Fix TPM2 passthrough (bz #1486240)
Fix spice GL qemu:///system rendernode permissions (bz #1460804) Fix on_reboot=destroy setting (bz #1476866) Fix disk images in /dev/shm (bz #1482146)
This commit is contained in:
parent
e5075407b1
commit
faf5df2081
@ -1,35 +0,0 @@
|
||||
From: Cole Robinson <crobinso@redhat.com>
|
||||
Date: Tue, 30 May 2017 18:35:04 -0400
|
||||
Subject: [PATCH] daemon: Don't run if in a Fedora live VM
|
||||
|
||||
Only start libvirtd if not in a VM OR if not in a Fedora live env,
|
||||
via systemd unit conditions. It checks Fedora live env by looking
|
||||
for the rd.live.image option on the kernel command line.
|
||||
|
||||
Roundabout way to prevent the 'default' network killing connectivity
|
||||
of the livecd running in a VM
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1146232
|
||||
|
||||
Not upstream, will likely need some kind of different permanent solution
|
||||
---
|
||||
daemon/libvirtd.service.in | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/daemon/libvirtd.service.in b/daemon/libvirtd.service.in
|
||||
index fbaf02f3b..86ee988fa 100644
|
||||
--- a/daemon/libvirtd.service.in
|
||||
+++ b/daemon/libvirtd.service.in
|
||||
@@ -16,6 +16,12 @@ After=local-fs.target
|
||||
After=remote-fs.target
|
||||
Documentation=man:libvirtd(8)
|
||||
Documentation=http://libvirt.org
|
||||
+# This says, start libvirtd if not in a VM OR if not in a Fedora live env
|
||||
+# Roundabout way to prevent the 'default' network killing connectivity
|
||||
+# of the livecd running in a VM
|
||||
+# https://bugzilla.redhat.com/show_bug.cgi?id=1146232
|
||||
+ConditionVirtualization=|0
|
||||
+ConditionKernelCommandLine=|!rd.live.image
|
||||
|
||||
[Service]
|
||||
Type=notify
|
@ -0,0 +1,34 @@
|
||||
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Date: Thu, 29 Jun 2017 14:01:11 -0400
|
||||
Subject: [PATCH] tpm: Use /dev/null for cancel path if none was found
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
TPM 2 does not implement sysfs files for cancellation of commands.
|
||||
We therefore use /dev/null for the cancel path passed to QEMU.
|
||||
|
||||
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
||||
Tested-by: Javier Martinez Canillas <javierm@redhat.com>
|
||||
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||||
(cherry picked from commit dfbb15b75433e520fb1b905c1c3e28753e53e4a5)
|
||||
---
|
||||
src/util/virtpm.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
|
||||
index 6d9b0657a..d5c10da38 100644
|
||||
--- a/src/util/virtpm.c
|
||||
+++ b/src/util/virtpm.c
|
||||
@@ -61,9 +61,7 @@ virTPMCreateCancelPath(const char *devpath)
|
||||
VIR_FREE(path);
|
||||
}
|
||||
if (!path)
|
||||
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
||||
- _("No usable sysfs TPM cancel file could be "
|
||||
- "found"));
|
||||
+ ignore_value(VIR_STRDUP(path, "/dev/null"));
|
||||
} else {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("TPM device path %s is invalid"), devpath);
|
108
0105-security-add-MANAGER_MOUNT_NAMESPACE-flag.patch
Normal file
108
0105-security-add-MANAGER_MOUNT_NAMESPACE-flag.patch
Normal file
@ -0,0 +1,108 @@
|
||||
From: Cole Robinson <crobinso@redhat.com>
|
||||
Date: Sun, 27 Aug 2017 11:23:47 -0400
|
||||
Subject: [PATCH] security: add MANAGER_MOUNT_NAMESPACE flag
|
||||
|
||||
The VIR_SECURITY_MANAGER_MOUNT_NAMESPACE flag informs the DAC driver
|
||||
if mount namespaces are in use for the VM. Will be used for future
|
||||
changes.
