64 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-i686.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-i686.xml 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-i686.xml 2013-11-12 11:48:39.167866993 -0600 @@ -17,7 +17,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv Index: libvirt-1.1.4/docs/schemas/capability.rng =================================================================== --- libvirt-1.1.4.orig/docs/schemas/capability.rng 2013-11-12 11:48:39.183866993 -0600 +++ libvirt-1.1.4/docs/schemas/capability.rng 2013-11-12 11:48:39.167866993 -0600 @@ -271,13 +271,13 @@ - + - + debian/patches/add-a-mutex-to-serialize-updates-to-fw.patch0000664000000000000000000001521213153725071021055 0ustar commit 925de19ed7f13e0d12d0b993496d314bab886589 Author: Daniel P. Berrange Date: Wed Jan 22 18:13:30 2014 +0000 Add a mutex to serialize updates to firewall The nwfilter conf update mutex previously serialized updates to the internal data structures for firewall rules, and updates to the firewall itself. The latter was recently turned into a read/write lock, and filter instantiation allowed to proceed in parallel. It was believed that this was ok, since each filter is created on a separate iptables/ebtables chain. It turns out that there is a subtle lock ordering problem on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter will hold a lock on the virNWFilterObjPtr it is instantiating. This in turn invokes virNWFilterInstantiate which then invokes virNWFilterDetermineMissingVarsRec which then invokes virNWFilterObjFindByName. This iterates over every single virNWFilterObjPtr in the list, locking them and checking their name. So if 2 or more threads try to instantiate a filter in parallel, they'll all hold 1 lock at the top level in the __virNWFilterInstantiateFilter method which will cause the other thread to deadlock in virNWFilterObjFindByName. The fix is to add an exclusive mutex to serialize the execution of __virNWFilterInstantiateFilter. Signed-off-by: Daniel P. Berrange diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 5908df7..2e89d07 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -200,7 +200,8 @@ nwfilterStateInitialize(bool privileged, if (virNWFilterDHCPSnoopInit() < 0) goto err_exit_learnshutdown; - virNWFilterTechDriversInit(privileged); + if (virNWFilterTechDriversInit(privileged) < 0) + goto err_dhcpsnoop_shutdown; if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB, driverState) < 0) @@ -251,6 +252,7 @@ error: err_techdrivers_shutdown: virNWFilterTechDriversShutdown(); +err_dhcpsnoop_shutdown: virNWFilterDHCPSnoopShutdown(); err_exit_learnshutdown: virNWFilterLearnShutdown(); @@ -327,10 +329,10 @@ nwfilterStateCleanup(void) { if (driverState->privileged) { virNWFilterConfLayerShutdown(); - virNWFilterTechDriversShutdown(); virNWFilterDHCPSnoopShutdown(); virNWFilterLearnShutdown(); virNWFilterIPAddrMapShutdown(); + virNWFilterTechDriversShutdown(); nwfilterDriverLock(driverState); diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 8c5cd57..5b1fac4 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -55,30 +55,53 @@ static virNWFilterTechDriverPtr filter_tech_drivers[] = { NULL }; +/* Serializes instantiation of filters. This is necessary + * to avoid lock ordering deadlocks. eg __virNWFilterInstantiateFilter + * will hold a lock on a virNWFilterObjPtr. This in turn invokes + * virNWFilterInstantiate which invokes virNWFilterDetermineMissingVarsRec + * which invokes virNWFilterObjFindByName. This iterates over every single + * virNWFilterObjPtr in the list. So if 2 threads try to instantiate a + * filter in parallel, they'll both hold 1 lock at the top level in + * __virNWFilterInstantiateFilter which will cause the other thread + * to deadlock in virNWFilterObjFindByName. + * + * XXX better long term solution is to make virNWFilterObjList use a + * hash table as is done for virDomainObjList. You can then get + * lockless lookup of objects by name. + */ +static virMutex updateMutex; -void virNWFilterTechDriversInit(bool privileged) { +int virNWFilterTechDriversInit(bool privileged) +{ size_t i = 0; VIR_DEBUG("Initializing NWFilter technology drivers"); + if (virMutexInitRecursive(&updateMutex) < 0) + return -1; + while (filter_tech_drivers[i]) { if (!(filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED)) filter_tech_drivers[i]->init(privileged); i++; } + return 0; } -void virNWFilterTechDriversShutdown(void) { +void virNWFilterTechDriversShutdown(void) +{ size_t i = 0; while (filter_tech_drivers[i]) { if ((filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED)) filter_tech_drivers[i]->shutdown(); i++; } + virMutexDestroy(&updateMutex); } virNWFilterTechDriverPtr -virNWFilterTechDriverForName(const char *name) { +virNWFilterTechDriverForName(const char *name) +{ size_t i = 0; while (filter_tech_drivers[i]) { if (STREQ(filter_tech_drivers[i]->name, name)) { @@ -935,6 +958,8 @@ _virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, int ifindex; int rc; + virMutexLock(&updateMutex); + /* after grabbing the filter update lock check for the interface; if it's not there anymore its filters will be or are being removed (while holding the lock) and we don't want to build new ones */ @@ -962,6 +987,8 @@ _virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, foundNewFilter); cleanup: + virMutexUnlock(&updateMutex); + return rc; } @@ -981,6 +1008,7 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, bool foundNewFilter = false; virNWFilterReadLockFilterUpdates(); + virMutexLock(&updateMutex); rc = __virNWFilterInstantiateFilter(driver, vmuuid, @@ -1006,6 +1034,7 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, } virNWFilterUnlockFilterUpdates(); + virMutexUnlock(&updateMutex); return rc; } @@ -1129,7 +1158,11 @@ _virNWFilterTeardownFilter(const char *ifname) int virNWFilterTeardownFilter(const virDomainNetDef *net) { - return _virNWFilterTeardownFilter(net->ifname); + int ret; + virMutexLock(&updateMutex); + ret = _virNWFilterTeardownFilter(net->ifname); + virMutexUnlock(&updateMutex); + return ret; } diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index f4789e1..d72e040 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -31,7 +31,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res, void *data); -void virNWFilterTechDriversInit(bool privileged); +int virNWFilterTechDriversInit(bool privileged); void virNWFilterTechDriversShutdown(void); enum instCase { debian/patches/qemu-filterref-crash.patch0000664000000000000000000000222013153725071015665 0ustar If a domain network interface that contains a is modified "live" using "virsh update-device --live", libvirtd would crash. This was because the code supporting live update of an interface's filterref was assuming that a filterref might be added or modified, but didn't account for removing the filterref, resulting in a null dereference of the filter name. Introduced with commit 258fb278, which was first in libvirt v1.0.1. This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301 --- src/qemu/qemu_hotplug.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Index: libvirt-1.2.2/src/qemu/qemu_hotplug.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_hotplug.c +++ libvirt-1.2.2/src/qemu/qemu_hotplug.c @@ -1814,7 +1814,8 @@ qemuDomainChangeNetFilter(virConnectPtr virDomainConfNWFilterTeardown(olddev); - if (virDomainConfNWFilterInstantiate(conn, vm->def->uuid, newdev) < 0) { + if (newdev->filter && + virDomainConfNWFilterInstantiate(conn, vm->def->uuid, newdev) < 0) { virErrorPtr errobj; virReportError(VIR_ERR_OPERATION_FAILED, debian/patches/Debianize-libvirt-guests.patch0000664000000000000000000000710013153725071016515 0ustar From: =?UTF-8?q?Laurent=20L=C3=A9onard?= Date: Thu, 9 Dec 2010 22:36:29 +0100 Subject: Debianize libvirt-guests Origin: vendor --- tools/libvirt-guests.init.sh | 41 +++++++++++++---------------------------- tools/libvirt-guests.sysconf | 4 ++-- 2 files changed, 15 insertions(+), 30 deletions(-) diff --git a/tools/libvirt-guests.init.sh b/tools/libvirt-guests.init.sh index 99ef331..1285df7 100644 --- a/tools/libvirt-guests.init.sh +++ b/tools/libvirt-guests.init.sh @@ -4,8 +4,8 @@ # ### BEGIN INIT INFO # Provides: libvirt-guests -# Required-Start: libvirtd -# Required-Stop: libvirtd +# Required-Start: $remote_fs libvirt-bin +# Required-Stop: $remote_fs libvirt-bin # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: suspend/resume libvirt guests on shutdown/boot @@ -14,43 +14,29 @@ # See http://libvirt.org ### END INIT INFO -# the following is chkconfig init header -# -# libvirt-guests: suspend/resume libvirt guests on shutdown/boot -# -# chkconfig: 345 99 01 -# description: This is a script for suspending active libvirt guests \ -# on shutdown and resuming them on next boot \ -# See http://libvirt.org -# - -sysconfdir="@sysconfdir@" -localstatedir="@localstatedir@" -libvirtd="@sbindir@"/libvirtd - -# Source function library. -test ! -r "$sysconfdir"/rc.d/init.d/functions || - . "$sysconfdir"/rc.d/init.d/functions +sysconfdir=/etc +localstatedir=/var +libvirtd=/usr/sbin/libvirtd # Source gettext library. # Make sure this file is recognized as having translations: _("dummy") -. "@bindir@"/gettext.sh +. /usr/bin/gettext.sh -export TEXTDOMAIN="@PACKAGE@" TEXTDOMAINDIR="@localedir@" +export TEXTDOMAIN="libvirt" TEXTDOMAINDIR="/usr/share/locale" URIS=default -ON_BOOT=start -ON_SHUTDOWN=suspend +ON_BOOT=ignore +ON_SHUTDOWN=shutdown SHUTDOWN_TIMEOUT=300 PARALLEL_SHUTDOWN=0 START_DELAY=0 BYPASS_CACHE=0 -test -f "$sysconfdir"/sysconfig/libvirt-guests && - . "$sysconfdir"/sysconfig/libvirt-guests +test -f "$sysconfdir"/default/libvirt-guests && + . "$sysconfdir"/default/libvirt-guests LISTFILE="$localstatedir"/lib/libvirt/libvirt-guests -VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/subsys/libvirt-guests +VAR_SUBSYS_LIBVIRT_GUESTS="$localstatedir"/lock/libvirt-guests RETVAL=0 @@ -538,8 +524,7 @@ gueststatus() { # rh_status # Display current status: whether saved state exists, and whether start -# has been executed. We cannot use status() from the functions library, -# since there is no external daemon process matching this init script. +# has been executed. rh_status() { if [ -f "$LISTFILE" ]; then gettext "stopped, with saved guests"; echo diff --git a/tools/libvirt-guests.sysconf b/tools/libvirt-guests.sysconf index d1f2051..1173760 100644 --- a/tools/libvirt-guests.sysconf +++ b/tools/libvirt-guests.sysconf @@ -8,7 +8,7 @@ # - ignore libvirt-guests init script won't start any guest on boot, however, # guests marked as autostart will still be automatically started by # libvirtd -#ON_BOOT=start +#ON_BOOT=ignore # Number of seconds to wait between each guest start. Set to 0 to allow # parallel startup. @@ -22,7 +22,7 @@ # which just needs a long time to shutdown. When setting # ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a # value suitable for your guests. -#ON_SHUTDOWN=suspend +#ON_SHUTDOWN=shutdown # If set to non-zero, shutdown will suspend guests concurrently. Number of # guests on shutdown at any time will not exceed number set in this variable. debian/patches/CVE-2018-5748.patch0000664000000000000000000000363613230426276013267 0ustar From bc251ea91bcfddd2622fce6bce701a438b2e7276 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Tue, 16 Jan 2018 17:00:11 +0000 Subject: [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) We read from QEMU until seeing a \r\n pair to indicate a completed reply or event. To avoid memory denial-of-service though, we must have a size limit on amount of data we buffer. 10 MB is large enough that it ought to cope with normal QEMU replies, and small enough that we're not consuming unreasonable mem. Signed-off-by: Daniel P. Berrange --- src/qemu/qemu_monitor.c | 15 +++++++++++++++ 1 files changed, 15 insertions(+), 0 deletions(-) Index: libvirt-1.2.2/src/qemu/qemu_monitor.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_monitor.c +++ libvirt-1.2.2/src/qemu/qemu_monitor.c @@ -51,6 +51,15 @@ #define DEBUG_IO 0 #define DEBUG_RAW_IO 0 +/* We read from QEMU until seeing a \r\n pair to indicate a + * completed reply or event. To avoid memory denial-of-service + * though, we must have a size limit on amount of data we + * buffer. 10 MB is large enough that it ought to cope with + * normal QEMU replies, and small enough that we're not + * consuming unreasonable mem. + */ +#define QEMU_MONITOR_MAX_RESPONSE (10 * 1024 * 1024) + struct _qemuMonitor { virObjectLockable parent; @@ -533,6 +542,12 @@ qemuMonitorIORead(qemuMonitorPtr mon) int ret = 0; if (avail < 1024) { + if (mon->bufferLength >= QEMU_MONITOR_MAX_RESPONSE) { + virReportSystemError(ERANGE, + _("No complete monitor response found in %d bytes"), + QEMU_MONITOR_MAX_RESPONSE); + return -1; + } if (VIR_REALLOC_N(mon->buffer, mon->bufferLength + 1024) < 0) return -1; debian/patches/virt-aa-helper-add-trusty-guest-agent-rule.patch0000664000000000000000000000301013154162527021744 0ustar Description: virt-aa-helper: add a rule allowing all private channel access The older libvirt in Trusty creates some channels under a namespace that is not covered by virt-aa-helper. But since the scheme of these channel files is known a rule can be added that still name-spaces per guest. So always allow rw to things under that directory. In latter Ubuntu releases the path changes and in even latter ones the delta is dropped as the paths generated by libvirt now match those created by virt-aa-helper. Forwarded: no (solved by proper namespaceing and new virt-aa-helper rules) Author: Christian Ehrhardt Original-Author: Serge Hallyn Origin: https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/tree/debian/patches/ubuntu/virt-aa-helper-add-guest-agent-rule.patch?h=ubuntu/xenial Bug-Ubuntu: https://bugs.launchpad.net/bugs/1393842 Last-Update: 2017-08-28 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -973,6 +973,10 @@ get_files(vahControl * ctl) ctl->def->parallels[i]->source.type) != 0) goto cleanup; + virBufferAsprintf(&buf, " # for qemu guest agent channel\n"); + virBufferAsprintf(&buf, " owner \"/var/lib/libvirt/qemu/channel/target/%s.**\" rw,\n", + ctl->def->name); + for (i = 0; i < ctl->def->nchannels; i++) if (ctl->def->channels[i] && (ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_PTY || debian/patches/CVE-2018-3639-1.patch0000664000000000000000000000244013301322432013376 0ustar Backport of: From 1dbca2eccad58d91a5fd33962854f1a653638182 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P.=20Berrang=C3=A9?= Date: Mon, 21 May 2018 23:05:07 +0100 Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit New microcode introduces the "Speculative Store Bypass Disable" CPUID feature bit. This needs to be exposed to guest OS to allow them to protect against CVE-2018-3639. Signed-off-by: Daniel P. Berrangé Reviewed-by: Jiri Denemark --- src/cpu/cpu_map.xml | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Index: libvirt-1.3.1/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.3.1.orig/src/cpu/cpu_map.xml 2018-05-23 13:26:38.793441472 -0400 +++ libvirt-1.3.1/src/cpu/cpu_map.xml 2018-05-23 13:27:04.497473996 -0400 @@ -290,6 +290,9 @@ + + + debian/patches/CVE-2017-5715-ibrs-4.patch0000664000000000000000000000255113232426103014340 0ustar Backport of: From 30b381cfdd5e92e5afa6de09f0fe533353e71d07 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Mon, 8 Jan 2018 20:53:25 +0100 Subject: [PATCH] cpu: Add SandyBridge-IBRS CPU model This is a variant of SandyBridge with indirect branch prediction protection. The only difference between SandyBridge and SandyBridge-IBRS is the added "spec-ctrl" feature. The SandyBridge-IBRS model in QEMU is a bit different since SandyBridge got several additional features since we added it in cpu_map.xml: arat, vme, xsaveopt Adding them only to the -IBRS variant would confuse our CPU detection code. Signed-off-by: Jiri Denemark Reviewed-by: Pavel Hrdina --- src/cpu/cpu_map.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-01-25 14:12:52.758444079 -0500 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-01-25 14:12:52.754444074 -0500 @@ -513,6 +513,11 @@ + + + + + debian/patches/remove-RHism.diff.patch0000664000000000000000000000151113153725071015066 0ustar From: Guido Guenther Date: Fri, 7 Mar 2008 09:08:25 +0100 Subject: remove-RHism.diff --- tools/virsh.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: libvirt-1.1.4/tools/virsh.pod =================================================================== --- libvirt-1.1.4.orig/tools/virsh.pod 2013-11-12 11:48:29.399867080 -0600 +++ libvirt-1.1.4/tools/virsh.pod 2013-11-12 11:48:29.387867080 -0600 @@ -107,7 +107,7 @@ Most B operations rely upon the libvirt library being able to connect to an already running libvirtd service. This can usually be -done using the command B. +done using the command B. Most B commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as debian/patches/Support-incoming-migration-from-13.10-hosts.patch0000664000000000000000000000250513153725071021651 0ustar Index: libvirt-1.2.2/src/qemu/qemu_migration.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_migration.c +++ libvirt-1.2.2/src/qemu/qemu_migration.c @@ -2109,6 +2109,13 @@ static char VIR_STRDUP(def->os.machine, "pc-1.0-precise") < 0) goto cleanup; } + if (STREQ_NULLABLE(vm->def->os.machine, "pc-i440fx-1.5")) { + VIR_FREE(vm->def->os.machine); + VIR_FREE(def->os.machine); + if (VIR_STRDUP(vm->def->os.machine, "pc-i440fx-1.5-saucy") < 0 || + VIR_STRDUP(def->os.machine, "pc-i440fx-1.5-saucy") < 0) + goto cleanup; + } } rv = qemuDomainDefFormatLive(driver, def, false, true); @@ -2447,6 +2454,11 @@ qemuMigrationPrepareAny(virQEMUDriverPtr if (VIR_STRDUP(vm->def->os.machine, "pc-1.0-precise") < 0) goto endjob; } + if (STREQ_NULLABLE(vm->def->os.machine, "pc-i440fx-1.5")) { + VIR_FREE(vm->def->os.machine); + if (VIR_STRDUP(vm->def->os.machine, "pc-i440fx-1.5-saucy") < 0) + goto endjob; + } } /* Start the QEMU daemon, with the same command-line arguments plus debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch0000664000000000000000000000142713153725071021571 0ustar From: =?UTF-8?q?Guido=20G=C3=BCnther?= Date: Sun, 26 Jun 2011 15:56:27 +0200 Subject: Disable gnulib's test-nonplocking-pipe.sh since it fails on at least sparc and mips from time to time. Issue reported upstresm. --- gnulib/tests/test-nonblocking-pipe.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnulib/tests/test-nonblocking-pipe.sh b/gnulib/tests/test-nonblocking-pipe.sh index dd692be..9690791 100755 --- a/gnulib/tests/test-nonblocking-pipe.sh +++ b/gnulib/tests/test-nonblocking-pipe.sh @@ -1,5 +1,9 @@ #!/bin/sh + +echo "Skipping test: intermittent fail on at least sparc and mipsel" +exit 77 + # Note: This test fails on Cygwin 1.5.x, because the non-blocking flag has # apparently no effect on STDOUT_FILENO. It is fixed in Cygwin 1.7. debian/patches/Disable-failing-virnetsockettest.patch0000664000000000000000000000171113153725071020234 0ustar From: =?utf-8?q?Guido_G=C3=BCnther?= Date: Fri, 8 Jul 2011 22:17:56 +0200 Subject: Disable failing virnetsockettest until we debugged the interaction with pbuilder --- tests/virnetsockettest.c | 2 ++ 1 file changed, 2 insertions(+) Index: libvirt-1.1.4/tests/virnetsockettest.c =================================================================== --- libvirt-1.1.4.orig/tests/virnetsockettest.c 2013-11-12 11:48:32.635867051 -0600 +++ libvirt-1.1.4/tests/virnetsockettest.c 2013-11-12 11:48:32.619867051 -0600 @@ -497,10 +497,12 @@ if (virtTestRun("Socket UNIX Addrs", testSocketUNIXAddrs, NULL) < 0) ret = -1; +#if 0 if (virtTestRun("Socket External Command /dev/zero", testSocketCommandNormal, NULL) < 0) ret = -1; if (virtTestRun("Socket External Command /dev/does-not-exist", testSocketCommandFail, NULL) < 0) ret = -1; +#endif struct testSSHData sshData1 = { .nodename = "somehost", debian/patches/9025-apparmor-allow-access-to-filesystem-mounts0000664000000000000000000001310713153725071021466 0ustar From felix@fobos.de Sun Jan 26 16:48:24 2014 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id s0QLmOgW032081 for ; Sun, 26 Jan 2014 16:48:24 -0500 Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.16]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s0QLmOmM005016 for ; Sun, 26 Jan 2014 16:48:24 -0500 Received: from fobos.de (fobos.de [188.165.199.226]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s0QLmN0D014002 for ; Sun, 26 Jan 2014 16:48:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fobos.de; s=201209; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=0et3pbGn1kIAVJ0IpAKA4vk4CQMlDgoC18jM86yb9dU=; b=aPHbVN6zRgXf2xuK96/6M+/Lu7iYiy7v5ZMDEPkprzZB4fSOzBJNC9Uui8u+RmxeBlgOe8EgRKykmusQnFcbNiSD5WG0A3HTO9z1ha7ejeru4vmkmAV/GrTbgBrfIJn7f3P3+nrqvA7oGX+hJFKvVp7H1MvVg1DfOBtBWdrTLYU=; Received: from ip-176-198-94-236.unitymediagroup.de ([176.198.94.236] helo=callisto) by fobos.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1W7XZ0-0004P4-Ig; Sun, 26 Jan 2014 22:48:22 +0100 Received: from felix by callisto with local (Exim 4.82) (envelope-from ) id 1W7XZ0-0000Fw-51; Sun, 26 Jan 2014 22:48:22 +0100 From: Felix Geyer To: libvir-list@redhat.com Date: Sun, 26 Jan 2014 22:47:34 +0100 Message-Id: <1390772855-840-2-git-send-email-debfx@fobos.de> In-Reply-To: <1390772855-840-1-git-send-email-debfx@fobos.de> References: <1390772855-840-1-git-send-email-debfx@fobos.de> X-RedHat-Spam-Score: -2.475 (BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RP_MATCHES_RCVD, SPF_HELO_PASS, SPF_PASS) X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Scanned-By: MIMEDefang 2.68 on 10.5.110.16 X-loop: libvir-list@redhat.com X-Mailman-Approved-At: Mon, 27 Jan 2014 08:04:28 -0500 Cc: Felix Geyer Subject: [libvirt] [PATCH 1/2] apparmor: Allow access to filesystem mounts X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2014 21:48:24 -0000 Status: O Content-Length: 2425 Lines: 75 Make virt-aa-helper create rules to allow VMs access to filesystem mounts from the host. --- src/security/virt-aa-helper.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) Index: libvirt-1.2.1/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.1.orig/src/security/virt-aa-helper.c 2014-02-28 09:35:59.327687028 -0600 +++ libvirt-1.2.1/src/security/virt-aa-helper.c 2014-02-28 14:15:38.739129185 -0600 @@ -578,9 +578,6 @@ valid_path(const char *path, const bool return -1; switch (sb.st_mode & S_IFMT) { - case S_IFDIR: - return 1; - break; case S_IFSOCK: return 1; break; @@ -747,7 +744,7 @@ get_definition(vahControl * ctl, const c } static int -vah_add_file(virBufferPtr buf, const char *path, const char *perms) +vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursive) { char *tmp = NULL; int rc = -1; @@ -788,10 +785,14 @@ vah_add_file(virBufferPtr buf, const cha goto cleanup; } - virBufferAsprintf(buf, " \"%s\" %s,\n", tmp, perms); + virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "", perms); if (readonly) { virBufferAddLit(buf, " # don't audit writes to readonly files\n"); - virBufferAsprintf(buf, " deny \"%s\" w,\n", tmp); + virBufferAsprintf(buf, " deny \"%s%s\" w,\n", tmp, recursive ? "/**" : ""); + } + if (recursive) { + // allow reading (but not creating) the dir + virBufferAsprintf(buf, " \"%s/\" r,\n", tmp); } cleanup: @@ -801,6 +802,12 @@ vah_add_file(virBufferPtr buf, const cha } static int +vah_add_file(virBufferPtr buf, const char *path, const char *perms) +{ + return vah_add_path(buf, path, perms, false); +} + +static int vah_add_file_chardev(virBufferPtr buf, const char *path, const char *perms, @@ -1049,6 +1056,19 @@ get_files(vahControl * ctl) } /* switch */ } + for (i = 0; i < ctl->def->nfss; i++) { + if (ctl->def->fss[i] && + ctl->def->fss[i]->type == VIR_DOMAIN_FS_TYPE_MOUNT && + (ctl->def->fss[i]->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_PATH || + ctl->def->fss[i]->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT) && + ctl->def->fss[i]->src){ + virDomainFSDefPtr fs = ctl->def->fss[i]; + + if (vah_add_path(&buf, fs->src, fs->readonly ? "r" : "rw", true) != 0) + goto cleanup; + } + } + if (ctl->newfile) if (vah_add_file(&buf, ctl->newfile, "rw") != 0) goto cleanup; debian/patches/9035-qemu-snapshot-save-persistent-domain-config0000664000000000000000000000314213153725071021612 0ustar commit 9036b31aeddb63db198576b8eaba331df105c0c6 Author: Peter Krempa Date: Mon Jun 30 13:44:26 2014 +0200 qemu: snapshot: Save persistent domain config when taking external snapshot Commit 55bbb011b965c7962933604c70f61cef45e8ec04 introduced a regression where we forgot to save the persistent domain configuration after an external snapshot. This would make libvirt forget the snapshots and effectively revert to the previous state in the following scenario: 1) Start VM 2) Take snapshot 3) Destroy VM 4) Restart libvirtd Also fix spurious blank line added by patch mentioned above. diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d34da6f..775f6ab 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -13126,8 +13126,10 @@ qemuDomainSnapshotCreateDiskActive(virQEMUDriverPtr driver, int indx = virDomainDiskIndexByName(vm->newDef, vm->def->disks[i]->dst, false); - if (indx >= 0) + if (indx >= 0) { persistDisk = vm->newDef->disks[indx]; + persist = true; + } } ret = qemuDomainSnapshotCreateSingleDiskActive(driver, vm, @@ -13173,7 +13175,6 @@ qemuDomainSnapshotCreateDiskActive(virQEMUDriverPtr driver, persistDisk = vm->newDef->disks[indx]; persist = true; } - } qemuDomainSnapshotUndoSingleDiskActive(driver, vm, debian/patches/ubuntu-xend-probe.patch0000664000000000000000000000643613153725071015240 0ustar From: Stefan Bader Date: Wed, 24 Jul 2013 15:26:45 +0200 Subject: Use alternate method to check for running Xen legacy toolstack Upstream runs "/usr/sbin/xend status" but we have (at least for some time) shipped xend only in the private binary path (/usr/lib/xen-*/bin). And that path depends on the Xen version. Instead modify the check to call "/usr/lib/xen-common/xen-toolstack" which does not change between Xen versions and returns the path to xm or xl. Then decide on the base- name (xm) whether the legacy toolstack is active. This unlikely will be accepted by upstream libvirt as obviously they expect a different packaging. For Ubuntu I also had to add "/usr/lib/xen-common/xen-toolstack" to the allowed callouts of apparmor. Signed-off-by: Stefan Bader Index: libvirt-1.2.0/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.2.0.orig/src/libxl/libxl_driver.c 2013-12-11 17:04:59.596600161 +0100 +++ libvirt-1.2.0/src/libxl/libxl_driver.c 2013-12-11 17:05:25.648727525 +0100 @@ -792,6 +792,7 @@ libxlDriverShouldLoad(bool privileged) { bool ret = false; virCommandPtr cmd; + char *output; int status; /* Don't load if non-root */ @@ -809,14 +810,26 @@ libxlDriverShouldLoad(bool privileged) } /* Don't load if legacy xen toolstack (xend) is in use */ - cmd = virCommandNewArgList("/usr/sbin/xend", "status", NULL); + cmd = virCommandNewArgList("/usr/lib/xen-common/bin/xen-toolstack", NULL); + virCommandSetOutputBuffer(cmd, &output); if (virCommandRun(cmd, &status) == 0 && status == 0) { - VIR_INFO("Legacy xen tool stack seems to be in use, disabling " - "libxenlight driver."); - } else { - ret = true; + int i, j; + + for (i = 0, j = 0; output[i] != '\0'; i++) + if (output[i] == '/') + j = i + 1; + + if (output[j] == 'x' && output[j+1] == 'm') { + VIR_INFO("Legacy xen tool stack seems to be in use, disabling " + "libxenlight driver."); + VIR_FREE(output); + virCommandFree(cmd); + return ret; + } } + VIR_FREE(output); virCommandFree(cmd); + ret = true; return ret; } Index: libvirt-1.2.0/src/xen/xen_driver.c =================================================================== --- libvirt-1.2.0.orig/src/xen/xen_driver.c 2013-12-11 17:04:59.576600064 +0100 +++ libvirt-1.2.0/src/xen/xen_driver.c 2013-12-16 14:09:25.946210255 +0100 @@ -315,12 +315,23 @@ static int xenUnifiedXendProbe(void) { virCommandPtr cmd; + char *output; int status; int ret = 0; - cmd = virCommandNewArgList("/usr/sbin/xend", "status", NULL); - if (virCommandRun(cmd, &status) == 0 && status == 0) - ret = 1; + cmd = virCommandNewArgList("/usr/lib/xen-common/bin/xen-toolstack", NULL); + virCommandSetOutputBuffer(cmd, &output); + if (virCommandRun(cmd, &status) == 0 && status == 0) { + int i, j; + + for (i = 0, j = 0; output[i] != '\0'; i++) + if (output[i] == '/') + j = i + 1; + + if (output[j] == 'x' && output[j+1] == 'm') + ret = 1; + } + VIR_FREE(output); virCommandFree(cmd); return ret; debian/patches/CVE-2016-5008.patch0000664000000000000000000000473113230434667013252 0ustar Backported of: From bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Tue, 28 Jun 2016 14:39:58 +0200 Subject: [PATCH] qemu: Let empty default VNC password work as documented CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092 Signed-off-by: Jiri Denemark diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 69a1976..afec597 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3501,6 +3501,7 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, time_t now = time(NULL); char expire_time [64]; const char *connected = NULL; + const char *password; int ret = -1; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); @@ -3508,15 +3509,13 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, ret = 0; goto cleanup; } + password = auth->passwd ? auth->passwd : defaultPasswd; if (auth->connected) connected = virDomainGraphicsAuthConnectedTypeToString(auth->connected); qemuDomainObjEnterMonitor(driver, vm); - ret = qemuMonitorSetPassword(priv->mon, - type, - auth->passwd ? auth->passwd : defaultPasswd, - connected); + ret = qemuMonitorSetPassword(priv->mon, type, password, connected); if (ret == -2) { if (type != VIR_DOMAIN_GRAPHICS_TYPE_VNC) { @@ -3524,14 +3523,15 @@ qemuDomainChangeGraphicsPasswords(virQEMUDriverPtr driver, _("Graphics password only supported for VNC")); ret = -1; } else { - ret = qemuMonitorSetVNCPassword(priv->mon, - auth->passwd ? auth->passwd : defaultPasswd); + ret = qemuMonitorSetVNCPassword(priv->mon, password); } } if (ret != 0) goto end_job; - if (auth->expires) { + if (password[0] == '\0') { + snprintf(expire_time, sizeof(expire_time), "now"); + } else if (auth->expires) { time_t lifetime = auth->validTo - now; if (lifetime <= 0) snprintf(expire_time, sizeof(expire_time), "now"); debian/patches/Debianize-systemd-service-files.patch0000664000000000000000000000242613153725071017766 0ustar From: =?UTF-8?q?Guido=20G=C3=BCnther?= Date: Tue, 26 Jun 2012 09:30:39 +0200 Subject: Debianize systemd service files --- daemon/libvirtd.service.in | 4 ++-- tools/libvirt-guests.service.in | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in index b7afadf..32e40b4 100644 --- a/daemon/libvirtd.service.in +++ b/daemon/libvirtd.service.in @@ -9,8 +9,8 @@ Before=libvirt-guests.service After=network.target [Service] -EnvironmentFile=-/etc/sysconfig/libvirtd -ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS +EnvironmentFile=-/etc/default/libvirt-bin +ExecStart=@sbindir@/libvirtd $libvirtd_opts ExecReload=/bin/kill -HUP $MAINPID KillMode=process # Override the maximum number of opened files diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in index 0f0c41c..b9d8a91 100644 --- a/tools/libvirt-guests.service.in +++ b/tools/libvirt-guests.service.in @@ -3,7 +3,7 @@ Description=Suspend Active Libvirt Guests After=syslog.target network.target [Service] -EnvironmentFile=-/etc/sysconfig/libvirt-guests +EnvironmentFile=-/etc/default/libvirt-guests # Hack just call traditional service until we factor # out the code ExecStart=/etc/init.d/libvirt-guests start debian/patches/fix-virterror-namechange0000664000000000000000000000313313153725071015454 0ustar Description: change virterror to virerror to complete recent variable name change. Otherwise virGetLastError wrapper does not get generated in libvirt.py, causing calls to it to fail. Author: Serge Hallyn Forwarded: yes diff -Naurp libvirt-1.0.2.orig/python/generator.py libvirt-1.0.2/python/generator.py --- libvirt-1.0.2.orig/python/generator.py 2013-01-28 05:52:40.000000000 -0600 +++ libvirt-1.0.2/python/generator.py 2013-02-01 13:09:30.401004625 -0600 @@ -123,7 +123,8 @@ class docParser(xml.sax.handler.ContentH self.function_return_field = attrs['field'] elif tag == 'enum': if (attrs['file'] == "libvirt" or - attrs['file'] == "virterror"): + attrs['file'] == "virterror" or + attrs['file'] == "virerror"): enum(attrs['type'],attrs['name'],attrs['value']) elif attrs['file'] == "libvirt-lxc": lxc_enum(attrs['type'],attrs['name'],attrs['value']) @@ -137,7 +138,8 @@ class docParser(xml.sax.handler.ContentH if self.function != None: if (self.function_module == "libvirt" or self.function_module == "virevent" or - self.function_module == "virterror"): + self.function_module == "virterror" or + self.function_module == "virerror"): function(self.function, self.function_descr, self.function_return, self.function_args, self.function_file, self.function_module, debian/patches/dnsmasq-as-priv-user0000664000000000000000000001745413153725071014562 0ustar diff -Naur libvirt-1.2.2.orig/src/network/bridge_driver.c libvirt-1.2.2/src/network/bridge_driver.c --- libvirt-1.2.2.orig/src/network/bridge_driver.c 2014-02-26 08:32:10.000000000 -0500 +++ libvirt-1.2.2/src/network/bridge_driver.c 2014-03-03 14:02:54.818203620 -0500 @@ -767,7 +767,8 @@ "## virsh net-edit %s\n" "## or other application using the libvirt API.\n" "##\n## dnsmasq conf file created by libvirt\n" - "strict-order\n", + "strict-order\n" + "user=libvirt-dnsmasq\n", network->def->name); if (network->def->dns.forwarders) { diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf libvirt-1.2.2/tests/networkxml2confdata/dhcp6host-routed-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6host-routed-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/dhcp6host-routed-network.conf 2014-03-03 14:05:11.074206869 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr1 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6-nat-network.conf libvirt-1.2.2/tests/networkxml2confdata/dhcp6-nat-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6-nat-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/dhcp6-nat-network.conf 2014-03-03 14:05:25.338207209 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr0 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6-network.conf libvirt-1.2.2/tests/networkxml2confdata/dhcp6-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/dhcp6-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/dhcp6-network.conf 2014-03-03 14:05:43.262207636 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq domain=mynet expand-hosts except-interface=lo diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/isolated-network.conf libvirt-1.2.2/tests/networkxml2confdata/isolated-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/isolated-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/isolated-network.conf 2014-03-03 14:07:20.730209960 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-interfaces listen-address=192.168.152.1 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network.conf 2014-03-03 14:08:38.818211822 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr0 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-forwarders.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-forwarders.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-forwarders.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-forwarders.conf 2014-03-03 14:09:07.030212494 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq no-resolv server=8.8.8.8 server=8.8.4.4 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-forward-plain.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-forward-plain.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-forward-plain.conf 2013-08-28 11:47:47.000000000 -0400 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-forward-plain.conf 2014-03-03 14:09:19.098212782 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr0 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-hosts.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-hosts.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-hosts.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-hosts.conf 2014-03-03 14:09:36.174213189 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq domain=example.com expand-hosts domain-needed diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-srv-record.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-srv-record.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-srv-record.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-srv-record.conf 2014-03-03 14:10:18.930214208 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr0 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf 2014-03-03 14:10:34.766214586 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-interfaces listen-address=192.168.122.1 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-txt-record.conf libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-txt-record.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/nat-network-dns-txt-record.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/nat-network-dns-txt-record.conf 2014-03-03 14:12:01.550216655 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr0 diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/netboot-network.conf libvirt-1.2.2/tests/networkxml2confdata/netboot-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/netboot-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/netboot-network.conf 2014-03-03 14:13:13.562218372 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq domain=example.com expand-hosts except-interface=lo diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/netboot-proxy-network.conf libvirt-1.2.2/tests/networkxml2confdata/netboot-proxy-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/netboot-proxy-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/netboot-proxy-network.conf 2014-03-03 14:13:33.490218847 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq domain=example.com expand-hosts except-interface=lo diff -Naur libvirt-1.2.2.orig/tests/networkxml2confdata/routed-network.conf libvirt-1.2.2/tests/networkxml2confdata/routed-network.conf --- libvirt-1.2.2.orig/tests/networkxml2confdata/routed-network.conf 2014-02-05 04:32:53.000000000 -0500 +++ libvirt-1.2.2/tests/networkxml2confdata/routed-network.conf 2014-03-03 14:14:46.450220587 -0500 @@ -5,6 +5,7 @@ ## ## dnsmasq conf file created by libvirt strict-order +user=libvirt-dnsmasq except-interface=lo bind-dynamic interface=virbr1 debian/patches/libxl-Create-log-directory-earlier.patch0000664000000000000000000000507713153725071020372 0ustar From 139efe758c358327262ddb235f0043562ff1e39f Mon Sep 17 00:00:00 2001 From: Stefan Bader Date: Tue, 25 Mar 2014 14:27:08 +0100 Subject: [PATCH] libxl: Create log directory earlier Commit d9f19c30d054c86b15a304f4118baa4fa75af9d2 moved a lot of the configuration setup into libxlDriverConfigNew(). However that tries to create the libxl/libxl-driver.log before the libxl directory gets created in libxlStateInitialize(). This causes the daemon to fail on systems that have not had the directory created before. Move the code to create the libxl directory into libxlDriverConfigNew(). (cherry-picked from 139efe758c358327262ddb235f0043562ff1e39f upstream) Signed-off-by: Stefan Bader --- src/libxl/libxl_conf.c | 8 ++++++++ src/libxl/libxl_driver.c | 7 ------- 2 files changed, 8 insertions(+), 7 deletions(-) Index: libvirt-1.2.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_conf.c 2014-03-25 14:40:04.000000000 +0100 +++ libvirt-1.2.2/src/libxl/libxl_conf.c 2014-03-25 17:03:41.457521722 +0100 @@ -1085,6 +1085,14 @@ libxlDriverConfigNew(void) if (virAsprintf(&log_file, "%s/libxl-driver.log", cfg->logDir) < 0) goto error; + if (virFileMakePath(cfg->logDir) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to create log dir '%s': %s"), + cfg->logDir, + virStrerror(errno, ebuf, sizeof(ebuf))); + goto error; + } + if ((cfg->logger_file = fopen(log_file, "a")) == NULL) { VIR_ERROR(_("Failed to create log file '%s': %s"), log_file, virStrerror(errno, ebuf, sizeof(ebuf))); Index: libvirt-1.2.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_driver.c 2014-03-25 14:40:04.000000000 +0100 +++ libvirt-1.2.2/src/libxl/libxl_driver.c 2014-03-25 17:03:41.461521736 +0100 @@ -1032,13 +1032,6 @@ libxlStateInitialize(bool privileged, goto error; libxl_driver->config = cfg; - if (virFileMakePath(cfg->logDir) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("failed to create log dir '%s': %s"), - cfg->logDir, - virStrerror(errno, ebuf, sizeof(ebuf))); - goto error; - } if (virFileMakePath(cfg->stateDir) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to create state dir '%s': %s"), debian/patches/Don-t-enable-default-network-on-boot.patch0000664000000000000000000000344013153725071020536 0ustar From: Guido Guenther Date: Fri, 7 Mar 2008 09:08:26 +0100 Subject: Don't enable default network on boot to not interfere with existing network configurations --- src/Makefile.am | 3 --- src/Makefile.in | 3 --- 2 files changed, 6 deletions(-) Index: libvirt-1.1.4/src/Makefile.am =================================================================== --- libvirt-1.1.4.orig/src/Makefile.am 2013-11-12 11:48:30.027867074 -0600 +++ libvirt-1.1.4/src/Makefile.am 2013-11-12 11:48:30.003867074 -0600 @@ -2545,9 +2545,6 @@ cp $(DESTDIR)$(confdir)/qemu/networks/default.xml.t \ $(DESTDIR)$(confdir)/qemu/networks/default.xml && \ rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; } - test -e $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml || \ - ln -s ../default.xml \ - $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml endif WITH_NETWORK uninstall-local:: uninstall-init uninstall-systemd Index: libvirt-1.1.4/src/Makefile.in =================================================================== --- libvirt-1.1.4.orig/src/Makefile.in 2013-11-12 11:48:30.027867074 -0600 +++ libvirt-1.1.4/src/Makefile.in 2013-11-12 11:48:30.015867074 -0600 @@ -9594,9 +9594,6 @@ @WITH_NETWORK_TRUE@ cp $(DESTDIR)$(confdir)/qemu/networks/default.xml.t \ @WITH_NETWORK_TRUE@ $(DESTDIR)$(confdir)/qemu/networks/default.xml && \ @WITH_NETWORK_TRUE@ rm $(DESTDIR)$(confdir)/qemu/networks/default.xml.t; } -@WITH_NETWORK_TRUE@ test -e $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml || \ -@WITH_NETWORK_TRUE@ ln -s ../default.xml \ -@WITH_NETWORK_TRUE@ $(DESTDIR)$(confdir)/qemu/networks/autostart/default.xml uninstall-local:: uninstall-init uninstall-systemd @WITH_LIBVIRTD_TRUE@ rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/lockd/files" ||: debian/patches/apparmor-use-apparmor-setfdlabel0000664000000000000000000000772113153725071017112 0ustar From gren@redhat.com Thu Oct 25 02:44:21 2012 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q9P6iK3p023913 for ; Thu, 25 Oct 2012 02:44:20 -0400 Received: from linux-j6n6.nay.redhat.com ([10.66.17.30]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id q9P6i6P7014569 for ; Thu, 25 Oct 2012 02:44:14 -0400 From: Guannan Ren To: libvir-list@redhat.com Date: Thu, 25 Oct 2012 14:51:39 +0800 Message-Id: <1351147899-16519-4-git-send-email-gren@redhat.com> In-Reply-To: <1351147899-16519-1-git-send-email-gren@redhat.com> References: <1351147899-16519-1-git-send-email-gren@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 3/3] apparmor: use AppArmorSetFDLabel for both imageFD and tapFD X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2012 06:44:21 -0000 Content-Length: 2357 Lines: 60 Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could be used as a common function for *ALL* fd relabelling in Linux. In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773 Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files The last line is for the tapfd relabelling. # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. "/var/log/libvirt/**/rhel6qcow2.log" w, "/var/lib/libvirt/**/rhel6qcow2.monitor" rw, "/var/run/libvirt/**/rhel6qcow2.pid" rwk, "/run/libvirt/**/rhel6qcow2.