Compare commits
125 Commits
Author | SHA1 | Date |
---|---|---|
|
7d77bf76aa | |
|
7f0f1b831e | |
|
d964be0097 | |
|
a2479f539e | |
|
c2c89ec6a3 | |
|
d61e2404ba | |
|
a2be167dfe | |
|
15ca09e1da | |
|
2cc07e6366 | |
|
4dd4fe78a4 | |
|
0bc22fb6f7 | |
|
76097a6961 | |
|
98cbf39fd3 | |
|
d670e246d0 | |
|
50e7b9a91d | |
|
5cbc0451ce | |
|
b420054636 | |
|
143fedee46 | |
|
88887cac0f | |
|
579afc99f2 | |
|
7f5808b9d0 | |
|
4df5f77071 | |
|
1bdd527daf | |
|
e5fa1c00d2 | |
|
18f7b8c79c | |
|
782468f8e9 | |
|
202e7d9569 | |
|
0676a07265 | |
|
f57ce74947 | |
|
851cfde15b | |
|
06123137eb | |
|
6ccf3cb58c | |
|
030ddaa4ef | |
|
a8886736c4 | |
|
4fd635e537 | |
|
6210c457fc | |
|
82926cfdf0 | |
|
e7a3ca6f6b | |
|
1ae6f647b7 | |
|
48941c011f | |
|
a3c4cc6f3d | |
|
90fbcbd48f | |
|
6efd96d995 | |
|
21316e7a45 | |
|
8adbb7a402 | |
|
3f19d41908 | |
|
34da93e0c9 | |
|
208f506190 | |
|
0ca715cad9 | |
|
0f5d8c1c22 | |
|
a56bcbd063 | |
|
89c3fa751c | |
|
051644ffcb | |
|
2a9c282548 | |
|
2ae80af461 | |
|
7335ede0e1 | |
|
6c92ba3805 | |
|
446f680673 | |
|
3f56aa2870 | |
|
3cec91694f | |
|
cb0cfa566f | |
|
a27acebf66 | |
|
99d3a0ca1a | |
|
9c962ebc4f | |
|
99cbbf6606 | |
|
b73e509648 | |
|
b23ff9c0f7 | |
|
20f9ed9c4c | |
|
04cb28c315 | |
|
a74ea318d1 | |
|
98ed6b4e36 | |
|
2c49d1fd11 | |
|
6e7bca6631 | |
|
2fe145bb02 | |
|
10b7d235e3 | |
|
232e2e7de2 | |
|
fb1e4b061e | |
|
0b1a013081 | |
|
a972457f43 | |
|
67cfa34a05 | |
|
fc2ebb7646 | |
|
e92b461b4f | |
|
b1ac7b5791 | |
|
88424efe85 | |
|
4e2aab98a2 | |
|
f4bc1a2fe2 | |
|
a4bf2768b8 | |
|
47cd44e9da | |
|
731c6b90ff | |
|
47ca46905d | |
|
860ffc5b13 | |
|
611b2ee520 | |
|
edcb926f9d | |
|
caebff8304 | |
|
8fa41135ca | |
|
0debbff964 | |
|
d6cc78be66 | |
|
8d9645735e | |
|
4c65f08330 | |
|
2427f8f078 | |
|
d168e4f934 | |
|
4dd365589f | |
|
50e253df29 | |
|
cb71801a2b | |
|
4a9c74e91d | |
|
281508ec99 | |
|
feb92626e1 | |
|
93cadb0880 | |
|
dd6b57aa60 | |
|
b8cb754e9d | |
|
dbe61507bd | |
|
ce7b23d9d0 | |
|
8ded6ff93e | |
|
1ef96f3488 | |
|
ee3bf37900 | |
|
7452a06938 | |
|
fe8f9ed9c4 | |
|
1b64f74c82 | |
|
c81949046d | |
|
19dcb913e6 | |
|
e4b5ba1a9d | |
|
5f1a422d83 | |
|
c5b0b3ef9d | |
|
c0a04cb876 | |
|
3cc7cdf12f |
|
@ -2,4 +2,4 @@
|
||||||
*.rpm
|
*.rpm
|
||||||
i686
|
i686
|
||||||
x86_64
|
x86_64
|
||||||
libvirt-*.tar.gz
|
libvirt-*.tar.xz
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Thu, 17 Dec 2015 13:43:58 +0100
|
|
||||||
Subject: [PATCH] schema: interleave domain name and uuid with other elements
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Allow <name> and <uuid> anywhere under <domain>, not just at the top:
|
|
||||||
|
|
||||||
error:XML document failed to validate against schema: Unable to validate
|
|
||||||
doc against /usr/share/libvirt/schemas/domain.rng
|
|
||||||