|
||||
|
||||
Wire it up in the qemu driver
|
||||
|
||||
(cherry picked from commit 321031e482425dfeae0f125cdac6df870f079efd)
|
||||
---
|
||||
src/qemu/qemu_driver.c | 2 ++
|
||||
src/security/security_dac.c | 10 ++++++++++
|
||||
src/security/security_dac.h | 3 +++
|
||||
src/security/security_manager.c | 4 +++-
|
||||
src/security/security_manager.h | 1 +
|
||||
5 files changed, 19 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
||||
index ce844bb04..555a1009b 100644
|
||||
--- a/src/qemu/qemu_driver.c
|
||||
+++ b/src/qemu/qemu_driver.c
|
||||
@@ -417,6 +417,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
|
||||
if (virQEMUDriverIsPrivileged(driver)) {
|
||||
if (cfg->dynamicOwnership)
|
||||
flags |= VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP;
|
||||
+ if (virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT))
|
||||
+ flags |= VIR_SECURITY_MANAGER_MOUNT_NAMESPACE;
|
||||
if (!(mgr = qemuSecurityNewDAC(QEMU_DRIVER_NAME,
|
||||
cfg->user,
|
||||
cfg->group,
|
||||
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
|
||||
index 922e48494..1f8d279bf 100644
|
||||
--- a/src/security/security_dac.c
|
||||
+++ b/src/security/security_dac.c
|
||||
@@ -57,6 +57,7 @@ struct _virSecurityDACData {
|
||||
gid_t *groups;
|
||||
int ngroups;
|
||||
bool dynamicOwnership;
|
||||
+ bool mountNamespace;
|
||||
char *baselabel;
|
||||
virSecurityManagerDACChownCallback chownCallback;
|
||||
};
|
||||
@@ -238,6 +239,15 @@ virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
|
||||
}
|
||||
|
||||
void
|
||||
+virSecurityDACSetMountNamespace(virSecurityManagerPtr mgr,
|
||||
+ bool mountNamespace)
|
||||
+{
|
||||
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
+ priv->mountNamespace = mountNamespace;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+void
|
||||
virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
|
||||
virSecurityManagerDACChownCallback chownCallback)
|
||||
{
|
||||
diff --git a/src/security/security_dac.h b/src/security/security_dac.h
|
||||
index 846cefbb5..97681c961 100644
|
||||
--- a/src/security/security_dac.h
|
||||
+++ b/src/security/security_dac.h
|
||||
@@ -32,6 +32,9 @@ int virSecurityDACSetUserAndGroup(virSecurityManagerPtr mgr,
|
||||
void virSecurityDACSetDynamicOwnership(virSecurityManagerPtr mgr,
|
||||
bool dynamic);
|
||||
|
||||
+void virSecurityDACSetMountNamespace(virSecurityManagerPtr mgr,
|
||||
+ bool mountNamespace);
|
||||
+
|
||||
void virSecurityDACSetChownCallback(virSecurityManagerPtr mgr,
|
||||
virSecurityManagerDACChownCallback chownCallback);
|
||||
|
||||
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
|
||||
index 6c777db1e..b2d04d4b9 100644
|
||||
--- a/src/security/security_manager.c
|
||||
+++ b/src/security/security_manager.c
|
||||
@@ -146,7 +146,8 @@ virSecurityManagerNewDAC(const char *virtDriver,
|
||||
virSecurityManagerPtr mgr;
|
||||
|
||||
virCheckFlags(VIR_SECURITY_MANAGER_NEW_MASK |
|
||||
- VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP, NULL);
|
||||
+ VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP |
|
||||
+ VIR_SECURITY_MANAGER_MOUNT_NAMESPACE, NULL);
|
||||
|
||||
mgr = virSecurityManagerNewDriver(&virSecurityDriverDAC,
|
||||
virtDriver,
|
||||
@@ -161,6 +162,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
|
||||
}
|
||||
|
||||
virSecurityDACSetDynamicOwnership(mgr, flags & VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP);
|
||||
+ virSecurityDACSetMountNamespace(mgr, flags & VIR_SECURITY_MANAGER_MOUNT_NAMESPACE);
|
||||
virSecurityDACSetChownCallback(mgr, chownCallback);
|
||||
|
||||
return mgr;
|
||||
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
|
||||
index 238e66cd0..96937a892 100644
|
||||
--- a/src/security/security_manager.h
|
||||
+++ b/src/security/security_manager.h
|
||||
@@ -36,6 +36,7 @@ typedef enum {
|
||||
VIR_SECURITY_MANAGER_REQUIRE_CONFINED = 1 << 2,
|
||||
VIR_SECURITY_MANAGER_PRIVILEGED = 1 << 3,
|
||||
VIR_SECURITY_MANAGER_DYNAMIC_OWNERSHIP = 1 << 4,
|
||||
+ VIR_SECURITY_MANAGER_MOUNT_NAMESPACE = 1 << 5,
|
||||
} virSecurityManagerNewFlags;
|
||||
|
||||
# define VIR_SECURITY_MANAGER_NEW_MASK \
|
101
0106-security-dac-relabel-spice-rendernode.patch
Normal file
101
0106-security-dac-relabel-spice-rendernode.patch
Normal file
@ -0,0 +1,101 @@
|
||||
From: Cole Robinson <crobinso@redhat.com>
|
||||
Date: Mon, 17 Jul 2017 08:57:57 -0400
|
||||
Subject: [PATCH] security: dac: relabel spice rendernode
|
||||
|
||||
For a logged in user this a path like /dev/dri/renderD128 will have
|
||||
default ownership root:video which won't work for the qemu:qemu user,
|
||||
so we need to chown it.