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/var/lib/libvirt/images/rhel6u3qcow2.img" rw, "/dev/tap45" rw, --- src/security/security_apparmor.c | 15 +++------------ 1 files changed, 3 insertions(+), 12 deletions(-) Index: libvirt-1.0.1/src/security/security_apparmor.c =================================================================== --- libvirt-1.0.1.orig/src/security/security_apparmor.c 2013-01-22 10:43:07.128737304 -0600 +++ libvirt-1.0.1/src/security/security_apparmor.c 2013-01-22 10:43:07.124737304 -0600 @@ -840,7 +840,7 @@ } static int -AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, +AppArmorSetFDLabel(virSecurityManagerPtr mgr, virDomainDefPtr def, int fd) { @@ -871,16 +871,6 @@ return reload_profile(mgr, def, fd_path, true); } -/* TODO need code here */ -static int -AppArmorSetTapFDLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, - virDomainDefPtr def ATTRIBUTE_UNUSED, - int fd ATTRIBUTE_UNUSED) -{ - return 0; -} - - static char * AppArmorGetMountOptions(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED, virDomainDefPtr vm ATTRIBUTE_UNUSED) @@ -930,8 +920,8 @@ .domainSetSavedStateLabel = AppArmorSetSavedStateLabel, .domainRestoreSavedStateLabel = AppArmorRestoreSavedStateLabel, - .domainSetSecurityImageFDLabel = AppArmorSetImageFDLabel, - .domainSetSecurityTapFDLabel = AppArmorSetTapFDLabel, + .domainSetSecurityImageFDLabel = AppArmorSetFDLabel, + .domainSetSecurityTapFDLabel = AppArmorSetFDLabel, .domainGetSecurityMountOptions = AppArmorGetMountOptions, }; debian/patches/storage-default-permission-mode-to-07110000664000000000000000000000224513153725071017755 0ustar Description: use 0711, not 0755, as the default perms for storage dirs That is what we want for /var/lib/libvirt/images. Author: Serge Hallyn Forwarded: no diff -Naurp libvirt-1.2.0.orig/src/conf/storage_conf.c libvirt-1.2.0/src/conf/storage_conf.c --- libvirt-1.2.0.orig/src/conf/storage_conf.c 2013-11-25 20:56:37.000000000 -0500 +++ libvirt-1.2.0/src/conf/storage_conf.c 2013-12-02 12:08:16.316555557 -0500 @@ -48,7 +48,7 @@ #define VIR_FROM_THIS VIR_FROM_STORAGE -#define DEFAULT_POOL_PERM_MODE 0755 +#define DEFAULT_POOL_PERM_MODE 0711 #define DEFAULT_VOL_PERM_MODE 0600 VIR_ENUM_IMPL(virStorageVol, diff -Naurp libvirt-1.2.0.orig/tests/storagepoolxml2xmltest.c libvirt-1.2.0/tests/storagepoolxml2xmltest.c --- libvirt-1.2.0.orig/tests/storagepoolxml2xmltest.c 2013-11-25 20:56:37.000000000 -0500 +++ libvirt-1.2.0/tests/storagepoolxml2xmltest.c 2013-12-02 13:04:35.904636133 -0500 @@ -94,7 +94,6 @@ mymain(void) DO_TEST("pool-iscsi"); DO_TEST("pool-iscsi-auth"); DO_TEST("pool-netfs"); - DO_TEST("pool-netfs-gluster"); DO_TEST("pool-scsi"); DO_TEST("pool-scsi-type-scsi-host"); DO_TEST("pool-scsi-type-fc-host"); debian/patches/CVE-2015-0236.patch0000664000000000000000000000367113153725071013245 0ustar Description: fix VNC password leak via snapshots and save images Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commit;h=e99c25ca63c695a63b4c9b91ee956be4fb660772 Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commit;h=8107c1e3694ba4685960ec09868076379718f037 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776065 Index: libvirt-1.2.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_driver.c 2016-01-08 10:01:49.859605491 -0500 +++ libvirt-1.2.2/src/qemu/qemu_driver.c 2016-01-08 10:02:34.080092542 -0500 @@ -5552,7 +5552,7 @@ if (fd < 0) goto cleanup; - if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) + if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) goto cleanup; ret = qemuDomainDefFormatXML(driver, def, flags); @@ -13776,7 +13776,7 @@ if (!(vm = qemuDomObjFromSnapshot(snapshot))) goto cleanup; - if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def) < 0) + if (virDomainSnapshotGetXMLDescEnsureACL(snapshot->domain->conn, vm->def, flags) < 0) goto cleanup; if (!(snap = qemuSnapObjFromSnapshot(vm, snapshot))) Index: libvirt-1.2.2/src/remote/remote_protocol.x =================================================================== --- libvirt-1.2.2.orig/src/remote/remote_protocol.x 2016-01-08 09:40:22.000000000 -0500 +++ libvirt-1.2.2/src/remote/remote_protocol.x 2016-01-08 10:02:34.080092542 -0500 @@ -4291,6 +4291,7 @@ * @generate: both * @priority: high * @acl: domain:read + * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE */ REMOTE_PROC_DOMAIN_SNAPSHOT_GET_XML_DESC = 186, @@ -4621,6 +4622,7 @@ * @generate: both * @priority: high * @acl: domain:read + * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE */ REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, debian/patches/bridge-fix-persistent-networks.patch0000664000000000000000000000160613153725071017737 0ustar commit bb19491cf5e3b78f2d72bbcbcc06e985d29b7f4b Author: Peter Krempa Date: Fri Jan 11 11:10:34 2013 +0100 network: bridge: Fix regression when defining persistent networks Commit 0211fd6e04cdc402da20818df54299c6ded3d3cb introduced regression where newly defined networks were not made persistent. This patch makes the network persistent on each successful definition. Index: libvirt-1.0.1/src/network/bridge_driver.c =================================================================== --- libvirt-1.0.1.orig/src/network/bridge_driver.c 2013-01-23 10:32:42.798093957 -0600 +++ libvirt-1.0.1/src/network/bridge_driver.c 2013-01-23 10:32:42.794093957 -0600 @@ -3114,6 +3114,9 @@ goto cleanup; } + /* define makes the network persistent - always */ + network->persistent = 1; + /* def was asigned */ freeDef = false; debian/patches/enable-kvm-spice.patch0000664000000000000000000000127713153725071014775 0ustar Index: libvirt-1.1.4/src/qemu/qemu_capabilities.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_capabilities.c 2013-11-12 11:48:36.215867019 -0600 +++ libvirt-1.1.4/src/qemu/qemu_capabilities.c 2013-11-12 11:48:36.203867019 -0600 @@ -705,6 +705,7 @@ if (virQEMUCapsIsValidForKVM(hostarch, guestarch)) { const char *const kvmbins[] = { "/usr/libexec/qemu-kvm", /* RHEL */ "qemu-kvm", /* Fedora */ + "kvm-spice", /* qemu-kvm-spice Ubuntu package */ "kvm" }; /* Upstream .spec */ for (i = 0; i < ARRAY_CARDINALITY(kvmbins); ++i) { debian/patches/Allow-libvirt-group-to-access-the-socket.patch0000664000000000000000000000325313153725071021453 0ustar From: Guido Guenther Date: Thu, 26 Jun 2008 20:01:38 +0200 Subject: Allow libvirt group to access the socket diff -Naurp libvirt-1.2.2.orig/daemon/libvirtd.conf libvirt-1.2.2/daemon/libvirtd.conf --- libvirt-1.2.2.orig/daemon/libvirtd.conf 2014-02-21 06:24:39.000000000 -0500 +++ libvirt-1.2.2/daemon/libvirtd.conf 2014-03-03 13:55:23.602192862 -0500 @@ -78,14 +78,14 @@ # without becoming root. # # This is restricted to 'root' by default. -#unix_sock_group = "libvirt" +unix_sock_group = "libvirt" # Set the UNIX socket permissions for the R/O socket. This is used # for monitoring VM status only # # Default allows any user. If setting group ownership, you may want to # restrict this too. -#unix_sock_ro_perms = "0777" +unix_sock_ro_perms = "0777" # Set the UNIX socket permissions for the R/W socket. This is used # for full management of VMs @@ -95,7 +95,7 @@ # # If not using PolicyKit and setting group ownership for access # control, then you may want to relax this too. -#unix_sock_rw_perms = "0770" +unix_sock_rw_perms = "0770" # Set the name of the directory in which sockets will be found/created. #unix_sock_dir = "/var/run/libvirt" @@ -126,7 +126,7 @@ # # To restrict monitoring of domains you may wish to enable # an authentication mechanism here -#auth_unix_ro = "none" +auth_unix_ro = "none" # Set an authentication scheme for UNIX read-write sockets # By default socket permissions only allow root. If PolicyKit @@ -135,7 +135,7 @@ # # If the unix_sock_rw_perms are changed you may wish to enable # an authentication mechanism here -#auth_unix_rw = "none" +auth_unix_rw = "none" # Change the authentication scheme for TCP sockets. # debian/patches/CVE-2014-3633.patch0000664000000000000000000000353313153725071013245 0ustar From 3e745e8f775dfe6f64f18b5c2fe4791b35d3546b Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Thu, 11 Sep 2014 16:35:53 +0200 Subject: [PATCH] CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk Live definition was used to look up the disk index while persistent one was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the correct def and report a nice error. Unfortunately it's accessible via read-only connection, though it can only crash libvirtd in the cases where the guest is hot-plugging disks without reflecting those changes to the persistent definition. So avoiding hotplug, or doing hotplug where persistent is always modified alongside live definition, will avoid the out-of-bounds access. Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724 Reported-by: Luyao Huang Signed-off-by: Peter Krempa --- src/qemu/qemu_driver.c | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) Index: libvirt-1.2.2/src/qemu/qemu_driver.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_driver.c 2014-09-29 15:27:04.000947230 -0400 +++ libvirt-1.2.2/src/qemu/qemu_driver.c 2014-09-29 15:27:04.000947230 -0400 @@ -15713,9 +15713,13 @@ } if (flags & VIR_DOMAIN_AFFECT_CONFIG) { - int idx = virDomainDiskIndexByName(vm->def, disk, true); - if (idx < 0) + int idx = virDomainDiskIndexByName(persistentDef, disk, true); + if (idx < 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("disk '%s' was not found in the domain config"), + disk); goto endjob; + } reply = persistentDef->disks[idx]->blkdeviotune; } debian/patches/9002-default_uri_virsh_to_system.patch0000664000000000000000000000221413153725071020057 0ustar Description: Use qemu:///system as the default URI We've done this in Ubuntu for ages, and can't switch it now. However the old patch ended up changing the behavior of various ways of specifying URI preferences. We don't want that - we only want to change the default if nothing is specified. Author: Serge Hallyn Forwarded: no Index: libvirt-1.1.4/src/libvirt.c =================================================================== --- libvirt-1.1.4.orig/src/libvirt.c 2013-11-13 16:44:33.472085000 +0100 +++ libvirt-1.1.4/src/libvirt.c 2013-11-13 16:47:26.924085000 +0100 @@ -1103,6 +1103,7 @@ int ret = -1; virConfValuePtr value = NULL; const char *defname = virGetEnvBlockSUID("LIBVIRT_DEFAULT_URI"); + const char *fallback = "qemu:///system"; if (defname && *defname) { VIR_DEBUG("Using LIBVIRT_DEFAULT_URI '%s'", defname); *name = defname; @@ -1114,6 +1115,9 @@ } VIR_DEBUG("Using config file uri '%s'", value->str); *name = value->str; + } else { + VIR_DEBUG("Falling back to uri qemu:///system"); + *name = fallback; } ret = 0; debian/patches/Allow-xen-toolstack-to-find-it-s-binaries.patch0000664000000000000000000002123713153725071021522 0ustar From: George Dunlap Date: Tue, 2 Oct 2012 19:19:04 +0200 Subject: Allow xen toolstack to find it's binaries Closes: #685749 --- docs/schemas/capability.rng | 4 ++-- src/xen/xen_hypervisor.c | 6 +++--- tests/xencapsdata/xen-i686-pae-hvm.xml | 6 +++--- tests/xencapsdata/xen-i686-pae.xml | 2 +- tests/xencapsdata/xen-i686.xml | 2 +- tests/xencapsdata/xen-ia64-be-hvm.xml | 6 +++--- tests/xencapsdata/xen-ia64-be.xml | 2 +- tests/xencapsdata/xen-ia64-hvm.xml | 6 +++--- tests/xencapsdata/xen-ia64.xml | 2 +- tests/xencapsdata/xen-ppc64.xml | 2 +- tests/xencapsdata/xen-x86_64-hvm.xml | 10 +++++----- tests/xencapsdata/xen-x86_64.xml | 2 +- 12 files changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/schemas/capability.rng b/docs/schemas/capability.rng index 8c928bc..b1930ba 100644 --- a/docs/schemas/capability.rng +++ b/docs/schemas/capability.rng @@ -241,13 +241,13 @@ - + - + diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c index 81fbf99..606e528 100644 --- a/src/xen/xen_hypervisor.c +++ b/src/xen/xen_hypervisor.c @@ -2359,10 +2359,10 @@ xenHypervisorBuildCapabilities(virConnectPtr conn, guest_archs[i].model, guest_archs[i].bits, (STREQ(hostmachine, "x86_64") ? - "/usr/lib64/xen/bin/qemu-dm" : - "/usr/lib/xen/bin/qemu-dm"), + "qemu-dm" : + "qemu-dm"), (guest_archs[i].hvm ? - "/usr/lib/xen-default/boot/hvmloader" : + "hvmloader" : NULL), 1, machines)) == NULL) { diff --git a/tests/xencapsdata/xen-i686-pae-hvm.xml b/tests/xencapsdata/xen-i686-pae-hvm.xml index 7cde6df..cf1953d 100644 --- a/tests/xencapsdata/xen-i686-pae-hvm.xml +++ b/tests/xencapsdata/xen-i686-pae-hvm.xml @@ -20,7 +20,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -34,8 +34,8 @@ hvm 32 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv diff --git a/tests/xencapsdata/xen-i686-pae.xml b/tests/xencapsdata/xen-i686-pae.xml index 3dba6eb..c774d6c 100644 --- a/tests/xencapsdata/xen-i686-pae.xml +++ b/tests/xencapsdata/xen-i686-pae.xml @@ -20,7 +20,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv diff --git a/tests/xencapsdata/xen-i686.xml b/tests/xencapsdata/xen-i686.xml index 22d7685..bc36cbf 100644 --- a/tests/xencapsdata/xen-i686.xml +++ b/tests/xencapsdata/xen-i686.xml @@ -17,7 +17,7 @@ xen 32 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv diff --git a/tests/xencapsdata/xen-ia64-be-hvm.xml b/tests/xencapsdata/xen-ia64-be-hvm.xml index e56e306..ddab377 100644 --- a/tests/xencapsdata/xen-ia64-be-hvm.xml +++ b/tests/xencapsdata/xen-ia64-be-hvm.xml @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -31,8 +31,8 @@ hvm 64 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv diff --git a/tests/xencapsdata/xen-ia64-be.xml b/tests/xencapsdata/xen-ia64-be.xml index 017816c..4a548c6 100644 --- a/tests/xencapsdata/xen-ia64-be.xml +++ b/tests/xencapsdata/xen-ia64-be.xml @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv diff --git a/tests/xencapsdata/xen-ia64-hvm.xml b/tests/xencapsdata/xen-ia64-hvm.xml index 25617fc..32a0056 100644 --- a/tests/xencapsdata/xen-ia64-hvm.xml +++ b/tests/xencapsdata/xen-ia64-hvm.xml @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv @@ -28,8 +28,8 @@ hvm 64 - /usr/lib/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv diff --git a/tests/xencapsdata/xen-ia64.xml b/tests/xencapsdata/xen-ia64.xml index 82ce965..e48b29b 100644 --- a/tests/xencapsdata/xen-ia64.xml +++ b/tests/xencapsdata/xen-ia64.xml @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv diff --git a/tests/xencapsdata/xen-ppc64.xml b/tests/xencapsdata/xen-ppc64.xml index 91401b9..2799fe8 100644 --- a/tests/xencapsdata/xen-ppc64.xml +++ b/tests/xencapsdata/xen-ppc64.xml @@ -17,7 +17,7 @@ xen 64 - /usr/lib/xen/bin/qemu-dm + qemu-dm xenpv diff --git a/tests/xencapsdata/xen-x86_64-hvm.xml b/tests/xencapsdata/xen-x86_64-hvm.xml index 493d1ea..9e79899 100644 --- a/tests/xencapsdata/xen-x86_64-hvm.xml +++ b/tests/xencapsdata/xen-x86_64-hvm.xml @@ -20,7 +20,7 @@ xen 64 - /usr/lib64/xen/bin/qemu-dm + qemu-dm xenpv @@ -31,8 +31,8 @@ hvm 32 - /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv @@ -49,8 +49,8 @@ hvm 64 - /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen-default/boot/hvmloader + qemu-dm + hvmloader xenfv diff --git a/tests/xencapsdata/xen-x86_64.xml b/tests/xencapsdata/xen-x86_64.xml index 0c3279b..73e232e 100644 --- a/tests/xencapsdata/xen-x86_64.xml +++ b/tests/xencapsdata/xen-x86_64.xml @@ -20,7 +20,7 @@ xen 64 - /usr/lib64/xen/bin/qemu-dm + qemu-dm xenpv debian/patches/ubuntu-xend-xmlcreate-double-free.patch0000664000000000000000000000145513153725071020300 0ustar From: Stefan Bader Date: Tue, 30 Jul 2013 20:48:33 +0200 Subject: xen: Avoid double free of virDomainDef in xenDaemonCreateXML The virDomainDef is allocated by the caller and also used after calling to xenDaemonCreateXML. So it must not get freed by the callee. Signed-off-by: Stefan Bader Index: libvirt-1.0.6/src/xen/xend_internal.c =================================================================== --- libvirt-1.0.6.orig/src/xen/xend_internal.c 2013-05-27 14:54:08.000000000 +0200 +++ libvirt-1.0.6/src/xen/xend_internal.c 2013-07-30 20:46:09.102792737 +0200 @@ -2184,7 +2184,6 @@ xenDaemonCreateXML(virConnectPtr conn, v if (xenDaemonDomainResume(conn, def) < 0) goto error; - virDomainDefFree(def); return 0; error: debian/patches/fix-util-don-t-fail-if-no-portdata-is-found.patch0000664000000000000000000000725113153725071021706 0ustar |From 25df57db73adc3e610193ee1fcdd202c47ba471d Mon Sep 17 00:00:00 2001 |From: zhang bo |Date: Thu, 5 Mar 2015 10:01:50 +0800 |Subject: [PATCH] util: don't fail if no PortData is found while getting | migrateData | |Introduced by f6a2f97e | |Problem Description: |After multiple times of migrating a domain, which has an ovs interface with no portData set, |with non-shared disk, nbd ports got overflowed. | |The steps to reproduce the problem: |1 define and start a domain with its network configured as: | | | | | | | |2 do not set the network's portData. |3 migrate(ToURI2) it with flag 91(1011011), which means: | VIR_MIGRATE_LIVE | VIR_MIGRATE_PEER2PEER | VIR_MIGRATE_PERSIST_DEST | VIR_MIGRATE_UNDEFINE_SOURCE | VIR_MIGRATE_NON_SHARED_DISK |4 migrate success, but we got an error log in libvirtd.log: | error : virCommandWait:2423 : internal error: Child process (ovs-vsctl --timeout=5 get Interface | vnet1 external_ids:PortData) unexpected exit status 1: ovs-vsctl: no key "PortData" in Interface | record "vnet1" column external_ids |5 migrate it back, migrate it , migrate it back, ....... |6 nbd port got overflowed. | |The reasons for the problem is : |1 virNetDevOpenvswitchGetMigrateData() takes it as wrong if no portData is available for the ovs | interface of a domain. (We think it's not appropriate, as portData is just OPTIONAL) |2 in func qemuMigrationBakeCookie(), it fails in qemuMigrationCookieAddNetwork(), and returns with -1. | qemuMigrationCookieAddNBD() is not called thereafter, and mig->nbd is still NULL. |3 However, qemuMigrationRun() just *WARN* if qemuMigrationBakeCookie() fails, migration still successes. | cookie is NULL, it's not baked on the src side. |4 On the destination side, it would alloc a port first and then free the nbd port in COOKIE. | But the cookie is NULL due to qemuMigrationCookieAddNetwork() failure at src side. thus the nbd port | is not freed. | |In this patch, we add "--if-exists" option to make ovs-vsctl not raise error if there's no portData available. |Further more, because portData may be NULL in the cookie at the dest side, check it before setting portData. | |Signed-off-by: Zhou Yimin |Signed-off-by: Zhang Bo --- Origin: upstream, https://github.com/libvirt/libvirt/commit/25df57db73adc3e610193ee1fcdd202c47ba471d Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1540537 --- libvirt-1.2.2.orig/src/util/virnetdevopenvswitch.c +++ libvirt-1.2.2/src/util/virnetdevopenvswitch.c @@ -30,6 +30,7 @@ #include "virerror.h" #include "virmacaddr.h" #include "virstring.h" +#include "virlog.h" #define VIR_FROM_THIS VIR_FROM_NONE @@ -208,7 +209,7 @@ int virNetDevOpenvswitchGetMigrateData(c virCommandPtr cmd = NULL; int ret = -1; - cmd = virCommandNewArgList(OVSVSCTL, "--timeout=5", "get", "Interface", + cmd = virCommandNewArgList(OVSVSCTL, "--timeout=5", "--if-exists", "get", "Interface", ifname, "external_ids:PortData", NULL); virCommandSetOutputBuffer(cmd, migrate); @@ -243,6 +244,11 @@ int virNetDevOpenvswitchSetMigrateData(c virCommandPtr cmd = NULL; int ret = -1; + if (!migrate) { + VIR_DEBUG("No OVS port data for interface %s", ifname); + return 0; + } + cmd = virCommandNewArgList(OVSVSCTL, "--timeout=5", "set", "Interface", ifname, NULL); virCommandAddArgFormat(cmd, "external_ids:PortData=%s", migrate); debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch0000664000000000000000000000500113153725071024252 0ustar From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Thu, 18 Mar 2010 13:05:59 +0100 Subject: patch qemuMonitorTextGetMigrationStatus to intercept unknown command 'info migrate' Debian package kvm up to version 72 has not implemented the command 'info migrate'. This command interface returns help page of info commands and looks like this: ---8<--- info version -- show the version of qemu info network -- show the network state info block -- show the block devices info blockstats -- show block device statistics info registers -- show the cpu registers info cpus -- show infos for each CPU info history -- show the command line history info irq -- show the interrupts statistics (if available) info pic -- show i8259 (PIC) state info pci -- show PCI info info tlb -- show virtual to physical memory mappings info mem -- show the active virtual memory mappings info jit -- show dynamic compiler info info kqemu -- show kqemu information info kvm -- show kvm information info usb -- show guest USB devices info usbhost -- show host USB devices info profile -- show profiling information info capture -- show capture information info snapshots -- show the currently saved VM snapshots info pcmcia -- show guest PCMCIA status info mice -- show which guest mouse is receiving events info vnc -- show the vnc server status info name -- show the current VM name info slirp -- show SLIRP statistics info migration -- show migration information --->8--- This patch triggers for 'info migration' in reply to 'info migrate' command to savely detect that the command 'info migrate' is not implemented. Index: libvirt-1.1.4/src/qemu/qemu_monitor_text.c =================================================================== --- libvirt-1.1.4.orig/src/qemu/qemu_monitor_text.c 2013-11-12 11:48:32.027867056 -0600 +++ libvirt-1.1.4/src/qemu/qemu_monitor_text.c 2013-11-12 11:48:32.015867056 -0600 @@ -1533,7 +1533,15 @@ } status->disk_total *= 1024; } - } + } else if (strstr(reply, "info migration") != NULL) { + /* 'info migrate' returned help for info commands and the help page + * advertises 'info migration' command. Therefore we have an old + * command implementation installed and this must be kvm 72 on debian */ + virReportError(VIR_ERR_INTERNAL_ERROR, + _("command 'info migrate' is not implemented in kvm," + " please update to qemu-kvm")); + goto cleanup; + } done: ret = 0; debian/patches/CVE-2017-5715-ibrs-1.patch0000664000000000000000000000261413232425567014352 0ustar Backport of: From 8b605530e80a13b44d8a05f5718a3edab18d3ff5 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 12 Dec 2017 16:23:42 +0100 Subject: [PATCH] cpu: add CPU features for indirect branch prediction protection Added in QEMU commits TBD and TBD. Signed-off-by: Paolo Bonzini Signed-off-by: Jiri Denemark Reviewed-by: Pavel Hrdina --- src/cpu/cpu_map.xml | 8 ++++++++ 1 file changed, 8 insertions(+) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-01-25 14:09:41.062210162 -0500 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-01-25 14:09:41.058210156 -0500 @@ -287,6 +287,9 @@ + + + @@ -327,6 +330,11 @@ + + + + + debian/patches/9004-libvirtd-group-name.patch0000664000000000000000000000113313153725071016123 0ustar Description: rename libvirt group name to 'libvirtd' Author: Soren Hansen Forwarded: no diff -Naurp libvirt-1.2.2.orig/daemon/libvirtd.conf libvirt-1.2.2/daemon/libvirtd.conf --- libvirt-1.2.2.orig/daemon/libvirtd.conf 2014-03-03 13:57:06.530195316 -0500 +++ libvirt-1.2.2/daemon/libvirtd.conf 2014-03-03 13:57:29.866195872 -0500 @@ -78,7 +78,7 @@ # without becoming root. # # This is restricted to 'root' by default. -unix_sock_group = "libvirt" +unix_sock_group = "libvirtd" # Set the UNIX socket permissions for the R/O socket. This is used # for monitoring VM status only debian/patches/CVE-2015-5313.patch0000664000000000000000000000546413153725071013250 0ustar From 6542e643024ca4272f14e9052b3786378f6eec62 Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 8 Dec 2015 17:46:31 -0700 Subject: [PATCH] CVE-2015-5313: storage: don't allow '/' in filesystem volume names The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: Eric Blake (cherry picked from commit 034e47c338b13a95cf02106a3af912c1c5f818d7) --- src/storage/storage_backend_fs.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c index 4d69f74..8b5e70b 100644 --- a/src/storage/storage_backend_fs.c +++ b/src/storage/storage_backend_fs.c @@ -1,7 +1,7 @@ /* * storage_backend_fs.c: storage backend for FS and directory handling * - * Copyright (C) 2007-2014 Red Hat, Inc. + * Copyright (C) 2007-2015 Red Hat, Inc. * Copyright (C) 2007-2008 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -1001,6 +1001,14 @@ virStorageBackendFileSystemVolCreate(virConnectPtr conn ATTRIBUTE_UNUSED, vol->type = VIR_STORAGE_VOL_FILE; + /* Volumes within a directory pools are not recursive; do not + * allow escape to ../ or a subdir */ + if (strchr(vol->name, '/')) { + virReportError(VIR_ERR_OPERATION_INVALID, + _("volume name '%s' cannot contain '/'"), vol->name); + return -1; + } + VIR_FREE(vol->target.path); if (virAsprintf(&vol->target.path, "%s/%s", pool->def->target.path, -- 1.7.1 debian/patches/arm-cpu-baseline.patch0000664000000000000000000000337713153725071015002 0ustar From 72bddd5f2fb097013b4d97470ed6a472a4c15db3 Mon Sep 17 00:00:00 2001 From: Oleg Strikov Date: Mon, 3 Mar 2014 17:41:03 +0400 Subject: [PATCH] qemu: Implement a stub cpuArchDriver.baseline() handler for arm Openstack Nova calls virConnectBaselineCPU() during initialization of the instance to get a full list of CPU features. This patch adds a stub to arm-specific code to handle this request (no actual work is done). Signed-off-by: Oleg Strikov --- src/cpu/cpu_arm.c | 25 ++++++++++++++++++++++++- 1 files changed, 24 insertions(+), 1 deletions(-) diff --git a/src/cpu/cpu_arm.c b/src/cpu/cpu_arm.c index 5baff42..ec80b35 100644 --- a/src/cpu/cpu_arm.c +++ b/src/cpu/cpu_arm.c @@ -86,6 +86,29 @@ ArmGuestData(virCPUDefPtr host ATTRIBUTE_UNUSED, return VIR_CPU_COMPARE_IDENTICAL; } +static virCPUDefPtr +ArmBaseline(virCPUDefPtr *cpus, + unsigned int ncpus ATTRIBUTE_UNUSED, + const char **models ATTRIBUTE_UNUSED, + unsigned int nmodels ATTRIBUTE_UNUSED, + unsigned int flags) +{ + virCPUDefPtr cpu = NULL; + + virCheckFlags(VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, NULL); + + if (VIR_ALLOC(cpu) < 0 || + VIR_STRDUP(cpu->model, cpus[0]->model) < 0) { + virCPUDefFree(cpu); + return NULL; + } + + cpu->type = VIR_CPU_TYPE_GUEST; + cpu->match = VIR_CPU_MATCH_EXACT; + + return cpu; +} + struct cpuArchDriver cpuDriverArm = { .name = "arm", .arch = archs, @@ -96,7 +119,7 @@ struct cpuArchDriver cpuDriverArm = { .free = ArmDataFree, .nodeData = ArmNodeData, .guestData = ArmGuestData, - .baseline = NULL, + .baseline = ArmBaseline, .update = ArmUpdate, .hasFeature = NULL, }; -- 1.7.1 debian/patches/9030-virsh-add-keepalive-in-new-vshconnect-fn0000664000000000000000000002374613153725071020743 0ustar commit 676cb4f4e762b8682a06c6dab1f690fbcd939550 Author: Martin Kletzander Date: Thu Mar 6 17:20:11 2014 +0100 virsh: Add keepalive in new vshConnect function Introducing keepalive similarly to Guannan around 2 years ago. Since we want to introduce keepalive for every connection, it makes sense to wrap the connecting function into new virsh one that can deal keepalive as well. Function vshConnect() is now used for connecting and keepalive added in that function (if possible) helps preventing long waits e.g. while nework goes down during migration. This patch also adds the options for keepalive tuning into virsh and fails connecting only when keepalives are explicitly requested and cannot be set (whether it is due to missing support in connected driver or remote server). If not explicitely requested, a debug message is printed (hence the addition to virsh-optparse test). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1073506 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=822839 Signed-off-by: Martin Kletzander Index: libvirt-1.2.2/tests/virsh-optparse =================================================================== --- libvirt-1.2.2.orig/tests/virsh-optparse +++ libvirt-1.2.2/tests/virsh-optparse @@ -1,7 +1,7 @@ #!/bin/sh # Ensure that virsh option parsing doesn't regress -# Copyright (C) 2011-2012 Red Hat, Inc. +# Copyright (C) 2011-2012, 2014 Red Hat, Inc. # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -65,7 +65,7 @@ for args in \ '--count 2 test' \ '--count=2 test' \ ; do - virsh -d0 -c $test_url setvcpus $args >out 2>>err || fail=1 + virsh -k0 -d0 -c $test_url setvcpus $args >out 2>>err || fail=1 LC_ALL=C sort out | compare exp-out - || fail=1 done Index: libvirt-1.2.2/tools/virsh-domain.c =================================================================== --- libvirt-1.2.2.orig/tools/virsh-domain.c +++ libvirt-1.2.2/tools/virsh-domain.c @@ -8777,7 +8777,7 @@ doMigrate(void *opaque) virConnectPtr dconn = NULL; virDomainPtr ddom = NULL; - dconn = virConnectOpenAuth(desturi, virConnectAuthPtrDefault, 0); + dconn = vshConnect(ctl, desturi, false); if (!dconn) goto out; Index: libvirt-1.2.2/tools/virsh.c =================================================================== --- libvirt-1.2.2.orig/tools/virsh.c +++ libvirt-1.2.2/tools/virsh.c @@ -315,6 +315,46 @@ vshCatchDisconnect(virConnectPtr conn AT disconnected++; } +/* Main Function which should be used for connecting. + * This function properly handles keepalive settings. */ +virConnectPtr +vshConnect(vshControl *ctl, const char *uri, bool readonly) +{ + virConnectPtr c = NULL; + int interval = 5; /* Default */ + int count = 6; /* Default */ + bool keepalive_forced = false; + + if (ctl->keepalive_interval >= 0) { + interval = ctl->keepalive_interval; + keepalive_forced = true; + } + if (ctl->keepalive_count >= 0) { + count = ctl->keepalive_count; + keepalive_forced = true; + } + + c = virConnectOpenAuth(uri, virConnectAuthPtrDefault, + readonly ? VIR_CONNECT_RO : 0); + if (!c) + return NULL; + + if (interval > 0 && + virConnectSetKeepAlive(c, interval, count) != 0) { + if (keepalive_forced) { + vshError(ctl, "%s", + _("Cannot setup keepalive on connection " + "as requested, disconnecting")); + virConnectClose(c); + return NULL; + } + vshDebug(ctl, VSH_ERR_INFO, "%s", + _("Failed to setup keepalive on connection\n")); + } + + return c; +} + /* * vshReconnect: * @@ -340,9 +380,8 @@ vshReconnect(vshControl *ctl) "disconnect from the hypervisor")); } - ctl->conn = virConnectOpenAuth(ctl->name, - virConnectAuthPtrDefault, - ctl->readonly ? VIR_CONNECT_RO : 0); + ctl->conn = vshConnect(ctl, ctl->name, ctl->readonly); + if (!ctl->conn) { if (disconnected) vshError(ctl, "%s", _("Failed to reconnect to the hypervisor")); @@ -417,8 +456,7 @@ cmdConnect(vshControl *ctl, const vshCmd ctl->useSnapshotOld = false; ctl->readonly = ro; - ctl->conn = virConnectOpenAuth(ctl->name, virConnectAuthPtrDefault, - ctl->readonly ? VIR_CONNECT_RO : 0); + ctl->conn = vshConnect(ctl, ctl->name, ctl->readonly); if (!ctl->conn) { vshError(ctl, "%s", _("Failed to connect to the hypervisor")); @@ -3113,6 +3151,10 @@ vshUsage(void) " -r | --readonly connect readonly\n" " -d | --debug=NUM debug level [0-4]\n" " -h | --help this help\n" + " -k | --keepalive-interval=NUM\n" + " keepalive interval in seconds, 0 for disable\n" + " -K | --keepalive-count=NUM\n" + " number of possible missed keepalive messages\n" " -q | --quiet quiet mode\n" " -t | --timing print timing information\n" " -l | --log=FILE output logging to file\n" @@ -3302,12 +3344,14 @@ vshAllowedEscapeChar(char c) static bool vshParseArgv(vshControl *ctl, int argc, char **argv) { - int arg, len, debug; + int arg, len, debug, keepalive; size_t i; int longindex = -1; struct option opt[] = { {"debug", required_argument, NULL, 'd'}, {"help", no_argument, NULL, 'h'}, + {"keepalive-interval", required_argument, NULL, 'k'}, + {"keepalive-count", required_argument, NULL, 'K'}, {"quiet", no_argument, NULL, 'q'}, {"timing", no_argument, NULL, 't'}, {"version", optional_argument, NULL, 'v'}, @@ -3321,7 +3365,7 @@ vshParseArgv(vshControl *ctl, int argc, /* Standard (non-command) options. The leading + ensures that no * argument reordering takes place, so that command options are * not confused with top-level virsh options. */ - while ((arg = getopt_long(argc, argv, "+:d:hqtc:vVrl:e:", opt, &longindex)) != -1) { + while ((arg = getopt_long(argc, argv, "+:d:hk:K:qtc:vVrl:e:", opt, &longindex)) != -1) { switch (arg) { case 'd': if (virStrToLong_i(optarg, NULL, 10, &debug) < 0) { @@ -3361,6 +3405,24 @@ vshParseArgv(vshControl *ctl, int argc, case 'r': ctl->readonly = true; break; + case 'k': + if (virStrToLong_i(optarg, NULL, 0, &keepalive) < 0 || + keepalive < 0) { + vshError(ctl, _("option -%s requires a positive numeric argument"), + longindex == -1 ? "-k" : "--keepalive-interval"); + exit(EXIT_FAILURE); + } + ctl->keepalive_interval = keepalive; + break; + case 'K': + if (virStrToLong_i(optarg, NULL, 0, &keepalive) < 0 || + keepalive < 0) { + vshError(ctl, _("option -%s requires a positive numeric argument"), + longindex == -1 ? "-K" : "--keepalive-count"); + exit(EXIT_FAILURE); + } + ctl->keepalive_count = keepalive; + break; case 'l': vshCloseLogFile(ctl); ctl->logfile = vshStrdup(ctl, optarg); @@ -3490,6 +3552,11 @@ main(int argc, char **argv) ctl->log_fd = -1; /* Initialize log file descriptor */ ctl->debug = VSH_DEBUG_DEFAULT; ctl->escapeChar = "^]"; /* Same default as telnet */ + + /* In order to distinguish default from setting to 0 */ + ctl->keepalive_interval = -1; + ctl->keepalive_count = -1; + ctl->eventPipe[0] = -1; ctl->eventPipe[1] = -1; ctl->eventTimerId = -1; Index: libvirt-1.2.2/tools/virsh.h =================================================================== --- libvirt-1.2.2.orig/tools/virsh.h +++ libvirt-1.2.2/tools/virsh.h @@ -249,6 +249,9 @@ struct _vshControl { const char *escapeChar; /* String representation of console escape character */ + int keepalive_interval; /* Client keepalive interval */ + int keepalive_count; /* Client keepalive count */ + # ifndef WIN32 struct termios termattr; /* settings of the tty terminal */ # endif @@ -269,6 +272,8 @@ void vshOutputLogFile(vshControl *ctl, i ATTRIBUTE_FMT_PRINTF(3, 0); void vshCloseLogFile(vshControl *ctl); +virConnectPtr vshConnect(vshControl *ctl, const char *uri, bool readonly); + const char *vshCmddefGetInfo(const vshCmdDef *cmd, const char *info); const vshCmdDef *vshCmddefSearch(const char *cmdname); bool vshCmddefHelp(vshControl *ctl, const char *name); Index: libvirt-1.2.2/tools/virsh.pod =================================================================== --- libvirt-1.2.2.orig/tools/virsh.pod +++ libvirt-1.2.2/tools/virsh.pod @@ -78,6 +78,18 @@ Enable debug messages at integer I environment variable below for the description of each I. +=item B<-k>, B<--keepalive-interval> I + +Set an I (in seconds) for sending keepalive messages to +check whether connection to the server is still alive. Setting the +interval to 0 disables client keepalive mechanism. + +=item B<-K>, B<--keepalive-count> I + +Set a number of times keepalive message can be sent without getting an +answer from the server without marking the connection dead. There is +no effect to this setting in case the I is set to 0. + =item B<-l>, B<--log> I Output logging details to I. debian/patches/nonblock-fix.patch0000664000000000000000000000257713153725071014250 0ustar commit ceb31795af40f6127a541076b905935ff83e5b11 Author: Michal Privoznik Date: Tue Mar 26 15:45:16 2013 +0100 qemu: Set migration FD blocking Since we switched from direct host migration scheme to the one, where we connect to the destination and then just pass a FD to a qemu, we have uncovered a qemu bug. Qemu expects migration FD to block. However, we are passing a nonblocking one which results in cryptic error messages like: qemu: warning: error while loading state section id 2 load of migration failed The bug is already known to Qemu folks, but we should workaround already released Qemus. Patch has been originally proposed by Stefan Hajnoczi Index: libvirt-1.0.2/src/qemu/qemu_migration.c =================================================================== --- libvirt-1.0.2.orig/src/qemu/qemu_migration.c 2013-04-18 10:44:01.186392496 -0500 +++ libvirt-1.0.2/src/qemu/qemu_migration.c 2013-04-18 10:44:01.162392375 -0500 @@ -2179,6 +2179,13 @@ spec->dest.fd.qemu == -1) goto cleanup; + /* Migration expects a blocking FD */ + if (virSetBlocking(spec->dest.fd.qemu, true) < 0) { + virReportSystemError(errno, _("Unable to set FD %d blocking"), + spec->dest.fd.qemu); + goto cleanup; + } + ret = 0; cleanup: debian/patches/CVE-2017-5715-ibrs-3.patch0000664000000000000000000000251613232426063014345 0ustar Backport of: From 2e3b220a874e558e54678afd7cf49466fe605e09 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Mon, 8 Jan 2018 20:53:25 +0100 Subject: [PATCH] cpu: Add Westmere-IBRS CPU model This is a variant of Westmere with indirect branch prediction protection. The only difference between Westmere and Westmere-IBRS is the added "spec-ctrl" feature. The Westmere-IBRS model in QEMU is a bit different since Westmere got several additional features since we added it in cpu_map.xml: arat, pclmuldq, vme Adding them only to the -IBRS variant would confuse our CPU detection code. Signed-off-by: Jiri Denemark Reviewed-by: Pavel Hrdina --- src/cpu/cpu_map.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-01-25 14:12:26.630412968 -0500 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-01-25 14:12:46.738436930 -0500 @@ -498,6 +498,11 @@ + + + + + debian/patches/libxl-set-disk-format-for-cdrom.patch0000664000000000000000000000265713153725071017665 0ustar From: Stefan Bader Date: Wed, 26 Mar 2014 17:03:49 +0100 Subject: libxl: Set disk format for empty cdrom device The XML config for a CDROM device can be without a source path, indicating that there is no media present. Without this change the libxl driver fails to start a guest in that case because the libxl library checks for the LIBXL_DISK_FORMAT_EMPTY format type and tries to stat the NULL pointer that gets passed on. > libxl: error: libxl_device.c:265:libxl__device_disk_set_backend: > Disk vdev=hdc failed to stat: (null): Bad address Signed-off-by: Stefan Bader Index: libvirt-1.2.2/src/libxl/libxl_conf.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_conf.c 2014-03-26 16:24:26.079097852 +0100 +++ libvirt-1.2.2/src/libxl/libxl_conf.c 2014-03-26 16:24:45.711193823 +0100 @@ -818,6 +818,9 @@ libxlMakeDisk(virDomainDiskDefPtr l_disk x_disk->removable = 1; x_disk->readwrite = !l_disk->readonly; x_disk->is_cdrom = l_disk->device == VIR_DOMAIN_DISK_DEVICE_CDROM ? 1 : 0; + /* An empty CDROM must have the empty format, otherwise libxl fails. */ + if (x_disk->is_cdrom && !x_disk->pdev_path) + x_disk->format = LIBXL_DISK_FORMAT_EMPTY; if (l_disk->transient) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("libxenlight does not support transient disks")); debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch0000664000000000000000000000125313153725071017770 0ustar From: =?utf-8?q?Guido_G=C3=BCnther?= Date: Sat, 14 Jan 2012 18:09:01 +0100 Subject: Don't fail if we can't setup avahi --- src/rpc/virnetserver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: libvirt-1.1.4/src/rpc/virnetserver.c =================================================================== --- libvirt-1.1.4.orig/src/rpc/virnetserver.c 2013-11-12 11:48:33.219867046 -0600 +++ libvirt-1.1.4/src/rpc/virnetserver.c 2013-11-12 11:48:33.207867046 -0600 @@ -1070,8 +1070,7 @@ virObjectLock(srv); - if (srv->mdns && - virNetServerMDNSStart(srv->mdns) < 0) + if (srv->mdns) goto cleanup; srv->quit = false; debian/patches/libxl-Support-PV-consoles.patch0000664000000000000000000000460013153725071016576 0ustar From 657cb1e44d90bab451256616f9d98fb4439a080c Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 25 Apr 2014 16:54:20 +0100 Subject: [PATCH] libxl: Support PV consoles Currently the driver only exposes the ability to connect to the serial console of a Xen guest, which doesn't work for a PV guest. Since for an HVM guest the serial devices are duplicated as consoles it is sufficient to just use the console devices unconditionally. Tested with the following bit of config XML: ... I have observed and tested this on ARM but I believe it also applies to x86 PV guests. Signed-off-by: Ian Campbell Cc: Jim Fehlig Cc: Dario Faggioli Cc: Clark Laughlin BugLink: http://bugs.launchpad.net/bugs/1334738 (cherry-picked from commit 657cb1e44d90bab451256616f9d98fb4439a080c upstream) Signed-off-by: Stefan Bader --- src/libxl/libxl_driver.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index a6ae8a1..e5ed0f2 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -3780,6 +3780,7 @@ libxlDomainOpenConsole(virDomainPtr dom, { virDomainObjPtr vm = NULL; int ret = -1; + libxl_console_type console_type; virDomainChrDefPtr chr = NULL; libxlDomainObjPrivatePtr priv; char *console = NULL; @@ -3807,8 +3808,8 @@ libxlDomainOpenConsole(virDomainPtr dom, priv = vm->privateData; - if (vm->def->nserials) - chr = vm->def->serials[0]; + if (vm->def->nconsoles) + chr = vm->def->consoles[0]; if (!chr) { virReportError(VIR_ERR_INTERNAL_ERROR, @@ -3824,7 +3825,12 @@ libxlDomainOpenConsole(virDomainPtr dom, goto cleanup; } - ret = libxl_primary_console_get_tty(priv->ctx, vm->def->id, &console); + console_type = + (chr->targetType == VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL ? + LIBXL_CONSOLE_TYPE_SERIAL : LIBXL_CONSOLE_TYPE_PV); + + ret = libxl_console_get_tty(priv->ctx, vm->def->id, chr->target.port, + console_type, &console); if (ret) goto cleanup; -- 1.7.9.5 debian/patches/9020-lp545795.patch0000664000000000000000000000167513153725071013363 0ustar Author: John Ferlito Description: add vendor and device to pciDeviceFileIterate(). Patch submitted upstream and they feel it is reasonable, but not committed yet. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=624151 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/maverick/+source/libvirt/+bug/545795 Index: libvirt-1.1.4/src/util/virpci.c =================================================================== --- libvirt-1.1.4.orig/src/util/virpci.c 2013-11-12 11:48:34.987867030 -0600 +++ libvirt-1.1.4/src/util/virpci.c 2013-11-12 11:48:34.975867030 -0600 @@ -1840,6 +1840,8 @@ */ if (STREQ(ent->d_name, "config") || STRPREFIX(ent->d_name, "resource") || + STREQ(ent->d_name, "vendor") || + STREQ(ent->d_name, "device") || STREQ(ent->d_name, "rom") || STREQ(ent->d_name, "reset")) { if (virAsprintf(&file, "%s/%s", pcidir, ent->d_name) < 0) debian/patches/fix-Debian-specific-path-to-hvm-loader.patch0000664000000000000000000001007513153725071021006 0ustar From: =?UTF-8?q?Guido=20G=C3=BCnther?