Expecting an element name, got nothing
|
|
||||||
Invalid sequence in interleave
|
|
||||||
Element domain failed to validate content
|
|
||||||
|
|
||||||
Introduced with the first RelaxNG schema in commit c642103.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1292131
|
|
||||||
(cherry picked from commit b4e0549febe416ffefc16f389423740d6d65fa74)
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
---
|
|
||||||
docs/schemas/domaincommon.rng | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
|
|
||||||
index b252a17..48610ce 100644
|
|
||||||
--- a/docs/schemas/domaincommon.rng
|
|
||||||
+++ b/docs/schemas/domaincommon.rng
|
|
||||||
@@ -30,8 +30,8 @@
|
|
||||||
<define name="domain">
|
|
||||||
<element name="domain">
|
|
||||||
<ref name="hvs"/>
|
|
||||||
- <ref name="ids"/>
|
|
||||||
<interleave>
|
|
||||||
+ <ref name="ids"/>
|
|
||||||
<optional>
|
|
||||||
<ref name="title"/>
|
|
||||||
</optional>
|
|
|
@ -1,32 +0,0 @@
|
||||||
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
|
|
||||||
Date: Thu, 14 Jan 2016 14:31:17 +0100
|
|
||||||
Subject: [PATCH] leaseshelper: fix crash when no mac is specified
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
|
|
||||||
lease) but no DNSMASQ_MAC, we skip creation of the new lease object.
|
|
||||||
|
|
||||||
Also skip adding it to the leases array.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1202350
|
|
||||||
(cherry picked from commit df9fe124d650bc438c531673492569da87523d20)
|
|
||||||
Signed-off-by: Ján Tomko <jtomko@redhat.com>
|
|
||||||
---
|
|
||||||
src/network/leaseshelper.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
|
|
||||||
index 2d528f7..6930310 100644
|
|
||||||
--- a/src/network/leaseshelper.c
|
|
||||||
+++ b/src/network/leaseshelper.c
|
|
||||||
@@ -439,7 +439,7 @@ main(int argc, char **argv)
|
|
||||||
|
|
||||||
case VIR_LEASE_ACTION_OLD:
|
|
||||||
case VIR_LEASE_ACTION_ADD:
|
|
||||||
- if (virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
|
|
||||||
+ if (lease_new && virJSONValueArrayAppend(leases_array_new, lease_new) < 0) {
|
|
||||||
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
||||||
_("failed to create json"));
|
|
||||||
goto cleanup;
|
|
|
@ -1,63 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Tue, 19 Jan 2016 22:19:56 -0500
|
|
||||||
Subject: [PATCH] build: predictably generate systemtap tapsets (bz 1173641)
|
|
||||||
|
|
||||||
The generated output is dependent on perl hashtable ordering, which
|
|
||||||
gives different results for i686 and x86_64. Fix this by sorting
|
|
||||||
the hash keys before iterating over them
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1173641
|
|
||||||
(cherry picked from commit a1edb05c6028470aa24b74aa0f8d5fb5a181128a)
|
|
||||||
---
|
|
||||||
src/rpc/gensystemtap.pl | 10 +++++-----