|
||||
|
||||
We only do this when mount namespaces are enabled in the qemu driver,
|
||||
so the chown'ing doesn't interfere with other users of the shared
|
||||
render node path
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1460804
|
||||
(cherry picked from commit 98931187eefdec6f2dea5cb82ab6d23a3ffa6634)
|
||||
---
|
||||
src/security/security_dac.c | 58 +++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 58 insertions(+)
|
||||
|
||||
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
|
||||
index 1f8d279bf..5f13bcee8 100644
|
||||
--- a/src/security/security_dac.c
|
||||
+++ b/src/security/security_dac.c
|
||||
@@ -1380,6 +1380,54 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerPtr mgr,
|
||||
|
||||
|
||||
static int
|
||||
+virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
|
||||
+ virDomainDefPtr def,
|
||||
+ virDomainGraphicsDefPtr gfx)
|
||||
+
|
||||
+{
|
||||
+ virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
|
||||
+ virSecurityLabelDefPtr seclabel;
|
||||
+ uid_t user;
|
||||
+ gid_t group;
|
||||
+
|
||||
+ /* Skip chowning the shared render file if namespaces are disabled */
|
||||
+ if (!priv->mountNamespace)
|
||||
+ return 0;
|
||||
+
|
||||
+ seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_DAC_NAME);
|
||||
+ if (seclabel && !seclabel->relabel)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
|
||||
+ gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES &&
|
||||
+ gfx->data.spice.rendernode) {
|
||||
+ if (virSecurityDACSetOwnership(priv, NULL,
|
||||
+ gfx->data.spice.rendernode,
|
||||
+ user, group) < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
+virSecurityDACRestoreGraphicsLabel(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
|
||||
+ virDomainDefPtr def ATTRIBUTE_UNUSED,
|
||||
+ virDomainGraphicsDefPtr gfx ATTRIBUTE_UNUSED)
|
||||
+
|
||||
+{
|
||||
+ /* The only graphics labelling we do is dependent on mountNamespaces,
|
||||
+ in which case 'restoring' the label doesn't actually accomplish
|
||||
+ anything, so there's nothing to do here */
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int
|
||||
virSecurityDACSetInputLabel(virSecurityManagerPtr mgr,
|
||||
virDomainDefPtr def,
|
||||
virDomainInputDefPtr input)
|
||||
@@ -1489,6 +1537,11 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
|
||||
rc = -1;
|
||||
}
|
||||
|
||||
+ for (i = 0; i < def->ngraphics; i++) {
|
||||
+ if (virSecurityDACRestoreGraphicsLabel(mgr, def, def->graphics[i]) < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
for (i = 0; i < def->ninputs; i++) {
|
||||
if (virSecurityDACRestoreInputLabel(mgr, def, def->inputs[i]) < 0)
|
||||
rc = -1;
|
||||
@@ -1602,6 +1655,11 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ for (i = 0; i < def->ngraphics; i++) {
|
||||
+ if (virSecurityDACSetGraphicsLabel(mgr, def, def->graphics[i]) < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
for (i = 0; i < def->ninputs; i++) {
|
||||
if (virSecurityDACSetInputLabel(mgr, def, def->inputs[i]) < 0)
|
||||
return -1;
|
63
0107-qemu-Honour-on_reboot.patch
Normal file
63
0107-qemu-Honour-on_reboot.patch
Normal file
@ -0,0 +1,63 @@
|
||||
From: Michal Privoznik <mprivozn@redhat.com>
|
||||
Date: Mon, 31 Jul 2017 16:55:58 +0200
|
||||
Subject: [PATCH] qemu: Honour <on_reboot/>
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1476866
|
||||
|
||||
For some reason, we completely ignore <on_reboot/> setting for
|
||||
domains. The implementation is simply not there. It never was.