= Date: Thu, 26 Feb 2009 14:29:58 +0100 Subject: fix Debian specific path to hvm loader Closes: #517059 --- src/xen/xen_hypervisor.c | 2 +- tests/xencapsdata/xen-i686-pae-hvm.xml | 2 +- tests/xencapsdata/xen-ia64-be-hvm.xml | 2 +- tests/xencapsdata/xen-ia64-hvm.xml | 2 +- tests/xencapsdata/xen-x86_64-hvm.xml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) Index: libvirt-1.1.4/src/xen/xen_hypervisor.c =================================================================== --- libvirt-1.1.4.orig/src/xen/xen_hypervisor.c 2013-11-12 11:48:31.267867063 -0600 +++ libvirt-1.1.4/src/xen/xen_hypervisor.c 2013-11-12 11:48:31.251867063 -0600 @@ -2143,7 +2143,7 @@ "/usr/lib64/xen/bin/qemu-dm" : "/usr/lib/xen/bin/qemu-dm"), (guest_archs[i].hvm ? - "/usr/lib/xen/boot/hvmloader" : + "/usr/lib/xen-default/boot/hvmloader" : NULL), 1, machines)) == NULL) { Index: libvirt-1.1.4/tests/xencapsdata/xen-i686-pae-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-i686-pae-hvm.xml 2013-11-12 11:48:31.267867063 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-i686-pae-hvm.xml 2013-11-12 11:48:31.251867063 -0600 @@ -35,7 +35,7 @@ 32 /usr/lib/xen/bin/qemu-dm - /usr/lib/xen/boot/hvmloader + /usr/lib/xen-default/boot/hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64-be-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64-be-hvm.xml 2013-11-12 11:48:31.267867063 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64-be-hvm.xml 2013-11-12 11:48:31.251867063 -0600 @@ -32,7 +32,7 @@ 64 /usr/lib/xen/bin/qemu-dm - /usr/lib/xen/boot/hvmloader + /usr/lib/xen-default/boot/hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-ia64-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-ia64-hvm.xml 2013-11-12 11:48:31.267867063 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-ia64-hvm.xml 2013-11-12 11:48:31.255867063 -0600 @@ -29,7 +29,7 @@ 64 /usr/lib/xen/bin/qemu-dm - /usr/lib/xen/boot/hvmloader + /usr/lib/xen-default/boot/hvmloader xenfv Index: libvirt-1.1.4/tests/xencapsdata/xen-x86_64-hvm.xml =================================================================== --- libvirt-1.1.4.orig/tests/xencapsdata/xen-x86_64-hvm.xml 2013-11-12 11:48:31.267867063 -0600 +++ libvirt-1.1.4/tests/xencapsdata/xen-x86_64-hvm.xml 2013-11-12 11:48:31.255867063 -0600 @@ -32,7 +32,7 @@ 32 /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen/boot/hvmloader + /usr/lib/xen-default/boot/hvmloader xenfv @@ -50,7 +50,7 @@ 64 /usr/lib64/xen/bin/qemu-dm - /usr/lib/xen/boot/hvmloader + /usr/lib/xen-default/boot/hvmloader xenfv debian/patches/libxl-do-not-use-virdomain-id.patch0000664000000000000000000002674413153725071017343 0ustar From: Stefan Bader Date: Tue, 25 Mar 2014 17:39:13 +0100 Subject: libxl: Use id from virDomainObj inside the driver There is a domain id in the virDomain structure as well as in the virDomainObj structure. While the former can become stale the latter is kept up to date. So it is safer to always (virDomainObjPtr)->def->id internally. This will fix issues seen when managing Xen guests through libvirt from virt-manager (not being able to get domain info after define or reboot). This was caused both though libxlDomainGetInfo() only but there were a lot of places that might potentially cause issues, too. Signed-off-by: Stefan Bader Index: libvirt-1.2.2/src/libxl/libxl_driver.c =================================================================== --- libvirt-1.2.2.orig/src/libxl/libxl_driver.c 2014-03-25 17:03:41.461521736 +0100 +++ libvirt-1.2.2/src/libxl/libxl_driver.c 2014-03-25 17:22:12.170951716 +0100 @@ -1496,10 +1496,10 @@ libxlDomainSuspend(virDomainPtr dom) priv = vm->privateData; if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_PAUSED) { - if (libxl_domain_pause(priv->ctx, dom->id) != 0) { + if (libxl_domain_pause(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to suspend domain '%d' with libxenlight"), - dom->id); + vm->def->id); goto endjob; } @@ -1555,10 +1555,10 @@ libxlDomainResume(virDomainPtr dom) priv = vm->privateData; if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PAUSED) { - if (libxl_domain_unpause(priv->ctx, dom->id) != 0) { + if (libxl_domain_unpause(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to resume domain '%d' with libxenlight"), - dom->id); + vm->def->id); goto endjob; } @@ -1609,10 +1609,10 @@ libxlDomainShutdownFlags(virDomainPtr do } priv = vm->privateData; - if (libxl_domain_shutdown(priv->ctx, dom->id) != 0) { + if (libxl_domain_shutdown(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to shutdown domain '%d' with libxenlight"), - dom->id); + vm->def->id); goto cleanup; } @@ -1656,10 +1656,10 @@ libxlDomainReboot(virDomainPtr dom, unsi } priv = vm->privateData; - if (libxl_domain_reboot(priv->ctx, dom->id) != 0) { + if (libxl_domain_reboot(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to reboot domain '%d' with libxenlight"), - dom->id); + vm->def->id); goto cleanup; } ret = 0; @@ -1700,7 +1700,7 @@ libxlDomainDestroyFlags(virDomainPtr dom priv = vm->privateData; if (libxl_domain_destroy(priv->ctx, vm->def->id, NULL) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Failed to destroy domain '%d'"), dom->id); + _("Failed to destroy domain '%d'"), vm->def->id); goto cleanup; } @@ -1831,10 +1831,10 @@ libxlDomainSetMemoryFlags(virDomainPtr d if (flags & VIR_DOMAIN_MEM_LIVE) { priv = vm->privateData; - if (libxl_domain_setmaxmem(priv->ctx, dom->id, newmem) < 0) { + if (libxl_domain_setmaxmem(priv->ctx, vm->def->id, newmem) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to set maximum memory for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } } @@ -1864,13 +1864,13 @@ libxlDomainSetMemoryFlags(virDomainPtr d priv = vm->privateData; /* Unlock virDomainObj while ballooning memory */ virObjectUnlock(vm); - res = libxl_set_memory_target(priv->ctx, dom->id, newmem, 0, + res = libxl_set_memory_target(priv->ctx, vm->def->id, newmem, 0, /* force */ 1); virObjectLock(vm); if (res < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to set memory for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } } @@ -1928,9 +1928,10 @@ libxlDomainGetInfo(virDomainPtr dom, vir info->memory = vm->def->mem.cur_balloon; info->maxMem = vm->def->mem.max_balloon; } else { - if (libxl_domain_info(priv->ctx, &d_info, dom->id) != 0) { + if (libxl_domain_info(priv->ctx, &d_info, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("libxl_domain_info failed for domain '%d'"), dom->id); + _("libxl_domain_info failed for domain '%d'"), + vm->def->id); goto cleanup; } info->cpuTime = d_info.cpu_time; @@ -2209,11 +2210,11 @@ libxlDomainCoreDump(virDomainPtr dom, co if (!(flags & VIR_DUMP_LIVE) && virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) { - if (libxl_domain_pause(priv->ctx, dom->id) != 0) { + if (libxl_domain_pause(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Before dumping core, failed to suspend domain '%d'" " with libxenlight"), - dom->id); + vm->def->id); goto endjob; } virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, VIR_DOMAIN_PAUSED_DUMP); @@ -2222,20 +2223,20 @@ libxlDomainCoreDump(virDomainPtr dom, co /* Unlock virDomainObj while dumping core */ virObjectUnlock(vm); - ret = libxl_domain_core_dump(priv->ctx, dom->id, to, NULL); + ret = libxl_domain_core_dump(priv->ctx, vm->def->id, to, NULL); virObjectLock(vm); if (ret != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to dump core of domain '%d' with libxenlight"), - dom->id); + vm->def->id); ret = -1; goto unpause; } if (flags & VIR_DUMP_CRASH) { - if (libxl_domain_destroy(priv->ctx, dom->id, NULL) < 0) { + if (libxl_domain_destroy(priv->ctx, vm->def->id, NULL) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Failed to destroy domain '%d'"), dom->id); + _("Failed to destroy domain '%d'"), vm->def->id); goto unpause; } @@ -2250,10 +2251,10 @@ libxlDomainCoreDump(virDomainPtr dom, co unpause: if (virDomainObjIsActive(vm) && paused) { - if (libxl_domain_unpause(priv->ctx, dom->id) != 0) { + if (libxl_domain_unpause(priv->ctx, vm->def->id) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("After dumping core, failed to resume domain '%d' with" - " libxenlight"), dom->id); + " libxenlight"), vm->def->id); } else { virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_UNPAUSED); @@ -2512,19 +2513,19 @@ libxlDomainSetVcpusFlags(virDomainPtr do break; case VIR_DOMAIN_VCPU_LIVE: - if (libxl_set_vcpuonline(priv->ctx, dom->id, &map) != 0) { + if (libxl_set_vcpuonline(priv->ctx, vm->def->id, &map) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to set vcpus for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } break; case VIR_DOMAIN_VCPU_LIVE | VIR_DOMAIN_VCPU_CONFIG: - if (libxl_set_vcpuonline(priv->ctx, dom->id, &map) != 0) { + if (libxl_set_vcpuonline(priv->ctx, vm->def->id, &map) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to set vcpus for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } def->vcpus = nvcpus; @@ -2660,7 +2661,7 @@ libxlDomainPinVcpuFlags(virDomainPtr dom libxlDomainObjPrivatePtr priv; priv = vm->privateData; - if (libxl_set_vcpuaffinity(priv->ctx, dom->id, vcpu, &map) != 0) { + if (libxl_set_vcpuaffinity(priv->ctx, vm->def->id, vcpu, &map) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to pin vcpu '%d' with libxenlight"), vcpu); @@ -2825,11 +2826,11 @@ libxlDomainGetVcpus(virDomainPtr dom, vi } priv = vm->privateData; - if ((vcpuinfo = libxl_list_vcpu(priv->ctx, dom->id, &maxcpu, + if ((vcpuinfo = libxl_list_vcpu(priv->ctx, vm->def->id, &maxcpu, &hostcpus)) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to list vcpus for domain '%d' with libxenlight"), - dom->id); + vm->def->id); goto cleanup; } @@ -4088,7 +4089,7 @@ libxlDomainGetSchedulerType(virDomainPtr default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to get scheduler id for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto cleanup; } @@ -4139,10 +4140,10 @@ libxlDomainGetSchedulerParametersFlags(v goto cleanup; } - if (libxl_domain_sched_params_get(priv->ctx, dom->id, &sc_info) != 0) { + if (libxl_domain_sched_params_get(priv->ctx, vm->def->id, &sc_info) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to get scheduler parameters for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto cleanup; } @@ -4220,10 +4221,10 @@ libxlDomainSetSchedulerParametersFlags(v goto endjob; } - if (libxl_domain_sched_params_get(priv->ctx, dom->id, &sc_info) != 0) { + if (libxl_domain_sched_params_get(priv->ctx, vm->def->id, &sc_info) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to get scheduler parameters for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } @@ -4236,10 +4237,10 @@ libxlDomainSetSchedulerParametersFlags(v sc_info.cap = params[i].value.ui; } - if (libxl_domain_sched_params_set(priv->ctx, dom->id, &sc_info) != 0) { + if (libxl_domain_sched_params_set(priv->ctx, vm->def->id, &sc_info) != 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Failed to set scheduler parameters for domain '%d'" - " with libxenlight"), dom->id); + " with libxenlight"), vm->def->id); goto endjob; } debian/patches/numa-cgroups-fix-cpuset-mems-init.patch0000664000000000000000000001044113153725071020251 0ustar commit aa668fccf078bf9833047776549a5a06435cf470 Author: Martin Kletzander Date: Tue Jul 8 09:53:06 2014 +0200 qemu: split out cpuset.mems setting Signed-off-by: Martin Kletzander commit 7e72ac787848b7434c9359a57c1e2789d92350f8 Author: Martin Kletzander Date: Tue Jul 8 09:59:49 2014 +0200 qemu: leave restricting cpuset.mems after initialization When domain is started with numatune memory mode strict and the nodeset does not include host NUMA node with DMA and DMA32 zones, KVM initialization fails. This is because cgroup restrict even kernel allocations. We are already doing numa_set_membind() which does the same thing, only it does not restrict kernel allocations. This patch leaves the userspace numa_set_membind() in place and moves the cpuset.mems setting after the point where monitor comes up, but before vcpu and emulator sub-groups are created. Signed-off-by: Martin Kletzander Index: libvirt-1.2.2/src/qemu/qemu_cgroup.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_cgroup.c 2015-01-06 06:47:37.434342510 -0600 +++ libvirt-1.2.2/src/qemu/qemu_cgroup.c 2015-01-06 06:49:01.738018370 -0600 @@ -574,13 +574,11 @@ static int -qemuSetupCpusetCgroup(virDomainObjPtr vm, - virBitmapPtr nodemask, - virCapsPtr caps) +qemuSetupCpusetMems(virDomainObjPtr vm, + virBitmapPtr nodemask) { qemuDomainObjPrivatePtr priv = vm->privateData; char *mem_mask = NULL; - char *cpu_mask = NULL; int ret = -1; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) @@ -607,6 +605,25 @@ goto cleanup; } + ret = 0; + cleanup: + VIR_FREE(mem_mask); + return ret; +} + + +static int +qemuSetupCpusetCgroup(virDomainObjPtr vm, + virBitmapPtr nodemask, + virCapsPtr caps) +{ + qemuDomainObjPrivatePtr priv = vm->privateData; + char *cpu_mask = NULL; + int ret = -1; + + if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) + return 0; + if (vm->def->cpumask || (vm->def->placement_mode == VIR_DOMAIN_CPU_PLACEMENT_MODE_AUTO)) { @@ -632,7 +649,6 @@ ret = 0; cleanup: - VIR_FREE(mem_mask); VIR_FREE(cpu_mask); return ret; } @@ -801,6 +817,13 @@ } int +qemuSetupCgroupPostInit(virDomainObjPtr vm, + virBitmapPtr nodemask) +{ + return qemuSetupCpusetMems(vm, nodemask); +} + +int qemuSetupCgroupVcpuBW(virCgroupPtr cgroup, unsigned long long period, long long quota) Index: libvirt-1.2.2/src/qemu/qemu_cgroup.h =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_cgroup.h 2015-01-06 06:47:37.434342510 -0600 +++ libvirt-1.2.2/src/qemu/qemu_cgroup.h 2015-01-06 06:47:37.434342510 -0600 @@ -1,7 +1,7 @@ /* * qemu_cgroup.h: QEMU cgroup management * - * Copyright (C) 2006-2007, 2009-2013 Red Hat, Inc. + * Copyright (C) 2006-2007, 2009-2014 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -44,6 +44,8 @@ int qemuSetupCgroup(virQEMUDriverPtr driver, virDomainObjPtr vm, virBitmapPtr nodemask); +int qemuSetupCgroupPostInit(virDomainObjPtr vm, + virBitmapPtr nodemask); int qemuSetupCgroupVcpuBW(virCgroupPtr cgroup, unsigned long long period, long long quota); Index: libvirt-1.2.2/src/qemu/qemu_process.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_process.c 2015-01-06 06:47:37.434342510 -0600 +++ libvirt-1.2.2/src/qemu/qemu_process.c 2015-01-06 06:47:37.434342510 -0600 @@ -4039,6 +4039,10 @@ if (!qemuProcessVerifyGuestCPU(driver, vm)) goto cleanup; + VIR_DEBUG("Setting up post-init cgroup restrictions"); + if (qemuSetupCgroupPostInit(vm, nodemask) < 0) + goto cleanup; + VIR_DEBUG("Detecting VCPU PIDs"); if (qemuProcessDetectVcpuPIDs(driver, vm) < 0) goto cleanup; debian/patches/9032-virsh-initialize-vsh-data-in-cmdmigrate0000664000000000000000000000143413153725071020660 0ustar commit c285ffc4c2f042941acc44406bdd442252d1b0aa Author: Ján Tomko Date: Tue Aug 26 13:18:43 2014 +0200 virsh: Initialize vshData in cmdMigrate If the virConnect did not succeeed, we called virConnectClose on uninitialized data. Introduced by commit 7eabd55. Index: libvirt-1.2.2/tools/virsh-domain.c =================================================================== --- libvirt-1.2.2.orig/tools/virsh-domain.c +++ libvirt-1.2.2/tools/virsh-domain.c @@ -8817,7 +8817,7 @@ cmdMigrate(vshControl *ctl, const vshCmd bool functionReturn = false; int timeout = 0; bool live_flag = false; - vshCtrlData data; + vshCtrlData data = { .dconn = NULL }; if (!(dom = vshCommandOptDomain(ctl, cmd, NULL))) return false; debian/patches/CVE-2014-0179.patch0000664000000000000000000000263113153725071013245 0ustar From d6b27d3e4c40946efa79e91d134616b41b1666c4 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Tue, 15 Apr 2014 11:20:29 +0100 Subject: [PATCH] LSN-2014-0003: Don't expand entities when parsing XML If the XML_PARSE_NOENT flag is passed to libxml2, then any entities in the input document will be fully expanded. This allows the user to read arbitrary files on the host machine by creating an entity pointing to a local file. Removing the XML_PARSE_NOENT flag means that any entities are left unchanged by the parser, or expanded to "" by the XPath APIs. Signed-off-by: Daniel P. Berrange --- src/util/virxml.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/virxml.c b/src/util/virxml.c index 9f00f62..34af64a 100644 --- a/src/util/virxml.c +++ b/src/util/virxml.c @@ -746,11 +746,11 @@ virXMLParseHelper(int domcode, if (filename) { xml = xmlCtxtReadFile(pctxt, filename, NULL, - XML_PARSE_NOENT | XML_PARSE_NONET | + XML_PARSE_NONET | XML_PARSE_NOWARNING); } else { xml = xmlCtxtReadDoc(pctxt, BAD_CAST xmlStr, url, NULL, - XML_PARSE_NOENT | XML_PARSE_NONET | + XML_PARSE_NONET | XML_PARSE_NOWARNING); } if (!xml) -- 1.7.1 debian/patches/9026-fix-apparmor-profile-for-vfio-pci-passthrough0000664000000000000000000000567213153725071022064 0ustar commit 74e86b6b2521881808bb93290bcebcb469ab7820 Author: Cédric Bosdonnat Date: Tue Mar 25 12:48:26 2014 +0100 Fix apparmor profile to make vfio pci passthrough work See lp#1276719 for the bug description. As virt-aa-helper doesn't know the VFIO groups to use for the guest, allow access to all /dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need for vfio Signed-off-by: Eric Blake Index: libvirt-1.2.2/examples/apparmor/libvirt-qemu =================================================================== --- libvirt-1.2.2.orig/examples/apparmor/libvirt-qemu +++ libvirt-1.2.2/examples/apparmor/libvirt-qemu @@ -110,6 +110,7 @@ /usr/bin/qemu-sparc32plus rmix, /usr/bin/qemu-sparc64 rmix, /usr/bin/qemu-x86_64 rmix, + /usr/lib/qemu/block-curl.so mr, # for save and resume /bin/dash rmix, Index: libvirt-1.2.2/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-1.2.2.orig/examples/apparmor/usr.sbin.libvirtd +++ libvirt-1.2.2/examples/apparmor/usr.sbin.libvirtd @@ -25,6 +25,9 @@ capability fsetid, capability audit_write, + # Needed for vfio + capability sys_resource, + network inet stream, network inet dgram, network inet6 stream, Index: libvirt-1.2.2/src/security/virt-aa-helper.c =================================================================== --- libvirt-1.2.2.orig/src/security/virt-aa-helper.c +++ libvirt-1.2.2/src/security/virt-aa-helper.c @@ -2,7 +2,7 @@ /* * virt-aa-helper: wrapper program used by AppArmor security driver. * - * Copyright (C) 2010-2013 Red Hat, Inc. + * Copyright (C) 2010-2014 Red Hat, Inc. * Copyright (C) 2009-2011 Canonical Ltd. * * This library is free software; you can redistribute it and/or @@ -900,6 +900,7 @@ get_files(vahControl * ctl) size_t i; char *uuid; char uuidstr[VIR_UUID_STRING_BUFLEN]; + bool needsVfio = false; /* verify uuid is same as what we were given on the command line */ virUUIDFormat(ctl->def->uuid, uuidstr); @@ -1041,6 +1042,12 @@ get_files(vahControl * ctl) dev->source.subsys.u.pci.addr.slot, dev->source.subsys.u.pci.addr.function); + virDomainHostdevSubsysPciBackendType backend = dev->source.subsys.u.pci.backend; + if (backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO || + backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT) { + needsVfio = true; + } + if (pci == NULL) continue; @@ -1069,6 +1076,11 @@ get_files(vahControl * ctl) } } + if (needsVfio) { + virBufferAddLit(&buf, " /dev/vfio/vfio rw,\n"); + virBufferAddLit(&buf, " /dev/vfio/[0-9]* rw,\n"); + } + if (ctl->newfile) if (vah_add_file(&buf, ctl->newfile, "rw") != 0) goto cleanup; debian/patches/fix_libvirtd_killed_by_sigsegv.patch0000664000000000000000000000470513153725071020104 0ustar Description: virObjectUnref() libvirtd killed by SIGSEGV While memory load is high, libvirtd could be crashed(segfault) if you command something ( destroy, migrate, etc ) Author: Peter Krempa Origin: upstream, http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ad886fa6c8ebc321a0386a75c187d315111cf1f3 upstream, http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=6ca857c7c8a1f7b571132d6c7fff5a06301a5e9a upstream, http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a98129c0ee52b6a8fdd39988a6d090057f149ae9 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1464175 Last-Update: 2015-07-08 Index: libvirt-1.2.2/daemon/remote.c =================================================================== --- libvirt-1.2.2.orig/daemon/remote.c +++ libvirt-1.2.2/daemon/remote.c @@ -143,6 +143,7 @@ remoteRelayDomainEventCheckACL(virNetSer /* For now, we just create a virDomainDef with enough contents to * satisfy what viraccessdriverpolkit.c references. This is a bit * fragile, but I don't know of anything better. */ + memset(&def, 0, sizeof(def)); def.name = dom->name; memcpy(def.uuid, dom->uuid, VIR_UUID_BUFLEN); Index: libvirt-1.2.2/src/rpc/virnetserverclient.c =================================================================== --- libvirt-1.2.2.orig/src/rpc/virnetserverclient.c +++ libvirt-1.2.2/src/rpc/virnetserverclient.c @@ -910,12 +910,12 @@ void virNetServerClientDispose(void *obj PROBE(RPC_SERVER_CLIENT_DISPOSE, "client=%p", client); - virObjectUnref(client->identity); - if (client->privateData && client->privateDataFreeFunc) client->privateDataFreeFunc(client->privateData); + virObjectUnref(client->identity); + #if WITH_SASL virObjectUnref(client->sasl); #endif Index: libvirt-1.2.2/src/util/viridentity.c =================================================================== --- libvirt-1.2.2.orig/src/util/viridentity.c +++ libvirt-1.2.2/src/util/viridentity.c @@ -110,14 +110,15 @@ int virIdentitySetCurrent(virIdentityPtr return -1; old = virThreadLocalGet(&virIdentityCurrent); - virObjectUnref(old); if (virThreadLocalSet(&virIdentityCurrent, virObjectRef(ident)) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Unable to set thread local identity")); + virObjectUnref(ident); return -1; } + virObjectUnref(old); return 0; } debian/patches/CVE-2018-1064.patch0000664000000000000000000000450213301322427013233 0ustar From fbf31e1a4cd19d6f6e33e0937a009775cd7d9513 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P.=20Berrang=C3=A9?= Date: Thu, 1 Mar 2018 14:55:26 +0000 Subject: [PATCH] qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit We read from the agent until seeing a \r\n pair to indicate a completed reply or event. To avoid memory denial-of-service though, we must have a size limit on amount of data we buffer. 10 MB is large enough that it ought to cope with normal agent replies, and small enough that we're not consuming unreasonable mem. This is identical to the flaw we had reading from the QEMU monitor as CVE-2018-5748, so rather embarrassing that we forgot to fix the agent code at the same time. Signed-off-by: Daniel P. Berrangé --- src/qemu/qemu_agent.c | 15 +++++++++++++++ 1 files changed, 15 insertions(+), 0 deletions(-) Index: libvirt-1.2.2/src/qemu/qemu_agent.c =================================================================== --- libvirt-1.2.2.orig/src/qemu/qemu_agent.c 2018-05-23 13:29:57.581695228 -0400 +++ libvirt-1.2.2/src/qemu/qemu_agent.c 2018-05-23 13:29:57.577695222 -0400 @@ -50,6 +50,15 @@ #define DEBUG_IO 0 #define DEBUG_RAW_IO 0 +/* We read from QEMU until seeing a \r\n pair to indicate a + * completed reply or event. To avoid memory denial-of-service + * though, we must have a size limit on amount of data we + * buffer. 10 MB is large enough that it ought to cope with + * normal QEMU replies, and small enough that we're not + * consuming unreasonable mem. + */ +#define QEMU_AGENT_MAX_RESPONSE (10 * 1024 * 1024) + /* When you are the first to uncomment this, * don't forget to uncomment the corresponding * part in qemuAgentIOProcessEvent as well. @@ -515,6 +524,12 @@ qemuAgentIORead(qemuAgentPtr mon) int ret = 0; if (avail < 1024) { + if (mon->bufferLength >= QEMU_AGENT_MAX_RESPONSE) { + virReportSystemError(ERANGE, + _("No complete agent response found in %d bytes"), + QEMU_AGENT_MAX_RESPONSE); + return -1; + } if (VIR_REALLOC_N(mon->buffer, mon->bufferLength + 1024) < 0) return -1; debian/patches/CVE-2017-5715-ibrs-7.patch0000664000000000000000000000253213232426350014346 0ustar Backport of: From 7f83eefa9e6940c83579d31941efd07fab1b90c8 Mon Sep 17 00:00:00 2001 From: Jiri Denemark Date: Mon, 8 Jan 2018 20:53:25 +0100 Subject: [PATCH] cpu: Add Haswell-IBRS CPU model This is a variant of Haswell with indirect branch prediction protection. The only difference between Haswell and Haswell-IBRS is the added "spec-ctrl" feature. The Haswell-IBRS model in QEMU is a bit different since Haswell got several additional features since we added it in cpu_map.xml: arat, abm, f16c, rdrand, vme, xsaveopt Adding them only to the -IBRS variant would confuse our CPU detection code. Signed-off-by: Jiri Denemark Reviewed-by: Pavel Hrdina --- src/cpu/cpu_map.xml | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) Index: libvirt-1.2.2/src/cpu/cpu_map.xml =================================================================== --- libvirt-1.2.2.orig/src/cpu/cpu_map.xml 2018-01-25 14:15:10.610604971 -0500 +++ libvirt-1.2.2/src/cpu/cpu_map.xml 2018-01-25 14:15:43.086642177 -0500 @@ -534,6 +534,11 @@ + + + + + debian/patches/9036-dont-fail-without-cpu-model.patch0000664000000000000000000000175313153725071017512 0ustar Index: libvirt-1.2.1/src/conf/cpu_conf.c =================================================================== --- libvirt-1.2.1.orig/src/conf/cpu_conf.c 2013-12-03 20:44:44.000000000 +0400 +++ libvirt-1.2.1/src/conf/cpu_conf.c 2014-01-17 15:33:37.493590025 +0400 @@ -361,7 +361,8 @@ goto error; if (n > 0) { - if (!def->model && def->mode != VIR_CPU_MODE_HOST_MODEL) { + if (!def->model && def->mode != VIR_CPU_MODE_HOST_MODEL + && def->mode != VIR_CPU_MODE_HOST_PASSTHROUGH) { virReportError(VIR_ERR_XML_ERROR, "%s", _("Non-empty feature list specified without " "CPU model")); @@ -576,6 +577,7 @@ if (!def->model && def->mode != VIR_CPU_MODE_HOST_MODEL && + def->mode != VIR_CPU_MODE_HOST_PASSTHROUGH && def->nfeatures) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Non-empty feature list specified without CPU model")); debian/patches/9031-cmdmigrate-move-vshconnect-before-vshwatchjob0000664000000000000000000000721413153725071022154 0ustar commit 7eabd5503e3de147b703c1a1e6dff81cdc46d1e7 Author: Chunyan Liu Date: Fri Aug 8 16:44:36 2014 +0800 cmdMigrate: move vshConnect before vshWatchJob A possible fix to issue: http://www.redhat.com/archives/libvir-list/2014-August/thread.html#00227 While doing migration on KVM host, found problem sometimes: VM is already running on the target host and disappears from source host, but 'virsh migrate' command line hangs, cannot exit normally. If pressing "ENTER" key, it will exit. The code hangs at tools/virsh-domain.c: cmdMigrate ->vshWatchJob->poll(): poll() is trying to select pipe_fd, which is used to receive message from doMigrate thread. In debugging, found that doMigrate finishes and at the end it does call safewrite() to write the retval ('0' or '1') to pipe_fd, and the write is completed. But cmdMigrate poll() cannot get the event. If pressing "ENTER" key, poll() can get the event and select pipe_fd, then command line can exit. In current code, authentication thread which is called by vshConnect will use stdin, and at the same time, in cmdMigrate main process, poll() is listening to stdin, that probably affect poll() to get pipe_fd event. Better to move authentication before vshWatchJob. With this change, above problem does not exist. Signed-off-by: Chunyan Liu Index: libvirt-1.2.2/tools/virsh-domain.c =================================================================== --- libvirt-1.2.2.orig/tools/virsh-domain.c +++ libvirt-1.2.2/tools/virsh-domain.c @@ -8663,6 +8663,7 @@ doMigrate(void *opaque) virTypedParameterPtr params = NULL; int nparams = 0; int maxparams = 0; + virConnectPtr dconn = data->dconn; sigemptyset(&sigmask); sigaddset(&sigmask, SIGINT); @@ -8774,18 +8775,12 @@ doMigrate(void *opaque) ret = '0'; } else { /* For traditional live migration, connect to the destination host directly. */ - virConnectPtr dconn = NULL; virDomainPtr ddom = NULL; - dconn = vshConnect(ctl, desturi, false); - if (!dconn) - goto out; - if ((ddom = virDomainMigrate3(dom, dconn, params, nparams, flags))) { virDomainFree(ddom); ret = '0'; } - virConnectClose(dconn); } out: @@ -8847,6 +8842,23 @@ cmdMigrate(vshControl *ctl, const vshCmd data.cmd = cmd; data.writefd = p[1]; + if (vshCommandOptBool(cmd, "p2p") || vshCommandOptBool(cmd, "direct")) { + data.dconn = NULL; + } else { + /* For traditional live migration, connect to the destination host. */ + virConnectPtr dconn = NULL; + const char *desturi = NULL; + + if (vshCommandOptStringReq(ctl, cmd, "desturi", &desturi) < 0) + goto cleanup; + + dconn = vshConnect(ctl, desturi, false); + if (!dconn) + goto cleanup; + + data.dconn = dconn; + } + if (virThreadCreate(&workerThread, true, doMigrate, @@ -8858,6 +8870,8 @@ cmdMigrate(vshControl *ctl, const vshCmd virThreadJoin(&workerThread); cleanup: + if (data.dconn) + virConnectClose(data.dconn); virDomainFree(dom); VIR_FORCE_CLOSE(p[0]); VIR_FORCE_CLOSE(p[1]); Index: libvirt-1.2.2/tools/virsh.h =================================================================== --- libvirt-1.2.2.orig/tools/virsh.h +++ libvirt-1.2.2/tools/virsh.h @@ -362,6 +362,7 @@ struct _vshCtrlData { vshControl *ctl; const vshCmd *cmd; int writefd; + virConnectPtr dconn; }; /* error handling */ debian/source/0000775000000000000000000000000013153252351010470 5ustar debian/source/format0000664000000000000000000000001413153252351011676 0ustar 3.0 (quilt) debian/copyright0000664000000000000000000000323213153725071011127 0ustar libvirt was initially debianized by Andrew Mitchell It was downloaded from http://libvirt.org/sources/ Upstream Author: Daniel Veillard or Copyright: 2005,2006 Red Hat, Inc Licenses: This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. src/hash.c: Copyright (C) 2000 Bjorn Reese and Daniel Veillard. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS AND CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. On Debian systems, the complete text of the GNU Lesser General Public License can be found in `/usr/share/common-licenses/LGPL'. debian/watch0000664000000000000000000000017313153725071010226 0ustar version=3 opts="uversionmangle=s/\.-rc/~rc/;s/\.+$//" \ http://libvirt.org/sources/libvirt-([\d\.]+)(-rc\d)?\.tar\.gz debian/libvirt-migrate-qemu-machinetype.10000664000000000000000000000401313153725071015626 0ustar .TH LIBVIRT-MIGRATE-QEMU-MACHINETYPE: "1" "" "June 2012" "June 2012" .SH NAME libvirt\-migrate\-qemu\-machinetype \- program for migrating machine types in domain definitions .PP .SH DESCRIPTION QEMU versions machine types by release. The pc-0.12 machine type is meant to never change. Newer features should come with the next pc-0.13 version. However, with 1.0, the pc-0.12 machine type appears to have several bugs. libvirt\-migrate\-qemu\-machinetype aids in transitioning virtual machine definitions to a new machine type. .SH USAGE .TP libvirt\-migrate\-qemu\-machinetype [\fB\-c URI\fR] [\fB\-d\fR] \fB-a\fR .TP libvirt\-migrate\-qemu\-machinetype [\fB\-c URI\fR] [\fB\-d\fR] \fB-o TYPE\fR \fB-t TYPE\fR \fB\fR .SH OPTIONS .TP \fB\-h\fR, \fB\-\-help\fR show help message and exit .TP \fB\-a\fR probe all domains and migrate if necessary .TP \fB\-c URI\fR connection URI to use. If one is not specified, will use qemu:///system. Only qemu:///system and qemu:///session is supported. .TP \fB\-o TYPE\fR migrate specified domains from machine type TYPE (default pc-0.12). .TP \fB\-t TYPE\fR migrate specified domains to machine type TYPE (default pc-1.0). .TP \fB\-d\fR debug output .SH EXAMPLES .PP To probe and migrate all exisiting domains: # libvirt\-migrate\-qemu\-machinetype -a .PP To migrate all VMs which are pc-0.13 to pc-0.14: # libvirt\-migrate\-qemu\-machinetype -a -o pc-0.13 -t pc-0.14 .PP To migrate the 'vm1' and 'vm2' domains: # libvirt\-migrate\-qemu\-machinetype -t pc-1.0 vm1 vm2 .SH BUGS .PP In the event that libvirt\-migrate\-qemu\-machinetype is unable to migrate your VMs, virsh can be used directly. For example: $ kvm -M ? ... find the newest machine type ... $ virsh dumpxml > domain.xml ... edit domain.xml to use the newest machine type ... $ virsh define domain.xml .SH SEE ALSO .PP \fBvirsh\fR(1) .SH AUTHOR .PP libvirt\-migrate\-qemu\-machinetype is Copyright 2012, Canonical Ltd. .PP libvirt\-migrate\-qemu\-machinetype by Serge Hallyn . debian/libvirt-migrate-qemu-machinetype0000664000000000000000000001213413153725071015472 0ustar #!/bin/bash # # libvirt-migrate-qemu-machinetype # # Author: Jamie Strandboge # Copyright 2010 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # This script probes qemu VMs and migrates the machine type to pc-1.0 if # it is pc-0.12 set -e debug() { test "$debug" = "yes" && echo "DEBUG: $*" >&2 || true } help() { cat << EOM USAGE: libvirt-migrate-qemu-machinetype -a [-o TYPE] [-t TYPE] libvirt-migrate-qemu-machinetype [-o TYPE] [-t TYPE] vm1 vm2... -c connect URI (defaults to qemu:///system) -a probe all domains and migrate if necessary -o TYPE migrate specified domains FROM machine type TYPE -t TYPE migrate specified domains to machine type TYPE Default old type is pc-0.12. Default new type is pc (which is aliased to the newest type). EOM } wait_for_libvirtd() { # Used to make sure libvirtd is responding virsh -c $connect capabilities >/dev/null 2>&1 rm -f "$1" } migrate_vm() { dir="$1" # stampdir vm="$2" # vm name oldformat="$3" # old machine type newformat="$4" # new machine type migrate="" found= in_os= fn="$dir/$vm.xml" virsh -c $connect dumpxml "$vm" 2>/dev/null > $fn sed -i "s@machine='$oldformat'@machine='$newformat'@" $fn virsh -c $connect define "$fn" >/dev/null rm -rf "$dir" } connect="qemu:///system" do_all= debug= oldtype="pc-0.12" type="pc" while getopts adc:o:t: f ; do case "$f" in a) do_all="yes";; c) connect=$OPTARG;; d) debug="yes";; o) oldtype=$OPTARG;; t) type=$OPTARG;; \?) help; exit 1;; esac done shift `expr $OPTIND - 1` type kvm 2>/dev/null > /dev/null if [ $? -ne 0 ]; then echo "qemu-kvm is not installed" exit 1 fi mtypes=`kvm -M ? | tail -n +1 | awk '{ print $1 }'` mtypesp=`echo $mtypes | sed -e 's/ /|/g'` if [ -n "$type" ] && ! echo "$type" | egrep -q "^($mtypesp)$" ; then echo "'$type' is not supported. See 'man qemu-img' for details." >&2 exit 1 fi if [ "$connect" != "qemu:///system" ] && [ "$connect" != "qemu:///session" ]; then echo "Only qemu:///system and qemu:///session is supported" >&2 exit 1 fi xml_dir="/etc/libvirt/qemu" if [ "$connect" = "qemu:///session" ]; then xml_dir="$HOME/.libvirt/qemu" fi vms= if [ "$do_all" = "yes" ]; then # grab these from /etc/libvirt/qemu/*xml rather than virsh, since it # is a) the qemu driver that changed and b) virsh could hang cd "$xml_dir" vms=`ls -1 *.xml 2>/dev/null | sed 's/\.xml$//'` if [ -z "$vms" ]; then debug "no VMs to migrate" exit 0 fi cd - >/dev/null else vms="$*" fi if [ -z "$vms" ]; then help exit 1 fi mypid="$$" script=`basename $0` # Alas, we need to make sure libvirtd is not only running, but responding to # requests, otherwise migrate_vm() will fail for the first few VMs. if [ "$connect" = "qemu:///system" ]; then pidfile="/var/run/libvirtd.pid" # Wait up to 10 seconds for libvirtd to come up before bailing. echo "Waiting up to 10 seconds for libvirtd to start... " count=0 while [ ! -e "$pidfile" ]; do if [ $count -gt 100 ]; then break fi sleep 0.1 count=$((count+1)) done if [ ! -e "$pidfile" ]; then echo "Aborting. '$pidfile' does not exist. Is libvirtd running?" exit 1 fi stamp=`mktemp` wait_for_libvirtd "$stamp" & # Wait up to 30 seconds for libvirtd to respond before bailing. echo "Waiting up to 30 seconds for libvirtd to respond to requests... " count=0 while [ -e "$stamp" ]; do if [ $count -gt 300 ]; then break fi sleep 0.1 count=$((count+1)) done if [ -e "$stamp" ]; then echo "libvirtd is not responding. Aborting" kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-machinetype" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true rm -f "$stamp" exit 1 fi fi echo "Checking domains defined in $xml_dir... " for i in $vms ; do debug "checking $i" stampdir=`mktemp -d` migrate_vm "$stampdir" "$i" "$oldtype" "$type" & count=0 while [ -d "$stampdir" ]; do debug $count if [ $count -gt 100 ]; then break fi sleep 0.1 count=$((count+1)) done if [ -d "$stampdir" ]; then echo "migrate_vm \"$i\" is not responding. Aborting" kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-machinetype" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true rm -rf "$stampdir" fi done echo "Migration complete" debian/libvirt-bin.postinst0000664000000000000000000002162513154162527013232 0ustar #!/bin/sh # postinst script for libvirt-bin # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package add_users_groups() { if ! getent group libvirtd >/dev/null; then addgroup --system libvirtd fi # Add each admin user to the libvirtd group - for systems installed # before precise for u in $(getent group admin | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true done # Add each sudo user to the libvirtd group for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do adduser "$u" libvirtd >/dev/null || true done # user and group libvirt runs qemu/kvm instances with if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi if ! getent passwd libvirt-qemu >/dev/null; then adduser --quiet \ --system \ --ingroup kvm \ --quiet \ --disabled-login \ --disabled-password \ --home /var/lib/libvirt \ --no-create-home \ -gecos "Libvirt Qemu" \ libvirt-qemu fi if ! getent passwd libvirt-dnsmasq >/dev/null; then adduser --quiet \ --system \ --ingroup libvirtd \ --quiet \ --disabled-login \ --disabled-password \ --home /var/lib/libvirt/dnsmasq \ --no-create-home \ -gecos "Libvirt Dnsmasq" \ libvirt-dnsmasq fi } includes_virbr0addr() { viraddr="192.168.122.1" a=$1 b=$2 for n in `seq 1 4`; do aa=`echo $a | awk -F. '{ print $'$n' }'` cc=`echo $viraddr | awk -F. '{ print $'$n' }'` cmp=$((b/8)) if [ $cmp -ge $n ]; then if [ $aa -ne $cc ]; then echo "false" return fi elif [ $((cmp+1)) -ge $n ]; then # do we bother comparing partial (i.e. /25)? : else break fi done echo "true" return } set_autostart() { if [ ! -e /etc/libvirt/qemu/networks/autostart/default.xml ]; then ln -s /etc/libvirt/qemu/networks/default.xml \ /etc/libvirt/qemu/networks/autostart/ fi } # on first install, don't set default network to autostart if we already # have a 192.168.122.0 network. Good for instance for nested libvirt. maybe_set_autostart() { # don't autostart virbr0 if 192.168.122.1/24 already exists found=0 for pair in `ip addr show | grep "inet\>" |awk '{ print $2 }'`; do a=`echo $pair | awk -F/ '{ print $1}'` m=`echo $pair | awk -F/ '{ print $2}'` res=`includes_virbr0addr $a $m` if [ $res = "true" ]; then found=1 fi done if [ $found -eq 1 ]; then return fi set_autostart } add_statoverrides() { ROOT_DIRS="\ /var/lib/libvirt/images/ \ /var/lib/libvirt/boot/ \ /var/cache/libvirt/ \ " QEMU_DIRS="\ /var/lib/libvirt/qemu/ \ /var/cache/libvirt/qemu/ \ " SANLOCK_DIR="/var/lib/libvirt/sanlock" QEMU_CONF="/etc/libvirt/qemu.conf" for dir in ${ROOT_DIRS}; do if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then if [ -d "${dir}" ]; then chown root:root "${dir}" chmod 0711 "${dir}" fi fi done for dir in ${QEMU_DIRS}; do if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then if [ -d "${dir}" ]; then chown libvirt-qemu:kvm "${dir}" chmod 0750 "${dir}" fi fi done if ! dpkg-statoverride --list "${SANLOCK_DIR}" >/dev/null 2>&1; then if [ -d "${SANLOCK_DIR}" ]; then chown root:root "${SANLOCK_DIR}" chmod 0700 "${SANLOCK_DIR}" fi fi if ! dpkg-statoverride --list "${QEMU_CONF}" >/dev/null 2>&1; then if [ -f "${QEMU_CONF}" ]; then chown root:root "${QEMU_CONF}" chmod 0600 "${QEMU_CONF}" fi fi } case "$1" in configure) add_users_groups add_statoverrides # libvirt from 0.6.0 on is safe to restart with running vms: if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.6.0; then if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d libvirt-bin stop else /etc/init.d/libvirt-bin stop fi sleep 1 fi if dpkg --compare-versions "$2" lt "0.6.1-2"; then if [ -e /etc/rc2.d/S20libvirt-bin ] && \ [ -e /etc/rc3.d/S20libvirt-bin ] && \ [ -e /etc/rc4.d/S20libvirt-bin ] && \ [ -e /etc/rc5.d/S20libvirt-bin ] && \ [ -e /etc/rc0.d/K20libvirt-bin ] && \ [ -e /etc/rc1.d/K20libvirt-bin ] && \ [ -e /etc/rc6.d/K20libvirt-bin ]; then update-rc.d -f libvirt-bin remove >/dev/null fi fi for p in usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper ; do profile="/etc/apparmor.d/$p" if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then apparmor_parser -r -T -W "$profile" || true fi done # Make sure the directories don't get removed on package removal since # logrotate chokes otherwise. for dir in qemu uml lxc; do touch /var/log/libvirt/"${dir}"/.placeholder done # 1. On an initial package install, create the default network autostart # symlink. # 2. If the default.xml existed before upgrade, make sure it is recreated. # This won't be a problem on most upgrades, but when upgrading from a # version where the symlink came with the package, it will. # 3. If upgrading from one of the bad libvirt versions which deleted the # symlink wrongly, recreate it EXISTED="/etc/libvirt/qemu/networks/autostart/TMP_defaultexisted" if [ -z $2 ]; then maybe_set_autostart elif [ -e "$EXISTED" ]; then # on upgrade, if default network was previously autostarted, # continue to do so. rm -f "$EXISTED" set_autostart fi # bug 1393842: libvirt doesn't create the directories for channels as needed # But if a user already had created the dirs keep them as is if [ ! -d /var/lib/libvirt/qemu/channel ]; then mkdir -p /var/lib/libvirt/qemu/channel/target chown -R libvirt-qemu:kvm /var/lib/libvirt/qemu/channel fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# # We need this after the debhelper generated code so that dpkg-maintscript # can do its renamming first. if [ "$1" = "configure" ]; then # The dnsmasq hook has been introduced through SRU into Ubuntu 12.04 # and Ubuntu 12.10. # # This means that even though we version-guard the maintscripts entry # it'll fire multiple times for users doing 12.04 => 12.10 => 13.04 # or even just 12.10 => 13.04. # # As there's unfortunately no way to specify per-series base versions # for maintscripts hooks, we let it fire multiple times and then fix up # the mess it creates. # # This migration code can be removed after Ubuntu 14.04 LTS is released. if [ -L /etc/dnsmasq.d-available/libvirt-bin ] && [ "$(readlink /etc/dnsmasq.d-available/libvirt-bin)" = "/etc/dnsmasq.d-available/libvirt-bin" ] && [ -e /etc/dnsmasq.d-available/libvirt-bin.dpkg-new ]; then echo "The dnsmasq configuration has been migrated twice, fixing it." mv /etc/dnsmasq.d-available/libvirt-bin /etc/dnsmasq.d/libvirt-bin mv /etc/dnsmasq.d-available/libvirt-bin.dpkg-new /etc/dnsmasq.d-available/libvirt-bin # Try to restart a potential system wide dnsmasq invoke-rc.d dnsmasq restart 2>/dev/null || true fi # Configure dnsmasq if [ -f /etc/dnsmasq.d-available/libvirt-bin ]; then echo "Setting up libvirt-bin dnsmasq configuration." mkdir -p /etc/dnsmasq.d if [ ! -e /etc/dnsmasq.d/libvirt-bin ]; then ln -s /etc/dnsmasq.d-available/libvirt-bin /etc/dnsmasq.d/libvirt-bin fi # Try to restart a potential system wide dnsmasq invoke-rc.d dnsmasq restart 2>/dev/null || true fi fi # This must run after libvirt-bin has started if [ "$1" = "configure" ]; then if dpkg --compare-versions "$2" lt-nl "0.8.3-1ubuntu1" ; then libvirt-migrate-qemu-disks -a || true fi libvirt-migrate-xend-managed-domains || true fi exit 0 debian/README.source0000664000000000000000000000350713153254344011360 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches and applied during the build. To configure quilt to use debian/patches instead of patches, you want either to export QUILT_PATCHES=debian/patches in your environment or use this snippet in your ~/.quiltrc: for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then export QUILT_PATCHES=debian/patches fi done To get the fully patched source after unpacking the source package, cd to the root level of the source package and run: quilt push -a The last patch listed in debian/patches/series will become the current patch. To add a new set of changes, first run quilt push -a, and then run: quilt new where is a descriptive name for the patch, used as the filename in debian/patches. Then, for every file that will be modified by this patch, run: quilt add before editing those files. You must tell quilt with quilt add what files will be part of the patch before making changes or quilt will not work properly. After editing the files, run: quilt refresh to save the results as a patch. Alternately, if you already have an external patch and you just want to add it to the build system, run quilt push -a and then: quilt import -P /path/to/patch quilt push -a (add -p 0 to quilt import if needed). as above is the filename to use in debian/patches. The last quilt push -a will apply the patch to make sure it works properly. To remove an existing patch from the list of patches that will be applied, run: quilt delete You may need to run quilt pop -a to unapply patches first before running this command. debian/libvirt-migrate-qemu-disks0000664000000000000000000001557713153725071014317 0ustar #!