|
|
||||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/gensystemtap.pl b/src/rpc/gensystemtap.pl
|
|
||||||
index 2467300..7b80fbf 100755
|
|
||||||
--- a/src/rpc/gensystemtap.pl
|
|
||||||
+++ b/src/rpc/gensystemtap.pl
|
|
||||||
@@ -72,7 +72,7 @@ function libvirt_rpc_auth_name(type, verbose)
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
my $first = 1;
|
|
||||||
-foreach my $type (keys %auth) {
|
|
||||||
+foreach my $type (sort(keys %auth)) {
|
|
||||||
my $cond = $first ? "if" : "} else if";
|
|
||||||
$first = 0;
|
|
||||||
print " $cond (type == ", $type, ") {\n";
|
|
||||||
@@ -95,7 +95,7 @@ function libvirt_rpc_type_name(type, verbose)
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
$first = 1;
|
|
||||||
-foreach my $type (keys %type) {
|
|
||||||
+foreach my $type (sort(keys %type)) {
|
|
||||||
my $cond = $first ? "if" : "} else if";
|
|
||||||
$first = 0;
|
|
||||||
print " $cond (type == ", $type, ") {\n";
|
|
||||||
@@ -118,7 +118,7 @@ function libvirt_rpc_status_name(status, verbose)
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
$first = 1;
|
|
||||||
-foreach my $status (keys %status) {
|
|
||||||
+foreach my $status (sort(keys %status)) {
|
|
||||||
my $cond = $first ? "if" : "} else if";
|
|
||||||
$first = 0;
|
|
||||||
print " $cond (status == ", $status, ") {\n";
|
|
||||||
@@ -141,7 +141,7 @@ function libvirt_rpc_program_name(program, verbose)
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
$first = 1;
|
|
||||||
-foreach my $prog (keys %funcs) {
|
|
||||||
+foreach my $prog (sort(keys %funcs)) {
|
|
||||||
my $cond = $first ? "if" : "} else if";
|
|
||||||
$first = 0;
|
|
||||||
print " $cond (program == ", $funcs{$prog}->{id}, ") {\n";
|
|
||||||
@@ -165,7 +165,7 @@ function libvirt_rpc_procedure_name(program, version, proc, verbose)
|
|
||||||
{
|
|
||||||
EOF
|
|
||||||
$first = 1;
|
|
||||||
-foreach my $prog (keys %funcs) {
|
|
||||||
+foreach my $prog (sort(keys %funcs)) {
|
|
||||||
my $cond = $first ? "if" : "} else if";
|
|
||||||
$first = 0;
|
|
||||||
print " $cond (program == ", $funcs{$prog}->{id}, " && version == ", $funcs{$prog}->{version}, ") {\n";
|
|
|
@ -1,30 +0,0 @@
|
||||||
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
||||||
Date: Fri, 3 Jul 2015 16:51:56 +0100
|
|
||||||
Subject: [PATCH] rpc: ensure daemon is spawn even if dead socket exists
|
|
||||||
|
|
||||||
The auto-spawn code would originally attempt to spawn the
|
|
||||||
daemon for both ENOENT and ECONNREFUSED errors from connect().
|
|
||||||
The various refactorings eventually lost this so we only
|
|
||||||
spawn the daemon on ENOENT. The result is if the daemon exits
|
|
||||||
uncleanly, so that the socket is left in the filesystem, we
|
|
||||||
will never be able to auto-spawn the daemon again.