|
||||
|
||||
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
||||
(cherry picked from commit 3ee9bdbe351c0b80d4c469571ef31df3f1b148ea)
|
||||
---
|
||||
src/qemu/qemu_process.c | 27 ++++++++++++++++++++++++---
|
||||
1 file changed, 24 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
|
||||
index 992a7174b..7588212ba 100644
|
||||
--- a/src/qemu/qemu_process.c
|
||||
+++ b/src/qemu/qemu_process.c
|
||||
@@ -487,6 +487,7 @@ qemuProcessHandleReset(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
|
||||
virObjectEventPtr event;
|
||||
qemuDomainObjPrivatePtr priv;
|
||||
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
||||
+ int ret = -1;
|
||||
|
||||
virObjectLock(vm);
|
||||
|
||||
@@ -498,12 +499,32 @@ qemuProcessHandleReset(qemuMonitorPtr mon ATTRIBUTE_UNUSED,
|
||||
if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0)
|
||||
VIR_WARN("Failed to save status on vm %s", vm->def->name);
|
||||
|
||||
- virObjectUnlock(vm);
|
||||
+ if (vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_DESTROY ||
|
||||
+ vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_PRESERVE) {
|
||||
|
||||
- qemuDomainEventQueue(driver, event);
|
||||
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (!virDomainObjIsActive(vm)) {
|
||||
+ VIR_DEBUG("Ignoring RESET event from inactive domain %s",
|
||||
+ vm->def->name);
|
||||
+ goto endjob;
|
||||
+ }
|
||||
+
|
||||
+ qemuProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED,
|
||||
+ QEMU_ASYNC_JOB_NONE, 0);
|
||||
+ virDomainAuditStop(vm, "destroyed");
|
||||
+ qemuDomainRemoveInactive(driver, vm);
|
||||
+ endjob:
|
||||
+ qemuDomainObjEndJob(driver, vm);
|
||||
+ }
|
||||
|
||||
+ ret = 0;
|
||||
+ cleanup:
|
||||
+ virObjectUnlock(vm);
|
||||
+ qemuDomainEventQueue(driver, event);
|
||||
virObjectUnref(cfg);
|
||||
- return 0;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
|
113
0108-qemuDomainBuildNamespace-Move-dev-mountpoints-later.patch
Normal file
113
0108-qemuDomainBuildNamespace-Move-dev-mountpoints-later.patch
Normal file
@ -0,0 +1,113 @@
|
||||
From: Michal Privoznik <mprivozn@redhat.com>
|
||||
Date: Thu, 27 Apr 2017 16:29:21 +0200
|
||||
Subject: [PATCH] qemuDomainBuildNamespace: Move /dev/* mountpoints later
|
||||
|
||||
When setting up mount namespace for a qemu domain the following
|
||||
steps are executed:
|
||||
|
||||
1) get list of mountpoints under /dev/
|
||||
2) move them to /var/run/libvirt/qemu/$domName.ext
|
||||
3) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev
|
||||
4) move the mountpoint of the new device tree to /dev
|
||||
5) restore original mountpoints from step 2)
|
||||
|
||||
Note the problem with this approach is that if some device in step
|
||||
3) requires access to a mountpoint from step 2) it will fail as
|
||||
the mountpoint is not there anymore. For instance consider the
|
||||
following domain disk configuration:
|
||||
|
||||
<disk type='file' device='disk'>
|
||||
<driver name='qemu' type='raw'/>
|
||||
<source file='/dev/shm/vhostmd0'/>
|
||||
<target dev='vdb' bus='virtio'/>
|
||||
<address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
|
||||
</disk>
|
||||
|
||||
In this case operation fails as we are unable to create vhostmd0
|
||||
in the new device tree because after step 2) there is no /dev/shm
|
||||
anymore. Leave aside fact that we shouldn't try to create devices
|
||||
living in other mountpoints. That's a separate bug that will be
|
||||
addressed later.