/bin/bash # # libvirt-migrate-qemu-disks # # Author: Jamie Strandboge # Copyright 2010 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # This script probes qemu VMs and migrates the xml to the proper disk format # if it is discovered that the disk file format is not raw. # Since virsh can hang forever under certain circumstances, we need to account # for this when migrating. This is accomplished by creating a stampdir and # passing this to a backgrounded migrate_vm(). migrate_vm() will use this # directory for its temporary files, and will remove the stampdir after the # migration. The parent will poll for the stampdir's existance, and if it still # exists after too long, it will remove it and kill all children. set -e debug() { test "$debug" = "yes" && echo "DEBUG: $*" >&2 || true } help() { cat << EOM USAGE: libvirt-migrate-qemu-disks -a libvirt-migrate-qemu-disks -t TYPE vm1 vm2... -c connect URI (defaults to qemu:///system) -a probe all domains and migrate if necessary -t TYPE migrate specified domains to disk format TYPE You must specify domains when using '-t'. You may not specify both '-a' and '-t'. EOM } wait_for_libvirtd() { # Used to make sure libvirtd is responding virsh -c $connect capabilities >/dev/null 2>&1 rm -f "$1" } migrate_vm() { dir="$1" vm="$2" format="$3" migrate="" found= in_disk= fn="$dir/$vm.xml" virsh -c $connect dumpxml "$vm" 2>/dev/null | while read line && test -d "$dir" ; do # This assumes the following format: # ... # # # # ... if [ -z "$in_disk" ] && echo "$line" | grep -q "" ; then found="yes" continue fi in_disk= elif [ "$found" = "yes" ]; then disk=`echo $line | cut -d "'" -f 2` if [ -n "$format" ]; then echo "" >> "$fn" migrate="yes" elif [ -r "$disk" ]; then probe_format=`LANG=C qemu-img info "$disk" | grep '^file format: ' | cut -d ' ' -f 3` if [ -n "$probe_format" ] && [ "$probe_format" != "raw" ]; then echo "" >> "$fn" migrate="yes" fi else debug "'$disk' is not readble. Defaulting to 'raw'." echo "" >> "$fn" fi found= in_disk= fi echo "$line" >> "$fn" if [ "$line" = "" ]; then if [ "$migrate" = "yes" ]; then echo "Migrating '$vm'" virsh -c $connect define "$fn" >/dev/null debug "Using new xml:" debug `cat $fn` else debug "nothing to migrate" fi rm -rf "$dir" break fi done } connect="qemu:///system" do_all= debug= while getopts adc:t: f ; do case "$f" in a) do_all="yes";; c) connect=$OPTARG;; d) debug="yes";; t) type=$OPTARG;; \?) help; exit 1;; esac done shift `expr $OPTIND - 1` if [ -n "$type" ] && ! echo "$type" | egrep -q "^(raw|qcow2|qcow|cow|vdi|vmdk|vpc|cloop)$" ; then echo "'$type' is not supported. See 'man qemu-img' for details." >&2 exit 1 fi if [ "$connect" != "qemu:///system" ] && [ "$connect" != "qemu:///session" ]; then echo "Only qemu:///system and qemu:///session is supported" >&2 exit 1 fi xml_dir="/etc/libvirt/qemu" if [ "$connect" = "qemu:///session" ]; then xml_dir="$HOME/.libvirt/qemu" fi vms= if [ "$do_all" = "yes" ]; then # grab these from /etc/libvirt/qemu/*xml rather than virsh, since it # is a) the qemu driver that changed and b) virsh could hang cd "$xml_dir" vms=`ls -1 *.xml 2>/dev/null | sed 's/\.xml$//'` if [ -z "$vms" ]; then debug "no VMs to migrate" exit 0 fi cd - >/dev/null else vms="$*" fi if [ -z "$vms" ]; then help exit 1 elif [ -z "$do_all" ] && [ -z "$type" ]; then help exit 1 elif [ -n "$do_all" ] && [ -n "$type" ]; then help exit 1 fi mypid="$$" script=`basename $0` # Alas, we need to make sure libvirtd is not only running, but responding to # requests, otherwise migrate_vm() will fail for the first few VMs. if [ "$connect" = "qemu:///system" ]; then pidfile="/var/run/libvirtd.pid" # Wait up to 10 seconds for libvirtd to come up before bailing. echo "Waiting up to 10 seconds for libvirtd to start... " count=0 while [ ! -e "$pidfile" ]; do if [ $count -gt 100 ]; then break fi sleep 0.1 count=$((count+1)) done if [ ! -e "$pidfile" ]; then echo "Aborting. '$pidfile' does not exist. Is libvirtd running?" exit 1 fi stamp=`mktemp` wait_for_libvirtd "$stamp" & # Wait up to 30 seconds for libvirtd to respond before bailing. echo "Waiting up to 30 seconds for libvirtd to respond to requests... " count=0 while [ -e "$stamp" ]; do if [ $count -gt 300 ]; then break fi sleep 0.1 count=$((count+1)) done if [ -e "$stamp" ]; then echo "libvirtd is not responding. Aborting" kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-disks" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true rm -f "$stamp" exit 1 fi fi echo "Checking domains defined in $xml_dir... " for i in $vms ; do debug "checking $i" stampdir=`mktemp -d` migrate_vm "$stampdir" "$i" "$type" & count=0 while [ -d "$stampdir" ]; do debug $count if [ $count -gt 100 ]; then break fi sleep 0.1 count=$((count+1)) done if [ -d "$stampdir" ]; then echo "migrate_vm \"$i\" is not responding. Aborting" kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-disks" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true rm -rf "$stampdir" fi done echo "Migration complete" debian/libvirt-doc.docs0000664000000000000000000000014713153252351012262 0ustar docs/*.rng docs/*.png docs/*.xml docs/*.html docs/*.gif docs/*.css docs/html/ docs/devhelp/ examples/ debian/libvirt-bin.dnsmasq0000664000000000000000000000005013153725071013000 0ustar bind-interfaces except-interface=virbr0 debian/libvirt-dev.install0000664000000000000000000000020413153725071013007 0ustar usr/lib/libvirt.so usr/lib/libvirt-qemu.so usr/lib/libvirt-lxc.so usr/include/* usr/lib/pkgconfig/* usr/share/libvirt/api/*-api.xml debian/libvirt-bin.manpages0000664000000000000000000000020613153725071013130 0ustar tools/*.1 debian/libvirt-migrate-qemu-disks.1 debian/libvirt-migrate-qemu-machinetype.1 debian/libvirt-migrate-xend-managed-domains.1 debian/libvirt-bin.install0000664000000000000000000000064413153725071013011 0ustar usr/bin/* usr/sbin/* etc/apparmor.d/abstractions/libvirt-qemu etc/apparmor.d/libvirt/TEMPLATE etc/apparmor.d/usr.lib.libvirt.virt-aa-helper etc/apparmor.d/usr.sbin.libvirtd etc/apparmor.d/local/usr.sbin.libvirtd etc/libvirt/* etc/sasl2/* usr/share/polkit-1 usr/lib/libvirt/* usr/share/augeas/* usr/share/libvirt/* usr/share/man/man8/* usr/share/apport/package-hooks/source_libvirt.py etc/dnsmasq.d-available/libvirt-bin debian/libvirt-migrate-qemu-disks.10000664000000000000000000000521613153725071014443 0ustar .TH LIBVIRT-MIGRATE-QEMU-DISKS: "1" "" "August 2010" "August 2010" .SH NAME libvirt\-migrate\-qemu\-disks \- program for migrating pre-0.8.3 domain definitions .PP .SH DESCRIPTION Libvirt versions earlier that 0.8.3 would probe a qemu disk to determine its format and did not require that the format be declared in the XML. Newer versions of libvirt will default to the 'raw' format when the format is not specified in the XML. As a result, non-raw disks without unspecified disk format will no longer be available in virtual machines. libvirt\-migrate\-qemu\-disks aids in transitioning virtual machine definitions to the new required format. In essence, it will check all domains for affected virtual machines, probe the affected disks and update the domain definition accordingly. For example, a domain with:
will be updated to have:
.SH USAGE .TP libvirt\-migrate\-qemu\-disks [\fB\-c URI\fR] [\fB\-d\fR] \fB-a\fR .TP libvirt\-migrate\-qemu\-disks [\fB\-c URI\fR] [\fB\-d\fR] \fB-t TYPE\fR \fB\fR .SH OPTIONS .TP \fB\-h\fR, \fB\-\-help\fR show help message and exit .TP \fB\-a\fR probe all domains and migrate if necessary .TP \fB\-c URI\fR connection URI to use. If one is not specified, will use qemu:///system. Only qemu:///system and qemu:///session is supported. .TP \fB\-t TYPE\fR migrate specified domains from raw to disk format TYPE .TP \fB\-d\fR debug output .SH EXAMPLES .PP To probe and migrate all exisiting domains (root may be needed to probe the disk): # libvirt\-migrate\-qemu\-disks -a .PP To migrate the 'vm1' and 'vm2' domains: # libvirt\-migrate\-qemu\-disks -t qcow2 vm1 vm2 .SH BUGS .PP In the event that libvirt\-migrate\-qemu\-disks is unable to migrate your disks, virsh can be used directly. For example: $ qemu-img info $ virsh dumpxml > domain.xml ... edit domain.xml to use the file format seen with qemu-img ... $ virsh define domain.xml See http://libvirt.org/formatdomain.html#elementsDisks for more information. .SH SEE ALSO .PP \fBvirsh\fR(1) .SH AUTHOR .PP libvirt\-migrate\-qemu\-disks is Copyright 2010, Canonical Ltd. .PP libvirt\-migrate\-qemu\-disks and this manual page was originally written by Jamie Strandboge debian/libvirt-bin.dirs0000664000000000000000000000067513153725071012310 0ustar /etc/apparmor.d/abstractions /etc/apparmor.d/disable /etc/apparmor.d/force-complain /etc/apparmor.d/libvirt /etc/apparmor.d/local /etc/cron.daily /usr/share/apport/package-hooks /var/lib/libvirt/boot /var/lib/libvirt/images /var/lib/libvirt/qemu /var/lib/libvirt/sanlock /var/cache/libvirt /var/cache/libvirt/qemu /var/log/libvirt/qemu /var/log/libvirt/uml /var/log/libvirt/lxc /var/log/libvirt/libxl /etc/libvirt/hooks /etc/dnsmasq.d-available debian/libvirt-migrate-xend-managed-domains0000664000000000000000000000756713153725071016215 0ustar #!/bin/sh #------------------------------------------------------------------------------ # Author: Stefan Bader # Copyright 2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # #------------------------------------------------------------------------------ # Migrate managed guests from xend into xml format managed by libvirt. XEND_GUEST_DIR="/var/lib/xend/domains" if [ "$(find $XEND_GUEST_DIR -name config.sxp 2>/dev/null)" = "" ]; then exit 0 fi XEN_CAPS="/proc/xen/capabilities" if [ ! -f $XEN_CAPS ] || [ "$(cat $XEN_CAPS)" != "control_d" ]; then cat <<-EOD >&2 --- --- INFO: --- Old xend managed domains detected but currently not running in Xen dom0. Conversion aborted. You can run the conversion later by calling $(basename $0) EOD exit 0 fi if [ "$(ps ax|grep xend|grep -v migrate|grep -v grep)" != "" ]; then cat <<-EOD >&2 --- --- INFO: --- The old toolstack (xend/xm) seems to be running. This toolstack is deprecated and will be removed in Xen-4.5. Please switch to the xl toolstack as soon as possible. The old xend managed domains can be migrated to libvirt later by calling $(basename $0)". EOD exit 0 fi # # Can libvirt be contacted? Found that sometimes it does not yet seem to be # up after a restart. # if ! virsh -c xen:/// version >/dev/null 2>&1; then sleep 5 if ! virsh -c xen:/// version >/dev/null 2>&1; then cat <<-EOD >&2 --- --- WARNING --- Atempted convestion of xend managed domains could not be done as libvirt did not seem to start correctly. You can manually start the migration ilater by calling $(basename $0). EOD exit 0 fi fi if [ -f /var/lib/libvirt/xend-migration-done ]; then exit 0 fi if [ $(id -u) -ne 0 ]; then echo "$(basename $0) must be executed by root" >&2 exit 1 fi GUEST_LIST="$(virsh -c xen:/// list --all|awk 'FNR>2{print $2}')" cat <&2 --- --- Info: --- Trying to migrate guests that were provided through xend managed domains before. That conversion might not be complete. Please verify the resulting guest definitions. EOD for DOM_UUID in $(ls -1 "${XEND_GUEST_DIR}"); do CFG_FILE="${XEND_GUEST_DIR}/${DOM_UUID}/config.sxp" if [ ! -f "${CFG_FILE}" ]; then continue fi NAME=$(awk '/name_label/{print substr($2, 1, length($2)-1)}' $CFG_FILE) if [ "$(echo $GUEST_LIST|grep $NAME)" != "" ]; then echo "Domain $NAME already defined. Skipping..." continue fi # # Replace any occurrence of device_model with "qemu-xen". This # is more or less convenience right now as libvirt does not use # that information. It probably should get mapped to # device_model_version and then is either qemu-xen (default) or # qemu-xen-traditional. # awk ' /device_model/{ sub(/_model.*/, "_model qemu-xen)") } { print }' $CFG_FILE >/tmp/$NAME.sxpr virsh -c xen:/// domxml-from-native xen-sxpr /tmp/$NAME.sxpr | # # Not sure how those lines get generated, but any specific # vif#.# as a target device cannot be right. # # The other problem is file based virtual disks. The conversion # creates a driver name line that does prove fatal as it causes # libxl to try blktap. # awk ' /target dev=.vif/{ next } /driver name=.file./{ next } { print } ' >/tmp/$NAME.xml virsh -c xen:/// define /tmp/$NAME.xml rm /tmp/$NAME.xml /tmp/$NAME.sxpr done >&2 touch /var/lib/libvirt/xend-migration-done exit 0 debian/control0000664000000000000000000001072113234353021010570 0ustar Source: libvirt Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Libvirt Maintainers Uploaders: Guido Günther , Laurent Léonard Build-Depends: cdbs (>= 0.4.90~), debhelper (>= 7), dh-autoreconf, libxml2-dev, libncurses5-dev, libreadline-dev, zlib1g-dev, libgnutls-dev, libgcrypt11-dev, libavahi-client-dev, libsasl2-dev, libxen-dev [i386 amd64], lvm2 [linux-any], open-iscsi-utils, libgcrypt11-dev, libparted0-dev (>= 2.2), parted (>= 2.2), libdevmapper-dev [linux-any], uuid-dev, libudev-dev [linux-any], libhal-dev [!linux-any], libpciaccess-dev, module-init-tools [linux-any], policykit-1 (>= 0.105-3ubuntu3), libpolkit-gobject-1-dev (>= 0.105-3ubuntu3), libcap-ng-dev [linux-any], libnl-3-dev, libnl-route-3-dev, libyajl-dev, libpcap0.8-dev, libnuma-dev [amd64 i386 ia64 mips mipsel powerpc ppc64el], radvd [linux-any], libnetcf-dev [linux-any], libaudit-dev [linux-any], nfs-common, # For "make check" dwarves, libxml2-utils, libapparmor-dev, dnsmasq-base, openssh-client, netcat-openbsd, librbd-dev Build-Conflicts: dpkg-dev (= 1.15.3) Homepage: http://libvirt.org Standards-Version: 3.9.4 X-Python-Version: >= 2.7 Package: libvirt-bin Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, bridge-utils, cgroup-lite | cgroup-bin, dnsmasq-base (>= 2.46-1), dbus, gettext-base, iptables (>= 1.4.10), libvirt0 (= ${binary:Version}), logrotate, netcat-openbsd Enhances: qemu, qemu-kvm, xen Section: admin Recommends: libxml2-utils, gawk, ebtables, dmidecode, iproute, parted, pm-utils Suggests: policykit-1 (>= 0.105-3ubuntu3), apparmor, qemu-kvm | qemu (>= 0.9.1), radvd Breaks: xen-utils-4.1, xen-utils-4.3, qemu-kvm (<< 2.0.0+dfsg-2ubuntu1.38~), qemu (<< 2.0.0+dfsg-2ubuntu1.38~) Conflicts: apparmor (<< 2.8.95~2430-0ubuntu4) Description: programs for the libvirt library Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the supporting binaries to use with libvirt Package: libvirt0 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Suggests: lvm2 [linux-any] Description: library for interfacing with different virtualization systems Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. Package: libvirt0-dbg Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libvirt0 (= ${binary:Version}) Priority: extra Section: debug Description: library for interfacing with different virtualization systems Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the debugging symbols. Package: libvirt-doc Architecture: all Section: doc Depends: ${misc:Depends} Suggests: devhelp Description: documentation for the libvirt library Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the documentation. Package: libvirt-dev Architecture: any Section: libdevel Depends: ${misc:Depends}, libvirt0 (= ${binary:Version}), libxen-dev [i386 amd64] Recommends: pkg-config Replaces: libvirt-bin (<< 1.2.0~) Description: development files for the libvirt library Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the header files and static libraries which are needed for developing the applications with libvirt. debian/libvirt-doc.doc-base.libvirt-doc0000664000000000000000000000035713153254344015233 0ustar Document: libvirt-doc Title: Libvirt the virtualization API Abstract: Local copy of the web site of libvirt Section: System/Administration Format: HTML Index: /usr/share/doc/libvirt-doc/intro.html Files: /usr/share/doc/libvirt-doc/*.html debian/libvirt-bin.init0000775000000000000000000001172513154235025012307 0ustar #! /bin/sh # # Init script for libvirtd # # (c) 2007 Guido Guenther # based on the skeletons that comes with dh_make # ### BEGIN INIT INFO # Provides: libvirt-bin libvirtd # Required-Start: $network $local_fs $remote_fs $syslog # Required-Stop: $local_fs $remote_fs $syslog # Should-Start: hal avahi cgconfig # Should-Stop: hal avahi cgconfig # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: libvirt management daemon ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/libvirtd NAME=libvirtd DESC="libvirt management daemon" export PATH test -x $DAEMON || exit 0 . /lib/lsb/init-functions PIDFILE=/var/run/$NAME.pid DODTIME=1 # Time to wait for the server to die, in seconds # Include libvirtd defaults if available if [ -f /etc/default/libvirt-bin ] ; then . /etc/default/libvirt-bin fi check_start_libvirtd_option() { if [ ! "$start_libvirtd" = "yes" ]; then log_warning_msg "Not starting libvirt management daemon libvirtd, disabled via /etc/default/libvirt-bin" return 1 else return 0 fi } running_pid() { # Check if a given process pid's cmdline matches a given name pid=$1 name=$2 [ -z "$pid" ] && return 1 [ ! -d /proc/$pid ] && return 1 cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` # Is this the expected child? [ "$cmd" != "$name" ] && return 1 return 0 } running() { # Check if the process is running looking at /proc # (works for all users) # No pidfile, probably no daemon present [ ! -f "$PIDFILE" ] && return 1 # Obtain the pid and check it against the binary name pid=`cat $PIDFILE` running_pid $pid $DAEMON || return 1 return 0 } force_stop() { # Forcefully kill the process [ ! -f "$PIDFILE" ] && return if running ; then kill -15 $pid # Is it really dead? [ -n "$DODTIME" ] && sleep "$DODTIME"s if running ; then kill -9 $pid [ -n "$DODTIME" ] && sleep "$DODTIME"s if running ; then echo "Cannot kill $LABEL (pid=$pid)!" exit 1 fi fi fi rm -f $PIDFILE return 0 } wait_on_sockfile() { unix_sock_dir="/var/run/libvirt" eval "$(grep '^unix_sock_dir' /etc/libvirt/libvirtd.conf | tr -d ' ')" sockfile=${unix_sock_dir}/libvirt-sock count=0 while [ ! -S $sockfile ] ; do # report to wait after 4 seconds (uncommon) and then every 60 seconds if [ "$((count % 60))" = "3" ]; then echo "waiting for ${sockfile}." fi if ! running ; then # stop/restart/force-stop event triggered before sockfile is created echo "service requested to stop, exit wait_on_sockfile" exit 1 fi count=$((count+1)) sleep 1 done echo "$sockfile ready." return 0 } case "$1" in start) if check_start_libvirtd_option; then log_daemon_msg "Starting $DESC" "$NAME" if running ; then log_progress_msg "already running" log_end_msg 0 exit 0 fi rm -f /var/run/libvirtd.pid start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON -- $libvirtd_opts wait_on_sockfile if running; then log_end_msg 0 else log_end_msg 1 fi fi ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" if ! running ; then log_progress_msg "not running" log_end_msg 0 exit 0 fi start-stop-daemon --stop --quiet --pidfile $PIDFILE \ --exec $DAEMON log_end_msg 0 ;; force-stop) log_daemon_msg "Forcefully stopping $DESC" "$NAME" force_stop if ! running; then log_end_msg 0 else log_end_msg 1 fi ;; restart) if check_start_libvirtd_option; then log_daemon_msg "Restarting $DESC" "$DAEMON" start-stop-daemon --oknodo --stop --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON [ -n "$DODTIME" ] && sleep $DODTIME start-stop-daemon --start --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON -- $libvirtd_opts if running; then log_end_msg 0 else log_end_msg 1 fi fi ;; reload|force-reload) if running; then log_daemon_msg "Reloading configuration of $DESC" "$NAME" start-stop-daemon --stop --signal 1 --quiet --pidfile \ /var/run/$NAME.pid --exec $DAEMON log_end_msg 0 else log_warning_msg "libvirtd not running, doing nothing." fi ;; status) log_daemon_msg "Checking status of $DESC" "$NAME" if running ; then log_progress_msg "running" log_end_msg 0 else log_progress_msg "not running" log_end_msg 1 if [ -f "$PIDFILE" ] ; then exit 1 else exit 3 fi fi ;; *) N=/etc/init.d/libvirt-bin echo "Usage: $N {start|stop|restart|reload|force-reload|status|force-stop}" >&2 exit 1 ;; esac exit 0 debian/libvirt0.symbols0000664000000000000000000000337113153725071012345 0ustar libvirt.so.0 libvirt0 #MINVER# *@LIBVIRT_0.0.3 0.0.3 *@LIBVIRT_0.0.5 0.0.5 *@LIBVIRT_0.1.0 0.1.0 *@LIBVIRT_0.1.1 0.1.1 *@LIBVIRT_0.1.4 0.1.4 *@LIBVIRT_0.1.5 0.1.5 *@LIBVIRT_0.1.9 0.1.9 *@LIBVIRT_0.2.0 0.2.0 *@LIBVIRT_0.2.1 0.2.1 *@LIBVIRT_0.2.3 0.2.3 *@LIBVIRT_0.3.0 0.3.0 *@LIBVIRT_0.3.2 0.3.2 *@LIBVIRT_0.3.3 0.3.3 *@LIBVIRT_0.4.0 0.4.0 *@LIBVIRT_0.4.1 0.4.1 *@LIBVIRT_0.4.2 0.4.2 *@LIBVIRT_0.4.5 0.4.5 *@LIBVIRT_0.5.0 0.5.0 *@LIBVIRT_0.6.0 0.6.0 *@LIBVIRT_0.6.1 0.6.1 *@LIBVIRT_0.6.3 0.6.3 *@LIBVIRT_0.6.4 0.6.4 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.6.5 0.6.5 *@LIBVIRT_0.7.0 0.7.0 *@LIBVIRT_0.7.1 0.7.1 *@LIBVIRT_0.7.2 0.7.2 *@LIBVIRT_0.7.3 0.7.3 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.7.4 0.7.4 *@LIBVIRT_0.7.5 0.7.5 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.7.6 0.7.6 *@LIBVIRT_0.7.7 0.7.7 *@LIBVIRT_0.8.0 0.8.0 *@LIBVIRT_0.8.1 0.8.1 *@LIBVIRT_0.8.2 0.8.2 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.8.3 0.8.3 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.8.4 0.8.4 *@LIBVIRT_0.8.5 0.8.5 *@LIBVIRT_0.8.6 0.8.6 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_0.8.7 0.8.7 *@LIBVIRT_0.8.8 0.8.8 *@LIBVIRT_0.9.0 0.9.0~rc1 *@LIBVIRT_0.9.1 0.9.1 *@LIBVIRT_0.9.2 0.9.2 *@LIBVIRT_0.9.3 0.9.3 *@LIBVIRT_0.9.4 0.9.4~rc1 *@LIBVIRT_0.9.5 0.9.6 *@LIBVIRT_0.9.7 0.9.7~rc1 *@LIBVIRT_0.9.8 0.9.8~rc1 *@LIBVIRT_PRIVATE_0.9.8 0.9.8~rc1 libvirt-qemu.so.0 libvirt0 #MINVER# *@LIBVIRT_QEMU_0.8.3 0.8.3 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_QEMU_0.8.4 0.8.4 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_QEMU_0.8.5 0.8.5 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_QEMU_0.8.6 0.8.6 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_QEMU_0.8.7 0.8.7 #MISSING: 0.8.8-1# (symver|optional)LIBVIRT_QEMU_0.8.8 0.8.8 *@LIBVIRT_QEMU_0.9.4 0.9.4~rc1 debian/changelog0000664000000000000000000061757613467340175011102 0ustar libvirt (1.2.2-0ubuntu13.1.28) trusty-security; urgency=medium * SECURITY UPDATE: Add support for md-clear functionality - debian/patches/md-clear.patch: Define md-clear CPUID bit in src/cpu/cpu_map.xml. - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 -- Steve Beattie Thu, 16 May 2019 12:56:28 -0700 libvirt (1.2.2-0ubuntu13.1.27) trusty-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers Wed, 23 May 2018 14:23:45 -0400 libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Bypass authentication - debian/patches/CVE-2016-5008.patch: let empty default VNC password work as documented in src/qemu/qemu_hotplug.c. - CVE-2016-5008 -- Leonidas S. Barbosa Fri, 16 Feb 2018 07:51:15 -0500 libvirt (1.2.2-0ubuntu13.1.25) trusty-security; urgency=medium * SECURITY UPDATE: Add support for Spectre mitigations - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for indirect branch prediction protection and add new *-IBRS CPU models. - debian/control: add Breaks to get updated qemu with new CPU models. - CVE-2017-5715 -- Marc Deslauriers Thu, 01 Feb 2018 15:00:47 -0500 libvirt (1.2.2-0ubuntu13.1.23) trusty; urgency=medium * d/libvirt-bin.init, d/libvirt-bin.upstart: fix waiting for the libvirt socket (LP: #1571209) - avoid timing out on slow systems (only stop when service is stopped) - fix whitespace damage formerly added to d/libvirt-bin.init - no more long sleep without announcing to log - check socket and service status more often for lower latency on changes - fix check if unix_sock_dir path is set in /etc/libvirt/libvirtd.conf - fix the upstart service name that is checked -- Christian Ehrhardt Thu, 07 Sep 2017 14:22:45 +0200 libvirt (1.2.2-0ubuntu13.1.22) trusty; urgency=medium * fix guest channel support (LP: #1393842). - d/p/virt-aa-helper-add-trusty-guest-agent-rule.patch: add apparmor rule for channels within guest namespace. - d/libvirt-bin.postinst: create channel directories if needed. -- Christian Ehrhardt Mon, 28 Aug 2017 12:14:08 +0200 libvirt (1.2.2-0ubuntu13.1.21) trusty; urgency=medium * d/libvirt-bin.postinst: call apparmor_parser with options to ignore the apparmor cache and rebuild it, otherwise old apparmor rules are used and this might break upgrades (LP: #1707400) -- Andreas Hasenack Tue, 01 Aug 2017 11:58:38 -0300 libvirt (1.2.2-0ubuntu13.1.20) trusty; urgency=medium [ Rafael David Tinoco ] * d/p/reject-blockcommit-of-active-layer.patch: Block commit code isn't ready for QEMU 2.0 and has to be blocked. This avoids virsh to hang forever on blackcommit jobs. (LP: #1317491) -- Christian Ehrhardt Wed, 22 Feb 2017 09:44:02 +0100 libvirt (1.2.2-0ubuntu13.1.17) trusty; urgency=medium * d/p/fix-util-don-t-fail-if-no-portdata-is-found.patch: make ovs-vsctl not raise error if there's no portData available. (LP: #1540537). -- Jorge Niedbalski Thu, 04 Feb 2016 16:58:31 +0100 libvirt (1.2.2-0ubuntu13.1.16) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via incorrect ACL check handling - debian/patches/CVE-2014-8136.patch: properly unlock vm on failed ACL check in src/qemu/qemu_driver.c. - CVE-2014-8136 * SECURITY UPDATE: VNC password leak via snapshots and save images - debian/patches/CVE-2015-0236.patch: check ACLs when dumping security info in src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - CVE-2015-0236 * SECURITY UPDATE: ACL bypass using storage pool directory traversal - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in src/storage/storage_backend_fs.c. - CVE-2015-5313 * This package does _not_ contain the changes from 1.2.2-0ubuntu13.1.15 in trusty-proposed. -- Marc Deslauriers Fri, 08 Jan 2016 10:03:14 -0500 libvirt (1.2.2-0ubuntu13.1.14) trusty; urgency=medium [ Seyeong Kim ] * d/p/fix_libvirtd_killed_by_sigsegv.patch: fix incorrect backport (LP: #1464175) -- Chris J Arges Wed, 08 Jul 2015 10:52:41 -0500 libvirt (1.2.2-0ubuntu13.1.13) trusty; urgency=medium [ Seyeong Kim ] * virObjectUnref() libvirtd killed by SIGSEGV (LP: #1464175) - upstream, util: identity: Harden virIdentitySetCurrent() - upstream, daemon: Clear fake domain def object that is used to check ACL prior to use - upstream, rpc: Don't unref identity object while callbacks still can be executed [ Edward Hope-Morley ] * Add post-start to upstart (/etc/init/libvirt-bin.conf) and sysv (/etc/init.d/libvirt-bin) to ensure libvirt-sock created before up (LP: #1455608) * Re-enable Support-incoming-migration-from-13.10-hosts.patch. (LP: #1425619) -- Chris J Arges Wed, 01 Jul 2015 09:07:08 -0500 libvirt (1.2.2-0ubuntu13.1.12) trusty-proposed; urgency=medium * Drop Support-incoming-migration-from-13.10-hosts.patch as it failed verification. -- Serge Hallyn Thu, 18 Jun 2015 14:21:06 -0500 libvirt (1.2.2-0ubuntu13.1.11) trusty-proposed; urgency=medium * Support-incoming-migration-from-13.10-hosts.patch (LP: #1425619) * qemu-filterref-crash.patch: fix crash when removing filterref from interfaces (LP: #1448205) * storage_backend_rbd-correct-arg-order-to-rbd_create3: fix reversed arguments to rbd_create3. (LP: #1447030) -- Serge Hallyn Wed, 13 May 2015 11:06:11 -0500 libvirt (1.2.2-0ubuntu13.1.10) trusty-proposed; urgency=medium * 9035-qemu-snapshot-save-persistent-domain-config: upstream fix for a regression where persistent domain config was not saved after an external snapshot. (LP: #1403841) * 9036-dont-fail-without-cpu-model.patch: fix virsh safe with cpu mode = host-passthrough (LP: #1262641) -- Serge Hallyn Tue, 10 Feb 2015 14:34:16 -0600 libvirt (1.2.2-0ubuntu13.1.9) trusty-proposed; urgency=medium * apparmor libvirt-qemu template: allow reading charm-specific ceph config and allow reading under /tmp and /var/tmp (for SRU only) (LP: #1403648) * numa-cgroups-fix-cpuset-mems-init.patch - cherrypicked, refreshed patch (by Richard Laager) to fix failure to start on numa node 1 (LP: #1404388) * libvirt-qemu: add r to sgabios.bin (LP: #1393548) -- Serge Hallyn Tue, 06 Jan 2015 10:39:15 -0600 libvirt (1.2.2-0ubuntu13.1.8) trusty-proposed; urgency=medium * complete the 9p support: (LP: #1378434) - libvirt-qemu: add fowner and fsetid - virt-aa-helper: add 'l' to 9p file options * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r (LP: #1374554) * add mising apparmor permissions for slof (LP: #1374554) -- Serge Hallyn Tue, 11 Nov 2014 16:39:22 -0600 libvirt (1.2.2-0ubuntu13.1.7) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via virConnectListAllDomains - debian/patches/CVE-2014-3633.patch: fix domain deadlock in src/conf/domain_conf.c. - CVE-2014-3633 * SECURITY UPDATE: xml information leak with read-only connections - debian/patches/CVE-2014-7823.patch: check for migratable flag in src/libvirt.c, src/remote/remote_protocol.x. - CVE-2014-3657 -- Marc Deslauriers Mon, 10 Nov 2014 19:48:54 -0500 libvirt (1.2.2-0ubuntu13.1.6) trusty-proposed; urgency=medium * 9029-ovs-delete-port-if-it-exists-when-adding-new-one: cherrypick commit 33445ce from upstream (LP: #1343262) * fix migration failure with ssh password authentication (LP: #1365947) - 9030-virsh-add-keepalive-in-new-vshconnect-fn - 9031-cmdmigrate-move-vshconnect-before-vshwatchjob - 9032-virsh-initialize-vsh-data-in-cmdmigrate * libvirt-bin.postinst: check for confiles whichhave been removed rather than fail package install (LP: #1375910) * Support incoming migration from 12.04 hosts (LP: #1374622) - debian/patches/support-incoming-qemu-kvm: add a flag to /etc/libvirt/qemu.conf to specify whether pc-1.0 came from a 12.04 host - Add a note in README.Debian. -- Serge Hallyn Tue, 30 Sep 2014 13:54:31 -0500 libvirt (1.2.2-0ubuntu13.1.5) trusty-security; urgency=medium * SECURITY UPDATE: denial of service and possible information disclosure via crafted XML document - debian/patches/CVE-2014-0179.patch: don't expand entities when parsing XML in src/util/virxml.c. - CVE-2014-0179 - CVE-2014-5177 * SECURITY UPDATE: denial of service or information disclosure via virDomainGetBlockIoTune - debian/patches/CVE-2014-3633.patch: use correct definition when looking up disk in src/qemu/qemu_driver.c. - CVE-2014-3633 -- Marc Deslauriers Mon, 29 Sep 2014 15:27:53 -0400 libvirt (1.2.2-0ubuntu13.1.4) trusty-proposed; urgency=medium * debian/apparmor/usr.sbin.libvirtd - add cap-sys-resource to fully fix (LP: #1276719) -- Serge Hallyn Thu, 07 Aug 2014 12:46:22 -0500 libvirt (1.2.2-0ubuntu13.1.3) trusty-proposed; urgency=medium * 9026-fix-apparmor-profile-for-vfio-pci-passthrough - allow VFIO passthrough (LP: #1276719) * 9027-virt-aa-helper-allow-access-to-vhost-net - allow access to /dev/vhost-net if domain needs it (LP: #1322568) -- Serge Hallyn Thu, 31 Jul 2014 20:14:22 +0000 libvirt (1.2.2-0ubuntu13.1.2) trusty; urgency=low * debian/apparmor/usr.sbin.libvirtd: allow libvirtd to run libxl-save-helper (required for save restore through libxl). (LP: #1334195) * debian/apparmor/usr.sbin.libvirtd: allow pygrub to be run (LP: #1326003) * debian/patches/libxl-Support-PV-consoles.patch Enable console support for PV guests (LP: #1334738) -- Stefan Bader Thu, 26 Jun 2014 16:03:42 +0200 libvirt (1.2.2-0ubuntu13.1.1) trusty-proposed; urgency=medium * debian/apparmor/libvirt-qemu: add device-tree access for ppc (LP: #1321365) -- Serge Hallyn Thu, 05 Jun 2014 11:26:22 -0500 libvirt (1.2.2-0ubuntu13.1) trusty-proposed; urgency=medium * debian/control: change apparmor dependency into an inverse conflicts, so that libvirt can continue to be used without apparmor. (LP: #1304167) -- Serge Hallyn Thu, 17 Apr 2014 10:42:08 -0500 libvirt (1.2.2-0ubuntu13) trusty; urgency=medium * Add a dependency on the new apparmor to make sure we have the new parser around before we attempt to load a profile requiring the new stanza support. (LP: #1304167) -- Serge Hallyn Mon, 14 Apr 2014 11:03:37 -0500 libvirt (1.2.2-0ubuntu12) trusty; urgency=low * d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch: Allow to use libvirt to convert xend guest configurations into xml format. * Add libvirt-migrate-xend-managed-domains migration script. (LP: #1303886) * Added breaks for xen-utils-4.(1|3) to ensure postinst order. -- Stefan Bader Tue, 08 Apr 2014 19:55:29 +0200 libvirt (1.2.2-0ubuntu11) trusty; urgency=medium * debian/patches/recognize-trusty-machine-type.patch: Revert patch since it was causing issues with virtio deivces. (LP: #1304107) -- Chuck Short Tue, 08 Apr 2014 12:51:55 -0400 libvirt (1.2.2-0ubuntu10) trusty; urgency=medium * d/p/recognize-trusty-machine-type.patch: handle "trusty" qemu machine type (LP: #1294823) -- Serge Hallyn Fri, 04 Apr 2014 09:29:22 -0500 libvirt (1.2.2-0ubuntu9) trusty; urgency=medium [ Jamie Strandboge ] * updates for AppArmor signals and ptrace mediation (LP: #1298611) - debian/apparmor/libvirt-qemu: allow guests to receive signals from and be tracedby libvirtd (additional signal and ptrace rules come from the AppArmor base abstraction) - debian/apparmor/usr.sbin.libvirtd: + grant bare signal and ptrace rule + grant dbus on the system bus (should have been added in 13.10) -- Tyler Hicks Thu, 03 Apr 2014 02:09:53 -0500 libvirt (1.2.2-0ubuntu8) trusty; urgency=medium * debian/apparmor/libvirt-qemu: Allow qemu-system-aarch64 to be used. (LP: #1301516) -- Chuck Short Wed, 02 Apr 2014 14:20:39 -0400 libvirt (1.2.2-0ubuntu7) trusty; urgency=low * d/p/libxl-Create-log-directory-earlier.patch: Move creation of log directory inside function that tries to create a log file inside of it. Fixes startup when the libxl log directory has not been created, yet. * d/p/libxl-do-not-use-virdomain-id.patch: Replace usage of dom->id with vm->def-id inside the driver (as that is not getting stale). Fixes guest creation and reboot through virt-manager (apart from possibly other things). * d/p/libxl-set-disk-format-for-cdrom.patch: Set disk format, otherwise an empty virtual CDROM makes the guest unstartable. * d/p/libxl-set-vfb0-data-in-build-config.patch: Actually set video and display data in the domain build info. Beside of preventing disagreement about VNC ports, this allows to select standard VGA graphics and more VRAM trhough libvirt. -- Stefan Bader Thu, 27 Mar 2014 16:46:31 +0100 libvirt (1.2.2-0ubuntu6) trusty; urgency=medium * debian/libvirt-bin.dirs: Add /var/log/libvirt/libxl. -- Chuck Short Mon, 24 Mar 2014 14:32:54 -0400 libvirt (1.2.2-0ubuntu5) trusty; urgency=low * Refreshed d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch to avoid logging an error when file is not present. -- Stefan Bader Fri, 21 Mar 2014 09:49:36 +0100 libvirt (1.2.2-0ubuntu4) trusty; urgency=medium * debian/patches/arm-cpu-baseline.patch: Implement a stub cpuArchDriver.baseline() handler for arm. -- Chuck Short Mon, 17 Mar 2014 10:59:49 -0400 libvirt (1.2.2-0ubuntu3) trusty; urgency=low * d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch: Prevent using the libxl driver when not running in dom0 but having xenfs mounted. (LP: #1248025) -- Stefan Bader Wed, 12 Mar 2014 14:16:14 +0100 libvirt (1.2.2-0ubuntu2) trusty; urgency=medium * d/p/add-a-mutex-to-serialize-updates-to-fw.patch: fix another deadlock when starting a large number of VMs. (LP: #1228977) -- Serge Hallyn Tue, 11 Mar 2014 14:08:02 -0500 libvirt (1.2.2-0ubuntu1) trusty; urgency=medium * New upstream release: - Rediffed patches: - debian/patches/Allow-libvirt-group-to-access-the-socket.patch - debian/patches/9004-libvirtd-group-name.patch - debian/patches/dnsmasq-as-priv-user - Dropped patches: - debian/patches/9005-increase-unix-socket-timeout.patch: No longer needed. - debian/patches/rbd-storage-format.patch: No longer needed. - debian/patches/9022-qemu-enable-host-passthrough-mode-for-aarch64: No longer needed. - debian/patches/9023-xen-fix-parsing-xend-http-response.patch: No longer needed. - debian/patches/ -- Chuck Short Mon, 03 Mar 2014 13:30:36 -0500 libvirt (1.2.1-0ubuntu10) trusty; urgency=medium * Pull patch from mailing list (merged with separate patch posted to the bug) to fix 9p mounts. (LP: #1285995) -- Serge Hallyn Fri, 28 Feb 2014 09:34:54 -0600 libvirt (1.2.1-0ubuntu9) trusty; urgency=medium * Cherrypick 9024-qemu-implement-a-stub-baseline-handler-for-aarch64 from upstream git. -- Serge Hallyn Fri, 14 Feb 2014 18:20:03 -0600 libvirt (1.2.1-0ubuntu8) trusty; urgency=medium * Add uvtool image path to virt-aa-helper AppArmor profile. -- Robie Basak Fri, 14 Feb 2014 17:54:58 +0000 libvirt (1.2.1-0ubuntu7) trusty; urgency=low * debian/patches/nwfilter-locking.patch: Dropped causes ftbfs. -- Chuck Short Thu, 13 Feb 2014 10:07:56 -0700 libvirt (1.2.1-0ubuntu6) trusty; urgency=medium * debian/control: Move pm-utils from suggests to Recommends. (LP: #1274772) * debian/patches/patches/nwfilter-locking.patch: Fix nwfilter locking causing libvirt to crash. (LP: #1228977) -- Chuck Short Thu, 06 Feb 2014 14:27:40 -0500 libvirt (1.2.1-0ubuntu5) trusty; urgency=low * cherry-pick "xen: fix parsing xend http response" from upstream git to fix connecting to xex in xm/xend mode (LP: #915954) -- Stefan Bader Thu, 30 Jan 2014 10:05:31 +0000 libvirt (1.2.1-0ubuntu4) trusty; urgency=medium * cherrypick d/p/9022-qemu-enable-host-passthrough-mode-for-aarch64 from upstream git. -- Serge Hallyn Tue, 28 Jan 2014 10:28:09 +0000 libvirt (1.2.1-0ubuntu3) trusty; urgency=medium * d/control: add nfs-common to build-deps (LP: #1264955) -- Serge Hallyn Wed, 22 Jan 2014 08:56:01 -0600 libvirt (1.2.1-0ubuntu2) trusty; urgency=medium * debian/patches/rbd-storage-format.patch: Make image format 2 the default for RBD. -- Chuck Short Fri, 17 Jan 2014 10:31:37 -0500 libvirt (1.2.1-0ubuntu1) trusty; urgency=medium * New upstream release: - Dropped patches: + debian/patches/0001-libxl-Fix-devid-init-in-libxlMakeNicList.patch: No longer needed + debian/patches/0001-libxl-Fix-initialization-of-nictype-in-libxl_device_.patch: No longer needed. -- Chuck Short Thu, 16 Jan 2014 09:17:20 -0500 libvirt (1.2.0-0ubuntu3) trusty; urgency=medium * debian/apparmor/usr.lib.libvirt.virt-aa-helper: add /var/lib/nova/instances/snapshots/** r to allow virt-aa-helper to read the snapshot directory to find images which VMs should be granted access to. (LP: #1244694) -- Serge Hallyn Thu, 09 Jan 2014 16:39:13 -0600 libvirt (1.2.0-0ubuntu2) trusty; urgency=low * Refresh/fix detection of xm/xl toolstack in use. The previous port had two glitches, one of them causing the daemon to segfault. * Cherry-pick "libxl: Fix initialization of nictype in libxl_device_nic" from upstream to have the same default NIC choice with the libxl driver as we had with the xen(d) driver (HVM guest uses a emulated rtl8139). * Cherry-pick "libxl: Fix devid init in libxlMakeNicList" from upstream to allow HVM guests to be brought up from the libxl driver. -- Stefan Bader Thu, 09 Jan 2014 11:19:07 +0100 libvirt (1.2.0-0ubuntu1) trusty; urgency=low * New upstream release: - Refreshed patches: + debian/patches/storage-default-permission-mode-to-0711 - Dropped patches: + debian/patches/util_use_w_flag_when_calling_iptables.patch * debian/control, debian/rules, debian/python.mk, debian/python-libvirt.install: python libvirt bindings have been split out into its own source called libvirt-python. * debian/libvirt-dev.install: Install API files into dev package -- Chuck Short Mon, 02 Dec 2013 09:56:17 -0500 libvirt (1.1.4-0ubuntu5) trusty; urgency=medium * Build using dh-autoreconf. * Enable numa support on ppc64 and ppc64el. -- Matthias Klose Sun, 22 Dec 2013 15:55:04 +0100 libvirt (1.1.4-0ubuntu4) trusty; urgency=low * debian/libvirt-dev.install: Add missing libvirt-lxc.so. -- Chuck Short Thu, 21 Nov 2013 13:10:58 -0500 libvirt (1.1.4-0ubuntu3) trusty; urgency=low * d/p/accomodate-new-qemu-migration-status-setup.patch: work around libvirt's not yet knowing of qemu's new migration state, 'setup'. This can be removed when upstream libvirt has a proper patch. QRT fails without this. -- Serge Hallyn Thu, 14 Nov 2013 08:41:07 -0600 libvirt (1.1.4-0ubuntu2) trusty; urgency=low * debian/patches/9002-better_default_uri_virsh.patch: Update to fix the FTBFS. -- Chuck Short Wed, 13 Nov 2013 11:04:29 -0500 libvirt (1.1.4-0ubuntu1) trusty; urgency=low [ Chuck Short ] * New upstream version: - Rediffed patches: + d/p/Don-t-enable-default-network-on-boot.patch + d/p/ubuntu-xend-probe.patch + d/p/Don-t-fail-if-we-can-t-setup-avahi.patch + d/p/Disable-failing-virnetsockettest.patch + d/p/Don-t-enable-default-network-on-boot.patch - Dropped patches: + d/p/v1.1.1-maint/0001-xen-fix-memory-corruption-in-legacy-driver.patch + d/p/v1.1.1-maint/0002-qemu_migration-Don-t-error-on-tunelled-migration-wit.patch + d/p/v1.1.1-maint/0003-build-fix-configure-detection-of-if_bridge.h-on-RHEL.patch + d/p/v1.1.1-maint/0004-remote-Fix-a-segfault-in-remoteDomainCreateWithFlags.patch + d/p/v1.1.1-maint/0005-Revert-build-fix-configure-detection-of-if_bridge.h-.patch + d/p/v1.1.1-maint/0006-build-more-workarounds-for-if_bridge.h.patch + d/p/v1.1.1-maint/0007-Fix-qemuProcessReadLog-with-non-zero-offset.patch + d/p/v1.1.1-maint/0008-Reverse-logic-allowing-partial-DHCP-host-XML.patch + d/p/v1.1.1-maint/0009-virsh-domain-Fix-memleak-in-cmdUndefine-with-storage.patch + d/p/v1.1.1-maint/0010-virsh-domain-Fix-memleak-in-cmdCPUBaseline.patch + d/p/v1.1.1-maint/0011-virbitmap-Refactor-virBitmapParse-to-avoid-access-be.patch + d/p/CVE-2013-4296.patch + d/p/CVE-2013-4311.patch + d/p/CVE-2013-4297.patch + d/p/fix-crash-in-libvirtd-when-events + d/p/security-provide-supplemental-groups + d/p/add-bounds-checking-on-virdomainmigrate + d/p/xen-use-internal-interfaces-in-xendomainusedcpus + d/p/fix-remote-client-segfault.patch + d/p/ubuntu-xend-xmlcreate-double-free.patch + d/p/9002-better_default_uri_virsh.patch [ Serge Hallyn ] * update and re-add d/p/9002-better_default_uri_virsh.patch. Also patch new uri-precedence test, as we break it with this patch. * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322) * debian/apparmor/libvirt-qemu: allow access to hugepages mounts (LP: #1250216) * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251) -- Chuck Short Mon, 11 Nov 2013 11:03:06 -0500 libvirt (1.1.1-0ubuntu9) trusty; urgency=low * debian/apparmor/usr.sbin.libvirtd: add audit_write capability (LP: #1204616) -- Serge Hallyn Wed, 23 Oct 2013 14:09:04 -0500 libvirt (1.1.1-0ubuntu8) saucy; urgency=low * SECURITY UPDATE: denial of service via invalid free in virFileNBDDeviceAssociate. - debian/patches/CVE-2013-4297.patch: properly initialize qemunbd in src/util/virfile.c. - CVE-2013-4297 -- Marc Deslauriers Wed, 02 Oct 2013 13:35:14 -0400 libvirt (1.1.1-0ubuntu7) saucy; urgency=low * fix-crash-in-libvirtd-when-events: make sure to remove all event callbacks when a client disconnects from libvirtd. -- Serge Hallyn Wed, 02 Oct 2013 08:14:53 -0500 libvirt (1.1.1-0ubuntu6) saucy; urgency=low * SECURITY UPDATE: possible privilege escalation via pkcheck race. - debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in configure.ac, daemon/remote.c, src/access/viraccessdriverpolkit.c, src/rpc/virnetserverclient.c, src/util/viridentity.*. - debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and DEB_AUTO_UPDATE_AUTOHEADER. - debian/control: specify version of policykit-1 security update, add libpolkit-gobject-1-dev to Build-Depends. - CVE-2013-4311 * SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats - debian/patches/CVE-2013-4296.patch: properly initialize stats in daemon/remote.c. - CVE-2013-4296 -- Marc Deslauriers Tue, 24 Sep 2013 19:25:55 -0400 libvirt (1.1.1-0ubuntu5) saucy; urgency=low * add-bounds-checking-on-virdomainmigrate: upstream patch for CVE-2013-4292 * security-provide-supplemental-groups: upstream patch for CVE-2013-4291 -- Serge Hallyn Mon, 09 Sep 2013 13:16:43 -0500 libvirt (1.1.1-0ubuntu4) saucy; urgency=low * apply all patches from v1.1.1-maint * cherrypick xen-use-internal-interfaces-in-xendomainusedcpus from upstream git. -- Serge Hallyn Thu, 22 Aug 2013 10:57:20 -0500 libvirt (1.1.1-0ubuntu3) saucy; urgency=low * debian/apparmor/usr.sbin.libvirtd: Include the system bus abstraction in the libvirtd AppArmor profile as libvirtd connects to the D-Bus system bus -- Tyler Hicks Tue, 20 Aug 2013 09:07:17 -0700 libvirt (1.1.1-0ubuntu2) saucy; urgency=low * debian/patches/fix-remote-client-segfault.patch: Fix segfault when using a remote client. -- Chuck Short Mon, 19 Aug 2013 10:33:08 -0400 libvirt (1.1.1-0ubuntu1) saucy; urgency=low [ Chuck Short ] * New usptream version: - Dropped: + debian/patches/CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters: no longer needed. + debian/patches/ubuntu-xen-hypervisor-4.3.patch: no longer needed. + debian/patches/ubuntu-xen-fix-api-deadlocks.patch: no longer needed. - Rediffed: + debian/patches/Don-t-enable-default-network-on-boot.patch + debian/patches/9005-increase-unix-socket-timeout.patch [ Stefan Bader ] * Add apparmor rights to call into /usr/lib/xen-common/bin/xen-toolstack to figure out which one is active. * debian/patches/ubuntu-xend-probe.patch: Fix failure to detect whether Xen uses xm/xend toolstack or xl/libxl. Avoid running "xend status" as we do not package that in a pbublic path. -- Chuck Short Thu, 15 Aug 2013 17:23:21 +0000 libvirt (1.0.6-0ubuntu4) saucy; urgency=low * ubuntu-xen-fix-api-deadlocks.patch (LP: #1191782) Fix the deadlocks in the xen driver when doing a dumpxml for active domains. * ubuntu-libxl-qemu-nopath.patch Create libxl configurations without paths for qemu-dm and hvmloader. The Xen toolstack can figure this out. * ubuntu-xen-hypervisor-4.3.patch Update the xen driver to handle the new sysctl and domctl versions in Xen-4.3. * Add apparmor definitions to execute scripts in /etc/xen/scrips as the libxl driver calls out to them (with the xen/xm driver this was done by the xen toolstack and communication with that was through a socket). -- Stefan Bader Tue, 16 Jul 2013 10:59:11 +0200 libvirt (1.0.6-0ubuntu3) saucy; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow owner read of @{PROC}/[0-9]*/status -- Jamie Strandboge Mon, 15 Jul 2013 10:28:42 -0500 libvirt (1.0.6-0ubuntu2) saucy; urgency=low * Apply CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters. -- Serge Hallyn Fri, 28 Jun 2013 13:13:20 -0500 libvirt (1.0.6-0ubuntu1) saucy; urgency=low * New upstream relase. + Dropped patches: - debian/patches/vnc-socket.patch: Dropped no longer needed. - debian/patches/Add-sanitytest.py.patch: Dropped no longer needed. * debian/libvirt-bin.postinst: Make sure qemu.conf isn't world readable by default. -- Chuck Short Mon, 03 Jun 2013 11:27:02 -0500 libvirt (1.0.5-0ubuntu1) saucy; urgency=low * New upstream release: + Dropped patches: - debian/patches/fix-virterror-namechange - debian/patches/apparmor-use-apparmor-setfdlabel - debian/patches/prevent-lxc-shutdown-host.patch - debian/patches/apparmor-no-need-to-check-security-model - debian/patches/nonblock-fix.patch + Refreshed patches: - debian/patches/9002-better_default_uri_virsh.patch - debian/patches/enable-kvm-spice.patch - debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch * debian/patches/Add-sanitytest.py.patch: Add patch to fix missing sanitytest.py when building the testsuite. * debian/libvirt-dev.install: dont't ship files for static linking. -- Chuck Short Thu, 02 May 2013 10:21:49 -0500 libvirt (1.0.2-0ubuntu12) saucy; urgency=low * debian/libvirt-bin.{dirs,install}: install dnsmasq.d-available/libvirt-bin (LP: #1113821) -- Serge Hallyn Mon, 29 Apr 2013 07:38:07 -0500 libvirt (1.0.2-0ubuntu11) raring; urgency=low * debian/patches/nonblock-fix.patch: cherrypicked upstream patch to not mark qemu migration fd non-blocking. This fixes tcp live migration. (LP: #1157626) -- Serge Hallyn Thu, 18 Apr 2013 10:43:26 -0500 libvirt (1.0.2-0ubuntu10) raring; urgency=low * Add code to postinst to fix any double-migration of /etc/dnsmasq. (LP: #1157332) -- Serge Hallyn Thu, 28 Mar 2013 09:11:04 -0500 libvirt (1.0.2-0ubuntu9) raring; urgency=low * debian/patches/prevent-lxc-shutdown-host.patch: Backport fix from upstream to prevent lxc-containets shutting down the host. -- Chuck Short Mon, 25 Mar 2013 09:28:47 -0500 libvirt (1.0.2-0ubuntu8b1) raring; urgency=low * No-change rebuild against libudev1 -- Martin Pitt Wed, 13 Mar 2013 07:02:03 +0000 libvirt (1.0.2-0ubuntu8) raring; urgency=low * put libvirt-bin dnsmasq file into /etc/dnsmasq.d-available, and create a symlink in /etc/dnsmasq.d, to avoid problems when removing and re-installing libvirt-bin. (LP: #1113821) -- Serge Hallyn Tue, 26 Feb 2013 12:09:37 -0600 libvirt (1.0.2-0ubuntu7) raring; urgency=low * libvirt-bin.postinst: also put admin group members into the libvirtd group, to support systems installed before precise. (LP: #1124127) * libvirt-bin.postinst: use getent group instead of grep /etc/group * rules: pass path to collie to enable sheepdog backend (LP: #1129107) * control, rules: enable building against libaudit, which is in main. -- Adam Conrad Wed, 20 Feb 2013 15:50:47 -0700 libvirt (1.0.2-0ubuntu6) raring; urgency=low * Really refresh debian/patches/fix-ubuntu-xen-qemu-dm-path.patch and not only claim to and disable it. -- Stefan Bader Tue, 19 Feb 2013 15:00:27 +0100 libvirt (1.0.2-0ubuntu5) raring; urgency=low * debian/apparmor/libvirt-qemu: allow qemu read access to @{PROC}/sys/vm/overcommit_memory -- Jamie Strandboge Thu, 14 Feb 2013 10:12:40 -0600 libvirt (1.0.2-0ubuntu4) raring; urgency=low * Update Readme.Debian - we use libvirtd, not libvirt group (LP: #1095140) - we add users from sudo, not admin group, to libvirtd. * libvirt-bin.postinst: put users from sudo, not admin group, into group libvirtd. (LP: #1124127) -- Serge Hallyn Wed, 13 Feb 2013 09:47:58 -0600 libvirt (1.0.2-0ubuntu3) raring; urgency=low * libvirt-bin.postrm: only remove /etc/dnsmasq.d/libvirt-bin during remove. (LP: #1113821) -- Serge Hallyn Mon, 04 Feb 2013 10:35:47 -0600 libvirt (1.0.2-0ubuntu2) raring; urgency=low * debian/patches/fix-virterror-namechange: Include virterror otherwise python-libvirt wont be able to find any error codes. -- Chuck Short Fri, 01 Feb 2013 13:10:58 -0600 libvirt (1.0.2-0ubuntu1) raring; urgency=low [ Chuck Short ] * New upstream release: + Dropped patches: - debian/patches/Add_RESUME_event_listener_to_qemu_monitor.patch - debian/patches/build-work-around-broken-kernel-header.patch - debian/patches/bridge-fix-persistent-networks.patch - debian/patches/CVE-2013-0170.patch - debian/patches/qemu-relax-hard-rss-limit.patch - debian/patches/9003-better-default-arch.patch + Refreshed patches: - debian/patches/fix-ubuntu-xen-qemu-dm-path.patch - debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch - debian/patches/9021-fix-uint64_t.patch - debian/patches/9020-lp545795.patch - debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch + debian/libvirt0.install: Add libvirt-lxc.so.* [ Serge Hallyn ] * debian/patches/fix-virterror-namechange: fix unfinished name change causing errors in generated libvirt.py. -- Chuck Short Wed, 30 Jan 2013 09:04:38 -0600 libvirt (1.0.1-0ubuntu4) raring; urgency=low * SECURITY UPDATE: denial of service and possible code execution via uninitialized pointer - debian/patches/CVE-2013-0170.patch: remove message from queue before freeing in src/rpc/virnetserverclient.c. - CVE-2013-0170 -- Marc Deslauriers Tue, 29 Jan 2013 15:19:54 -0500 libvirt (1.0.1-0ubuntu3) raring; urgency=low * debian/apparmor/libvirt-qemu: add /usr/share/ovmf/** r (LP: #1074207) -- Serge Hallyn Tue, 29 Jan 2013 11:55:19 -0600 libvirt (1.0.1-0ubuntu2) raring; urgency=low * add qemu-relax-hard-rss-limit.rss to avoid OOM kills (LP: #1102290) * debian/rules: replace --without-vbox with --with-vbox (LP: #1103721) -- Serge Hallyn Thu, 24 Jan 2013 13:00:48 -0600 libvirt (1.0.1-0ubuntu1) raring; urgency=low * New upstream version. (LP: #1102487) + Dropped apparmor-allow-hugepages + update dnsmasq-as-priv-user, upstream now uses a configuration file. + swap Add_RESUME_event_listener_to_qemu_monitor.patch from git tree for the backported handle_resume_1.0.0-0ubuntu4.patch. + rebuild debian/patches/build-work-around-broken-kernel-header + add bridge-fix-persistent-networks.patch from upstream to fix bug where new networks are not marked persistent. -- Serge Hallyn Wed, 23 Jan 2013 13:24:30 -0600 libvirt (1.0.0-0ubuntu5) raring; urgency=low * handle_resume_1.0.0-0ubuntu4.patch: Add RESUME event listener to qemu monitor (LP: #1097824) * build-work-around-broken-kernel-header: work around FTBFS due to a broken linux/if_bridge.h. -- Serge Hallyn Wed, 16 Jan 2013 09:15:20 -0600 libvirt (1.0.0-0ubuntu4) raring; urgency=low * debian/patches/apparmor-allow-hugepages: update apparmor policies to allow use of hugepages. (LP: #646468) * debian/patches/vnc-socket.patch: If a vnc socket is in use, add it's path to the apparmor policy. (LP: #1069534) -- Serge Hallyn Wed, 05 Dec 2012 16:43:04 -0600 libvirt (1.0.0-0ubuntu3) raring; urgency=low * libvirt-bin.postinst: on first install, don't autostart virbr0 if 192.168.122.0 already is in use. On upgrade, always autostart virbr0 if and only if it was autostarted before the upgrade. -- Serge Hallyn Tue, 27 Nov 2012 00:25:11 -0600 libvirt (1.0.0-0ubuntu2) raring; urgency=low * debian/patches/add-armhf-sysinfo-infomration.patch: Disable to fix FTBFS on arm. -- Chuck Short Mon, 19 Nov 2012 10:41:02 -0600 libvirt (1.0.0-0ubuntu1) raring; urgency=low [ Chuck Short ] * New upstream version: + droppped: - debian/patches/CVE-2012-3445.patch - debian/patches/fix-cve-2012-4423 - debian/patches/lp1039678.patch - debian/patches/add-libvirt-highbank-support.patch - debian/patches/add-armhf-cpuinfo-parser.patch - debian/patches/fix-lxc-container-unmounting.patch - debian/patches/libnl3-build-fix.patch - debian/patches/Don-t-require-gawk-for-a-simple-print-expression.patch - debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch - debian/patches/qemu-warn-on-pc-0.12.patch - debian/patches/storage-default-pool-permission-mode-to-0755 - debian/patches/netcf-daemon-fix-wrong-macro-name - debian/patches/xen_hypervisor-treat-missing-privcmd-file-as-temporary.patch + Re-diffed: - debian/patches/9002-better_default_uri_virsh.patch - debian/patches/dnsmasq-as-priv-user - debian/patches/enable-kvm-spice.patch + debian/control, debian/rules: Turn on rbd pool storage. [ Serge Hallyn ] * Add patches to fix apparmor labeling issue at VM start: - apparmor-no-need-to-check-security-model - apparmor-use-apparmor-setfdlabel -- Chuck Short Mon, 12 Nov 2012 07:50:44 -0600 libvirt (0.9.13-0ubuntu12) quantal; urgency=low * Refresh fix-ubuntu-xen-qemu-dm-path.patch to only use executable names and let the toolchain find out the right paths (LP: #914788). Thanks George Dunlap. * Refresh and re-activate xen_hypervisor-treat-missing-privcmd-file- as-temporary.patch (LP: #922486) -- Stefan Bader Fri, 05 Oct 2012 11:35:43 +0200 libvirt (0.9.13-0ubuntu11) quantal-proposed; urgency=low * SECURITY UPDATE: denial of service via invalid RPC command - debian/patches/CVE-2012-3445.patch: make sure nparams isn't set to zero in daemon/remote.c. - CVE-2012-3445 -- Marc Deslauriers Wed, 26 Sep 2012 11:49:45 -0400 libvirt (0.9.13-0ubuntu10) quantal; urgency=high * apply fix-cve-2012-4423 from upstream to prevent potential daemon segfaults with newer virsh. - Fixes: CVE-2012-4423. -- Serge Hallyn Fri, 14 Sep 2012 11:05:40 -0500 libvirt (0.9.13-0ubuntu9) quantal; urgency=low * debian/patches/lp1039678.patch: fix segfault in 'snapshot-list' - LP: #1039678 -- Jamie Strandboge Tue, 21 Aug 2012 13:59:34 -0500 libvirt (0.9.13-0ubuntu8) quantal-proposed; urgency=low * debian/libvirt-bin.apport: add filter on AppArmor profile names to prevent false positives from denials originating in other packages. -- Marc Deslauriers Mon, 20 Aug 2012 10:49:17 -0400 libvirt (0.9.13-0ubuntu7) quantal; urgency=low * debian/apparmor/libvirt-qemu: allow owner read access to @{PROC}/*/auxv -- Jamie Strandboge Tue, 14 Aug 2012 16:44:30 -0500 libvirt (0.9.13-0ubuntu6) quantal; urgency=low * enable netcf support (LP: #520386) - debian/control: build-dep on libnetcf-dev - debian/rules: add --with-netcf to configure args * add patch netcf-daemon-fix-wrong-macro-name from upstream so netcf support can actually work. -- Serge Hallyn Wed, 08 Aug 2012 07:54:16 -0500 libvirt (0.9.13-0ubuntu5) quantal; urgency=low * add patch Reduce-udevadm-settle-timeout-to-10-seconds.patch (copied from Debian tree) to fix 3 minute hang during pool-refresh when using LVM backed pools. (LP: #1027987) * debian/control: add pm-utils to libvirt-bin Suggests. (LP: #994476) -- Serge Hallyn Thu, 26 Jul 2012 11:05:18 -0500 libvirt (0.9.13-0ubuntu4) quantal; urgency=low * debian/patches/add-armhf-sysinfo-infomration.patch: Provides cpuinfo for armhf cpus. * debian/patches/add-armhf-cpuinfo-parser.patch: Fixes compile time warning about armhf cpus. -- Chuck Short Thu, 19 Jul 2012 14:54:47 -0500 libvirt (0.9.13-0ubuntu3) quantal; urgency=low * debian/apparmor/libvirt-qemu: add ceph.conf (LP: #1026404) * debian/patches: re-add 9002-better_default_uri_virsh.patch (LP: #1026515) -- Serge Hallyn Thu, 19 Jul 2012 07:58:39 -0500 libvirt (0.9.13-0ubuntu2) quantal; urgency=low * Apply upstream patch to switch default storage pool dir perms from 0700 to 0755. Then push our own patch to change that to 0711. We'll get the upstream patch on 0.9.14 merge, but we'll want to keep our patch on top of that. -- Serge Hallyn Mon, 16 Jul 2012 18:06:43 +0000 libvirt (0.9.13-0ubuntu1) quantal; urgency=low * New upstream version: * debian/rules: Remove .la files * debian/control: Dropped debian vcs info. * Dropped: - debian/paches/9022-pass-the-virt-driver-name-into-security-drivers: Already applied upstream. - debian/patches/9023-dont-enable-apparmor-driver-with-lxc Already applied upstream. - debian/patches/9024-initialize-random-generator-in-lxc: Already applied upstream. * Re-diffed: - debian/patches/9002-better_default_uri_virsh.patch * Added: - debian/patches/add-libvirt-highbank-support.patch: Add highbank CPU detection support. - debian/patches/fix-lxc-container-unmounting.patch: Fix container mounting. -- Chuck Short Wed, 11 Jul 2012 12:37:49 -0500 libvirt (0.9.12-0ubuntu5) quantal; urgency=low * 9024-initialize-random-generator-in-lxc: invoke virRandomInitialize() to prevent segfaults when lxc uses virRandomBits(). (LP: #1023205) -- Serge Hallyn Wed, 11 Jul 2012 07:59:03 -0500 libvirt (0.9.12-0ubuntu4) quantal; urgency=low * 9022-pass-the-virt-driver-name-into-security-drivers and 9023-dont-enable-apparmor-driver-with-lxc: fix libvirt-lxc breakages due to incomplete apparmor security driver for lxc. -- Serge Hallyn Fri, 29 Jun 2012 18:15:04 -0500 libvirt (0.9.12-0ubuntu3) quantal; urgency=low * install apport hook as right name - libvirt-bin is the binary package, the source package name is libvirt. (LP: #1007405) * install /etc/dnsmasq.d/libvirt to configure system wide dnsmasq to not listen on the libvirt bridge. (Following Stéphane's lxc example) (LP: #928524) (LP: #231060) - postinst: restart dnsmasq; postrm: remove dnsmasq.d/libvirt file and restart dnsmasq; rules, libvirt-bin.dirs and libvirt-bin.install: install new debian/libvirt-bin.dnsmasq file. -- Serge Hallyn Fri, 01 Jun 2012 09:36:58 -0500 libvirt (0.9.12-0ubuntu2) quantal; urgency=low * Warn user about bad pc-0.12 machine type, and help user transition. (LP: #1001625) - qemu-warn-on-pc-0.12.patch: When defining or starting a VM which uses the pc-0.12 machine type, warn in libvirtd.log. - debian/libvirt-migrate-qemu-machinetype: automatically migrate QEMU VMs to newest machine type. This is not done automatically as there will be some users who have good reason to stay with pc-0.12. -- Serge Hallyn Mon, 28 May 2012 17:48:50 +0000 libvirt (0.9.12-0ubuntu1) quantal; urgency=low * New upstream version: * Synchronize with debian packaging: - debian/control: Update build depends. - debian/libvirt-bin.postrm: Cleanup /var/log/libvirt on purge. - Bump standards verson (no changes). - debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch: Added * Dropped patches: - debian/patches/Debianize-libvirt-guests.patch - debian/patches/rewrite-lxc-controller-eof-handling-yet-again - debian/patches/ubuntu/libnl13.patch - debian/patches/ubuntu/fix-lxc-startup-error.patch - debian/patches/ubuntu/fix-bridge-fd.patch - debian/patches/ubuntu/skip-labelling-network-disks.patch - debian/patches/ubuntu/xen-xend-shutdown-detection.patch - debian/patches/ubuntu/xen-config-no-vfb-for-hvm.patch - debian/patches/debian/Disable-daemon-start-test.patch - debian/patches/debian/Disable-gnulib-s-test-nonplocking-pipe.sh.patch - debian/patches/ubuntu/9006-default-config-test-case.patch - debian/patches/fix-block-migration.patch - debian/patches/ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch - debian/patches/ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch - debian/patches/ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch - debian/patches/9025-qemu-change-rbd-auth_supported-separation-character-.patch - debian/patches/ubuntu/arm-gcc-workaround.patch * Rediffed: - debian/patches/Allow-libvirt-group-to-access-the-socket.patch - debian/patches/Disable-failing-virnetsockettest.patch - debian/patches/dnsmasq-as-priv-user - debian/patches/9002-better_default_uri_virsh.patch * debian/control: Add libnl-route-3-dev ass a build depends. * debian/patches/libnl3-build-fix.patch: Fix build with libnl3. -- Chuck Short Sun, 13 May 2012 15:44:12 -0400 libvirt (0.9.8-2ubuntu18) quantal; urgency=low * debian/apparmor/usr.sbin.libvirtd: allow execution of /lib/udev/scsi_id (LP: #992378) -- Serge Hallyn Wed, 02 May 2012 14:02:32 -0500 libvirt (0.9.8-2ubuntu17) precise; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: add /**.qed r so qed drives in non-standard locations can be used. (LP: #981571) -- Serge Hallyn Mon, 16 Apr 2012 11:30:47 -0500 libvirt (0.9.8-2ubuntu16) precise; urgency=low [ Serge Hallyn ] * Apply patches from Josh Durgin to make attaching rbd volumes and taking snapshots of them work. - ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch - ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch - ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch - ubuntu/9025-qemu-change-rbd-auth_supported-separation-character-.patch [ Stefan Bader ] * Do not use vfb sections in HVM graphics definitions (side- effect will create a vkbd device as well which causes error messages in the HVM guest). (LP: #973529) -- Serge Hallyn Thu, 05 Apr 2012 11:43:15 -0500 libvirt (0.9.8-2ubuntu15) precise; urgency=low [ Stefan Bader ] * Use domain/status to check for inactive domains in the xend sub- driver. (LP: #929626) * Prevent the hypervisor sub-driver from logging an internal error just because it cannot find a certain domain when looking for the number of vcpus. (LP: #963006) -- Stefan Bader Fri, 23 Mar 2012 11:38:24 +0100 libvirt (0.9.8-2ubuntu14) precise; urgency=low * re-enable numa (undo delta against debian) (LP: #614322): - debian/control: remove from dependencies - debian/rules: turn it off -- Serge Hallyn Tue, 13 Mar 2012 11:25:53 -0500 libvirt (0.9.8-2ubuntu13) precise; urgency=low * ubuntu/skip-labelling-network-disks.patch: don't try to label network drives with apparmor. It fails. (LP: #949428) -- Serge Hallyn Mon, 12 Mar 2012 14:20:05 -0500 libvirt (0.9.8-2ubuntu12) precise; urgency=low [ Stefan Bader ] * Never use type=ioemu for NIC definitions. It is not needed and actually breaks the paravirt interface which always gets created in parallel. -- Stefan Bader Wed, 07 Mar 2012 15:08:55 +0100 libvirt (0.9.8-2ubuntu11) precise; urgency=low [ Serge Hallyn ] * run dnsmasq as a new libvirt-dnsmasq user (LP: #938255) - ubuntu/dnsmasq-as-priv-user: add '-u libvirt-dnsmasq' to dnsmasq args - debian/libvirt-bin.postinst: create libvirt-dnsmasq user - tests/networkxml2argvdata/*.argv: update expected dnsmasq command lines to include '-u libvirt-dnsmasq'. [ Chuck Short ] * cherry-pick rewrite-lxc-controller-eof-handling-yet-again (commit 9130396214975ba2251082f943c9717281039050) from upstream. -- Serge Hallyn Fri, 02 Mar 2012 08:49:41 -0600 libvirt (0.9.8-2ubuntu10) precise; urgency=low * debian/control: add libgcrypt11-dev to build-depends (LP: #932889) -- Serge Hallyn Wed, 15 Feb 2012 13:13:09 -0600 libvirt (0.9.8-2ubuntu9) precise; urgency=low [ Stefan Bader ] * xen_hypervisor: libvirtd can be started before xenfs has been loaded as a module. A missing privcmd file is not necessarily a permanent error. (LP: #922486) [ Serge Hallyn ] * debian/libvirt-bin.upstart: start on just 'runlevel [2345]' -- Serge Hallyn Wed, 08 Feb 2012 11:20:35 -0600 libvirt (0.9.8-2ubuntu8) precise; urgency=low * ubuntu/fix-bridge-fd.patch: cherrypick commit 2d5046d31f4f5c961fc4aa6b415a00bb9eadae2b from upstream to write the bridge delay to the right file. (LP: #924446) -- Serge Hallyn Wed, 01 Feb 2012 11:13:23 -0600 libvirt (0.9.8-2ubuntu7) precise; urgency=low [ David weber ] * debian/patches/fix-block-migration.patch: Fix block-migration for large images. [ Guilhem Lettron ] * debian/apparmor/libvirt-qemu: add apparmor rule for mavtap (LP: #921870) -- Serge Hallyn Thu, 26 Jan 2012 11:22:04 -0600 libvirt (0.9.8-2ubuntu6) precise; urgency=low * debian/patches/fix-lxc-startup-error.patch: Fix lxc start up error. (LP: #921004) -- Chuck Short Tue, 24 Jan 2012 10:05:29 -0500 libvirt (0.9.8-2ubuntu5) precise; urgency=low * debian/libvirt-bin.postinst: even if we think it's a new install, don't assume that /etc/libvirt/qemu/networks/autostart/default.xml doesn't exist. -- Serge Hallyn Mon, 23 Jan 2012 12:43:02 -0600 libvirt (0.9.8-2ubuntu4) precise; urgency=low * debian/patches/fix-ubuntu-xen-qemu-dm-patch.patch: Update patch due to failing tests. -- Chuck Short Fri, 20 Jan 2012 16:05:45 -0500 libvirt (0.9.8-2ubuntu3) precise; urgency=low * debian/control: add dbus to libvirt-bin depends. It fails to start otherwise. (LP: #918343) -- Serge Hallyn Thu, 19 Jan 2012 16:11:44 -0600 libvirt (0.9.8-2ubuntu2) precise; urgency=low * debian/patches/fix-ubuntu-xen-qemu-dm-path.patch: Fix qemu-dm paths so Xen can be used with libvirt. (LP: #914788) -- Chuck Short Wed, 18 Jan 2012 14:31:27 -0500 libvirt (0.9.8-2ubuntu1) precise; urgency=low * Merge from Debian Unstable, remaining changes are: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - swap open-iscsi to open-iscsi-utils - remove virtualbox-ose - add libapparmor-dev - swap libnl-dev for libnl3-dev * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommends: move lvm2 to Suggests * Install cgroup-lite - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded clean:: section (they only deal with sysvinit stuff) * comment out binary-install/libvirt-bin:: part dealing with sysvinit * dont ship libvirt-guests init script for now. * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * debian/patches/series: - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches(/ubuntu): - Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches - drop patches: * 9000-delayed_iff_up_bridge.patch * 9011-move-ebtables-script.patch * apparmor-allow-tunnelled-migration.patch * apparmor-allow-tunnelled-migration-2.patch * fix-qemu-1.0.patch * conf-dont-drop-console-def-ondomain-restart.patch - keep (and refreshed) patches: * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch * libnl3.patch * arm-gcc-workaround.patch * disable numa - until the MIR for numa is done - debian/control: remove from dependencies - debian/rules: turn it off * Fix default network autostart symlink disappearing on upgrade (LP: #901298) - debian/libvirt-bin.preinst: note if the symlink exists - debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading from one of the broken versions, then recreate the symlink. (Continue to create the symlink on new installs.) * enable use of libvirt with kvm-spice (LP: #903962): . src/qemu/qemu_capabilities.c: search for 'kvm-spice' before 'kvm' (debian/patches/ubuntu/enable-kvm-spice.patch) . debian/apparmor/libvirt-qemu: * prepend 'owner' to /run/shm/spice.* rule * add more needed spice perms -- Chuck Short Fri, 13 Jan 2012 15:11:48 +0100 libvirt (0.9.8-2) unstable; urgency=low * Upload to unstable. Works with qemu-kvm and qemu 1.0. (Closes: #652454) -- Guido Günther Sat, 17 Dec 2011 14:01:20 +0100 libvirt (0.9.8-1) experimental; urgency=low * [8a35c97] New upstream version 0.9.8 * [52e19b5] Drop remote_driver-don-t-fail-if-keepalive-check-fails.patch applied upstream. -- Guido Günther Thu, 08 Dec 2011 23:31:31 +0100 libvirt (0.9.8~rc2-2) experimental; urgency=low * [e50aac4] remote_driver: don't fail if keepalive check fails. This fixes remote connections to older libvirt versions. -- Guido Günther Mon, 05 Dec 2011 18:00:06 +0100 libvirt (0.9.8~rc2-1) experimental; urgency=low * [9b1abb2] New upstream version 0.9.8~rc2 -- Guido Günther Sun, 04 Dec 2011 13:58:31 +0100 libvirt (0.9.8~rc1-1) experimental; urgency=low * [99476ba] New upstream version 0.9.8~rc1 * [3bdcf07] Make radvd a linux-any build-dep (Closes: #649635) * [7546785] Drop patch storage-forbid-rebuilding-existing-disk-storage-pool applied upstream. * [0c2afdb] Rediff remaining patches * [3d121b2] Update symbols file -- Guido Günther Sat, 03 Dec 2011 14:49:49 +0100 libvirt (0.9.7-2ubuntu16) precise; urgency=low * Don't apply ubuntu/conf-dont-drop-console-def-ondomain-restart.patch: it breaks virt-manager. -- Serge Hallyn Fri, 13 Jan 2012 14:59:03 +0100 libvirt (0.9.7-2ubuntu15) precise; urgency=low * debian/patches/ubuntu/conf-dont-drop-console-def-ondomain-restart.patch: cherrypicked from upstream to fix 'virsh console'. (LP: #915355) -- Serge Hallyn Thu, 12 Jan 2012 23:47:09 +0100 libvirt (0.9.7-2ubuntu14) precise; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: Update for nova. (LP: #907269) -- Chuck Short Wed, 11 Jan 2012 09:50:26 -0500 libvirt (0.9.7-2ubuntu13) precise; urgency=low * move cgroup-lite | cgroup-bin to depends, now that cgroup-lite is in main. -- Serge Hallyn Wed, 11 Jan 2012 14:02:40 +0100 libvirt (0.9.7-2ubuntu12) precise; urgency=low * enable use of libvirt with kvm-spice (LP: #903962): . src/qemu/qemu_capabilities.c: search for 'kvm-spice' before 'kvm' (debian/patches/ubuntu/enable-kvm-spice.patch) . debian/apparmor/libvirt-qemu: * prepend 'owner' to /run/shm/spice.* rule * add more needed spice perms * move cgroup-lite | cgroup-bin to depends, now that cgroup-lite is in main. -- Serge Hallyn Tue, 10 Jan 2012 12:06:13 +0100 libvirt (0.9.7-2ubuntu11) precise; urgency=low * debian/control: Revert cgroup-lite | cgroup-bin move from suggests to depends: cgroup-lite is not in main. -- Serge Hallyn Mon, 09 Jan 2012 12:16:17 +0100 libvirt (0.9.7-2ubuntu10) precise; urgency=low * debian/control: move (cgroup-lite | cgroup-bin) from Suggests to Depends. Libvirt-lxc is broken without it. * apparmor/usr.lib.libvirt.virt-aa-helper: add 'deny /dev/dm-*' to silence warnings about lvm backing stores (LP: #912007) [ Peter Silva ] * apparmor/libvirt-qemu: add rules to enable spice audio (LP: #913023) -- Serge Hallyn Mon, 09 Jan 2012 10:15:57 +0100 libvirt (0.9.7-2ubuntu9) precise; urgency=low * Build-Depend on libnl-3-dev. (LP: #908581) * Update libnl3 patch to also pass LIBNL_CFLAGS in the LXC target. -- Andreas Moog Wed, 04 Jan 2012 21:56:55 +0000 libvirt (0.9.7-2ubuntu8) precise; urgency=low * debian/apparmor/libvirt-qemu: add /etc/pki/CA/* and /etc/pki/libvirt/** (LP: #901272) -- Serge Hallyn Wed, 04 Jan 2012 13:18:50 -0600 libvirt (0.9.7-2ubuntu7) precise; urgency=low * Fix default network autostart symlink disappearing on upgrade (LP: #901298) - debian/libvirt-bin.preinst: note if the symlink exists - debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading from one of the broken versions, then recreate the symlink. (Continue to create the symlink on new installs.) * debian/patches/fix-qemu-1.0.patch: without this patch, libvirt fails when trying to parse the version # from qemu 1.0. -- Serge Hallyn Wed, 07 Dec 2011 10:26:05 -0600 libvirt (0.9.7-2ubuntu6) precise; urgency=low * debian/rules, libvirt-bin.dirs and libvirt-bin.install: put /etc/apparmor.d/local/usr.sbin.libvirtd into place. (fixes break since 0.9.7-2ubuntu4) (LP: #900857) -- Serge Hallyn Tue, 06 Dec 2011 11:03:16 -0600 libvirt (0.9.7-2ubuntu5) precise; urgency=low * Fix compile failure (VIR_WARN needs logging.h) -- Serge Hallyn Fri, 02 Dec 2011 13:50:12 -0600 libvirt (0.9.7-2ubuntu4) precise; urgency=low * debian/apparmor/usr.sbin.libvirtd: - allow access to /etc/libvirt/hooks/** (LP: #891472) - #include for site-local customizations * debian/control: Suggest cgroup-lite | cgroup-bin (LP: #544146) * debian/patches/ubuntu/apparmor-allow-tunnelled-migration-2.patch: Warn but don't error out when we can't find a pathname for a file. This is needed to support tunnelled migration. (LP: #869553) -- Serge Hallyn Fri, 02 Dec 2011 11:50:47 -0600 libvirt (0.9.7-2ubuntu3) precise; urgency=low * Don't override local removal of default network autostart on upgrades (LP: #372001) - re-enable debian/Don-t-enable-default-network-on-boot.patch - debian/libvirt-bin.postinst: create default network autostart symlink for new installs only. -- Serge Hallyn Thu, 01 Dec 2011 21:55:01 +0000 libvirt (0.9.7-2ubuntu2) precise; urgency=low * apparmor-allow-tunnelled-migration.patch: adjust virt-aa-helper to allow tunnelled migration (LP: #869553) (Thanks to Simon Deziel ) * fix break in last upload: *really* don't apply patch debian/Don-t-enable-default-network-on-boot.patch -- Serge Hallyn Fri, 18 Nov 2011 15:52:38 -0600 libvirt (0.9.7-2ubuntu1) precise; urgency=low * Merged from debian unstable (LP: #889104) (LP: #890036). Remaining changes are: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - swap open-iscsi to open-iscsi-utils - remove virtualbox-ose - add libapparmor-dev - swap libnl-dev for libnl3-dev * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommends: move lvm2 to Suggests - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded clean:: section (they only deal with sysvinit stuff) * comment out binary-install/libvirt-bin:: part dealing with sysvinit * dont ship libvirt-guests init script for now. * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * debian/patches/series: - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches(/ubuntu): - Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches - drop patches: * 9014-skip-nodeinfotest.patch # should this be dropped? * lp832507.patch (applied upstream) * 9029-skip-tests.patch * lxc-use-own-ptyfns.patch (applied upstream) - keep (and refreshed) patches: * 9000-delayed_iff_up_bridge.patch * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9011-move-ebtables-script.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch * libnl3.patch * arm-gcc-workaround.patch * disable numa - until the MIR for numa is done - debian/control: remove from dependencies - debian/rules: turn it off -- Serge Hallyn Tue, 15 Nov 2011 21:33:16 -0600 libvirt (0.9.7-2) unstable; urgency=low * [b0bdb13] Enable numa support. (Closes: #648323) Thanks to Ralf Spenneberg for testing * [5b55828] Disk storage: forbid rebuilding existing disk storage pools wiping all it's data. * [d77511c] Build depend on radvd (Closes: #648551) -- Guido Günther Sat, 12 Nov 2011 23:16:21 +0100 libvirt (0.9.7-1) experimental; urgency=low * [c06e393] debian/watch: match releases and release candidates * [2d08768] New upstream version 0.9.7 * [a260f43] Add empty hooks dir (Closes: #623996) * [0b10e48] Install logrotate files again. This got broken by moving to separate build-dir. Based on a patch from Serge Hallyn. (Closes: #647953) -- Guido Günther Thu, 10 Nov 2011 19:11:02 +0100 libvirt (0.9.7~rc2-1) experimental; urgency=low * [2d51700] New upstream version 0.9.7~rc2 * [bae02ad] Drop patches, now fixed upstream. - Fix-storage-pool-source-comparison-to-avoid-comparin.patch - Skip-socket-test-if-we-exceed-UNIX_PATH_MAX.patch -- Guido Günther Thu, 03 Nov 2011 18:59:03 +0100 libvirt (0.9.7~rc1-2) experimental; urgency=low * [c0292f7] Skip socket test if we exceed UNIX_PATH_MAX. * [764a29c] Fix storage pool source comparison to avoid comparing with self Thanks to Daniel P. Berrange -- Guido Günther Wed, 02 Nov 2011 19:07:51 +0100 libvirt (0.9.7~rc1-1) experimental; urgency=low * [6dba3c4] New upstream version 0.9.7~rc1 * [456c4b7] Update symbols file * [a5b6513] debian/watch: allow for '-' in the version number so we also catch the release candidates. * [a5d0318] Drop Autodetect-if-the-remote-nc-command-supports-the-q-o.patch fixed upstream. * [fb8aed9] Update remaining patches * [1f841c0] Move Debian specific patches to debian/patches/debian -- Guido Günther Wed, 02 Nov 2011 10:04:40 +0100 libvirt (0.9.6-2ubuntu2) precise; urgency=low * Move creation of /var/log/libvirt/{lxc,uml,qemu} dirs from libvirt-bin.dirs to libvirt-bin.postinst. Otherwise after a 'apt-get remove libvirt-bin', that dir will be removed (if empty) but /etc/logrotate.d/libvirtd will still try to rotate it and raise errors. (LP: #886770) * debian/rules: Fix a bug in the new logic for installing upstream-supplied logrotate files. (LP: #887312) -- Serge Hallyn Mon, 07 Nov 2011 12:58:49 -0600 libvirt (0.9.6-2ubuntu1) precise; urgency=low * Sync changes from 0.9.6-2 to install the libvirtd manpage (LP: #522710) -- Serge Hallyn Mon, 31 Oct 2011 22:22:27 -0400 libvirt (0.9.6-2) unstable; urgency=low * [6e5ad9d] Install libvirtd manpage. Thanks to Serge E. Hallyn (Closes: #644457, #606069) * [480ef36] Remove now superfluous build-dep on QEMU * [86140cf] python-libvirt: Recommend libvirt-bin (Closes: #646440) * [a76d37f] Build-depend and Recommend: parted since it's needed for disk storage pool creation (found by libvirt-tck) * [2e7bee9] Remove workaround for m68k ICE fixed in gcc-4.6 upstream and Debian's gcc-4.4. Thanks to Thorsten Glaser -- Guido Günther Sun, 30 Oct 2011 17:14:21 +0100 libvirt (0.9.6-1ubuntu3) precise; urgency=low * debian/control: - add radvd to build-depends (LP: #862136) * debian/control: remove moved relations from original: - libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends - libvirt-bin Recommends: move qemu to Suggests -- Serge Hallyn Mon, 24 Oct 2011 08:54:14 -0500 libvirt (0.9.6-1ubuntu2) precise; urgency=low * debian/patches/lxc-use-own-ptyfns.patch: Re-add dropped patch. -- Chuck Short Fri, 21 Oct 2011 10:30:36 -0400 libvirt (0.9.6-1ubuntu1) precise; urgency=low * Merged from debian unstable, remaning changes are: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - remove [linux-any] from all dependencies - remove [!linux-any] deps - swap qemu to qemu-kvm and open-iscsi to open-iscsi-utils in Build-Depends - remove virtualbox-ose Build-Depends - add parted and libapparmor-dev Build-Depends * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommands: move lvm2 to Suggests - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.manpages: * add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS is defined. * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded binary-install/libvirt-bin:: and clean:: sections (they only deal with sysvinit stuff) * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * dont ship libvirt-guests init script for now. * debian/patches/9029-skip-tests.patch: Skip broken tests on ubuntu. * debian/patches/series: - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches: - dropped patches: * 9001-dont_clobber_existing_bridges.patch * 9026-lp795800.patch * 9027-move-apparmor-load-to-genlabel.patch * 9028-linux-3-0-no-micro.patch * lp810270.patch * CVE-2011-2511.patch * lxc-do-not-require-ifconfig-or-ip-commands-in-guest.patch * 0001-make-ptmx-a-bind-mount-rather-than-symlink.patch * arm-startup-fixes.patch - keep patches: * 9000-delayed_iff_up_bridge.patch * 9001-dont_clobber_existing_bridges.patch * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9011-move-ebtables-script.patch * 9014-skip-nodeinfotest.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch * 9026-lp795800.patch * libnl3.patch * arm-gcc-workaround.patch * Disable-gnulib-s-test-nonplocking-pipe.sh.patch -- Chuck Short Mon, 17 Oct 2011 12:19:15 +0000 libvirt (0.9.6-1) unstable; urgency=low * [828e4e3] New upstream version 0.9.6 * [59404f4] Use versioned X-Python-Version * [0b43f12] Update symbols file * [744aaeb] Drop Readd-LFS-support.patch - fixed upstream * [f759960] Rediff remaining patches -- Guido Günther Mon, 26 Sep 2011 23:28:03 +0200 libvirt (0.9.4-2) unstable; urgency=low [ Philipp Hahn ] * [c9a080d] Build python-libvirt for all python versions (Closes: #628828) -- Guido Günther Tue, 23 Aug 2011 21:17:55 +0200 libvirt (0.9.4-1) experimental; urgency=low * [a92d03e] New upstream version 0.9.4 * [76f0333] Run tests verbosely to ease error diagnostics * [f4e7d0b] Work around ICE on m68k. Thanks to Thorsten Glaser * [ac6e760] Add directories chown'ed in the postinst. Thanks to Houmehr Aghabozorgi for the report (Closes: #636965) * [194722a] Simplify netcat probe and adjust testcase output to reduce number of failing testcases. * [05e5a06] Use libyajl QEMU JSON support * [e7934f7] Use libpcap for ip address learning support * [6661730] Readd LFS support * [17d831b] Don't require gawk for a simple print expression (Closes: #636712) -- Guido Günther Tue, 09 Aug 2011 16:41:24 +0200 libvirt (0.9.4~rc1-1) experimental; urgency=low * [0e60a81] New upstream version 0.9.4~rc1 * [db6dbcc] Suggest radvd needed for IPv6 * [a9b77e5] Drop Catch-dnsmasq-start-failures.patch applied upstream * [b18ac26] Rediff remaining patches * [8ee8750] Update symbols -- Guido Günther Tue, 26 Jul 2011 13:12:57 +0200 libvirt (0.9.3-5) unstable; urgency=low * [44874f6] Add directories chown'ed in the postinst. Thanks to Houmehr Aghabozorgi for the report (Closes: #636965) -- Guido Günther Thu, 11 Aug 2011 08:19:38 +0200 libvirt (0.9.3-4) unstable; urgency=low * [db6dbcc] Suggest radvd needed for IPv6 * [32ac1cf] Work around ICE on m68k. Thanks to Thorsten Glaser. -- Guido Günther Wed, 27 Jul 2011 21:26:02 +0200 libvirt (0.9.3-3) unstable; urgency=low * [6db6929] Catch dnsmasq start failures * [0254bfb] Add empty log directories to make logrotate happy (Closes: #635239) -- Guido Günther Sun, 24 Jul 2011 10:51:58 +0200 libvirt (0.9.3-2) unstable; urgency=low * Upload to unstable * [331afb8] Move build rules to make sure DEB_BUILD_ARCH_OS is properly defined. Thanks to Serge E. Hallyn * [4f3fe1d] Adjust directory permissions to what upstream uses to avoid potential information leakage. (Closes: #632332) * [ab7ad05] Add sanlock dir * [bc05a9d] Logrotate logs from HVs other than qemu too (Closes: #625746) -- Guido Günther Sat, 23 Jul 2011 15:28:10 +0200 libvirt (0.9.3-1) experimental; urgency=low * [320f8b6] New upstream version 0.9.3 (Closes: #633840) * [fff5144] Update symbols * [787d91c] Depend on dnsmasq-base, netcat-openbsd and openssh-client for "make check" * [1fa64b0] Remove article from libvirt-bin description to make lintian happy. * [3689fc5] Drop patches applied upstream: - Skip-nodeinfo-test-on-non-intel-architectures.patch - Split-out-dlopen-detection.patch - nodeinfo-remove-superfluous-braces.patch * [31b17c8] Drop Update-generated-autoconf-files.patch. No need to regenerate autoconf for 0.9.3 * [65871eb] Adjust nc autodetect patch to new socket code * [7b0c6df] Disable failing virnetsockettest until investigated further * [248bc3f] Rediff remaining patches -- Guido Günther Sun, 10 Jul 2011 19:43:05 +0200 libvirt (0.9.2-6) unstable; urgency=low * [b385504] Disable the testsuite on all architectures except i386 and amd64 so the current version can move into testing. -- Guido Günther Mon, 04 Jul 2011 09:14:56 +0200 libvirt (0.9.2-5) unstable; urgency=low * [e523120] New patch Disable-gnulib-s-test-nonplocking-pipe.sh.patch. Disable gnulib's test-nonplocking-pipe.sh. -- Guido Günther Sun, 26 Jun 2011 15:57:24 +0200 libvirt (0.9.2-4ubuntu16) precise; urgency=low * lxc_controller: use our own unlocpt+grantpt rather than glibc's, which can't handle opening a pty in a devpts not mounted at /dev/pts. (LP: #863629) -- Serge Hallyn Fri, 14 Oct 2011 10:47:57 -0500 libvirt (0.9.2-4ubuntu15) oneiric; urgency=low * Pull patches from upstream which prevent a race between lxc driver and controller while a container is started, easily exposed by nova. (LP: #842845) -- Serge Hallyn Mon, 03 Oct 2011 14:39:05 -0500 libvirt (0.9.2-4ubuntu14) oneiric; urgency=low * debian/patches/lp832507.patch: update virt-aa-helper to use the correct paths for character devices that are pipes. This can be removed in 0.9.7. (LP: #832507) -- Jamie Strandboge Tue, 27 Sep 2011 13:18:28 -0500 libvirt (0.9.2-4ubuntu13) oneiric; urgency=low * debian/patches/arm-startup-fies.patch: Fix typo in patch. (LP: #845764) -- Chuck Short Fri, 09 Sep 2011 14:41:53 -0400 libvirt (0.9.2-4ubuntu12) oneiric; urgency=low [Serge Hallyn] * do not rely on 'ip' or 'ifconfig' commands inside container (LP: #828211) Reported and fixed by Scott Moser . * make ptmx a bind mount rather than a symlink (LP: #832123) [Chuck Short] * debian/arm-startup-fixes.patch: Dont detect DMI information on non-intel compatible arches. -- Serge Hallyn Thu, 01 Sep 2011 09:25:51 -0500 libvirt (0.9.2-4ubuntu11) oneiric; urgency=low * debian/patches/Autodetect-if-the-remote-nc-command-supports-the-q-o.patch: updated to support target systems where the grep utility has no -q option. (LP: #792985) -- Marc Deslauriers Tue, 16 Aug 2011 13:30:14 -0400 libvirt (0.9.2-4ubuntu10) oneiric; urgency=low * Source /etc/default/libvirt-bin at the upstart 'start' section (LP: #823638) -- Serge Hallyn Mon, 15 Aug 2011 13:00:41 -0500 libvirt (0.9.2-4ubuntu9) oneiric; urgency=low * Fix build failure on ARM, working around a GCC issue. LP: #823711. -- Matthias Klose Mon, 15 Aug 2011 16:00:53 +0200 libvirt (0.9.2-4ubuntu8) oneiric; urgency=low * Port to libnl3. -- Colin Watson Tue, 09 Aug 2011 11:36:08 +0100 libvirt (0.9.2-4ubuntu7) oneiric; urgency=low * libvirt-bin.upstart: add a pre-stop script to shut down running VMs before the host shuts down. (LP: #350936) -- Serge Hallyn Tue, 02 Aug 2011 19:49:40 -0500 libvirt (0.9.2-4ubuntu6) oneiric; urgency=low * SECURITY UPDATE: integer overflow in virDomainGetVcpus() - debian/patches/CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to verify maxinfo * maplen < REMOTE_CPUMAPS_MAX - this can be dropped in 0.9.2-7/0.9.3 - CVE-2011-2511 -- Jamie Strandboge Tue, 19 Jul 2011 08:20:20 -0500 libvirt (0.9.2-4ubuntu5) oneiric; urgency=low * debian/libvirt-bin.apport: use new apport MAC function instead of parsing and attaching AppArmor events here. -- Marc Deslauriers Fri, 15 Jul 2011 08:36:56 -0400 libvirt (0.9.2-4ubuntu4) oneiric; urgency=low * debian/apparmor/libvirt-qemu: adjust for /dev/shm -> /run/shm transition * debian/patches/lp810270.patch: adjust AppArmor profile for /var/run -> /run - LP: #810270 -- Jamie Strandboge Thu, 14 Jul 2011 08:46:32 -0500 libvirt (0.9.2-4ubuntu3) oneiric; urgency=low * Fix /etc/init/libvirt-bin.conf start on to wait until networking.conf has stopped with success, meaning ifup -a completed successfully and all auto-started network devices are up. (LP: #495394) -- Serge Hallyn Thu, 07 Jul 2011 10:23:25 -0500 libvirt (0.9.2-4ubuntu2) oneiric; urgency=low [ Scott Moser ] * 9028-linux-3-0-no-micro.patch: support running libvirt with lxc on linux 3.0 (LP: #802977) [ Jamie Strandboge ] * debian/apparmor/usr.sbin.libvirtd: allow ipc_lock -- Scott Moser Tue, 28 Jun 2011 10:00:54 -0400 libvirt (0.9.2-4ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - remove [linux-any] from all dependencies - remove [!linux-any] deps - swap qemu to qemu-kvm and open-iscsi to open-iscsi-utils in Build-Depends - remove virtualbox-ose Build-Depends - add parted and libapparmor-dev Build-Depends * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommands: move lvm2 to Suggests - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.manpages: * add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS is defined. * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded binary-install/libvirt-bin:: and clean:: sections (they only deal with sysvinit stuff) * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * debian/patches/series: - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches: - dropped patches: * 9022-allows-lxc-containers-with-lxcguest.patch (applied upstream) * 9023-disable-test-poll.patch * 9024-ftbfs-with-arm.patch (doesnt really fix arm just yet) * 9025-CVE-2011-2178.patch (applied upstream) - keep patches: * 9000-delayed_iff_up_bridge.patch * 9001-dont_clobber_existing_bridges.patch * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9011-move-ebtables-script.patch * 9014-skip-nodeinfotest.