|
|
||||||
|
|
||||||
(cherry picked from commit 406ee8c226d2197ba1aaecb9cf3ad2b6df31ae44)
|
|
||||||
---
|
|
||||||
src/rpc/virnetsocket.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
|
|
||||||
index 51f94d4..6153e0e 100644
|
|
||||||
--- a/src/rpc/virnetsocket.c
|
|
||||||
+++ b/src/rpc/virnetsocket.c
|
|
||||||
@@ -610,7 +610,8 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
|
|
||||||
while (retries &&
|
|
||||||
connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
|
|
||||||
- if (!(spawnDaemon && errno == ENOENT)) {
|
|
||||||
+ if (!(spawnDaemon && (errno == ENOENT ||
|
|
||||||
+ errno == ECONNREFUSED))) {
|
|
||||||
virReportSystemError(errno, _("Failed to connect socket to '%s'"),
|
|
||||||
path);
|
|
||||||
goto cleanup;
|
|
|
@ -1,48 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Mon, 11 Jan 2016 20:01:24 -0500
|
|
||||||
Subject: [PATCH] rpc: socket: Minor cleanups
|
|
||||||
|
|
||||||
- Add some debugging
|
|
||||||
- Make the loop dependent only on retries
|
|
||||||
- Make it explicit that connect(2) success exits the loop
|
|
||||||
- Invert the error checking logic
|
|
||||||
|
|
||||||
(cherry picked from commit f102c7146ed7f6e04af0ad3bce302476239f2502)
|
|
||||||
---
|
|
||||||
src/rpc/virnetsocket.c | 16 ++++++++++++----
|
|
||||||
1 file changed, 12 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
|
|
||||||
index 6153e0e..dcff69e 100644
|
|
||||||
--- a/src/rpc/virnetsocket.c
|
|
||||||
+++ b/src/rpc/virnetsocket.c
|
|
||||||
@@ -548,6 +548,9 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
char *rundir = NULL;
|
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
+ VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
|
|
||||||
+ NULLSTR(binary));
|
|
||||||
+
|
|
||||||
memset(&localAddr, 0, sizeof(localAddr));
|
|
||||||
memset(&remoteAddr, 0, sizeof(remoteAddr));
|
|
||||||
|
|
||||||
@@ -608,10 +611,15 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
if (remoteAddr.data.un.sun_path[0] == '@')
|
|
||||||
remoteAddr.data.un.sun_path[0] = '\0';
|
|
||||||
|
|
||||||
- while (retries &&
|
|
||||||
- connect(fd, &remoteAddr.data.sa, remoteAddr.len) < 0) {
|
|
||||||
- if (!(spawnDaemon && (errno == ENOENT ||
|
|
||||||
- errno == ECONNREFUSED))) {
|
|
||||||
+ while (retries) {
|
|
||||||
+ if (connect(fd, &remoteAddr.data.sa, remoteAddr.len) == 0) {
|
|
||||||
+ VIR_DEBUG("connect() succeeded");
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
|
|
||||||
+
|
|
||||||
+ if (!spawnDaemon ||
|
|
||||||
+ (errno != ENOENT && errno != ECONNREFUSED)) {
|
|
||||||
virReportSystemError(errno, _("Failed to connect socket to '%s'"),
|
|
||||||
path);
|
|
||||||
goto cleanup;
|
|
|
@ -1,40 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Mon, 11 Jan 2016 20:08:45 -0500
|
|
||||||
Subject: [PATCH] rpc: socket: Explicitly error if we exceed retry count
|
|
||||||
|
|
||||||
When we autolaunch libvirtd for session URIs, we spin in a retry
|
|
||||||
loop waiting for the daemon to start and the connect(2) to succeed.
|
|
||||||
|
|
||||||
However if we exceed the retry count, we don't explicitly raise an
|
|
||||||
error, which can yield a slew of different error messages elsewhere
|
|
||||||
in the code.
|
|
||||||
|
|
||||||
Explicitly raise the last connect(2) failure if we run out of retries.
|
|
||||||
|
|
||||||
(cherry picked from commit 8da02d528068942303923fc4f935e77cccac9c7c)
|
|
||||||
---
|
|
||||||
src/rpc/virnetsocket.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
|
|
||||||
index dcff69e..90951be 100644
|
|
||||||
--- a/src/rpc/virnetsocket.c
|
|
||||||
+++ b/src/rpc/virnetsocket.c
|
|
||||||
@@ -618,7 +618,9 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
}
|
|
||||||
VIR_DEBUG("connect() failed: retries=%d errno=%d", retries, errno);
|
|
||||||
|
|
||||||
+ retries--;
|
|
||||||
if (!spawnDaemon ||
|
|
||||||
+ retries == 0 ||
|
|
||||||
(errno != ENOENT && errno != ECONNREFUSED)) {
|
|
||||||
virReportSystemError(errno, _("Failed to connect socket to '%s'"),
|
|
||||||
path);
|
|
||||||
@@ -628,7 +630,6 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
if (virNetSocketForkDaemon(binary) < 0)
|
|
||||||
goto cleanup;
|
|
||||||
|
|
||||||
- retries--;
|
|
||||||
usleep(5000);
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Mon, 11 Jan 2016 20:13:38 -0500
|
|
||||||
Subject: [PATCH] rpc: socket: Don't repeatedly attempt to launch daemon
|
|
||||||
|
|
||||||
On every socket connect(2) attempt we were re-launching session
|
|
||||||
libvirtd, up to 100 times in 5 seconds.