|
||||
|
||||
Currently, the order described above is rearranged to:
|
||||
|
||||
1) get list of mountpoints under /dev/
|
||||
2) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev
|
||||
3) move them to /var/run/libvirt/qemu/$domName.ext
|
||||
4) move the mountpoint of the new device tree to /dev
|
||||
5) restore original mountpoints from step 3)
|
||||
|
||||
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
||||
Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>
|
||||
(cherry picked from commit a7cc039dc796f541793955598377807af48341fb)
|
||||
(cherry picked from commit 469bf7cb7a44a0798c63e4b5e4682d8e38bce66e)
|
||||
---
|
||||
src/qemu/qemu_domain.c | 48 ++++++++++++++++++++++++------------------------
|
||||
1 file changed, 24 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
||||
index 4a127cedf..64f18f493 100644
|
||||
--- a/src/qemu/qemu_domain.c
|
||||
+++ b/src/qemu/qemu_domain.c
|
||||
@@ -7854,6 +7854,30 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
|
||||
if (qemuDomainSetupDev(cfg, mgr, vm, devPath) < 0)
|
||||
goto cleanup;
|
||||
|
||||
+ if (qemuDomainSetupAllDisks(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllHostdevs(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllMemories(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllChardevs(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupTPM(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllGraphics(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllInputs(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
+ if (qemuDomainSetupAllRNGs(cfg, vm, devPath) < 0)
|
||||
+ goto cleanup;
|
||||
+
|
||||
/* Save some mount points because we want to share them with the host */
|
||||
for (i = 0; i < ndevMountsPath; i++) {
|
||||
struct stat sb;
|
||||
@@ -7881,30 +7905,6 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
- if (qemuDomainSetupAllDisks(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllHostdevs(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllMemories(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllChardevs(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupTPM(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllGraphics(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllInputs(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
- if (qemuDomainSetupAllRNGs(cfg, vm, devPath) < 0)
|
||||
- goto cleanup;
|
||||
-
|
||||
if (virFileMoveMount(devPath, "/dev") < 0)
|
||||
goto cleanup;
|
||||
|
46
libvirt.spec
46
libvirt.spec
@ -240,7 +240,7 @@
|
||||
Summary: Library providing a simple virtualization API
|
||||
Name: libvirt
|
||||
Version: 3.2.1
|
||||
Release: 5%{?dist}%{?extra_release}
|
||||
Release: 6%{?dist}%{?extra_release}
|
||||
License: LGPLv2+
|
||||
Group: Development/Libraries
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
@ -255,24 +255,21 @@ Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.xz
|
||||
Patch0001: 0001-tests-Check-default-GIC-version-for-aarch64-virt-TCG.patch
|
||||
Patch0002: 0002-qemu-Use-GICv2-for-aarch64-virt-TCG-guests.patch
|
||||
Patch0003: 0003-gic-Remove-VIR_GIC_VERSION_DEFAULT.patch
|
||||
# Don't run libvirtd in live environment, to avoid network collision (bz
|
||||
# #1146232)
|
||||
Patch0004: 0004-daemon-Don-t-run-if-in-a-Fedora-live-VM.patch
|
||||
# Fix resuming qemu VMs suspended before libvirt 3.2.0
|
||||
Patch0005: 0005-Revert-qemu-propagate-bridge-MTU-into-qemu-host_mtu-.patch
|
||||
Patch0004: 0004-Revert-qemu-propagate-bridge-MTU-into-qemu-host_mtu-.patch
|
||||
# Fix issues with AMD CPU models, and some others
|