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch * 9026-lp795800.patch [ Jamie Strandboge ] * 9027-move-apparmor-load-to-genlabel.patch: 0.9.2 introduced a change that caused aa_change_profile() to be called before the profile was loaded into the kernel. Adjust AppArmorGenSecurityLabel() in src/security/security_apparmor.c to load the profile itself, and adjust AppArmorSetSecurityAllLabel() to reload the profile when stdin_fn is specified. This patch can be removed in 0.9.3. (LP: #801569) -- Chuck Short Wed, 22 Jun 2011 11:09:15 -0400 libvirt (0.9.2-4) unstable; urgency=low * [398a4dd] New patch Split-out-dlopen-detection.patch. Explicitly pass -ldl since the lock manager needs it. * [3be22be] New patch Update-generated-autoconf-files.patch. Update generated autoconf files -- Guido Günther Mon, 13 Jun 2011 19:09:17 +0200 libvirt (0.9.2-3) unstable; urgency=low * [008e65d] New patch Skip-nodeinfo-test-on-non-intel-architectures.patch: Skip nodeinfo test on non intel architectures since the testfiles assume a /proc/cpuinfo specific to this architecture. -- Guido Günther Sun, 12 Jun 2011 22:00:05 +0200 libvirt (0.9.2-2) unstable; urgency=low * [17570fc] Enable OpenVZ on Linux only (Closes: #630099) * [31a35bc] New patch nodeinfo-remove-superfluous-braces.patch nodeinfo: remove superfluous braces to fix compilation on non intel architectures -- Guido Günther Sat, 11 Jun 2011 18:40:14 +0200 libvirt (0.9.2-1) unstable; urgency=low * [c6187ec] New upstream version 0.9.2 * [368375a] Update netcat detection to new code * [e3319ee] Drop security-plug-regression-introduced-in-disk-probe-lo.patch applied upstream * [a1428a7] Refresh patches * [77590ee] Update symbols * [0626972] Depend on iproute * [a1b211d] Version dependency on iptables and drop Disable-CHECKSUM-rule.patch (Closes: #627595) -- Guido Günther Wed, 08 Jun 2011 16:58:19 +0200 libvirt (0.9.1-2) unstable; urgency=high * [4fbc990] New patch security-plug-regression-introduced-in-disk-probe-lo. patch (Closes: #629128) - Fixes: CVE-2011-2178 -- Laurent Léonard Sat, 04 Jun 2011 01:53:43 +0200 libvirt (0.9.1-1ubuntu4) oneiric; urgency=low * SECURITY UPDATE: 0.8.8 regression which reopens disk probing (CVE-2010-2238). This can be dropped in 0.9.2. - 9025-CVE-2011-2178.patch: use correct pointer address in virSecurityManagerGetPrivateData() - CVE-2011-2178 * fix virsh save when AppArmor driver is enabled - 9026-lp795800.patch: src/security/security_apparmor.c: implement AppArmorSetFDLabel(), which is now used by qemuMigrationToFile() if our version of qemu supports fd migraton. This can be dropped in 0.9.3. - LP: #795800 -- Jamie Strandboge Thu, 16 Jun 2011 14:16:00 -0500 libvirt (0.9.1-1ubuntu3) oneiric; urgency=low * debian/patches/9024-ftbfs-with-arm.patch: Fix FTBFS with arm. -- Chuck Short Tue, 14 Jun 2011 21:33:15 -0400 libvirt (0.9.1-1ubuntu2) oneiric; urgency=low * Depend on libxen-dev rather than libxen3-dev. -- Chuck Short Mon, 13 Jun 2011 12:48:52 -0400 libvirt (0.9.1-1ubuntu1) oneiric; urgency=low * Resynchronize and merge from Debian unstable (LP: #794378). Remaining changes: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - remove [linux-any] from all dependencies - remove [!linux-any] deps - swap libxen to libxen3, qemu to qemu-kvm, and open-iscsi to open-iscsi-utils in Build-Depends - remove virtualbox-ose Build-Depends - add parted and libapparmor-dev Build-Depends * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommands: move lvm2 to Suggests - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.manpages: * add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS is defined. * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded binary-install/libvirt-bin:: and clean:: sections (they only deal with sysvinit stuff) * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * debian/patches/series: - don't apply Disable-CHECKSUM-rule.patch: our iptables can do this - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches: - drop 9007-fix-daemon-conf-ftbfs.patch (looks like it may be fixed) - drop patches applied upstream: * 9022-drop-booton-when-kernel-specified.patch * 9023-fix-lxc-console-hangup.patch * 9024-fix-broken-commandtest.patch * 9025-Pass-virSecurityManagerPtr-to-virSecurityDAC-Set-Res.patch * 9026-security-avoid-memory-leak.patch * 9027-CVE-2011-1146.patch - keep patches: * 9000-delayed_iff_up_bridge.patch * 9001-dont_clobber_existing_bridges.patch * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9011-move-ebtables-script.patch (refreshed) * 9014-skip-nodeinfotest.patch (modified to make it apply) * 9020-lp545795.patch (modified to make it still apply) * 9021-fix-uint64_t.patch * 9022-allows-lxc-containers-with-lxcguest.patch (renamed, modified to make it still apply, and added DEP-3 tags). - new patches: * 9023-disable-test-poll.patch - don't run broken test-poll -- Serge Hallyn Wed, 11 May 2011 12:29:51 -0500 libvirt (0.9.1-1) unstable; urgency=low * [1546b8c] New upstream version 0.9.1 * [2418ebf] Rediff patches * [d4e2b71] Drop Make-sure-DNSMASQ_STATE_DIR-exists.patch: applied upstream * [0fef693] libvirt0: Update symbols * [b4ff149] Bump standards version to 3.9.2 -- Guido Günther Tue, 10 May 2011 22:45:11 +0200 libvirt (0.9.0-2) unstable; urgency=low * [3a8e07f] New patch Make-sure-DNSMASQ_STATE_DIR-exists.patch (Closes: #623536) -- Guido Günther Mon, 09 May 2011 17:14:02 +0200 libvirt (0.9.0-1) unstable; urgency=low * [a91c8f6] New upstream version 0.9.0 * [1608a8c] Drop patch Make-macros-work-as-rvalues.patch, fixed upstream * [85c3f78] Fix test failure caused by our libvirtd.conf changes * [0defeee] Fix crashes due to missing initialization of the error system * [0a63618] Disable daemon start test for now * [1c29d34] Enable testsuite * [cf3a26f] Build for Python 2.6 only -- Guido Günther Sat, 16 Apr 2011 15:26:34 +0200 libvirt (0.9.0~rc2-2) experimental; urgency=low * [7da1fd9] New patch Make-macros-work-as-rvalues.patch fixes kFreeBSD build * [08c4915] Add support for kFreeBSD (Closes: #612238) -- Guido Günther Thu, 31 Mar 2011 23:01:58 +0200 libvirt (0.9.0~rc2-1) experimental; urgency=low * [77fc1c5] New upstream version 0.9.0~rc2 * [30ceba5] Drop superflous build-dep on dpkg-dev. The affected versions are neither in Lenny, Squeeze nor Sid. * [5845bed] Switch to dh_python2 (Closes: #616874) -- Guido Günther Wed, 30 Mar 2011 14:14:03 +0200 libvirt (0.9.0~rc1-1) experimental; urgency=low * [02daf0b] New upstream version 0.9.0~rc1 * [b4a05a1] Update patches. Drop patches applied upstream: Do-not-add-drive-boot-on-param-when-a-kernel-is-spec.patch Don-t-pass-empty-arguments-to-dnsmasq.patch Make-sure-the-rundir-is-accessible-by-the-user.patch upstream/Add-missing-checks-for-read-only-connections.patch * [7ff8e58] Update symbols for 0.9.0~rc1 -- Guido Günther Tue, 29 Mar 2011 10:04:54 +0200 libvirt (0.8.8-3) unstable; urgency=low * [28df435] Don't create the rundir in the init script. The daemon does this now. * [7302aff] New patch Make-sure-the-rundir-is-accessible-by-the-user.patch. Make sure the rundir is accessible by the user (Closes: #614210) * [6dde59d] Recommend dmidecode used by the qemu driver * [235f893] Add missing checks for read only connections. As pointed on CVE-2011-1146, some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete src/libvirt.c: fix the above set of entry points to error on read-only connections (Closes: #617773) -- Guido Günther Mon, 14 Mar 2011 20:06:57 +0100 libvirt (0.8.8-2) unstable; urgency=low * [f5fa0d3] initscript: depend on $local_fs (Closes: #616162) * [f503698] README.Debian: Mention netcat.openbsd. Thanks to Luca Capello for the patch. * [9d1ceb0] New patch: Do-not-add-drive-boot-on-param-when-a-kernel-is-spec.patch. Do not add drive 'boot=on' param when a kernel is specified Thanks to Jim Fehlig and Wolfgang Frisch (Closes: #615013) -- Guido Günther Mon, 07 Mar 2011 21:43:32 +0100 libvirt (0.8.8-1ubuntu8) oneiric; urgency=low * Force rebuild to find brctl in its new location. (LP: #780896) -- Serge Hallyn Wed, 11 May 2011 09:41:42 -0500 libvirt (0.8.8-1ubuntu7) oneiric; urgency=low * add parted to build-depends (LP: #697046) -- Serge Hallyn Wed, 04 May 2011 19:54:43 -0500 libvirt (0.8.8-1ubuntu6) natty; urgency=low * debian/patches/allows-lxc-containers-with-lxcguest.patch: Pass "libvirt" to lxc containers, so that libvirt can work with lxcguest. (LP: #757752) -- Chuck Short Mon, 11 Apr 2011 13:44:03 -0400 libvirt (0.8.8-1ubuntu5) natty; urgency=low * debian/apparmor/usr.sbin.libvirtd: allow read access to '/' (LP: #727286) -- Jamie Strandboge Fri, 18 Mar 2011 08:02:32 -0500 libvirt (0.8.8-1ubuntu4) natty; urgency=low [ Serge Hallyn ] * Replace 9024-skip-broken-commandtest.patch with 9024-fix-broken-commandtest.patch from upstream. [ Jamie Strandboge ] * debian/patches/9026-security-avoid-memory-leak.patch: avoid memory leaks with the security drivers. Can be dropped in 0.8.9. * SECURITY UPDATE: debian/patches/9027-CVE-2011-1146.patch: Add missing checks for read only connections. Patch from Debian. Can be dropped in 0.8.8-3. - CVE-2011-1146 -- Jamie Strandboge Tue, 15 Mar 2011 11:46:34 -0500 libvirt (0.8.8-1ubuntu3) natty; urgency=low * 9025-Pass-virSecurityManagerPtr-to-virSecurityDAC-Set-Res.patch: Fix ownership setting of chardevs. -- Soren Hansen Thu, 03 Mar 2011 15:48:45 +0100 libvirt (0.8.8-1ubuntu2) natty; urgency=low * debian/control: Demoted package ebtables from Recommends to Suggests for binary package, libvirt-bin. -- Dave Walker (Daviey) Tue, 01 Mar 2011 13:46:35 +0000 libvirt (0.8.8-1ubuntu1) natty; urgency=low * Resynchronize and merge from Debian unstable. Remaining changes: - debian/patches: * 9000-delayed_iff_up_bridge.patch * 9001-dont_clobber_existing_bridges.patch * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9007-fix-daemon-conf-ftbfs.patch * 9011-move-ebtables-script.patch * 9014-skip-nodeinfotest.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch - debian/patches/series: * Disable qemu-disable-network.diff.patch - debian/control: * set ubuntu maintainer * Build-Depends: - swap libxen to libxen3, qemu to qemu-kvm, and open-iscsi to open-iscsi-utils in Build-Depends - remove virtualbox Build-Depends - add libxml2 and libapparmor-dev Build-Depends * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommands: move lvm2 to Suggests - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.manpages: * add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * don't build with vbox since virtualbox-ose is in universe * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * set DEB_MAKE_CHECK_TARGET to 'check' * remove unneeded binary-install/libvirt-bin:: and clean:: sections (they only deal with sysvinit stuff) * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * The following Ubuntu packaging changes occurred during the divergence between Debian and Ubuntu. These changes are not new, but included here for completeness: (0.8.5-0ubuntu1 - 0.8.5-0ubuntu5): - Have upstart job source /etc/default/libvirt-bin. This is only a temporary fix until upstart provides proper default override support through /etc/init/libvirt-bin.override (or any other mechanism). (LP: 708172) - debian/apparmor/usr.sbin.libvirtd: use PUx instead of Ux for executables (LP: 573315) - Rebuild with python 2.7 as the python default. - debian/libvirt-bin.cron.daily: use shell globbing to enumerate xml files. Based on patch thanks to Henryk Plötz (LP: 655176) * Dropped the following patches included/fixed upstream: - 9010-dont-disable-ipv6.patch - 9022-build-cleanup-declaration-of-xen-tests.patch - 9023-vah-require-uuid.patch - 9009-autodetect-nc-params.patch * rolled into Debian's Autodetect-if-the-remote-nc-command-supports-the-q-o.patch * Updated the following patches: - 9011-move-ebtables-script.patch: * LOCALSTATEDIR is defined in configmake.h - 9000-9006: added DEP-3 tags - 9002-better_default_uri_virsh.patch: updated (context changed) * New patches: - 9022-drop-booton-when-kernel-specified.patch (LP: #720426) - 9023-fix-lxc-console-hangup.patch (LP: #668369) - 9024-skip-broken-commandtest.patch * debian/patches/series: - don't apply Disable-CHECKSUM-rule.patch: our iptables can do this - don't apply Debian-specific Debianize-libvirt-guests.patch -- Serge Hallyn Wed, 23 Feb 2011 09:05:46 -0600 libvirt (0.8.8-1) unstable; urgency=low [ Guido Günther ] * [6a174b7] Remove symbol versions that didn't introduce new public symbols and mark those as missing. [ Laurent Léonard ] * [d9e4cad] Imported Upstream version 0.8.8 * [d5ae8aa] Drop patches - build-let-xgettext-see-strings-in-libvirt-guests.patch - fixed upstream - libvirt-guests-remove-bashisms.patch - fixed upstream * [d5990df] Update libvirt0 symbols -- Laurent Léonard Tue, 22 Feb 2011 01:58:55 +0100 libvirt (0.8.7-3) unstable; urgency=low * [e6c5184] New patch Don-t-pass-empty-arguments-to-dnsmasq.patch: Don't pass empty arguments to dnsmasq Thanks to Simon McVittie for the detailed description (Closes: #613944) * [8887de6] Add gbp.conf -- Guido Günther Fri, 18 Feb 2011 15:49:44 +0100 libvirt (0.8.7-2) unstable; urgency=low [ Laurent Léonard ] * [aa3b6a0] Add gettext-base dependency for libvirt-bin. Since libvirt-guests now needs it. * [bb7dbde] Add non dependency booting support for libvirt-guests [ Guido Günther ] * Upload to unstable * [f2fdde0] libvirt-bin.init: add cgconfig to Should-Start. This ensures we reliably process cgroups before starting libvirtd (Closes: #610738) * [261f679] libvirt-bin.init: Add hal and avahi to Should-Stop to make Should-Start and Should-Stop symmetric. -- Guido Günther Sat, 12 Feb 2011 15:10:48 +0100 libvirt (0.8.7-1) experimental; urgency=low [ Guido Günther ] * [f561b2e] New patch 0010-nwfilter-resolve-deadlock-between-VM- operations-and-.patch nwfilter: resolve deadlock between VM operations and filter update (Closes: #602715) [ Laurent Léonard ] * [6f95d48] Fix exit status codes in libvirt init script to comply with LSB * [7d7aed4] New patch 0010-Debianize-libvirt-guests.patch * [a7f4bed] Install libvirt-guests * [6408c57] Remove libvirt-suspendonreboot * [3466195] Imported Upstream version 0.8.7 * [18bb43a] Update libvirt0 symbols * [d8e02ad] Fix typo in --with-init-script build option * [676a47e] New patch 0008-libvirt-guests-remove-bashisms.patch * [3a03ea6] New patch 0009-build-let-xgettext-see-strings-in-libvirt- guests.patch * [ee3d2e0] Update patch 0010-Debianize-libvirt-guests.patch * [904de70] Update libvirt-guests init script location -- Laurent Léonard Tue, 18 Jan 2011 18:43:56 +0100 libvirt (0.8.6-1) experimental; urgency=low * [3b7b682] Imported Upstream version 0.8.6 * [5b081c3] Drop patch - 0008-Move-MAX_VIRT_CPUS-so-all-xen-code-can-see-it.patch - fixed upstream * [38589e6] Update libvirt0 symbols -- Laurent Léonard Tue, 30 Nov 2010 23:31:59 +0100 libvirt (0.8.5-1) experimental; urgency=low [ Laurent Léonard ] * [6e46f0e] Fix wrong regular expression in debian/watch * [802e658] Imported Upstream version 0.8.5 * [c8e4517] Update patch 0002-qemu-disable-network.diff.patch * [5549d65] Drop patch - 0009-Don-t-fail-lxc-domain-start-when-memory-controller-s.patch - fixed upstream * [1af66c1] Update libvirt0 symbols [ Guido Günther ] * [fc234c4] New patch 0008-Move-MAX_VIRT_CPUS-so-all-xen-code-can-see- it.patch. Move MAX_VIRT_CPUS so all xen code can see it -- Laurent Léonard Mon, 15 Nov 2010 14:09:53 +0100 libvirt (0.8.4-1) experimental; urgency=low [ Laurent Léonard ] * [49a581b] Imported Upstream version 0.8.4 * [e1dc0c7] Redo patches * [cce7327] Update libvirt0 symbols [ Guido Günther ] * [bd91614] Drop 0007-Fix-block-statistics-with-newer-versions-of- Xen.patch fixed upstream. -- Guido Günther Wed, 29 Sep 2010 15:29:48 +0200 libvirt (0.8.3-6~1.gbpca2348) UNRELEASED; urgency=low ** SNAPSHOT build @ca2348476605efc4d067933f136ffdae3cf44283 ** [ Laurent Léonard ] * [6e46f0e] Fix wrong regular expression in debian/watch * [6f95d48] Fix exit status codes in libvirt init script to comply with LSB -- Guido Günther Sat, 15 Jan 2011 13:55:42 +0100 libvirt (0.8.3-5) unstable; urgency=low [ Laurent Léonard ] * [6e46f0e] Fix wrong regular expression in debian/watch [ Guido Günther ] * [f561b2e] New patch 0010-nwfilter-resolve-deadlock-between-VM- operations-and-.patch nwfilter: resolve deadlock between VM operations and filter update (Closes: #602715) * [91a1b8d] New patch 0011-OpenVZ-take-veid-from-vmdef-name-when- defining-new-d.patch: Fixes OpenVZ domain creation (Closes: #592817) - thanks to Eric Litak. * [3d3f395] New patch 0012-OpenVZ-Fix-some-overwritten-error-codes.patch: Improve error reporting. -- Guido Günther Wed, 01 Dec 2010 15:12:48 +0100 libvirt (0.8.3-4) unstable; urgency=low * [29e8714] Recommend ebtables used by nwfilter * [e9eb650] New patch 0009-Don-t-fail-lxc-domain-start-when-memory-controller-s.patch - Don't fail lxc domain start when memory controller support is missing (Closes: #566180) -- Guido Günther Mon, 01 Nov 2010 14:22:09 +0100 libvirt (0.8.3-3) unstable; urgency=low * [178670a] Add $syslog to the list of Required-{Start,Stop} services also drop $local_fs since we already have $remote_fs * [4db7451] Don't hardcode netcat's -q option. (Closes: #573172) - thanks to Marc Deslauriers for the patch * [d4c46ee] Disable CHECKSUM rules not supported by Squeeze's iptables (Closes: #598330) * [dbc2609] Move new NEWS items to the top -- Guido Günther Wed, 06 Oct 2010 19:47:46 +0200 libvirt (0.8.3-2) unstable; urgency=low * [4097bbd] New patch 0007-Fix-block-statistics-with-newer-versions- of-Xen.patch. Fix block statistics with newer versions of Xen (Closes: #596004) - thanks to Gerald Turner for the patch * [d554da3] Explain disk image probing changes (Closes: #594962) -- Guido Günther Wed, 29 Sep 2010 14:00:38 +0200 libvirt (0.8.3-1ubuntu14) maverick; urgency=low * Let Apparmor allow libvirtd to create PF_PACKET sockets. Several utility functions require it. Of particular interest, the NWFilter code uses it, so libvirt's firewalling functionality depends on this. (LP: #646706) -- Soren Hansen Fri, 24 Sep 2010 23:36:36 +0200 libvirt (0.8.3-1ubuntu13) maverick; urgency=low * debian/patch/9028-lp628055.patch: include sys/stat.h to fix compiler warning and stat() failure on 32bit architectures when calling stat() on large files. This can be dropped in 0.8.5. (LP: #628055) -- Jamie Strandboge Wed, 22 Sep 2010 15:21:21 -0500 libvirt (0.8.3-1ubuntu12) maverick; urgency=low * 9027-Make-newfilter-xml-transformations-endian-safe.patch NWFilter XML processing includes endian assumptions. Ensure that XML is parsed in an endian-safe manner. Thanks to Stefan Berger for developing the patch upstream. (LP: #643394) -- Emmet Hikory Mon, 20 Sep 2010 19:18:11 +0900 libvirt (0.8.3-1ubuntu11) maverick; urgency=low * 9026-Rebuild-network-filter-for-UML-guests-on-updates.patch. NWFilter updates are supposed to be immediate. Add this support to the UML driver. -- Soren Hansen Wed, 15 Sep 2010 22:11:57 +0200 libvirt (0.8.3-1ubuntu10) maverick; urgency=low [ Jamie Strandboge ] * debian/apparmor/usr.lib.virt-aa-helper: add read access to new 'loader' for eucalyptus (LP: #637544) [ Soren Hansen ] * Add 9025-Add-nwfilter-support-to-UML-driver.patch. Adds missing nwfilter support to UML. -- Jamie Strandboge Tue, 14 Sep 2010 13:47:02 -0500 libvirt (0.8.3-1ubuntu9) maverick; urgency=low * Update 9023-Support-virDomainAttachDevice-and-virDomainDetachDev.patch based on a small last-minute change upstream. * Add 9024-Explicitly-pass-uml_dir-argument-to-user-mode-linux.patch to stop user-mode-linux domains running under a libvirtd run by upstart from mysteriously and silently crashing during boot. -- Soren Hansen Tue, 31 Aug 2010 16:05:24 +0200 libvirt (0.8.3-1ubuntu8) maverick; urgency=low * debian/patches/9009-autodetect-nc-params.patch: updated to fix connecting to a remote server when using zsh or tcsh. (LP: #605172) -- Marc Deslauriers Wed, 25 Aug 2010 12:41:25 -0400 libvirt (0.8.3-1ubuntu7) maverick; urgency=low * debian/patches/series: per Ubuntu Server team, run qemu/kvm as non-root and comment out 9008-run-as-root-by-default.patch. This has now received significant testing in Debian, adds a good security benefit for people who disable AppArmor and fixes the libvirt portion of LP: #619843. With this patch removed, libvirt will default to the Debian configure arguments and run qemu/kvm VMs as 'libvirt-qemu:kvm'. * debian/README.Debian: adjusted for the above -- Jamie Strandboge Tue, 24 Aug 2010 12:58:51 -0500 libvirt (0.8.3-1ubuntu6) maverick; urgency=low * FFe: LP: #622682. * Replace 9019-Remove-wrong-check-for-uml-monitor-response-size.patch with 9019-uml-fix-logic-bug-in-checking-reply-length.patch which is what ended up getting applied upstream. * Add the following patches taken from upstream git: - 9021-Allow-chardev-of-type-file-for-UML-domains.patch - 9022-Rename-qemudShrinkDisks-to-virDomainDiskRemove-and-m.patch - 9023-Support-virDomainAttachDevice-and-virDomainDetachDev.patch -- Soren Hansen Mon, 23 Aug 2010 14:24:06 +0200 libvirt (0.8.3-1ubuntu5) maverick; urgency=low * update to allow pcidev and hostdev to work with AppArmor (LP: #545795) - debian/patches/lp-545795.patch: add vendor and device to pciDeviceFileIterate(). Patch submitted upstream and they feel it is reasonable, but not committed yet. This should fix pcidev. - debian/apparmor/usr.lib.libvirt.virt-aa-helper: add read access to /sys/bus/usb/devices/** - debian/apparmor/libvirt-qemu: adjust read access to be /sys/devices/**/usb[0-9]*/** instead of /sys/devices/*/*/usb[0-9]*/**. Patched based on work by Andreas Ntaflos. -- Jamie Strandboge Fri, 20 Aug 2010 09:21:15 -0500 libvirt (0.8.3-1ubuntu4) maverick; urgency=low * debian/patches/9012-apparmor-dont-ignore-open.patch: don't bother with updated logic. After review, upstream's code is sufficient and simpler. Keep new tests and rename to 9012-apparmor-extra-tests.patch. This can be removed in 0.8.4. * debian/patches/9013-apparmor-lp457716.patch: updated based on upstream feedback. This can be removed in 0.8.4. -- Jamie Strandboge Mon, 16 Aug 2010 16:11:40 -0500 libvirt (0.8.3-1ubuntu3) maverick; urgency=low * Added the following patches: - 9015-Add-ubd-to-the-list-of-disk-prefixes.patch. - 9016-Close-fd-s-of-persistent-tap-devices.patch. - 9017-Make-sure-all-command-line-arguments-get-passed-to-U.patch. - 9018-Make-umlConnectTapDevice-ask-brAddTap-for-a-persiste.patch. - 9019-Remove-wrong-check-for-uml-monitor-response-size.patch * All but the last are already in upstream git. Together, they make user-mode-linux guests work again. * Note: The last patch in the list is still being reviewed upstream. Depending on the outcome, I'll update here accordingly. -- Soren Hansen Mon, 16 Aug 2010 13:33:23 +0200 libvirt (0.8.3-1ubuntu2) maverick; urgency=low * debian/patches/9014-skip-nodeinfotest.patch: fix FTBFS in nodeinfotest which is still broken on armel -- Jamie Strandboge Fri, 13 Aug 2010 08:12:23 -0500 libvirt (0.8.3-1ubuntu1) maverick; urgency=low * Merge from debian unstable with security fixes * Fixes: - LP: #588369 - LP: #585964 * Remaining changes: - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Drop lvm2, qemu-kvm and qemu to Suggests + We call libxen-dev libxen3-dev, so change all references + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/apparmor: - add TEMPLATE - add libvirt-qemu abstraction - add usr.lib.libvirt.virt-aa-helper - add usr.sbin.libvirtd - debian/patches/series: + don't apply 0002-qemu-disable-network.diff.patch + don't apply 0005-Terminate-nc-on-EOF.patch. Use 9009-autodetect-nc-params.patch instead + 9000-delayed_iff_up_bridge.patch (refreshed) + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch (refreshed) + 9003-better-default-arch.patch (refreshsed) + 9004-libvirtd-group-name.patch + 9005-increase-unix-socket-timeout.patch (refreshed) + 9006-default-config-test-case.patch + 9007-fix-daemon-conf-ftbfs.patch (updated) + 9008-run-as-root-by-default.patch (refreshed) + 9009-autodetect-nc-params.patch (refreshed) + 9010-dont-disable-ipv6.patch (refreshsed) + 9011-move-ebtables-script.patch (refreshed) * Dropped the following patches included/fixed upstream: - 9012-fix-nodeinfotest-ftbfs.patch - 9013-apparmor-lp457716.patch * Disable virtualbox support since virtualbox-ose is not in main - debian/control: remove virtualbox-ose build dependency - debian/rules: use --without-vbox * debian/patches/9012-apparmor-dont-ignore-open.patch: fix logic when using virDomainDiskDefForeachPath() and add tests. This can be removed in 0.8.4. * debian/apparmor/usr.sbin.libvirtd: add capability fsetid (LP: #613549) * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to @{PROC}/[0-9]*/net/psched * debian/patches/9013-apparmor-chardev.patch: update for serial, parallel and channels. This can be removed in 0.8.4. (LP: #609055, LP: #578527) * migrate virtual machine definitions with non-raw disks and previously unspecified disk format with a one time probe: - add debian/libvirt-migrate-qemu-disks - add debian/libvirt-migrate-qemu-disks.1 - debian/libvirt-bin.postinst: updated to run 'libvirt-migrate-qemu-disks -a' on upgrades - debian/rules: cp debian/libvirt-migrate-qemu-disks into place - debian/libvirt-bin.manpages: install debian/libvirt-migrate-qemu-disks.1 - debian/README.Debian: updated for libvirt-migrate-qemu-disks -- Jamie Strandboge Thu, 12 Aug 2010 17:00:59 -0500 libvirt (0.8.3-1) unstable; urgency=low [ Guido Günther ] * Mention clear_emulator_capabilities * Recommend iptables and gawk [ Laurent Léonard ] * Imported Upstream version 0.8.3 - Fixes: CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242 * Redo patches * Update libvirt0 symbols * Bump Standards-Version to 3.9.1 [ Guido Günther ] * Install libvirt-qemu library * Add libvirt-qemu.so symbols [ Laurent Léonard ] * Fix debian/NEWS syntax -- Laurent Léonard Fri, 06 Aug 2010 17:18:55 +0200 libvirt (0.8.2-1) unstable; urgency=low * Imported Upstream version 0.8.2 * Drop patches. * Update libvirt0 symbols. * Bump Standards-Version to 3.9.0. * Add virtualbox-ose and libnl-dev build dependencies. -- Laurent Léonard Tue, 06 Jul 2010 12:14:33 +0200 libvirt (0.8.1-2ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: - Fixes: LP: #522845 LP: #553737 LP: #520386 - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Drop qemu-kvm and qemu to Suggests + We call libxen-dev libxen3-dev, so change all references + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/apparmor: - add TEMPLATE - add libvirt-qemu abstraction - add usr.lib.libvirt.virt-aa-helper - add usr.sbin.libvirtd - debian/patches/series: + don't apply 0002-qemu-disable-network.diff.patch + don't apply 0005-Terminate-nc-on-EOF.patch. Use 9010-autodetect-nc-params.patch instead + 9000-delayed_iff_up_bridge.patch (refreshed) + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch (updated) + 9004-better-default-arch.patch + 9005-libvirtd-group-name.patch + 9006-increase-unix-socket-timeout.patch (refreshed) + 9007-default-config-test-case.patch (updated) + 9008-fix-daemon-conf-ftbfs.patch (rewritten) + 9009-run-as-root-by-default.patch (refreshed) + 9010-autodetect-nc-params.patch (refreshed, formerly 9015) + 9011-dont-disable-ipv6.patch (updated) * Dropped following packaging changes, no longer required with upgrades from Lucid: - debian/control: + versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg + remove Build-Depends on libcap-ng-dev - debian/libvirt-bin.postinst: virt-aa-helper profile migration to /usr/lib/libvirt - debian/libvirt-bin.preinst: added to force complain on certain upgrades * Dropped the following patches, included upstream: - 0010-Use-base-16-for-product-vendor.patch - 9003-increase-logoutput-timeout.patch - 9010-apparmor-ftbfs.patch - 9011-node_device_driver.patch - 9012-dont-crash-on-restart.patch - 9013-apparmor-dont-clear-caps.patch - 9014-apparmor-remove-unloaded-profile-is-not-fatal.patch - 9016-disk-cache-setting-xml.patch - 9018-fix-pty-console.patch - 9019-apparmor-fix-xauth.patch - 9020-apparmor-fix-backingstore.patch - 9021-apparmor-fix-hostdev.patch - 9022-dont-leak-log-fd.path.patch - 9023-virt-pki-validate_fixes.patch - 9024-free-memory-for-invalid-devices.patch (use 0008-Fix-leaks-in-udev-device-add-remove.patch from Debian) * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to ecryptfs files (LP: #591769) * debian/patches/9012-fix-nodeinfotest-ftbfs.patch: fix FTBFS in nodeinfotest. Drop in 0.8.2. * debian/patches/9013-apparmor-lp457716.patch: properly support/save and restore (LP: #457716). Drop in 0.8.2. * debian/apparmor/libvirt-qemu: remove workaround for LP: #457716 * don't create and run ebtables script in /tmp: - debian/apparmor/usr.sbin.libvirt: allow ixr to /var/lib/libvirt/virtd* for new ebtables functionality added in 0.8.0 - debian/patches/9014-move-ebtables-script.patch: update nwfilter_ebiptables_driver.c /var/lib/libvirt to use /var/lib/libvirt instead of /tmp -- Jamie Strandboge Wed, 16 Jun 2010 14:22:39 -0500 libvirt (0.8.1-2) unstable; urgency=low * [41aea79] Drop patchsys-quilt since this package is 3.0 (quilt) now. (Closes: #577919) * [978e3c9] libvirt-bin.init: export PATH. (Closes: #584333) * [e4f0869] virt-xml-validate needs xmllint from libxml2-utils. (Closes: #584869) * [bba6d72] New patch 0008-Fix-leaks-in-udev-device-add-remove.patch: Fix leaks in udev device add/remove. (Closes: #582965) - thanks to Nigel Jones for forwarding this -- Guido Günther Mon, 07 Jun 2010 18:23:47 +0200 libvirt (0.8.1-1) unstable; urgency=low * [647cbd6] Imported Upstream version 0.8.1 * fixes spurious syslog messages (Closes: #565275) * sysfs USB class parsing (Closes: #579208) * virsh honors $VISUAL (Closes: #574415) * [fecd1b9] Update libvirt symbols to 0.8.1 * [3e58e0b] Drop patches merged upstream: * 0007-nwfilter-Don-t-crash-if-driverState-NULL.patch * 0008-Ignore-empty-type-statement-in-disk-element.patch * [561ab2e] New patch: * 0007-patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch: make qemuMonitorTextGetMigrationStatus to intercept unknown command 'info migrate' (Closes: #574272) - thanks to Andreas Bießmann * [aeda8ea] Enanble macvtap support -- Guido Günther Sun, 09 May 2010 14:25:00 +0200 libvirt (0.8.0-2) unstable; urgency=low * [70fbcb6] New patch 0007-nwfilter-Don-t-crash-if-driverState- NULL.patch nwfilter: Don't crash if driverState == NULL (Closes: #577728) * [d7d1abd] New patch 0008-Ignore-empty-type-statement-in-disk- element.patch Ignore empty type statement in disk element (Closes: #578347) -- Guido Günther Mon, 19 Apr 2010 18:11:57 +0200 libvirt (0.8.0-1) unstable; urgency=low * Imported Upstream version 0.8.0 * Drop patches. * Update libvirt0 symbols. * Switch to new source format 3.0 (quilt). -- Laurent Léonard Tue, 13 Apr 2010 20:50:29 +0200 libvirt (0.7.7-4) unstable; urgency=low [ Guido Günther ] * [cf4919c] Recommend either qemu-kvm or qemu [ Laurent Léonard ] * [1b12f02] Change libparted1.8-dev build dependency to libparted0- dev. (Closes: #574906) -- Guido Günther Mon, 22 Mar 2010 20:50:30 +0100 libvirt (0.7.7-3) unstable; urgency=low * The "fix all those crashes" release * [f74e13a] Explicitly disable hal (Closes: #574177) * [21ef92b] New patch 0009-security-Set-permissions-for-kernel- initrd.patch security: Set permissions for kernel/initrd (Closes: #574241) - thanks to Cole Robinson * [b69d3cc] Revert "Enable NUMA support" since it breaks the python bindings. * [5f2ca4a] New patch 0010-Don-t-crash-without-a-security-driver.patch Don't crash without a security driver (Closes: #574359) -- Guido Günther Wed, 17 Mar 2010 21:05:35 +0100 libvirt (0.7.7-2) unstable; urgency=low [ Guido Günther ] * [b350683] Enable parallel build * [b2a6aab] Enable NUMA support * [13274cf] New patch 0007-Work-around-broken-linux-socket.h.patch Work around broken linux/socket.h [ Laurent Léonard ] * [3c12caf] qemu: Fix USB by product with security enabled. -- Laurent Léonard Tue, 16 Mar 2010 00:47:34 +0100 libvirt (0.7.7-1) unstable; urgency=low * [f944460] Imported Upstream version 0.7.7 * [bd457cc] Redo patches. * [098d1d3] Update libvirt0 symbols. -- Laurent Léonard Fri, 05 Mar 2010 17:49:17 +0100 libvirt (0.7.6-2) unstable; urgency=low * [72790fc] Drop hal dependency We're using udev for device enumeration. * [ce225c4][11cc6e9] New patch 0006-Don-t-drop-caps-when-exec-ing-qemu.patch: Don't drop caps when exec'ing qemu. Instead of disabling libcap-ng better exclude this one exec so we get the additional security for the rest of the calls. Makes interface type="network" work again. (Closes: #565767) -- Guido Günther Sun, 14 Feb 2010 18:22:30 +0100 libvirt (0.7.6-1) unstable; urgency=low * [0229557] Imported Upstream version 0.7.6 * [6fdc00b] Drop patches. * [1b0670b] Update libvirt0 symbols. -- Laurent Léonard Thu, 04 Feb 2010 00:38:08 +0100 libvirt (0.7.5-6) unstable; urgency=low [ Laurent Léonard ] * [a3b98c9] Don't free an uninitalized pointer in update_driver_name() (Closes: #565983) - thanks to Matthias Bolte * [719976d] Handle only official releases in debian/watch. * [83902d9] Bump Standards-Version to 3.8.4. [ Guido Günther ] * [959640d] New patch 0011-Fix-parsing-of-info-chardev-line- endings.patch Fix parsing of 'info chardev' line endings (Closes: #567818) - thanks to Matthew Booth [ Laurent Léonard ] * [0b2a9dd] Add $remote_fs to Required-Start and Required-Stop in libvirt-bin init script. -- Laurent Léonard Mon, 01 Feb 2010 00:03:58 +0100 libvirt (0.7.5-5ubuntu29) maverick; urgency=low * debian/apparmor/libvirt-qemu: allow setgid and setuid so qemu can drop privileges (LP: #579584) -- Jamie Strandboge Thu, 10 Jun 2010 13:09:44 -0500 libvirt (0.7.5-5ubuntu28) maverick; urgency=low * debian/control: lower qemu-kvm and lvm2 from Recommends to Suggests, LP: #556312; it's reasonable to install libvirt on systems that host xen and qemu VMs; see meta packages (ubuntu-virt, ubuntu-virt-server, ubuntu-virt-mgmt) for group installation of virt pacakge sets -- Dustin Kirkland Fri, 04 Jun 2010 19:09:36 -0500 libvirt (0.7.5-5ubuntu27.1) maverick; urgency=low [ Nigel Jones ] * debian/patches/9024-free-memory-for-invalid-devices.patch: clean up a memory leak affecting multipath+libvirt, LP: #571093 -- Dustin Kirkland Mon, 24 May 2010 10:00:07 -0500 libvirt (0.7.5-5ubuntu27) lucid; urgency=low * debian/libvirt-bin.postinst: ensure that the convenience feature of adding users to the libvirtd group does cause package setup failure, LP: #565380 * debian/patches/9023-virt-pki-validate_fixes.patch: fix a bashism, a missing autoconf substitution, and an insufficient sed call, in order to get this working on Ubuntu, LP: #562266; patch submitted upstream -- Dustin Kirkland Wed, 21 Apr 2010 15:59:49 -0500 libvirt (0.7.5-5ubuntu26) lucid; urgency=low * debian/patches/9022-dont-leak-log-fd.path.patch: Fix FD leak in qemudStartVMDaemon (LP: #567392) * debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for LVM volumes and searching /sys/bus/usb/devices/ (LP: #565691) -- Jamie Strandboge Tue, 20 Apr 2010 13:45:12 -0500 libvirt (0.7.5-5ubuntu25) lucid; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for eucalyptus (LP: #564914) -- Jamie Strandboge Fri, 16 Apr 2010 14:10:06 -0500 libvirt (0.7.5-5ubuntu24) lucid; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: eek, the /dev change from the last upload was a wee bit too aggressive. Revert that and allow access to .img, .qcow{,2}, and .vmdk (file extensions that actually support backingstore) and .