|
|
||||||
|
|
||||||
This understandably caused some weird load races and intermittent
|
|
||||||
qemu:///session startup failures
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1271183
|
|
||||||
(cherry picked from commit 2eb7a975756d05a5b54ab4acf60083beb6161ac6)
|
|
||||||
---
|
|
||||||
src/rpc/virnetsocket.c | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
|
|
||||||
index 90951be..2ee4b6e 100644
|
|
||||||
--- a/src/rpc/virnetsocket.c
|
|
||||||
+++ b/src/rpc/virnetsocket.c
|
|
||||||
@@ -547,6 +547,7 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
virSocketAddr remoteAddr;
|
|
||||||
char *rundir = NULL;
|
|
||||||
int ret = -1;
|
|
||||||
+ bool daemonLaunched = false;
|
|
||||||
|
|
||||||
VIR_DEBUG("path=%s spawnDaemon=%d binary=%s", path, spawnDaemon,
|
|
||||||
NULLSTR(binary));
|
|
||||||
@@ -627,8 +628,12 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (virNetSocketForkDaemon(binary) < 0)
|
|
||||||
- goto cleanup;
|
|
||||||
+ if (!daemonLaunched) {
|
|
||||||
+ if (virNetSocketForkDaemon(binary) < 0)
|
|
||||||
+ goto cleanup;
|
|
||||||
+
|
|
||||||
+ daemonLaunched = true;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
usleep(5000);
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
From: Jiri Denemark <jdenemar@redhat.com>
|
|
||||||
Date: Fri, 15 Jan 2016 10:55:58 +0100
|
|
||||||
Subject: [PATCH] security: Do not restore kernel and initrd labels
|
|
||||||
|
|
||||||
Kernel/initrd files are essentially read-only shareable images and thus
|
|
||||||
should be handled in the same way. We already use the appropriate label
|
|
||||||
for kernel/initrd files when starting a domain, but when a domain gets
|
|
||||||
destroyed we would remove the labels which would make other running
|
|
||||||
domains using the same files very unhappy.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=921135
|
|
||||||
|
|
||||||
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
||||||
(cherry picked from commit 68acc701bd449481e3206723c25b18fcd3d261b7)
|
|
||||||
---
|
|
||||||
src/security/security_dac.c | 8 --------
|
|
||||||
src/security/security_selinux.c | 8 --------
|
|
||||||
2 files changed, 16 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
|
|
||||||
index deb6980..d01215f 100644
|
|
||||||
--- a/src/security/security_dac.c
|
|
||||||
+++ b/src/security/security_dac.c
|
|
||||||
@@ -971,14 +971,6 @@ virSecurityDACRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
|
||||||
virSecurityDACRestoreSecurityFileLabel(def->os.loader->nvram) < 0)
|
|
||||||
rc = -1;
|
|
||||||
|
|
||||||
- if (def->os.kernel &&
|
|
||||||
- virSecurityDACRestoreSecurityFileLabel(def->os.kernel) < 0)
|
|
||||||
- rc = -1;
|
|
||||||
-
|
|
||||||
- if (def->os.initrd &&
|
|
||||||
- virSecurityDACRestoreSecurityFileLabel(def->os.initrd) < 0)
|
|
||||||
- rc = -1;
|
|
||||||
-
|
|
||||||
if (def->os.dtb &&
|
|
||||||
virSecurityDACRestoreSecurityFileLabel(def->os.dtb) < 0)
|
|
||||||
rc = -1;
|
|
||||||
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
|
|
||||||
index 6e67a86..2475a80 100644
|
|
||||||
--- a/src/security/security_selinux.c
|
|
||||||
+++ b/src/security/security_selinux.c
|
|
||||||
@@ -1953,14 +1953,6 @@ virSecuritySELinuxRestoreSecurityAllLabel(virSecurityManagerPtr mgr,
|
|
||||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.loader->nvram) < 0)
|
|
||||||
rc = -1;
|
|
||||||
|
|
||||||
- if (def->os.kernel &&
|
|
||||||
- virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.kernel) < 0)
|
|
||||||
- rc = -1;
|
|
||||||
-
|
|
||||||
- if (def->os.initrd &&
|
|
||||||
- virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.initrd) < 0)
|
|
||||||
- rc = -1;
|
|
||||||
-
|
|
||||||
if (def->os.dtb &&
|
|
||||||
virSecuritySELinuxRestoreSecurityFileLabel(mgr, def->os.dtb) < 0)
|
|
||||||
rc = -1;
|
|
|
@ -1,37 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Tue, 15 Mar 2016 17:04:32 -0400
|
|
||||||
Subject: [PATCH] rpc: wait longer for session daemon to start up
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1271183
|
|
||||||
|
|
||||||
We only wait 0.5 seconds for the session daemon to start up and present
|
|
||||||
its socket, which isn't sufficient for many users. Bump up the sleep
|
|
||||||
interval and retry amount so we wait for a total of 5.0 seconds.
|
|
||||||
|
|
||||||
(cherry picked from commit ca0c06f4008154de55e0b3109885facd0bf02d32)
|
|
||||||
---
|
|
||||||
src/rpc/virnetsocket.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
|
|
||||||
index 2ee4b6e..275f1f5 100644
|
|
||||||
--- a/src/rpc/virnetsocket.c
|
|
||||||
+++ b/src/rpc/virnetsocket.c
|
|
||||||
@@ -542,7 +542,7 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
char *lockpath = NULL;
|
|
||||||
int lockfd = -1;
|
|
||||||
int fd = -1;
|
|
||||||
- int retries = 100;
|
|
||||||
+ int retries = 500;
|
|
||||||
virSocketAddr localAddr;
|
|
||||||
virSocketAddr remoteAddr;
|
|
||||||
char *rundir = NULL;
|
|
||||||
@@ -635,7 +635,7 @@ int virNetSocketNewConnectUNIX(const char *path,
|
|
||||||
daemonLaunched = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
- usleep(5000);
|
|
||||||
+ usleep(10000);
|
|
||||||
}
|
|
||||||
|
|
||||||
localAddr.len = sizeof(localAddr.data);
|
|
|
@ -1,27 +0,0 @@
|
||||||
From: Jovanka Gulicoska <jovanka.gulicoska@gmail.com>
|
|
||||||
Date: Thu, 17 Mar 2016 20:02:20 +0100
|
|
||||||
Subject: [PATCH] driver: log missing modules as INFO, not WARN
|
|
||||||
|
|
||||||
Missing modules is a common expected scenario for most libvirt usage on
|
|
||||||
RPM distributions like Fedora, so it doesn't really warrant logging at
|
|
||||||
WARN level. Use INFO instead
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1274849
|
|
||||||
(cherry picked from commit 9a0c7f5f834185db9017c34aabc03ad99cf37bed)
|
|
||||||
---
|
|
||||||
src/driver.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/driver.c b/src/driver.c
|
|
||||||
index db03438..f926fe4 100644
|
|
||||||
--- a/src/driver.c
|
|
||||||
+++ b/src/driver.c
|
|
||||||
@@ -62,7 +62,7 @@ virDriverLoadModule(const char *name)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (access(modfile, R_OK) < 0) {
|
|
||||||
- VIR_WARN("Module %s not accessible", modfile);
|
|
||||||
+ VIR_INFO("Module %s not accessible", modfile);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,126 +0,0 @@
|
||||||
From: Cole Robinson <crobinso@redhat.com>
|
|
||||||
Date: Tue, 28 Apr 2015 17:38:00 -0400
|
|
||||||
Subject: [PATCH] polkit: Allow password-less access for 'libvirt' group
|
|
||||||
|
|
||||||
Many users, who admin their own machines, want to be able to access
|
|
||||||
system libvirtd via tools like virt-manager without having to enter
|
|
||||||
a root password. Just google 'virt-manager without password' and
|
|
||||||
you'll find many hits. I've read at least 5 blog posts over the years
|
|
||||||
describing slightly different ways of achieving this goal.