||||
Patch0006: 0006-cpu-Introduce-virCPUCopyMigratable.patch
|
||||
Patch0007: 0007-qemu-Move-common-code-in-virQEMUCapsInitCPUModel-one.patch
|
||||
Patch0008: 0008-qemu-Add-migratable-parameter-to-virQEMUCapsInitCPUM.patch
|
||||
Patch0009: 0009-qemu-Introduce-virQEMUCapsSetHostModel.patch
|
||||
Patch0010: 0010-qemu-Move-qemuCaps-CPU-data-copying-into-a-separate-.patch
|
||||
Patch0011: 0011-qemu-Introduce-virQEMUCapsHostCPUDataClear.patch
|
||||
Patch0012: 0012-qemu-Move-qemuCaps-host-CPU-data-in-a-struct.patch
|
||||
Patch0013: 0013-qemu-Prepare-qemuCaps-for-multiple-host-CPU-defs.patch
|
||||
Patch0014: 0014-qemu-Pass-migratable-host-CPU-model-to-virCPUUpdate.patch
|
||||
Patch0015: 0015-cpu-Drop-feature-filtering-from-virCPUUpdate.patch
|
||||
Patch0016: 0016-cpu-Introduce-virCPUGetHostIsSupported.patch
|
||||
Patch0017: 0017-qemu-Use-more-data-for-comparing-CPUs.patch
|
||||
Patch0005: 0005-cpu-Introduce-virCPUCopyMigratable.patch
|
||||
Patch0006: 0006-qemu-Move-common-code-in-virQEMUCapsInitCPUModel-one.patch
|
||||
Patch0007: 0007-qemu-Add-migratable-parameter-to-virQEMUCapsInitCPUM.patch
|
||||
Patch0008: 0008-qemu-Introduce-virQEMUCapsSetHostModel.patch
|
||||
Patch0009: 0009-qemu-Move-qemuCaps-CPU-data-copying-into-a-separate-.patch
|
||||
Patch0010: 0010-qemu-Introduce-virQEMUCapsHostCPUDataClear.patch
|
||||
Patch0011: 0011-qemu-Move-qemuCaps-host-CPU-data-in-a-struct.patch
|
||||
Patch0012: 0012-qemu-Prepare-qemuCaps-for-multiple-host-CPU-defs.patch
|
||||
Patch0013: 0013-qemu-Pass-migratable-host-CPU-model-to-virCPUUpdate.patch
|
||||
Patch0014: 0014-cpu-Drop-feature-filtering-from-virCPUUpdate.patch
|
||||
Patch0015: 0015-cpu-Introduce-virCPUGetHostIsSupported.patch
|
||||
Patch0016: 0016-qemu-Use-more-data-for-comparing-CPUs.patch
|
||||
|
||||
# Enable ZFS storage driver (bz #1471912)
|
||||
Patch0101: 0101-spec-Add-support-for-building-the-zfs-storage-driver.patch
|
||||
@ -281,6 +278,15 @@ Patch0101: 0101-spec-Add-support-for-building-the-zfs-storage-driver.patch
|
||||
Patch0102: 0102-Avoid-hidden-cgroup-mount-points.patch
|
||||
# disk driver name=... should be optional (bz #1473091)
|
||||
Patch0103: 0103-docs-schema-make-disk-driver-name-attribute-optional.patch
|
||||
# Fix TPM2 passthrough (bz #1486240)
|
||||
Patch0104: 0104-tpm-Use-dev-null-for-cancel-path-if-none-was-found.patch
|
||||
# Fix spice GL qemu:///system rendernode permissions (bz #1460804)
|
||||
Patch0105: 0105-security-add-MANAGER_MOUNT_NAMESPACE-flag.patch
|
||||
Patch0106: 0106-security-dac-relabel-spice-rendernode.patch
|
||||
# Fix on_reboot=destroy setting (bz #1476866)
|
||||
Patch0107: 0107-qemu-Honour-on_reboot.patch
|
||||
# Fix disk images in /dev/shm (bz #1482146)
|
||||
Patch0108: 0108-qemuDomainBuildNamespace-Move-dev-mountpoints-later.patch
|
||||
|
||||
Requires: libvirt-daemon = %{version}-%{release}
|
||||
Requires: libvirt-daemon-config-network = %{version}-%{release}
|
||||
@ -2148,6 +2154,12 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Sep 15 2017 Cole Robinson <crobinso@redhat.com> - 3.2.1-6
|
||||
- Fix TPM2 passthrough (bz #1486240)
|
||||
- Fix spice GL qemu:///system rendernode permissions (bz #1460804)
|
||||
- Fix on_reboot=destroy setting (bz #1476866)
|
||||
- Fix disk images in /dev/shm (bz #1482146)
|
||||
|
||||
* Fri Aug 04 2017 Cole Robinson <crobinso@redhat.com> - 3.2.1-5
|
||||
- Enable ZFS storage driver (bz #1471912)
|
||||
- Don't use cgroup mount points from /proc/mounts that are hidden (bz
|
||||
|
Loading…
Reference in New Issue
Block a user