[iI][sS][oO] since it is so common (LP: #517714) -- Jamie Strandboge Thu, 15 Apr 2010 08:52:27 -0500 libvirt (0.7.5-5ubuntu23) lucid; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: also allow /opt but deny access to /dev to suppress confusing, non-fatal profile denials. -- Jamie Strandboge Wed, 14 Apr 2010 07:36:13 -0500 libvirt (0.7.5-5ubuntu22) lucid; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow ro access to files in /mnt, /media and /srv -- Jamie Strandboge Tue, 13 Apr 2010 08:27:46 -0500 libvirt (0.7.5-5ubuntu21) lucid; urgency=low * debian/libvirt-bin.upstart: simplify pidfile cleanup logic, per discussion with Jamie Strandboge and Loic Minier in LP: #510658 -- Dustin Kirkland Wed, 07 Apr 2010 16:09:05 -0500 libvirt (0.7.5-5ubuntu20) lucid; urgency=low * debian/libvirt-bin.upstart: - remove unnecessary pid file existence test, LP: #510658 - revert virbr0 up/down hack added in 0.7.5-5ubuntu17, LP: #345485 -- Dustin Kirkland Wed, 07 Apr 2010 15:39:39 -0500 libvirt (0.7.5-5ubuntu19) lucid; urgency=low * fix for hostdev devices (LP: #545795). This can be dropped in 0.7.8 - debian/patches/9021-apparmor-fix-hostdev.patch: adjust virt-aa-helper to handle pci devices. Update valid_path() to have an override array to check against, and add "/sys/devices/pci" to it. Then rename file_iterate_cb() to file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it. Update tests suite for this and SDL - debian/apparmor/libvirt-qemu: adjust for the above - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to /sys/devices -- Jamie Strandboge Mon, 05 Apr 2010 19:50:15 -0500 libvirt (0.7.5-5ubuntu18) lucid; urgency=low * handle SDL graphics (LP: #545426). This can be dropped in 0.7.8 - 9019-apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL graphics, specifically Xauthority. Also remove a couple redundant checks. - debian/apparmor/libvirt-qemu: add comment about /dev/fb* * handle backingstore (LP: #470636). This can be dropped in 0.7.8 - debian/patches/9020-apparmor-fix-backingstore.patch: adjust virt-aa-helper to handle disks with backing stores - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to user-tmp, non-hidden files in @{HOME} and storage pools -- Jamie Strandboge Mon, 05 Apr 2010 16:56:25 -0500 libvirt (0.7.5-5ubuntu17) lucid; urgency=low * debian/libvirt-bin.upstart: bring virbr0 up/down on upstart start/stop of libvirt, LP: #345485 -- Dustin Kirkland Thu, 01 Apr 2010 23:08:33 -0500 libvirt (0.7.5-5ubuntu16) lucid; urgency=low * debian/libvirt-bin.upstart: libvirt has a nasty habit of leaving it's pidfile lying around when/if it crashes; add a pre-start check that removes the pidfile if it exists but the daemon is not actually running, LP: #510658 -- Dustin Kirkland Thu, 01 Apr 2010 19:47:04 -0500 libvirt (0.7.5-5ubuntu15) lucid; urgency=low * debian/apparmor/libvirt-qemu, examples/apparmor/libvirt-qemu: allow seabios in the apparmor profile, LP: #545302 -- Dustin Kirkland Tue, 23 Mar 2010 11:28:28 -0700 libvirt (0.7.5-5ubuntu14) lucid; urgency=low * debian/patches/9018-fix-pty-console.patch: fix issue using console in virsh. (LP: #542324) -- Scott Moser Fri, 19 Mar 2010 15:58:21 -0400 libvirt (0.7.5-5ubuntu13) lucid; urgency=low * debian/patches/9017-dont-disable-ipv6.patch: don't disable IPv6 on the bridge interface. The original intent of disabling IPv6 was to prevent RAs received from client VMs from accidentally adding addresses to the bridge interface. However, only accept_ra=0 is necessary to fix this, without the side-effect of disabling IPv6. (LP: #528934) -- Jeremy Visser Thu, 04 Mar 2010 17:33:11 +1100 libvirt (0.7.5-5ubuntu12) lucid; urgency=low * Build against parted 2.2. -- Colin Watson Tue, 09 Mar 2010 01:18:49 +0000 libvirt (0.7.5-5ubuntu11) lucid; urgency=low * Make sure cache setting is output by virDomainGetXMLDesc (and, by extension, "virsh dumpxml"), even if no special driverName is set. (LP: #531741) -- Soren Hansen Thu, 04 Mar 2010 22:19:52 +0100 libvirt (0.7.5-5ubuntu10) lucid; urgency=low * debian/patches/9015-autodetect-nc-params.patch: autodetect if the remote nc command supports the -q option. (LP: #517478) * debian/patches/0006-Terminate-nc-on-EOF.patch: disabled as the previous patch replaces it. -- Marc Deslauriers Thu, 04 Mar 2010 07:58:52 -0500 libvirt (0.7.5-5ubuntu9) lucid; urgency=low * debian/apparmor/libvirt-qemu: - explicitly deny setpcap to silence denials. See LP: 522845 for details - allow read access to /proc/*/status * debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch: Don't exit with error if the user unloaded the profile outside of libvirt (LP: #530400) -- Jamie Strandboge Wed, 03 Mar 2010 06:29:39 -0600 libvirt (0.7.5-5ubuntu8) lucid; urgency=low * Build against parted 2.1. -- Colin Watson Fri, 26 Feb 2010 18:11:14 +0000 libvirt (0.7.5-5ubuntu7) lucid; urgency=low * debian/patches/0010-Use-base-16-for-product-vendor.patch: parse the USB and PCI product and vendor ids in hexadecimal. This fixes incorrect USB ids being used in virt-manager. (LP: #514610) -- Marc Deslauriers Sun, 07 Feb 2010 11:08:23 -0500 libvirt (0.7.5-5ubuntu6) lucid; urgency=low * debian/patches/9013-apparmor-dont-clear-caps.patch: Don't clear capabilities when calling virt-aa-helper. When built with libcap-ng, clearing caps makes virt-aa-helper lose MAC_ADMIN, which is (obviously) needed by apparmor_parser. This restores libcap-ng behavior to what it was when not built with libcap-ng. (LP: #517714) -- Jamie Strandboge Fri, 05 Feb 2010 16:48:42 -0600 libvirt (0.7.5-5ubuntu5) lucid; urgency=low * Build-Depend on libcap-ng. (LP: #488963) -- Soren Hansen Thu, 04 Feb 2010 14:50:40 -0800 libvirt (0.7.5-5ubuntu4) lucid; urgency=low * debian/patches/9011-node_device_driver.patch: Don't free an uninitalized pointer in update_driver_name() in src/node_device/node_device_driver.c (LP: #513544) * debian/patches/9012-dont-crash-on-restart.patch: don't crash on restart if domain(s) with PCI devices are running -- Jamie Strandboge Thu, 28 Jan 2010 08:26:14 -0600 libvirt (0.7.5-5ubuntu3) lucid; urgency=low * 9008-fix-daemon-conf-ftbfs.patch: fix for FTBFS on Ubuntu buildds by disabling running libvirtd with a valid config file in the daemon-conf test. This patch used to be 9008-warn-on-daemon-conf-test-wait.patch -- Jamie Strandboge Mon, 25 Jan 2010 21:08:46 -0600 libvirt (0.7.5-5ubuntu2) lucid; urgency=low * debian/patches/9010-apparmor-ftbfs.patch: updated to match upstream and give proper attribution -- Jamie Strandboge Mon, 25 Jan 2010 17:44:30 -0600 libvirt (0.7.5-5ubuntu1) lucid; urgency=low * Merge from debian unstable. Remaining changes: - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles + 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/libvirt-bin.preinst: added to force complain on certain upgrades - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + 9000-delayed_iff_up_bridge.patch + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch + 9003-increase-logoutput-timeout.patch + 9004-better-default-arch.patch + 9005-libvirtd-group-name.patch + 9006-increase-unix-socket-timeout.patch + 9007-default-config-test-case.patch + 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016) - Dropped the following patches now including upstream: + 0005-Fix-SELinux-linking-issues.patch + 9008-apparmor-caps-mockup.patch + 9009-apparmor-lp453335.patch + 9010-apparmor-lp460271.patch + 9011-apparmor-code-cleanups.patch + 9012-apparmor-add-virt-aa-helper-test.patch + 9013-apparmor-examples.patch + 9014-event-fuzz.patch + 9015-hal-startup-failure-is-nonfatal.patch * debian/patches/9009-run-as-root-by-default.patch: run virtual machines via qemu:///system as root. As of 0.7, upstream libvirt has the ability to run VMs started via qemu:///system as an unprivileged user. Debian's libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream implementation is contentious among the community and while it does reduce the privileges of the VMs running under qemu:///system, all VMs currently run under the same user, so there is no guest isolation. Even if each user ran under its own user, an attacker could potentially break out of the VM and have unconfined user access (albeit non-root). In Ubuntu, Qemu/KVM virtual machines are already fully isolated and confined by the AppArmor security driver so this feature has been disabled. Once there is consensus among the community on the implementation and its use, changing this default in Ubuntu can be considered as an additional protection to the AppArmor driver. * debian/README.Debian: add section discussing the security implications of using qemu:///system * debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in virt-aa-helper.c and automake dependency declaration. This should be dropped in 0.7.6 or higher. -- Jamie Strandboge Mon, 25 Jan 2010 12:48:13 -0600 libvirt (0.7.5-5) unstable; urgency=low [ Guido Günther ] * [d8e60e8] Add css to docs * [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if- info-chard.patch qemu: Use log output for pty assignment if 'info chardev' is unavailable - thanks to Matthias Bolte [ Laurent Léonard ] * [0905f82] Fix QEMU driver custom domain status XML extensions. - thanks to Daniel P. Berrange -- Laurent Léonard Tue, 19 Jan 2010 23:16:16 +0100 libvirt (0.7.5-4) unstable; urgency=low * [18520c0] Same description of supported virt techs in all binary packages (Closes: #564909) - thanks to Loïc Minier * [49c357c] Implement path lookup for USB by vendor:product (Closes: #563502) - thanks to Cole Robinson -- Guido Günther Wed, 13 Jan 2010 23:57:26 +0100 libvirt (0.7.5-3) unstable; urgency=low * [4d41fd7] Also look for dmi information in /sys/class older kernels such as 2.6.26 have it there. (Closes: #564020) * [1c0e0b5] Explicitly disable ESX support * [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas for the patch -- Guido Günther Fri, 08 Jan 2010 11:07:34 +0100 libvirt (0.7.5-2) unstable; urgency=low * Upload to unstable * [d6c5ca5] Add debugging symbols for all packages -- Guido Günther Sun, 03 Jan 2010 20:01:12 +0100 libvirt (0.7.5-1) experimental; urgency=low [ Laurent Léonard ] * [96f8d94] Imported Upstream version 0.7.5 * [f8089a1] Redo patches. * [294ce3d] Update libvirt0 symbols. * [1c97be7] Allow DM upload and add myself as uploader. * [5635a32] Clean debian/watch. [ Guido Günther ] * [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch applied upstream. -- Guido Günther Sat, 26 Dec 2009 17:45:47 +0100 libvirt (0.7.4-2) experimental; urgency=low * [65d3755] Disable SELinux to work around #559356 * [19bd427] Run qemu instances as qemu-libvirt instead of root by default (Closes: #558197) * [0a6c03b] Use kvm as primary group for libvirt-qemu user * [e5ae24b] Fix udev backend startup * [f610a8e] Use udev instead of hal backend -- Guido Günther Mon, 07 Dec 2009 21:20:20 +0100 libvirt (0.7.4-1) unstable; urgency=low [ Laurent Léonard ] * [8f2761b] Imported Upstream version 0.7.4 * [20b6b3d] Drop patches. * 0005-Fix-SELinux-linking-issues.patch - fixed upstream. * 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch - fixed upstream. * 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch - applied upstream. * 0008-Fix-qemu-session.patch - fixed upstream. * [e41f8c6] Update libvirt0 symbols. * [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts commit 213ca47bbbefe2dc95be58a09db34669e3be5797. * [65084d2] Enhance handling of examples. -- Guido Günther Tue, 01 Dec 2009 18:51:18 +0100 libvirt (0.7.2-4ubuntu6) lucid; urgency=low * Update libvirt0 description to match the other packages in supported virtualization technologies. * Rename Vcs-* to XS-Debian-Vcs-*. -- Loïc Minier Tue, 12 Jan 2010 17:22:02 +0100 libvirt (0.7.2-4ubuntu5) lucid; urgency=low * debian/rules, debian/libvirt-bin.upstart: migrate libvirt to upstart (LP: #446036) * debian/control: depend on open-iscsi-utils, rather than open-iscsi, fixed again, grrr (LP: #414986) -- Dustin Kirkland Tue, 05 Jan 2010 23:23:28 -0600 libvirt (0.7.2-4ubuntu4) lucid; urgency=low * debian/libvirt-bin.postinst: don't sed a non-existent file (LP: #493582) -- Jamie Strandboge Mon, 07 Dec 2009 08:55:03 -0600 libvirt (0.7.2-4ubuntu3) lucid; urgency=low * debian/patches/9016-warn-on-daemon-conf-test-wait.patch: workaround FTBFS on buildd by not failing when waiting on pid -- Jamie Strandboge Wed, 02 Dec 2009 12:12:17 -0600 libvirt (0.7.2-4ubuntu2) lucid; urgency=low * debian/control: Build-Depends on qemu-kvm, not qemu * debian/patches/9007-default-config-test-case.patch: revert last change which caused a different failure on buildd -- Jamie Strandboge Wed, 02 Dec 2009 11:14:59 -0600 libvirt (0.7.2-4ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: - debian/control: + Don't build-depend on QEmu + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + Build-Depends on libxml2-utils + Build-Depends on open-iscsi-utils instead of open-iscsi due to LP: #414986 - debian/postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd - debian/rules: add DEB_MAKE_CHECK_TARGET := check - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2 - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch - AppArmor integration: + debian/control: Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks + add debian/libvirt-bin.cron.daily (LP: #438165) + add debian/libvirt-bin.apport + debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook + debian/postinst: reload apparmor profiles + debian/libvirt-bin.postrm: remove apparmor symlinks on purge + debian/libvirt-bin.preinst: added to force complain on certain upgrades + debian/README.Debian: add AppArmor section based on the upstream documentation + debian/rules: use --with-apparmor and copy apparmor and apport hook to debian/tmp - Dropped the following patches now included upstream: + 0005-Close-logfile-fd-after-spawning-qemu.patch + 9090-reenable-nonfile-labels.patch + 9091-apparmor.patch + 9092-apparmor-autoreconf.patch * AppArmor integration updates: - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to /usr/lib/libvirt/* (LP: #480478) - debian/apparmor/libvirt-qemu: allow guests access to /etc/pki/libvirt-vnc/** (LP: #484562) - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in 0.7.4): + debian/patches/9008-apparmor-caps-mockup.patch + debian/patches/9009-apparmor-lp453335.patch + debian/patches/9010-apparmor-lp460271.patch + debian/patches/9011-apparmor-code-cleanups.patch - add virt-aa-helper-test and examples/apparmor that were omitted from the upstream tarball (can be dropped in 0.7.5): + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch + debian/patches/9013-apparmor-examples.patch + debian/rules: add post-patches target to make virt-aa-helper-test executable * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work when both apparmor and selinux are available. This patch should be dropped in 0.7.4. * debian/patches/9007-default-config-test-case.patch: updated to not fail if building in a deep directory * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels. Can be dropped in 0.7.5. * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal driver if hald is not running instead of dying. Can be dropped in 0.7.4. * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet * revert change to new source format 3.0 (quilt) since Launchpad can't handle it yet (see LP: #293106) -- Jamie Strandboge Wed, 02 Dec 2009 09:22:21 -0600 libvirt (0.7.2-4) unstable; urgency=low * [213ca47] switch to new source format 3.0 (quilt) * [f5a10e9] Depend on hal (Closes: #556730) * [7d1422d] Drop build-dep on libpolkit-dbus-dev (Closes: #549500) * [95ad85c] Depend on libcap-ng-dev for lxc driver. -- Guido Günther Wed, 25 Nov 2009 20:39:17 +0100 libvirt (0.7.2-3) unstable; urgency=low * [2c0aa82] Fix qemu:///session Backported from upsgtream's 79218cdd9887b132eb0f29fe2048f89e90beae1 (Closes: #554869) -- Guido Günther Sat, 07 Nov 2009 12:50:54 +0100 libvirt (0.7.2-2) unstable; urgency=low [ Laurent Léonard ] * [a9ea205] Change requirement of libvirt-bin in libvirt- suspendonreboot. * [a4db804] Update debian/patches/0006-Don-t-let-parent-of-daemon- exit-until-basic-initiali.patch. Fix use of an uninitialized variable that was causing a bug on i386 systems. * [59e1e53] Redo patches. [ Guido Günther ] * upload to unstable * [43f106a] Only remove masquerade roles for VIR_NETWORK_FORWARD_NAT (Closes: #549949) - thanks to Rob S. Wolfram for testing -- Guido Günther Thu, 05 Nov 2009 20:44:21 +0100 libvirt (0.7.2-1) experimental; urgency=low [ Laurent Léonard ] * [51a4814] Imported Upstream version 0.7.2 * [12268f6] Update patches. * [175d497] Fix SELinux linking issues. Pulled from upstream 309acaa0230494b8ec08d03375c10238cb2daf55. * [5cfdaf8] Update libvirt-doc docs. * [dc2059f] Update libvirt-bin manpages. * [a62a4a7] Update libvirt-bin examples. * [9e38cbc] Update libvirt0 symbols. * [412b12f] Make init.d script provide itself. * [35451bf] Update debian/rules to support new example files. * [43b7dac] Don't let parent of daemon exit until basic initialization is done. * [5a37e69] Make init.d provide libvirtd for backward compatibility. -- Guido Günther Mon, 26 Oct 2009 20:14:23 +0100 libvirt (0.7.1-2) unstable; urgency=low * [f5299d3] document changes and release 0.7.1-1 * [f137c00] Allow for older versions of dpkg-dev to ease backports. * [74f5832] Use Policykit 1.0 (Closes: #549500) -- Guido Günther Fri, 09 Oct 2009 20:32:02 +0200 libvirt (0.7.1-1) unstable; urgency=low [ Laurent Léonard ] * [40fb620] Bump Debhelper version to 7. * [e0e89f2] Bump Standards-Version to 3.8.3. * [50a862f] Clean debian/rules. * [e9c9906] Change build dependency on libreadline5-dev to libreadline-dev. * [b6cb738] Imported Upstream version 0.7.1 * [780f6a7] Redo patches. * [3d66f37] Update libvirt-bin examples. * [c01ed84] Update libvirt0 symbols. -- Guido Günther Sat, 26 Sep 2009 17:15:02 +0200 libvirt (0.7.0-1ubuntu15) lucid; urgency=low * Run test suite at build time. * Add libxml2-utils dependency. Needed by the test suite. * Remove "Connecting to uri: " notice from virsh. It breaks the test suite, the information is readily available with the "uri" command inside virsh, and it's a usability delta with upstream, so constantly causes confusion. -- Soren Hansen Fri, 27 Nov 2009 11:21:53 +0100 libvirt (0.7.0-1ubuntu14) lucid; urgency=low * debian/patches/9093-lp460271.patch: require absolute path for dynamic added files (LP: #460271) * debian/patches/9094-lp453335.patch: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly. (LP: #453335) * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to work (LP: #461528) * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) -- Jamie Strandboge Mon, 09 Nov 2009 17:11:05 -0600 libvirt (0.7.0-1ubuntu13) karmic; urgency=low * allow save/restore to work in $HOME. This is a workaround until upstream https://bugzilla.redhat.com/show_bug.cgi?id=529363 is fixed. (LP: #457716) * debian/libvirt-bin.cron.daily: don't comlain if no domain XML definitions or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607) -- Jamie Strandboge Fri, 23 Oct 2009 03:52:33 -0500 libvirt (0.7.0-1ubuntu12) karmic; urgency=low * debian/apparmor/libvirt-qemu: a couple more fixes for pulseaudio LP: #453329 -- Jamie Strandboge Fri, 16 Oct 2009 17:06:15 -0500 libvirt (0.7.0-1ubuntu11) karmic; urgency=low * debian/patches/9091-apparmor.patch: - src/virt-aa-helper.c: update to parse XML for guest's architecture and os.type rather than just trying to make something up. - tests/virt-aa-helper-test: add some tests for the above and fix another test - LP: #448671 -- Jamie Strandboge Wed, 14 Oct 2009 14:55:20 -0500 libvirt (0.7.0-1ubuntu10) karmic; urgency=low * debian/patches/0005-Close-logfile-fd-after-spawning-qemu.patch: fix egregious file descriptor leak with cherry-pick from upstream git, LP: #438815 -- Dustin Kirkland Tue, 06 Oct 2009 18:57:22 -0500 libvirt (0.7.0-1ubuntu9) karmic; urgency=low * allow access for sound (LP: #437854) - abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We do not use the audio abstraction because the virtual machine runs as root and therefore DAC cannot be used as a fallback. - debian/README.Debian: add some text to encourage review of the AppArmor profiles and abstraction when using in production environments * debian/libvirt-bin.cron.daily: added to clean out old profiles that are no longer associated with a virtual machine definition (LP: #438165) * debian/patches/9091-apparmor.patch: - quote the pid, monitor and logfile in case any of them have weird characters (complete fix for LP: #432810) - support for disks -- Jamie Strandboge Mon, 05 Oct 2009 16:31:12 -0500 libvirt (0.7.0-1ubuntu8) karmic; urgency=low * debian/patches/9091-apparmor.patch: sync with upstream for maintenance, licensing compliance with upstream and bug fixes: - handle files with spaces in the name (LP: #432810) - add serial, console, kernel and initrd support (LP: #432581) - allow read only access to /boot, /vmlinuz and /initrd.img - allow access to character devices (eg USB devices) - have virt-aa-helper accept XML on stdin, which allows for adding other devices in the future and helps ensure we always have the most up to date definition - update profile on attach and detach of devices (LP: #435527) - add --dryrun option to virt-aa-helper, and greatly improve the virt-aa-helper-test script * revert workaround for LP: #431090 now that kernel, initrd, et al is properly supported * debian/apparmor/usr.sbin.libvirtd: add various capabilities recommended by upstream to prevent potential regressions -- Jamie Strandboge Tue, 22 Sep 2009 20:04:58 -0500 libvirt (0.7.0-1ubuntu7) karmic; urgency=low * debian/apparmor/libvirt-qemu: add chown capability (LP: #434417) -- Jamie Strandboge Tue, 22 Sep 2009 08:03:21 -0500 libvirt (0.7.0-1ubuntu6) karmic; urgency=low * debian/apparmor/libvirt-qemu: workaround eucalyptus serial console, kernel and initrd location. This should be removed after virt-aa-helper is able to get these from XML. (LP: #431090) -- Jamie Strandboge Thu, 17 Sep 2009 11:35:42 -0500 libvirt (0.7.0-1ubuntu5) karmic; urgency=low * debian/apparmor/usr.sbin.libvirtd: switch to enforcing by default. Please note that this was only in complain mode temporarily to work around kernel bugs in the 2.6.31-9 kernel. Confinement of virtual machines (controlled by /etc/apparmor.d/libvirt/TEMPLATE) was already in enforcing mode. (LP: #427338) * debian/README.Debian: update AppArmor section based on the upstream documentation -- Jamie Strandboge Thu, 10 Sep 2009 08:05:45 -0500 libvirt (0.7.0-1ubuntu4) karmic; urgency=low * debian/libvirt-bin.postinst: add each admin user to libvirtd, LP: #410226; note that this is only a partial fix, as admin users added after libvirt's install will need to be individually added to libvirtd; however, this should fix a huge number of single-admin-user-in-default-Ubuntu-system annoyances * debian/control: bump standards version -- Dustin Kirkland Tue, 08 Sep 2009 17:56:52 -0500 libvirt (0.7.0-1ubuntu3) karmic; urgency=low * debian/apparmor/libvirt-qemu: allow access to /dev/kqemu * debian/apparmor/usr.bin.virt-aa-helper: use @{PROC} instead of /proc -- Jamie Strandboge Wed, 26 Aug 2009 12:19:24 -0500 libvirt (0.7.0-1ubuntu2) karmic; urgency=low * Add AppArmor support (LP: #388422): - debian/patches/9090-reenable-nonfile-labels.patch: add back in virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor labels are not stored on disk - debian/patches/9091-apparmor.patch: add AppArmor security driver - debian/patches/9092-apparmor-autoreconf.patch: after installing libtool and the build dependencies, run autoreconf to pull in changes to Makefile.am and configure.in in 9091-apparmor.patch - debian/rules: use --with-apparmor and copy debian/apparmor/* to debian/tmp - debian/control: Build-Depends on libapparmor-dev and Suggests apparmor >= 2.3+1289-0ubuntu14 - add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will default to complain mode until LP: #401931 is sorted out - debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt, /etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain - debian/libvirt-bin.install: install profiles and abstractions - debian/libvirt-bin.preinst: newly added to force complain on certian upgrades - debian/libvirt-bin.postinst: (re)load profile - debian/libvirt-bin.postrm: remove force-complain profile on purge * 9006-increase-unix-socket-timeout.patch: increase timeout waiting for unix socket in src/qemu_driver.c, set to 30 seconds, which 10x longer than before, and matches the logoutput timeout adjustment in 9003-increase-logoutput-timeout.patch. This is needed with the new qemudOpenMonitorUnix() function introduced in 0.7.0. * add apport hook: - add debian/libvirt-bin.apport - debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks - debian/libvirt-bin.install: add source_libvirt-bin.py - debian/rules: install libvirt-bin.apport -- Jamie Strandboge Tue, 25 Aug 2009 11:51:42 -0500 libvirt (0.7.0-1ubuntu1) karmic; urgency=low * Merge from debian experimental, remaining changes: - debian/control: + Don't build-depend on QEmu. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. + We call libxen-dev libxen3-dev, so change all references. + Build-Depends on open-iscsi-utils instead of open-iscsi due to LP: #414986 - 9000-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - 9001-dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - 9002-better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - 9003-increase-logoutput-timeout.patch: increase timeout waiting for log output in src/qemu_driver.c, set to 30 seconds, which 10x longer than before, and matches the disk-wait in mdadm. (LP #344400) - 9004-better-default-arch.patch: If a domain does not specify its architecture, attempt to match the host. (LP #344913) - 9005-libvirtd-group-name.patch: Rename libvirt group to libvirtd. - rename the libvirt group to libvirtd in postinst/postrm * Dropped the following patches from debian/patches (they don't apply any more were not applied in 0.6.4-1ubuntu2): - dynamic_bridge_names.patch - event-loop-hang.diff - more-flexible-emulator-on-x86.patch - xen-events-handling-fix.diff -- Jamie Strandboge Thu, 13 Aug 2009 20:24:24 -0500 libvirt (0.7.0-1) experimental; urgency=low [ Laurent Léonard ] * [4fb1a38] Imported Upstream version 0.7.0 * [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer- QEMU.patch. Fixed upstream. * [9a8afd0] Redo patches. * [937ab63] Update symbols. * [b4bd1ea] Update section in doc-base control file. -- Guido Günther Sun, 09 Aug 2009 13:35:42 +0200 libvirt (0.6.5-3) unstable; urgency=low * [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316) * [ae20998] fix Debian Xen path patch to also cover the testsuite * [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer- QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with newer kvm. -- Guido Günther Wed, 29 Jul 2009 12:17:52 +0200 libvirt (0.6.5-2) unstable; urgency=low * [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673) -- Guido Günther Sun, 12 Jul 2009 15:03:08 +0200 libvirt (0.6.5-1) unstable; urgency=low [ Guido Günther ] * [05e9a39] build-depend on policykit so polkit auth works with virsh as well [ C.J. Adams-Collier ] * [a161c5f] allow to qemu to emulate arm [ Guido Günther ] * [b1e4c4b] Imported Upstream version 0.6.5 * [e764583] change private symbols to 0.6.5 * [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream. * [7ad7896] bump standards version * [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses private symbols -- Guido Günther Sun, 05 Jul 2009 13:07:53 +0200 libvirt (0.6.4-1ubuntu2) karmic; urgency=low * Also rename the libvirt group to libvirtd in postinst/postrm. (LP: #392696) -- Soren Hansen Fri, 26 Jun 2009 22:49:45 +0200 libvirt (0.6.4-1ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + Don't build-depend on QEmu. + Add "XS-Debian-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - 9000-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - 9001-dont_clobber_existing_bridges.patch Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - 9002-better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - 9003-increase-logoutput-timeout.patch: increase timeout waiting for log output in src/qemu_driver.c, set to 30 seconds, which 10x longer than before, and matches the disk-wait in mdadm. (LP #344400) - 9004-better-default-arch.patch: If a domain does not specify its architecture, attempt to match the host. (LP #344913) - 9005-libvirtd-group-name.patch: Rename libvirt group to libvirtd. - We call libxen-dev libxen3-dev, so change all references. -- Soren Hansen Mon, 22 Jun 2009 11:14:57 +0200 libvirt (0.6.4-1) unstable; urgency=low * [dd3adb2] Imported Upstream version 0.6.4 * [2320162] update symbols file * [89c9720] remove bashism (Closes: #530122) * [30d86c1] drop patches fixed upstream: 0005-don-t-crash-with-def-NULL.patch 0006-Fix-QEMU-ARGV-detection-with-kvm-85.patch 0007-Declare-support-for-QEMU-migration-in-capabilities.patch -- Guido Günther Thu, 04 Jun 2009 12:50:01 +0200 libvirt (0.6.3-4) unstable; urgency=low * [3607f2f] Install libvirt_lxc that got list somewhere between our testbuilds. (Closes: #529578) * [070ddd5] install augeas lense * [c9b034d] install schema files -- Guido Günther Wed, 20 May 2009 14:33:18 +0200 libvirt (0.6.3-3) unstable; urgency=low * [4087b7d] disable lxc on ia64 to work around FTBFS until we have access to a test machine * [df5f5a0] pull some kvm/qemu related patches from upstream (Closes: #529324) -- Guido Günther Tue, 19 May 2009 19:14:57 +0200 libvirt (0.6.3-2) unstable; urgency=low * [35898d3] fix crash when libvirt_lxc is called without arguments * [449ca60] enable lxc support (Closes: #526718) - thanks to Daniel Pittman for testing this * [335a4e6] update description with supported virtualization solutions * [92eba47] delay libvirt-bin start until after avahi * [8ebd17d] update startup priorities due to changed libvirt-bin startup priority. Also add an LSB header. (Closes: #526944) -- Guido Günther Thu, 07 May 2009 13:28:40 +0200 libvirt (0.6.3-1) unstable; urgency=low * [0cb2f83] Imported Upstream version 0.6.3 * virtual box support * [06fe518] 0001-remove-RHism.diff.patch: use invoke-rc.d * [ec2fd52] drop patches merged upstream: * 0003-allow-libvirt-group-to-access-the-socket.patch series * 0004-fix-Debian-specific-path-to-hvm-loader.patch * [6977bde] enable vbox support * [93c4423] add symbols file -- Guido Günther Sun, 03 May 2009 23:33:28 +0200 libvirt (0.6.2-2) unstable; urgency=low * [031b9c1] Don't hardcode buffer size for getgrnam_r. Works around #520744 and fixes possible problems with implementations having _SC_GETGR_R_SIZE_MAX != 1024. * [bbe7743] respect log priority for qemu domain logs (Closes: #524145) * [a2e4cb0] don't rely on log_end_msg returning 0 this isn't the case with splashy. (Closes: #523712) * [ddfafda] move debug package into section debug -- Guido Günther Thu, 16 Apr 2009 15:28:31 +0200 libvirt (0.6.2-1) unstable; urgency=low * [99fd06c] Imported Upstream version 0.6.2 (Closes: #521785) * [78cd5c8] drop /var/run/libvirt created by init script * [2a7cb3b] move startup of libvirtd after hal (Closes: #522310) * [b8707ed] bump standards version 0.8.1 (no changes necessary) -- Guido Günther Thu, 09 Apr 2009 22:48:57 +0200 libvirt (0.6.1-1) unstable; urgency=low * [3be7341] Imported Upstream version 0.6.1 * [38fde15] rediff Debian specific patches * [9b59a19] drop patches applied upstream: * 0004-Don-t-hardcode-ssh-port.patch * 0005-minimal-workaround-for-qemu-startup-race.patch * [95d4b7f] drop patches backported from upstream * 0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch * [8171d83] build-dep on module-init-tools so configure can figure out the path to modprobe -- Guido Günther Thu, 05 Mar 2009 13:58:41 +0100 libvirt (0.6.1-0ubuntu5) jaunty; urgency=low * Fix logic error when applying %d bridge name rewriting. (LP: #350780) -- Soren Hansen Thu, 16 Apr 2009 20:48:49 +0200 libvirt (0.6.1-0ubuntu4) jaunty; urgency=low [ Marc Deslauriers ] * 0008-increase-logoutput-timeout.patch: increase timeout waiting for log output in src/qemu_driver.c, set to 30 seconds, which 10x longer than before, and matches the disk-wait in mdadm, LP: #344400 -- Dustin Kirkland Fri, 27 Mar 2009 10:57:53 -0500 libvirt (0.6.1-0ubuntu3) jaunty; urgency=low * Fix "libvirt's defaults are slightly less than sane" (LP: #344913) - more-flexible-emulator-on-x86.patch (from upstream) - default-arch.patch -- Soren Hansen Thu, 19 Mar 2009 00:23:14 +0100 libvirt (0.6.1-0ubuntu2) jaunty; urgency=low * Add fix for event loop hang (LP: #344195) http://article.gmane.org/gmane.comp.emulators.libvirt/12437 * Add fix for Xen events handling. http://git.et.redhat.com/?p=libvirt.git;a=commit;h=124cfcbc2bcd1b71b51e720b9bfc7d8e69e8af89 -- Soren Hansen Fri, 13 Mar 2009 16:51:33 +0100 libvirt (0.6.1-0ubuntu1) jaunty; urgency=low * New upstream release. (FFe: LP: #339868) * Dropped 0004-Don-t-hardcode-ssh-port.patch: Included upstream. * Rewrote dynamic_bridge_names.patch to work with refactored upstream bridging code. -- Soren Hansen Mon, 09 Mar 2009 11:18:01 +0100 libvirt (0.6.0-1ubuntu3) jaunty; urgency=low * No change rebuild for python2.6. -- Matthias Klose Wed, 25 Feb 2009 12:17:13 +0000 libvirt (0.6.0-1ubuntu2) jaunty; urgency=low * Accidentally dropped our changes to 0003-allow-libvirt-group-to-access-the-socket.patch, causing the group as which libvirtd expected to run to be wrong. Change it back to "libvirtd" rather than "libvirt". (LP: #328093) -- Soren Hansen Wed, 11 Feb 2009 16:10:28 +0100 libvirt (0.6.0-1ubuntu1) jaunty; urgency=low * Merge with Debian experimental. Remaining changes: - debian/control: + Don't build-depend on QEmu. + Add "XS-Debian-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - Rename libvirt group to libvirtd. - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - We call libxen-dev libxen3-dev, so change all references. - Included (but did not enable) opennebula patch (since it's not in main yet). -- Soren Hansen Wed, 11 Feb 2009 01:01:42 +0100 libvirt (0.6.0-1) experimental; urgency=low * [30be86d] Imported Upstream version 0.6.0 * [179781c] drop patches * fixed upstream: 0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch * applied upstream: 0004-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch 0005-qemu-fix-parallel-serial-mode-tcp-and-unix.patch 0007-don-t-fail-on-missing-locales.patch * [d80a176] adjust remaining patches to new upstream version * [208c924] add minimal workaround for qemu startup race * [6e8caa0] restart libvirt daemon on upgrades if possible (Closes: #492694, #499008) -- Guido Günther Thu, 05 Feb 2009 18:40:10 +0100 libvirt (0.5.1-7) unstable; urgency=low * [1238706] Recommend dnsmasq-base instead of dnsmasq this keeps us out of all the dnsmasq already running troubles. (Closes: #516443) - thanks to Bin Zhang for the suggestion and the doc update * [5c9dfd7] don't rotate empty logfiles (Closes: #517040) * [1c9a023] libvirt_proxy: Fix use of uninitalized memory We currently don't build this code (CVE-2009-0036). * [4ea1ea9] fix path to hvmloader (Closes: #517059) * [879b632] suggest devhelp * [f22f1ef] add ${misc:Depends} * [c6f579e] README.Debian: fix typo -- Guido Günther Thu, 26 Feb 2009 14:45:32 +0100 libvirt (0.5.1-6) unstable; urgency=low * upload to unstable -- Guido Günther Mon, 16 Feb 2009 21:27:21 +0100 libvirt (0.5.1-5) experimental; urgency=low * [d4a69d1] don't fail on missing locales (Closes: #512721) * [cecac4c] don't hardcode ssh port - based on a patch by Adrian Bridgett. (Closes: #513605) * [4565a65] drop superflous headers and footers from remaining patches -- Guido Günther Fri, 30 Jan 2009 23:06:29 +0100 libvirt (0.5.1-4ubuntu1) jaunty; urgency=low * Merge with Debian experimental. - debian/control: + Don't build-depend on QEmu. + Add "XS-Debian-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - Rename libvirt group to libvirtd. - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - We call libxen-dev libxen3-dev, so change all references. * Included (but did not enable) opennebula patch (since it's not in the archive yet). -- Soren Hansen Thu, 08 Jan 2009 23:01:16 +0100 libvirt (0.5.1-4) experimental; urgency=low * [2fd5224] apply upstream patch for CVE-2008-5086 (Closes: #509106) -- Guido Günther Thu, 18 Dec 2008 16:12:00 +0100 libvirt (0.5.1-3) experimental; urgency=low * [d30438c] create libvirt log directory (Closes: #508129) * [417a23c] qemu: fix parallel/serial mode "tcp" and "unix" (Closes: #507608) -- Guido Günther Thu, 11 Dec 2008 12:38:01 +0100 libvirt (0.5.1-2) experimental; urgency=low * [4cd547b] create /var/run/libvirt (Closes: #507578) * [fe96870] merge back master * [d46313f] drop patches for issues fixed upstream - 0007-also-look-for-usr-bin-kvm.patch - 0008-Increase-initial-qemu-monitor-read-timeout.patch - 0009-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch - 0010-raise-error-on-invalid-volume-format.patch -- Guido Günther Sat, 06 Dec 2008 10:37:12 +0100 libvirt (0.5.1-1) experimental; urgency=low * [d76b3a1] Imported Upstream version 0.5.1 (Closes: #507677, #507547) * [2e550ae] enable hal for device enumeration * [0d9116a] rotate qemu monitor logs (Closes: #507553) - thanks to Harald Staub * [5f85e66] depend on logrotate * [6e955a3] open qemu monitor O_APPEND instead of O_TRUNC for logrotate * [7dbea84] drop 0004-xen-prefer-xenstoraged-driver-for- listDomains.patch - applied upstream -- Guido Günther Fri, 05 Dec 2008 09:36:54 +0100 libvirt (0.5.0-1) experimental; urgency=low * [717ef21] Imported Upstream version 0.5.0 * [b7a1fbd] enable OpenVZ support (Closes: #504597) - thanks to Pierre Chifflier for the patch * [ee3590a] drop patches, fixed upstream: * 0004-support-virtio-and-scsi-disks-in-qemudDomainBlockSta.patch * 0005-fix-define-vs.-defined-typos.patch * [f4f601f] bump shlibs to 0.5.0 -- Guido Günther Fri, 28 Nov 2008 16:40:38 +0100 libvirt (0.4.6-10) unstable; urgency=low * [5878698] cherry-pick patch for CVE-2008-5086 from experimental -- Guido Günther Thu, 18 Dec 2008 16:59:45 +0100 libvirt (0.4.6-9) unstable; urgency=low * [d30438c] create libvirt log directory (Closes: #508129) -- Guido Günther Mon, 08 Dec 2008 10:12:28 +0100 libvirt (0.4.6-8) unstable; urgency=low * [e771da9] drop superflous 0011-Fix-segfault-on-missing-volume- format.patch - not needed. -- Guido Günther Fri, 05 Dec 2008 10:17:01 +0100 libvirt (0.4.6-7) unstable; urgency=low * [ea12bd9] create /var/run/libvirt fixes /var/run on tmpfs (Closes: #507578) * [97e5706] also look for /usr/bin/kvm (Closes: #507547) * [311b4c1] increase initial qemu monitor read timeout (Closes: #499720) * [fbe4e00] open qemu monitor log O_APPEND instead of O_TRUNC * [f8ce017] raise error on invalid volume format * [40edcf8] rotate qemu monitor logs (Closes: #507553) - thanks to Harald Staub * [46ea43a] fix segfault on missing volume format (Closes: #507677) - thanks to Daniel Veillard * [ee377f3] bump shlibs version to 0.4.6 * [504d55d] depend on logrotate -- Guido Günther Thu, 04 Dec 2008 17:50:45 +0100 libvirt (0.4.6-6) unstable; urgency=low * [ff8e9ae] README.Debian: clarify xen configuration * [c07c68f] prefer xenstoraged driver for listDomains - avoids seeing "ghost domains" due to bugs in several versions of the xen HV -- Guido Günther Thu, 27 Nov 2008 18:06:48 +0100 libvirt (0.4.6-5ubuntu2) jaunty; urgency=low * SECURITY UPDATE: fix privilege escalation due to missing read only connection checks - debian/patches/0009-CVE-2008-5086.patch: update functions in src/libvirt.c to check against VIR_CONNECT_RO and return with operation denied error - CVE-2008-5086 -- Jamie Strandboge Tue, 16 Dec 2008 10:47:09 -0600 libvirt (0.4.6-5ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + Don't build-depend on QEmu. + Add "XS-Debian-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - Create /var/run/libvirt in libvirt-bin's init script. - Rename libvirt group to libvirtd. - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - We call libxen-dev libxen3-dev, so change all references. * Add qemu migration patch (from upstream git (adjusted for 0.4.6)). * Add dynamic_bridge_names.patch to again support dynamic bridge names. -- Soren Hansen Tue, 18 Nov 2008 18:04:40 +0100 libvirt (0.4.6-5) unstable; urgency=low * [411ada3] add more details about dnsmasq vs. libvirtd (Closes: #504605) * [2f8f07d] add default image dir virt-manager assumes they exist and they're used in the SELinux policies too. (Closes: #505577) * [9eb3a83] fix #define vs. #defined typos - affects non Linux architectures and fixes the build with gcc 4.4 (Closes: #505607) - thanks to Martin Michlmayr * [0e21634] fix uploader -- Guido Günther Fri, 14 Nov 2008 14:54:48 +0100 libvirt (0.4.6-4) unstable; urgency=low * upload to unstable * [50b27f5] add libvirt-suspendonreboot script (Closes: #501155) - thanks to Andreas Barth -- Guido Günther Sat, 01 Nov 2008 19:33:36 +0100 libvirt (0.4.6-3) experimental; urgency=low * [8fa5a3c] add a versioned recommends on qemu (Closes: #501692) * [d1539bc] recommend pkg-config * [f08bb18] explain libvirt group (Closes: #501824) -- Guido Günther Sun, 12 Oct 2008 20:27:25 +0200 libvirt (0.4.6-2) experimental; urgency=low * [2039095] tighten libvirt dependency * [06dbe8a] qemu/kvm: fix domain block stats for virtio and scsi devices -- Guido Günther Thu, 02 Oct 2008 22:03:05 +0200 libvirt (0.4.6-1) experimental; urgency=low * [e20d3d4] Imported Upstream version 0.4.6 * [0c840ab] disable numactl * [ca2c5cb] cleanup doc installation (Closes: #492075) * [714ab94] drop 0004-for-kvm-determine-maxVCPUs-at-runtime.patch - applied upstream * [e7563a8] drop 0005-fix-crash-when-no-emulator-is-defined-for-kvm- qemu.patch - fixed upstream -- Guido Guenther Thu, 25 Sep 2008 12:31:45 +0200 libvirt (0.4.5-2) experimental; urgency=low * [17647cd] libvirt-bin.default: add keytab default * [0ef01e7] fix runtime vcpu detection (0004-for-kvm-determine- maxVCPUs-at-runtime.patch) (Closes: #495950) * [b91e1eb] don't crash when no emulator is defined (0005-fix-crash- when-no-emulator-is-defined-for-kvm-qemu.patch) -- Guido Guenther Mon, 22 Sep 2008 20:11:04 +0200 libvirt (0.4.5-1) experimental; urgency=low * [ab8b4e6] Imported Upstream version 0.4.5 * [4aaef27] tighten dependency on libvirt * [fa253be] drop 0002-qemu-path.diff.patch - fixed upstream * [87fc2db] drop 0005-check-for-the-existence-of-the-migrate- command.patch applied upstream * [bc311aa] drop 0006-wrong-open-failure-detection.patch applied upstream * [38e615d] rebase the remaining patches * [9a04bb7] bump shlibs version to 0.4.5 * [9fadd6f] disable LXC * [179c869] build-dep on libselinux1-dev for selinux support -- Guido Guenther Thu, 18 Sep 2008 19:02:55 +0200 libvirt (0.4.4-3ubuntu3) intrepid; urgency=low * debian/patches/0008-lp287533.patch: allow 16 VCPUs when using kvm (LP: #287533) -- Jamie Strandboge Wed, 22 Oct 2008 10:13:12 -0500 libvirt (0.4.4-3ubuntu2) intrepid; urgency=low * Make QEmu a suggested package of libvirt0 rather than a recommended one. * Make kvm a recommended package of libvirt0. -- Soren Hansen Mon, 11 Aug 2008 16:18:03 +0200 libvirt (0.4.4-3ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + DebianMaintainerField + Don't build-depend on QEmu. + Add "XS-Original-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such. - Create /var/run/libvirt in libvirt-bin's init script. - Rename libvirt group to libvirtd. - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - We call libxen-dev libxen3-dev, so change all references. -- Soren Hansen Mon, 11 Aug 2008 15:36:54 +0200 libvirt (0.4.4-3) unstable; urgency=low * upload to unstable * [96c6727] add /var/cache/libvirt needed by qemuDriver for temporary storage * [794f95c] bump standards version to 3.8.0 * [05184af] add README.source -- Guido Guenther Wed, 23 Jul 2008 11:30:31 -0400 libvirt (0.4.4-2) experimental; urgency=low * [facb983] README.Debian explain "default" network startup * [395a510] add /var/lib/libvirt needed for the dnsmasq lease file * [9c588ac] promote bridge-utils & dnsmasq to Recommends: since they're needed for the default NAT network * [9ed2cd4] recommend iptables - needed for the default NAT network -- Guido Guenther Wed, 23 Jul 2008 00:23:58 -0400 libvirt (0.4.4-1) experimental; urgency=low * [0ff1e68] new upstream version * [2098f96] rebase patches for 0.4.4 * [abbd15e] enable with-storage-disk now that we have parted1.8 * [3942b25] start libvirtd by default -- Guido Guenther Fri, 27 Jun 2008 10:06:00 +0200 libvirt (0.4.4-0ubuntu1) intrepid; urgency=low * New upstream release - Drop nic-model, disk-bus, and ancient_parted.patch. They're all upstream now (in some form). - Add new libdevmapper-dev build-dependency. -- Soren Hansen Wed, 25 Jun 2008 18:51:21 +0200 libvirt (0.4.2-6ubuntu1) UNRELEASED; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + DebianMaintainerField + Don't build-depend on QEmu. + Add "XS-Original-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g - debian/libvirt-bin.default + Make libvirtd start by default - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store its state info. - Create /var/run/libvirt in libvirt-bin's init script. - Rename libvirt group to libvirtd. - Build iscsi and disk storage support. - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - nic-model.patch: Add support for NIC configuration. - disk-bus.patch: Add support for bus='foo' attributes for disk targets. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - ancient_parted.patch: Fix builds against libparted1.7 - We call libxen-dev libxen3-dev, so change all references. -- Soren Hansen Wed, 25 Jun 2008 16:40:46 +0200 libvirt (0.4.2-6) unstable; urgency=low * reenable open-iscsi support - thanks to to the open-iscsi maintainers for fixing this up * build a libvirt0-dbg package * register documentation with doc-base (Closes: #480294) - thanks to Tzafrir Cohen for the patch * control: fix typo * README.Debian: explain debugging -- Guido Guenther Thu, 15 May 2008 18:04:20 +0200 libvirt (0.4.2-5ubuntu2) intrepid; urgency=low * We call libxen-dev libxen3-dev. * Make libvirt-dev installable alongside libvirt0-dbg. -- Soren Hansen Fri, 02 May 2008 10:59:50 +0200 libvirt (0.4.2-5ubuntu1) intrepid; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + DebianMaintainerField + Don't build-depend on QEmu. + Add "XS-Original-" prefix to Debian's Vcs headers. + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin. + s/interract/interact/g - Add libvirt0-dbg package - debian/libvirt-bin.default + Make libvirtd start by default - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store its state info. - Create /var/run/libvirt in libvirt-bin's init script. - Install PolicyKit and sasl stuff in libvirt-bin. - Rename libvirt group to libvirtd. - Build iscsi and disk storage support. - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at least one interface has been added to it. - dont_clobber_existing_bridges.patch: Assign the name of the virtual bridge dynamically to avoid interfering with existing bridges. - nic-model.patch: Add support for NIC configuration. - disk-bus.patch: Add support for bus='foo' attributes for disk targets. - better_default_uri_virsh.patch: Default to qemu:///system if the user has write access to the libvirt socket, otherwise qemu:///session. - ancient_parted.patch: Fix builds against libparted1.7 -- Soren Hansen Fri, 02 May 2008 01:50:32 +0200 libvirt (0.4.2-5) unstable; urgency=low * no need to depend on python-all-dev we only build an extension for the current python version -- Guido Guenther Tue, 22 Apr 2008 11:26:13 +0200 libvirt (0.4.2-4) unstable; urgency=low * only build-dep on qemu on architectures that have it (Closes: #476290) * the packages containing the daemon should suggest polkit -- Guido Guenther Fri, 18 Apr 2008 10:41:38 +0200 libvirt (0.4.2-3) unstable; urgency=low * drop the {build-,}dependency on open-iscsi too * suggest policykit -- Guido Guenther Mon, 14 Apr 2008 15:27:20 +0200 libvirt (0.4.2-2) unstable; urgency=low * disable the iscsi storage backend until #423368 is fixed in unstable * disable polkit authentication by default so the libvirt stays accessible for members of the libvirt group -- Guido Guenther Mon, 14 Apr 2008 14:20:23 +0200 libvirt (0.4.2-1) unstable; urgency=low * drop no-mac.diff - applied upstream * no need to explicitly link against libpthread * always enable debugging * add Homepage URL * add Vcs-{Git,Browser} fields * symlink devhelp docs * enable policy kit -- Guido Guenther Fri, 11 Apr 2008 17:54:06 +0200 libvirt (0.4.1-1) experimental; urgency=low * new upstream version * Xen 3.2 fixes * storage pool support * partition based storage pools are disabled, since this needs parted 1.8 which is only in experimental * update patches for new upstream release * boot-dev-error.diff - applied upstream * qemu-parse-error.diff - applied upstream * qemu-path.diff - adjust to new hypervisor detection code * rediff the rest * new patches: * no-mac.diff: don't set mac address on tun device since it breaks kvm * bump shlibs version -- Guido Guenther Fri, 07 Mar 2008 10:17:21 +0100 libvirt (0.4.0-6) unstable; urgency=low * depend on libxen-dev (Closes:#467598) * allow members of the libvirt group to manage virtual machines -- Guido Guenther Sun, 02 Mar 2008 16:11:49 +0100 libvirt (0.4.0-5) unstable; urgency=low * thanks to the xen maintainers Debian now has a working libxen-dev, so enable xen support in the default build (Closes: #453826) * recommend netcat-openbsd for unix domain socket support (Closes: #453627) * README.Debian: document necessary xend options * fix spelling of Python -- Guido Guenther Wed, 20 Feb 2008 11:14:22 +0100 libvirt (0.4.0-4) unstable; urgency=low * don't segfault on broken boot device configuration (Closes: #463686) * don't segfault due to missing errorhandling in the XML parsing code -- Guido Guenther Tue, 05 Feb 2008 13:12:54 +0100 libvirt (0.4.0-3) unstable; urgency=low * add and remove the libvirt group for the socket * be a bit more verbose on libvirtd reload * depend on adduser since we add the libvirt user * don't restart libvirtd on upgrades since it kills running qemus * enable debugging via DEB_BUILD_OPTS -- Guido Guenther Sun, 03 Feb 2008 14:21:46 +0100 libvirt (0.4.0-2ubuntu8) hardy; urgency=low * disk-bus.patch: - Add bus attribute to disk/target tags. Allows you to create virtio disks. (LP: #213991) * nic-model.patch: - Add support to network interfaces. (LP: #213991) * graceful_shutdown.patch: - Rather than pulling the power from virtual machines, send an ACPI power button event and let the OS handle it. * better_default_uri_virsh.patch: - Updated patch: Output connection URI to stderr instead of stdout to avoid breaking scripts that use virsh. -- Soren Hansen Wed, 16 Apr 2008 10:35:03 +0200 libvirt (0.4.0-2ubuntu7) hardy; urgency=low * better_default_uri_virsh.patch: - Make virsh connect to qemu:///system by default if the user has write access to /var/run/libvirt/libvirt-sock and qemu:///session if not. -- Soren Hansen Tue, 01 Apr 2008 10:32:59 +0200 libvirt (0.4.0-2ubuntu6) hardy; urgency=low * *Actually* apply our patches to the -dbg version. -- Soren Hansen Tue, 11 Mar 2008 14:49:03 +0100 libvirt (0.4.0-2ubuntu5) hardy; urgency=low * Create /var/lib/libvirt in libvirt-bin. (LP: #191636) -- Soren Hansen Wed, 13 Feb 2008 22:17:33 +0100 libvirt (0.4.0-2ubuntu4) hardy; urgency=low * dont_clobber_existing_bridges.patch: - Change bridge name from virbr0 to virbr%d, to ensure we never clobber existing bridges. * Add iptables dependency -- Soren Hansen Wed, 13 Feb 2008 00:53:20 +0100 libvirt (0.4.0-2ubuntu3) hardy; urgency=low * Build against libxen3-dev instead of libxen3.2-dev. * libvirt-bin: + Replace "Suggests: dnsmasq" with "Depends: dnsmasq-base". + Add dependency on netcat-openbsd (to enable qemu+ssh:// style remote management) -- Soren Hansen Fri, 08 Feb 2008 17:24:48 +0100 libvirt (0.4.0-2ubuntu2) hardy; urgency=low * Build against libxen-3.2 instead of 3.1. * Bump bridge-utils from Suggests: to Depends:. -- Soren Hansen Tue, 05 Feb 2008 10:34:31 +0100 libvirt (0.4.0-2ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - DebianMaintainerField. - Add libxen3.1-dev to enable Xen management. - Add libpolkit-dbus-dev to enable polkit integration. - Build libvirt0-dbg flavour. - Start libvirtd by default. - Install polkit policy. - Install sasl config. - Install sample qemu and libvirtd config. - Create libvirtd group in postinst. - libvirt-remote-ssh.patch: Fix foo+ssh:// urls. - delayed_iff_up_bridge.patch: Don't try to IFF_UP the bridge interface until an interface gets added to it. * Create /var/run if it doesn't exist (LP: #178106). -- Soren Hansen Wed, 30 Jan 2008 16:43:11 +0100 libvirt (0.4.0-2) unstable; urgency=low * libvirt-bin.init: fix the reload target * add configuration examples -- Guido Guenther Sat, 15 Dec 2007 18:59:11 +0100 libvirt (0.4.0-1) unstable; urgency=low * new upstream version * enable sasl support * leave policykit support disabled since it's not in unstable yet * bump shlibs version * remove CVS metadata * rediff patches * libvirtd-bin.init: libvirtd supports reload -- Guido Guenther Fri, 21 Dec 2007 16:49:13 +0100 libvirt (0.4.0-0ubuntu3) hardy; urgency=low * Clean up debian/rules (should reenable concurrent builds). * Don't restart libvirt on upgrades (if there's a good reason, we'll add it to postinst/prerm with checks for specific versions). -- Soren Hansen Fri, 18 Jan 2008 19:07:19 +0100 libvirt (0.4.0-0ubuntu2) hardy; urgency=low * IFF_UP'ing a bridge interface doesn't work until the first interface has been added to it. * Fix remote ssh connections. -- Soren Hansen Tue, 15 Jan 2008 10:53:25 +0100 libvirt (0.4.0-0ubuntu1) hardy; urgency=low * New upstream release. * Don't change the default URI. It appears that too many applications still depend on this broken behaviour. * Change maintainer to ubuntu-core-dev. -- Soren Hansen Fri, 21 Dec 2007 11:24:02 +0100 libvirt (0.3.3-6ubuntu1) hardy; urgency=low * Merge from debian unstable, remaining changes: - Add libvirt0-dbg package. - Start libvirtd by default. - Create libvirtd group, and have libvirtd's sockets have group ownership "libvirtd". - Add libxen as a build-dependency to enable libvirt's Xen features. -- Soren Hansen Thu, 20 Dec 2007 11:28:00 +0100 libvirt (0.3.3-6) unstable; urgency=low * don't include precompiled examples in the doc package (Closes: #456825) * remove RHism from manpage (Closes: #455859) * bump standards version -- Guido Guenther Wed, 19 Dec 2007 13:45:58 +0100 libvirt (0.3.3-5.xen0) unstable; urgency=low * rebuild with xen support -- Guido Guenther Tue, 08 Jan 2008 11:00:24 +0100 libvirt (0.3.3-5) unstable; urgency=low * make libs match overrides * move to team maintenance * suggest dnsmasq and bridge-utils for qemu networking * remove stale PID files -- Guido Guenther Thu, 13 Dec 2007 21:34:16 +0100 libvirt (0.3.3-4.xen0) unstable; urgency=low * UNRELEASED * build with xen support * debian/control: we also support xen -- Guido Guenther Thu, 06 Dec 2007 15:43:03 +0100 libvirt (0.3.3-4ubuntu5) hardy; urgency=low * Made default_uri a configurable. -- Soren Hansen Wed, 19 Dec 2007 00:56:31 +0100 libvirt (0.3.3-4ubuntu4) hardy; urgency=low * Add "Provides: libvirt0" to libvirt0-dbg. * Make virsh understand that the default URI is not xen:///. -- Soren Hansen Wed, 19 Dec 2007 00:13:10 +0100 libvirt (0.3.3-4ubuntu3) hardy; urgency=low * Change default URI to qemu:///session * Add libvirt0-dbg package, which is just like libvirt0, but built with --enable-debug=yes. -- Soren Hansen Thu, 13 Dec 2007 21:37:39 +0100 libvirt (0.3.3-4ubuntu2) hardy; urgency=low * Start libvirtd by default. * Create libvirtd group, and have libvirtd's sockets have group ownership "libvirtd". -- Soren Hansen Thu, 13 Dec 2007 15:08:29 +0100 libvirt (0.3.3-4ubuntu1) hardy; urgency=low * Fakesync with Debian. * Reenable Xen. -- Soren Hansen Thu, 06 Dec 2007 13:33:13 +0100 libvirt (0.3.3-4) unstable; urgency=low * put packages into the proper sections * fix messed up Standards-Version (Closes: #453900) -- Guido Guenther Sun, 02 Dec 2007 14:50:11 +0100 libvirt (0.3.3-3.xen0) unstable; urgency=low * build with xen support - depend on our hacked up xen-utils for that -- Guido Guenther Sat, 01 Dec 2007 16:27:32 +0000 libvirt (0.3.3-3) unstable; urgency=low * add initscript to start libvirtd -- Guido Guenther Wed, 28 Nov 2007 10:30:29 +0100 libvirt (0.3.3-2) unstable; urgency=low * debian/copyright: * update FSF address * update upstream author and copyright information * install the virsh manpage * use binary:Version instead of Source-Version -- Guido Guenther Fri, 23 Nov 2007 22:31:26 +0100 libvirt (0.3.3-1) unstable; urgency=low * repackage for Debian (Closes: #384300) * enable avahi * build with qemu/kvm support * disable xen support until #402249 is fixed * disable qemu autonetwork for now, causes libvirtd to seqfault * fix path to kvm * switch off DH_VERBOSE * thanks to the Ubuntu maintainers for their work! -- Guido Guenther Fri, 23 Nov 2007 01:58:56 +0100 libvirt (0.3.3-0ubuntu1) hardy; urgency=low * New upstream release. * Update maintainer. -- Soren Hansen Wed, 14 Nov 2007 23:09:33 +0100 libvirt (0.3.0-0ubuntu2) gutsy; urgency=low * Add lingnutls-dev Build-Dep. -- Fabio M. Di Nitto Mon, 16 Jul 2007 12:10:41 +0200 libvirt (0.3.0-0ubuntu1) gutsy; urgency=low * Import new upstram release that can actually build on xen-3.1. -- Fabio M. Di Nitto Mon, 16 Jul 2007 10:23:04 +0200 libvirt (0.2.2-0ubuntu1) gutsy; urgency=low * Depends on libxen3.1-dev. -- Chuck Short Fri, 13 Jul 2007 11:04:00 -0400 libvirt (0.2.2-0ubuntu0) gutsy; urgency=low * New upstream version. * Updated libvirt-bin.install, thanks to Marcelo Boveto Shima. -- Chuck Short Sun, 24 Jun 2007 09:54:54 -0400 libvirt (0.1.8-0ubuntu2) feisty; urgency=low * Rebuild for python2.5 as the default python version. -- Matthias Klose Fri, 12 Jan 2007 13:21:55 +0000 libvirt (0.1.8-0ubuntu1) feisty; urgency=low * Initial release -- Andrew Mitchell Mon, 23 Oct 2006 20:00:28 +1300 debian/libvirt-bin.NEWS0000664000000000000000000000161713153725071012120 0ustar libvirt (0.8.3-2) unstable; urgency=low Disk format probing is disabled now by default for security reasons (CVE-2010-2237). You need to explicitly add a driver type element to your disk devices in the domain XML: ... Alternatively you can re-enable probing by setting allow_disk_format_probing=1 in /etc/libvirt/qemu.conf but this is insecure. -- Guido Günther Wed, 29 Sep 2010 13:10:02 +0200 libvirt (0.8.1-2) unstable; urgency=low If you're using a script such as /etc/qemu-ifup to set up QEMU network interfaces, have a look at README.Debian about the new config option clear_emulator_capabilities in /etc/libvirt/qemu.conf. When using NAT via libvirt's default network you don't have to change anything. -- Guido Günther Mon, 12 Jul 2010 19:58:35 +0200 debian/libvirt-doc.links0000664000000000000000000000010313153725071012446 0ustar usr/share/doc/libvirt-doc/devhelp/ /usr/share/gtk-doc/html/libvirt debian/libvirt-bin.apport0000664000000000000000000000111213153725071012637 0ustar '''apport package hook for libvirt source package (c) 2009-2011 Canonical Ltd. Author: Jamie Strandboge ''' from apport.hookutils import * from os import path import re def add_info(report): attach_conffiles(report, 'libvirt-bin') attach_related_packages(report, ['apparmor', 'libapparmor1', 'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit0']) # get apparmor stuff. attach_mac_events(report, ['/usr/lib/libvirt/virt-aa-helper', '/usr/sbin/libvirtd', 'libvirt-.*']) debian/README.Debian0000664000000000000000000002424213153725071011241 0ustar Xen === To manage xen domains with libvirt you have to set: (xend-unix-server yes) in /etc/xen/xend-config.sxp. For xend HTTP access (not recommended) you also have to set: (xend-http-server yes) # only allow access from localhost: (xend-address localhost) Note that *every* user on the system has access to xend then. Better use libvirtd to access xen with unprivileged users and add the users to the "libvirtd" group (see "Access Control" below). Debugging ========= Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.: LIBVIRT_DEBUG=1 export LIBVIRT_DEBUG virt-manager The default NAT network ======================= To ease network configuration libvirt defines a NATed network named "default". VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them via dnsmasq. This network is not automatically started. To start it use: virsh net-start default To make the default network start automatically use: virsh net-autostart default In order for things to work this way you need to have the recommended packages dnsmasq-base, bridge-utils and iptables installed. You don't need the package dnsmasq. However, if you install it, Debian's default dnsmasq needs to be adjusted slightly to interoperate with libvirtd: cat </etc/dnsmasq.d/00_libvirtd.conf # only bind to loopback by default interface=lo bind-interfaces EOF This makes dnsmasq only bind to the loopback interface by default so libvirtd can handle the virtual bridges. Access Control ============== Access to the libvirt socket is controlled by membership in the "libvirtd" group. If you want to manage VMs as non root you need to add a user to that group. QEMU/KVM: Dropping Capabilties ============================== Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up the network device. In order to make this work you need to set "clear_emulator_capabilities" to "0" in /etc/libvirt/qemu.conf since you need CAP_NET_ADMIN. This used to be the default prior to 0.8.1 in the Debian package. SSH connections to the server ============================= If you want to connect to the libvirt server via SSH, you need to install netcat-openbsd on the server and configure the nc alternative to use it. This is done automatically when netcat-openbsd is installed if you do not have previously modified the nc alternative. Please see the following bug reports for a complete explanation: -- Guido Günther Mon, 06 Feb 2011 17:28:35 +0200 AppArmor Profile ================ Libvirt now contains AppArmor integration when using KVM or QEMU using libvirt's sVirt infrastructure. Libvirtd can be configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualization in Ubuntu by providing user-space host protection as well as guest isolation. In the sVirt model, if a profile is loaded for the libvirtd daemon, then each qemu:///system QEMU virtual machine will have a profile created for it when the virtual machine is started if one does not already exist. This generated profile is based on a template file and uses a profile name based on the UUID of the QEMU virtual machine and contains rules allowing access to only the files it needs to run, such as its disks, pid file and log files. Just before the QEMU virtual machine is started, the libvirtd daemon will change into this unique profile, preventing the QEMU process from accessing any file resources that are present in another QEMU process or the host machine. The AppArmor sVirt implementation is flexible in that it allows a user to customize the template file in /etc/apparmor.d/libvirt/TEMPLATE for site-specific access for all newly created QEMU virtual machines. When a new profile is generated, two files are created: /etc/apparmor.d/libvirt/libvirt- /etc/apparmor.d/libvirt/libvirt-.files The former can be fine-tuned by the administrator to allow custom access for this particular QEMU virtual machine, and the latter will be updated appropriately when required file access changes, such as when a disk is added. This flexibility allows for situations such as having one virtual machine in complain mode with all others in enforce mode. Profiles for /usr/sbin/libvirtd, /usr/lib/libvirt/virt-aa-helper (a helper program which the libvirtd daemon uses instead of manipulating AppArmor directly), and /etc/apparmor.d/abstractions/libvirt-qemu are used to configure AppArmor confinement with sVirt. Administrators of libvirt in production environments are encouraged to review these files (especially 'libvirt-qemu') to ensure that only the access required is given to the virtual machines. If the sVirt security model is active, then the node capabilities XML will include its details. If a virtual machine is currently protected by the security model, then the guest XML will include its assigned profile name. If enabled at compile time, the sVirt security model will be activated if AppArmor is available on the host OS and a profile for the libvirtd daemon is loaded when libvirtd is started. To disable sVirt, and revert to the basic level of AppArmor protection (host protection only), the /etc/libvirt/qemu.conf file can be used to change the setting to security_driver="none". Users may also disable AppArmor integration through AppArmor itself by performing: $ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd $ sudo ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/usr.sbin.libvirtd If your system uses AppArmor, please note that the shipped profile works with the default installation, and changes in your configuration may require changes to the installed apparmor profile. Before filing a bug against this software, please see https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this software. qemu:///system -------------- Adding users to the libvirtd group effectively grants them root access. In Ubuntu, users in the sudo group (who already have 'sudo' access) are added to this group automatically. Virtual machines started from qemu:///system may run with or without root privileges. As discussed above, in Ubuntu Qemu/KVM virtual machines are fully isolated and confined by the AppArmor security driver. Users can adjust this /etc/libvirt/qemu.conf so that virtual machines started under qemu:///system run as a non-privileged user (new in libvirt 0.7). The 'libvirt-qemu' user and 'kvm' group are configured for this purpose. In Ubuntu, libvirt runs virtual machines with non-root privileges as well as fully confined by AppArmor. While the current non-root implementation does reduce the privileges of virtual machines running under qemu:///system, continuing to use a MAC system such as AppArmor is important because without the MAC system all VMs will still run under the same user and there is no guest isolation. Additionally, if each VM ran under its own user, an attacker could potentially break out of the VM and have unconfined user access to the host machine. Disk migration ============== Libvirt versions earlier that 0.8.3 would probe a qemu disk to determine its format and did not require that the format be declared in the XML. Newer versions of libvirt will default to the 'raw' format when the format is not specified in the XML. As a result, non-raw disks without unspecified disk format will no longer be available in virtual machines. libvirt-migrate-qemu-disks is provided to aid in transitioning virtual machine definitions to the new required format. In essence, it will check all domains for affected virtual machines, probe the affected disks and update the domain definition accordingly. For example, a domain with:
will be updated to have:
This command will be run automatically on upgrade to 0.8.3-1ubuntu1. See 'man 1 libvirt-migrate-qemu-disks' for details. -- Jamie Strandboge Thu, 12 Aug 2010 15:03:07 -0500 QEMU/kvm Machine Type migration =============================== QEMU/kvm is a full virtualization implementation supported by libvirt. As new QEMU versions are released, the pc machine type for that release is frozen and encoded with the QEMU version. For instance, the pc-0.10 machine type should never change, and always have the same features as the pc machine type did in QEMU version 0.10. In QEMU 1.0, the pc-0.12 machine type has become particularly buggy. To help users to automatically convert VMs which are using a bad machine type, but which do not specifically need to be, the libvirt-migrate-qemu-machinetype program has been provided. This command will not be automatically run, because some VMs may in fact depend on the pc-0.12 machine type. However, whenever a VM with a known troublesome machine type is defined or started, a message will be printed to the libvirt log. Users can update the VM definition by hand, or use the libvirt-migrate-qemu-machinetype program to do it for them. -- Serge Hallyn Tue, 22 May 2012 17:34:00 +0000 QEMU/kvm pc-1.0 Machine Type migration =============================== In 14.04 Ubuntu switched from the qemu-kvm source tree to the qemu source tree. The pc-1.0 machine type in the two source trees differed. This made live migration of a pc-1.0 machine type guest from a 12.04 host to a 14.04 host fail. Fixing this transparently is impossible at this point as it would break migration from pc-1.0 machine type VMs started in 14.04. To work around this, a flag in /etc/libvirt/qemu.conf, "allow_incoming_qemu_kvm", can be set to 1 to tell libvirt to use the new pc-1.0-precise machine type. This matches what was called pc-1.0 on 12.04 hosts. Leave this option 0 (or undefined) to accept migration of a pc-1.0 VM coming from a 14.04 host. -- Serge Hallyn Mon, 06 Oct 2014 17:11:54 -0500 debian/libvirt-migrate-xend-managed-domains.10000664000000000000000000000255013153725071016337 0ustar .TH LIBVIRT-MIGRATE-XEND-MANAGED-DOMAINS: "1" "" "April 2014" "April 2014" .SH NAME libvirt\-migrate\-xend\-managed\-domains \- program for migrating xend managed domains .PP .SH DESCRIPTION Xend, which was used together with the (deprecated) xm toolstack allowed to define managed domains. Those were kept in a separate place and could get automatically started on boot (as well as automatically suspended to disk on shutdown). However the new xl toolstack has no such support. This script is intended to convert machine definitions in the xen-sxpr format over to xml definitions in libvirt. Only machines which (their name) does not already exist in for the libxl driver are converted. .SH USAGE .TP libvirt\-migrate\-xend\-managed\-domains .SH FILES .TP /var/lib/libvirt/xend\-migration\-done .PP Migration will not be done again as long as that file exists (the content does not matter). .TP /var/lib/xend/domains .PP That directory contains the original xend definitions. Each guest in a subdirectory named after its uuid. The uuid subdirectories can and should be deleted when the migration was successful. .SH BUGS .PP Convertion can only be done when running as dom0, using the xl toolstack. .SH SEE ALSO .PP \fBvirsh\fR(1) .SH AUTHOR .PP libvirt\-migrate\-xend\-managed\-domains is Copyright 2014, Canonical Ltd. .PP by Stefan Bader . debian/libvirt-bin.upstart0000664000000000000000000000562013154235025013040 0ustar description "libvirt daemon" author "Dustin Kirkland " start on runlevel [2345] stop on starting rc RUNLEVEL=[016] expect daemon respawn # daemonize env libvirtd_opts="-d" # whether libvirtd should run at boot/shutdown env start_libvirtd="yes" # by default wait 30 seconds for vms to shut down env libvirtd_shutdown_timeout=30 # uris for which to shut down vms env libvirt_uris='qemu:///system lxc:///' pre-start script [ -r /etc/default/libvirt-bin ] && . /etc/default/libvirt-bin [ ! "x$start_libvirtd" = "xyes" ] && { stop; exit 0; } mkdir -p /var/run/libvirt # Clean up a pidfile that might be left around rm -f /var/run/libvirtd.pid end script post-start script unix_sock_dir="/var/run/libvirt" eval "$(grep '^unix_sock_dir' /etc/libvirt/libvirtd.conf | tr -d ' ')" sockfile=${unix_sock_dir}/libvirt-sock count=0 while [ ! -S ${sockfile} ] ; do # report to wait after 4 seconds (uncommon) and then every 60 seconds if [ "$((count % 60))" = "3" ]; then echo "waiting for ${sockfile}" fi if initctl status libvirt-bin | grep -qE "(stop|respawn)/"; then echo "service requested to stop, exit post start socket check" exit 1 fi count=$((count+1)) sleep 1 done echo "$sockfile ready." end script pre-stop script [ -r /etc/default/libvirt-bin ] && . /etc/default/libvirt-bin log_msg() { logf="/var/log/libvirt/shutdownlog.log" logger -p daemon.debug -s -t libvirt -- "$@" >> $logf 2>&1 } run_virsh() { # We parse the output for things like domain state; # make sure the output is in the language we expect. LANG=C virsh "$@" } if [ -z "$RUNLEVEL" ]; then exit 0 fi if [ "$RUNLEVEL" -ne 0 ] && [ "$RUNLEVEL" -ne 1 ] && [ "$RUNLEVEL" -ne 6 ]; then exit 0 fi log_msg "libvirt-bin: entering pre-stop at $(date)" for uri in $libvirt_uris; do for domain in $(run_virsh -c "$uri" list | awk '$3 == "running" {print $2}'); do log_msg "libvirt-bin: attempting clean shutdown of $domain at $(date)" run_virsh -c "$uri" shutdown "$domain" >/dev/null done done delay=$libvirtd_shutdown_timeout while [ $delay -gt 0 ]; do for uri in $libvirt_uris; do if ! run_virsh -c "$uri" list | awk '$3 == "running" {exit 1}'; then # VMs at this URI are still running. Wait, then # start at the beginning looking for running VMs. sleep 1 delay=$(($delay - 1)) continue 2 fi done break done for uri in $libvirt_uris; do for domain in $(run_virsh -c "$uri" list | awk '$3 == "running" {print $2}'); do log_msg "destroying $domain" run_virsh -c "$uri" destroy "$domain" >/dev/null done done log_msg "libvirt-bin: exiting pre-stop at $(date)" end script # /etc/default/libvirt-bin will be deprecated soon. # If you used to set $libvirtd_opts in /etc/default/libvirt-bin, # change the 'exec' line here instead. script [ -r /etc/default/libvirt-bin ] && . /etc/default/libvirt-bin exec /usr/sbin/libvirtd $libvirtd_opts end script debian/libvirt-suspendonreboot0000664000000000000000000000254713153725071014031 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: libvirt-suspendonreboot # Required-Start: libvirt-bin # Required-Stop: libvirt-bin $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: suspend/resmum vms on reboot ### END INIT INFO # (c) Andi Barth 2008 # Distributable under the terms of the GNU GPL version 2. # # copy to /etc/init.d/libvirt-suspendonreboot and use # update-rc.d libvirt-suspendonreboot defaults 29 71 # to enable PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin suspenddir=/var/lib/libvirt/autosuspend case "$1" in start) for domain in ${suspenddir}/*dump; do if [ -f $domain ]; then domain=$(basename $domain .dump) echo "resuming $domain ..." virsh restore ${suspenddir}/${domain}.dump && rm ${suspenddir}/${domain}.dump fi done ;; stop) for domain in /etc/libvirt/qemu/*xml; do domain=$(basename $domain .xml) state=$(virsh domstate $domain) if [ "$state" = "running" ]; then echo "suspending $domain ..." virsh save ${domain} ${suspenddir}/${domain}.dump fi done ;; reload|force-reload|restart) # No action, nothing to reload ;; *) echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 exit 1 esac debian/libvirt-bin.default0000664000000000000000000000047713153725071012773 0ustar # Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) # This is a POSIX shell fragment # Start libvirtd to handle qemu/kvm: start_libvirtd="yes" # options passed to libvirtd, add "-l" to listen on tcp libvirtd_opts="-d" # pass in location of kerberos keytab #export KRB5_KTNAME=/etc/libvirt/libvirt.keytab debian/rules0000775000000000000000000001301013153725071010247 0ustar #!/usr/bin/make -f DEB_BUILD_PARALLEL = yes #export VIR_TEST_DEBUG=1 include /usr/share/cdbs/1/rules/autoreconf.mk include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk DEB_AUTO_UPDATE_AUTOCONF := 2.69 DEB_AUTO_UPDATE_AUTOHEADER := 2.69 ifneq (,$(findstring $(DEB_HOST_ARCH), i386 amd64)) DEB_MAKE_CHECK_TARGET = check WITH_XEN = --with-xen else WITH_XEN = --without-xen endif ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux)) WITH_STORAGE_LVM = --with-storage-lvm WITH_STORAGE_ISCSI = --with-storage-iscsi WITH_STORAGE_DISK = --with-storage-disk WITH_STORAGE_SHEEP = --with-storage-sheepdog WITH_UDEV = --with-udev --without-hal WITH_CAPNG = --with-capng WITH_POLKIT = --with-polkit WITH_MACVTAP = --with-macvtap WITH_NETWORK = --with-network WITH_QEMU = --with-qemu WITH_OPENVZ = --with-openvz WITH_NETCF = --with-netcf WITH_AUDIT = --with-audit WITH_CEPH = --with-storage-rbd ifneq (,$(findstring $(DEB_HOST_ARCH), amd64 i386 ia64 mips mipsel powerpc ppc64el)) WITH_NUMA = --with-numactl else WITH_NUMA = --without-numactl endif ifneq (,$(findstring $(DEB_HOST_ARCH), ia64)) WITH_LXC = --without-lxc else WITH_LXC = --with-lxc endif else WITH_STORAGE_LVM = --without-storage-lvm WITH_STORAGE_ISCSI = --without-storage-iscsi WITH_STORAGE_DISK = --without-storage-disk WITH_STORAGE_SHEEP = --without-storage-sheepdog WITH_UDEV = --without-udev --with-hal WITH_CAPNG = --without-capng WITH_POLKIT = --without-polkit WITH_MACVTAP = --without-macvtap WITH_NETWORK = --without-network WITH_QEMU = --without-qemu WITH_LXC = --without-lxc WITH_NUMA = --without-numactl WITH_NETCF = --without-netcf WITH_AUDIT = --without-audit endif DEB_BUILDDIR := $(CURDIR)/debian/build DEB_CONFIGURE_SCRIPT_ENV := COLLIE=/usr/sbin/collie DEB_CONFIGURE_EXTRA_FLAGS := \ --disable-rpath \ $(WITH_QEMU) \ --with-qemu-user=libvirt-qemu \ --with-qemu-group=kvm \ $(WITH_OPENVZ) \ --with-avahi \ --with-sasl \ --with-yajl \ $(WITH_POLKIT) \ $(WITH_UDEV) \ --with-storage-fs \ $(WITH_STORAGE_LVM) \ $(WITH_STORAGE_ISCSI) \ $(WITH_STORAGE_DISK) \ $(WITH_STORAGE_SHEEP) \ --with-init-script=none \ $(WITH_NUMA) \ --without-selinux \ --without-esx \ --without-libssh2 \ $(WITH_CAPNG) \ --enable-debug \ $(WITH_MACVTAP) \ $(WITH_NETWORK) \ $(WITH_NETCF) \ $(WITH_XEN) \ $(WITH_LXC) \ $(WITH_AUDIT) \ --with-apparmor \ --with-vbox DEB_COMPRESS_EXCLUDE = .o event-test hellolibvirt info1 suspend DEB_PYTHON_SETUP_CMD = /dev/null DEB_DH_MAKESHLIBS_ARGS_libvirt0 += -V 'libvirt0 (>= 0.5.0)' DEB_DH_INSTALLINIT_ARGS = --upstart-only LOGROTATE = $(basename $(basename $(notdir $(wildcard daemon/libvirtd*.logrotate.in)))) EXAMPLES_DIR = $(CURDIR)/debian/libvirt-doc/usr/share/doc/libvirt-doc/examples/ binary-install/libvirt-bin:: #cp $(CURDIR)/tools/libvirt-guests.init.sh $(CURDIR)/debian/libvirt-bin.libvirt-guests.init #cp $(CURDIR)/tools/libvirt-guests.sysconf $(CURDIR)/debian/libvirt-bin.libvirt-guests.default #dh_installinit --name=libvirt-guests --no-restart-on-upgrade -- defaults 29 71 rm debian/libvirt-bin/usr/lib/libvirt/connection-driver/*.la # Don't ship api files in the daemon package rm -r debian/libvirt-bin/usr/share/libvirt/api/ for l in $(LOGROTATE); do \ cp $(CURDIR)/debian/build/daemon/$$l.logrotate \ debian/libvirt-bin.$$l.logrotate; \ dh_installlogrotate --name=$$l; \ done build/libvirt-bin:: # Add empty dir so dh_install doesn't fail on kFreebsd until we have Polkit support mkdir -p debian/tmp/usr/share/polkit-1 build/libvirt-bin:: # Add empty dir so dh_install doesn't fail on kFreebsd until we have Polkit support mkdir -p debian/tmp/usr/share/polkit-1 mkdir -p debian/tmp/etc/apparmor.d/abstractions debian/tmp/etc/apparmor.d/libvirt mkdir -p debian/tmp/etc/apparmor.d/local cp -f debian/apparmor/libvirt-qemu debian/tmp/etc/apparmor.d/abstractions cp -f debian/apparmor/usr.lib.libvirt.virt-aa-helper debian/tmp/etc/apparmor.d cp -f debian/apparmor/usr.sbin.libvirtd debian/tmp/etc/apparmor.d cp -f debian/apparmor/local-usr.sbin.libvirtd debian/tmp/etc/apparmor.d/local/usr.sbin.libvirtd cp -f debian/apparmor/TEMPLATE debian/tmp/etc/apparmor.d/libvirt mkdir -p debian/tmp/usr/share/apport/package-hooks cp -f debian/libvirt-bin.apport debian/tmp/usr/share/apport/package-hooks/source_libvirt.py mkdir -p debian/tmp/usr/sbin cp -f debian/libvirt-migrate-qemu-disks debian/tmp/usr/sbin cp -f debian/libvirt-migrate-qemu-machinetype debian/tmp/usr/sbin cp -f debian/libvirt-migrate-xend-managed-domains debian/tmp/usr/sbin # copy dnsmasq configuration mkdir -p debian/tmp/etc/dnsmasq.d-available cp debian/libvirt-bin.dnsmasq debian/tmp/etc/dnsmasq.d-available/libvirt-bin binary-install/libvirt-doc:: find $(EXAMPLES_DIR) -name "*.o" -type f -delete -o -name .libs -type d -exec rm -rf {} \; rm -f $(EXAMPLES_DIR)domain-events/events-c/event-test rm -f $(EXAMPLES_DIR)dominfo/info1 rm -f $(EXAMPLES_DIR)domsuspend/suspend rm -f $(EXAMPLES_DIR)hellolibvirt/hellolibvirt clean:: #rm -f $(CURDIR)/debian/libvirt-bin.libvirt-guests.init #rm -f $(CURDIR)/debian/libvirt-bin.libvirt-guests.default rm -f $(CURDIR)/debian/libvirt-bin.*.logrotate rm -rf $(DEB_BUILDDIR) debian/compat0000664000000000000000000000000213153725071010372 0ustar 7 debian/libvirt-bin.cron.daily0000664000000000000000000000200513153725071013376 0ustar #!/bin/sh # # clean out AppArmor profiles for virtual machines that no longer exist # set -e PROFILES_DIR="/etc/apparmor.d/libvirt" AA_PROFILES="/sys/kernel/security/apparmor/profiles" uuids="" remove_if_unused() { uuid=`basename "$1" | sed 's/libvirt-//' | egrep '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'` || return # don't remove a profile for an existing VM echo "$uuids" | grep -q "$uuid" && return # don't remove a loaded profile if [ -e "$AA_PROFILES" ] && grep -q "$uuid" "$AA_PROFILES" ; then return fi find $PROFILES_DIR -name "libvirt-${uuid}*" -prune -type f -exec rm -f -- '{}' \; } # read in all existing uuids for i in /etc/libvirt/qemu/*.xml ; do if [ -r "$i" ]; then uuid=`grep '' "$i" | sed 's#.*\(.*\).*#\1#'` uuids="$uuids $uuid" fi done for i in "$PROFILES_DIR"/libvirt-* ; do if [ -r "$i" ]; then basename "$i" | egrep -q '\.' && continue remove_if_unused "$i" || true fi done debian/apparmor/0000775000000000000000000000000013153725071011015 5ustar debian/apparmor/usr.sbin.libvirtd0000664000000000000000000000365513153725071014332 0ustar # Last Modified: Mon Jul 6 17:23:58 2009 #include @{LIBVIRT}="libvirt" /usr/sbin/libvirtd { #include #include # Site-specific additions and overrides. See local/README for details. #include capability kill, capability net_admin, capability net_raw, capability setgid, capability sys_admin, capability sys_module, capability sys_ptrace, capability sys_nice, capability sys_chroot, capability setuid, capability dac_override, capability dac_read_search, capability fowner, capability chown, capability setpcap, capability mknod, capability fsetid, capability ipc_lock, capability audit_write, # Needed for vfio capability sys_resource, network inet stream, network inet dgram, network inet6 stream, network inet6 dgram, network packet dgram, dbus bus=system, signal, ptrace, # for now, use a very lenient profile since we want to first focus on # confining the guests / r, /** rwmkl, /bin/* PUx, /sbin/* PUx, /usr/bin/* PUx, /usr/sbin/* PUx, /lib/udev/scsi_id PUx, /usr/lib/xen-common/bin/xen-toolstack PUx, /usr/lib/xen-*/bin/pygrub PUx, /usr/lib/xen-*/bin/libxl-save-helper PUx, # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to # write and run an ebtables script. /var/lib/libvirt/virtd* ixr, # force the use of virt-aa-helper audit deny /sbin/apparmor_parser rwxl, audit deny /etc/apparmor.d/libvirt/** wxl, audit deny /sys/kernel/security/apparmor/features rwxl, audit deny /sys/kernel/security/apparmor/matching rwxl, audit deny /sys/kernel/security/apparmor/.* rwxl, /sys/kernel/security/apparmor/profiles r, /usr/lib/libvirt/* PUxr, /etc/libvirt/hooks/** rmix, /etc/xen/scripts/** rmix, # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, } debian/apparmor/local-usr.sbin.libvirtd0000664000000000000000000000017413153725071015413 0ustar # Site-specific additions and overrides for usr.sbin.libvirtd. # For more details, please see /etc/apparmor.d/local/README. debian/apparmor/TEMPLATE0000664000000000000000000000024413153725071012153 0ustar # # This profile is for the domain whose UUID matches this file. # #include profile LIBVIRT_TEMPLATE { #include } debian/apparmor/libvirt-qemu0000664000000000000000000001046513153725071013366 0ustar # Last Modified: Wed Jul 8 09:57:41 2009 #include #include #include # required for reading disk images capability dac_override, capability dac_read_search, capability chown, # needed to drop privileges capability setgid, capability setuid, # this is needed with libcap-ng support, however it breaks a lot of things # atm, so just silence the denial until libcap-ng works right. LP: #522845 deny capability setpcap, # for 9p capability fsetid, capability fowner, network inet stream, network inet6 stream, /dev/net/tun rw, /dev/tap* rw, /dev/kvm rw, /dev/ptmx rw, /dev/kqemu rw, @{PROC}/*/status r, owner @{PROC}/*/auxv r, @{PROC}/sys/vm/overcommit_memory r, # For hostdev access. The actual devices will be added dynamically /sys/bus/usb/devices/ r, /sys/devices/**/usb[0-9]*/** r, # WARNING: this gives the guest direct access to host hardware and specific # portions of shared memory. This is required for sound using ALSA with kvm, # but may constitute a security risk. If your environment does not require # the use of sound in your VMs, feel free to comment out or prepend 'deny' to # the rules for files in /dev. /{dev,run}/shm r, /{dev,run}/shmpulse-shm* r, /{dev,run}/shmpulse-shm* rwk, /dev/snd/* rw, capability ipc_lock, # spice /usr/bin/qemu-system-i386-spice rmix, /usr/bin/qemu-system-x86_64-spice rmix, /run/shm/ r, owner /run/shm/spice.* rw, # 'kill' is not required for sound and is a security risk. Do not enable # unless you absolutely need it. deny capability kill, # Uncomment the following if you need access to /dev/fb* #/dev/fb* rw, /etc/pulse/client.conf r, @{HOME}/.pulse-cookie rwk, owner /root/.pulse-cookie rwk, owner /root/.pulse/ rw, owner /root/.pulse/* rw, /usr/share/alsa/** r, owner /tmp/pulse-*/ rw, owner /tmp/pulse-*/* rw, /var/lib/dbus/machine-id r, # access to firmware's etc /usr/share/kvm/** r, /usr/share/qemu/** r, /usr/share/bochs/** r, /usr/share/openbios/** r, /usr/share/openhackware/** r, /usr/share/proll/** r, /usr/share/vgabios/** r, /usr/share/seabios/** r, /usr/share/misc/sgabios.bin r, /usr/share/ovmf/** r, /usr/share/slof/** r, # access PKI infrastructure /etc/pki/libvirt-vnc/** r, # the various binaries /usr/bin/kvm rmix, /usr/bin/qemu rmix, /usr/bin/qemu-system-aarch64 rmix, /usr/bin/qemu-system-arm rmix, /usr/bin/qemu-system-cris rmix, /usr/bin/qemu-system-i386 rmix, /usr/bin/qemu-system-m68k rmix, /usr/bin/qemu-system-mips rmix, /usr/bin/qemu-system-mips64 rmix, /usr/bin/qemu-system-mips64el rmix, /usr/bin/qemu-system-mipsel rmix, /usr/bin/qemu-system-ppc rmix, /usr/bin/qemu-system-ppc64 rmix, /usr/bin/qemu-system-ppcemb rmix, /usr/bin/qemu-system-sh4 rmix, /usr/bin/qemu-system-sh4eb rmix, /usr/bin/qemu-system-sparc rmix, /usr/bin/qemu-system-sparc64 rmix, /usr/bin/qemu-system-x86_64 rmix, /usr/bin/qemu-system-x86_64-spice rmix, /usr/bin/qemu-alpha rmix, /usr/bin/qemu-arm rmix, /usr/bin/qemu-armeb rmix, /usr/bin/qemu-cris rmix, /usr/bin/qemu-i386 rmix, /usr/bin/qemu-m68k rmix, /usr/bin/qemu-mips rmix, /usr/bin/qemu-mipsel rmix, /usr/bin/qemu-ppc rmix, /usr/bin/qemu-ppc64 rmix, /usr/bin/qemu-ppc64abi32 rmix, /usr/bin/qemu-sh4 rmix, /usr/bin/qemu-sh4eb rmix, /usr/bin/qemu-sparc rmix, /usr/bin/qemu-sparc64 rmix, /usr/bin/qemu-sparc32plus rmix, /usr/bin/qemu-sparc64 rmix, /usr/bin/qemu-x86_64 rmix, # for save and resume /bin/dash rmix, /bin/dd rmix, /bin/cat rmix, /etc/pki/CA/ r, /etc/pki/CA/* r, /etc/pki/libvirt/ r, /etc/pki/libvirt/** r, # for rbd /etc/ceph/ceph.conf r, # for access to hugepages owner "/run/hugepages/kvm/libvirt/qemu/**" rw, # for usb access /dev/bus/usb/ r, /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, signal (receive) peer=/usr/sbin/libvirtd, ptrace (tracedby) peer=/usr/sbin/libvirtd, # for ppc device-tree access @{PROC}/device-tree/ r, @{PROC}/device-tree/** r, /sys/firmware/devicetree/** r, # allow access to charm-specific ceph config (see lp#1403648) /var/lib/charm/ceph/ceph.conf r, # workaround LP: #1403648 by allowing read access to the directory. This will be removed in future releases /tmp/ r, /var/tmp/ r, debian/apparmor/usr.lib.libvirt.virt-aa-helper0000664000000000000000000000344513153725071016615 0ustar # Last Modified: Mon Jul 06 17:22:37 2009 #include /usr/lib/libvirt/virt-aa-helper { #include #include # needed for searching directories capability dac_override, capability dac_read_search, # needed for when disk is on a network filesystem network inet, deny @{PROC}/[0-9]*/mounts r, @{PROC}/[0-9]*/net/psched r, owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, # for hostdev /sys/devices/ r, /sys/devices/** r, /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, deny /dev/sd* r, deny /dev/dm-* r, deny /dev/mapper/ r, deny /dev/mapper/* r, /usr/lib/libvirt/virt-aa-helper mr, /sbin/apparmor_parser Ux, /etc/apparmor.d/libvirt/* r, /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, # For backingstore, virt-aa-helper needs to peek inside the disk image, so # allow access to non-hidden files in @{HOME} as well as storage pools, and # removable media and filesystems, and certain file extentions. A # virt-aa-helper failure when checking a disk for backinsgstore is non-fatal # (but obviously the backingstore won't be added). audit deny @{HOME}/.* mrwkl, audit deny @{HOME}/.*/ rw, audit deny @{HOME}/.*/** mrwkl, @{HOME}/ r, @{HOME}/** r, @{HOME}/.Private/** mrwlk, @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk, /var/lib/libvirt/images/ r, /var/lib/libvirt/images/** r, /var/lib/nova/images/** r, /var/lib/nova/instances/_base/** r, /var/lib/nova/instances/snapshots/** r, /var/lib/eucalyptus/instances/**/disk* r, /var/lib/eucalyptus/instances/**/loader* r, /var/lib/uvtool/libvirt/images/** r, /{media,mnt,opt,srv}/** r, /**.img r, /**.qcow{,2} r, /**.qed r, /**.vmdk r, /**.[iI][sS][oO] r, /**/disk{,.*} r, } debian/libvirt-bin.examples0000664000000000000000000000011113153725071013146 0ustar daemon/libvirtd.conf daemon/libvirtd.sasl debian/libvirt-suspendonreboot debian/pycompat0000664000000000000000000000000213153725071010743 0ustar 2 debian/libvirt-bin.postrm0000664000000000000000000000312113153725071012660 0ustar #!/bin/sh # postrm script for #PACKAGE# # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in purge) if getent group libvirtd >/dev/null; then delgroup libvirtd || true fi rm -rf /var/log/libvirt for f in usr.sbin.libvirtd usr.lib.libvirt.virt-aa-helper ; do rm -f /etc/apparmor.d/force-complain/$f >/dev/null 2>&1 || true rm -f /etc/apparmor.d/disable/$f >/dev/null 2>&1 || true done ;; remove) if [ -L /etc/dnsmasq.d/libvirt-bin ]; then echo "Removing libvirt-bin dnsmasq configuration" rm -f /etc/dnsmasq.d/libvirt-bin 2>/dev/null || true # Try to restart a potential system wide dnsmasq invoke-rc.d dnsmasq restart 2>/dev/null || true fi ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/gbp.conf0000664000000000000000000000003713153725071010613 0ustar [gbp-pq] patch-numbers = False debian/libvirt-bin.preinst0000664000000000000000000000071113153725071013022 0ustar #!/bin/sh set -e case "${1}" in upgrade) # If the default network autostart symlink existed, then note # that here so we can recreate it at postinst. EXISTED="/etc/libvirt/qemu/networks/autostart/TMP_defaultexisted" if [ -e /etc/libvirt/qemu/networks/autostart/default.xml ]; then touch "$EXISTED" fi ;; install|abort-upgrade) ;; *) echo "preinst called with unknown argument \`${1}'" >&2 exit 1 ;; esac #DEBHELPER# exit 0