|
|
||||||
|
|
||||||
Let's finally add official support for this.
|
|
||||||
|
|
||||||
Install a polkit-1 rules file granting password-less auth for any user
|
|
||||||
in the new 'libvirt' group. Create the group on RPM install
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=957300
|
|
||||||
(cherry picked from commit e94979e901517af9fdde358d7b7c92cc055dd50c)
|
|
||||||
---
|
|
||||||
daemon/Makefile.am | 13 +++++++++++++
|
|
||||||
daemon/libvirt.rules | 9 +++++++++
|
|
||||||
libvirt.spec.in | 15 +++++++++++++--
|
|
||||||
3 files changed, 35 insertions(+), 2 deletions(-)
|
|
||||||
create mode 100644 daemon/libvirt.rules
|
|
||||||
|
|
||||||
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
|
|
||||||
index b95a79d..9c5ea37 100644
|
|
||||||
--- a/daemon/Makefile.am
|
|
||||||
+++ b/daemon/Makefile.am
|
|
||||||
@@ -53,6 +53,7 @@ EXTRA_DIST = \
|
|
||||||
libvirtd.init.in \
|
|
||||||
libvirtd.upstart \
|
|
||||||
libvirtd.policy.in \
|
|
||||||
+ libvirt.rules \
|
|
||||||
libvirtd.sasl \
|
|
||||||
libvirtd.service.in \
|
|
||||||
libvirtd.socket.in \
|
|
||||||
@@ -233,6 +234,8 @@ policyauth = auth_admin_keep_session
|
|
||||||
else ! WITH_POLKIT0
|
|
||||||
policydir = $(datadir)/polkit-1/actions
|
|
||||||
policyauth = auth_admin_keep
|
|
||||||
+rulesdir = $(datadir)/polkit-1/rules.d
|
|
||||||
+rulesfile = libvirt.rules
|
|
||||||
endif ! WITH_POLKIT0
|
|
||||||
endif WITH_POLKIT
|
|
||||||
|
|
||||||
@@ -263,9 +266,19 @@ if WITH_POLKIT
|
|
||||||
install-data-polkit::
|
|
||||||
$(MKDIR_P) $(DESTDIR)$(policydir)
|
|
||||||
$(INSTALL_DATA) libvirtd.policy $(DESTDIR)$(policydir)/org.libvirt.unix.policy
|
|
||||||
+if ! WITH_POLKIT0
|
|
||||||
+ $(MKDIR_P) $(DESTDIR)$(rulesdir)
|
|
||||||
+ $(INSTALL_DATA) $(srcdir)/$(rulesfile) $(DESTDIR)$(rulesdir)/50-libvirt.rules
|
|
||||||
+endif ! WITH_POLKIT0
|
|
||||||
+
|
|
||||||
uninstall-data-polkit::
|
|
||||||
rm -f $(DESTDIR)$(policydir)/org.libvirt.unix.policy
|
|
||||||
rmdir $(DESTDIR)$(policydir) || :
|
|
||||||
+if ! WITH_POLKIT0
|
|
||||||
+ rm -f $(DESTDIR)$(rulesdir)/50-libvirt.rules
|
|
||||||
+ rmdir $(DESTDIR)$(rulesdir) || :
|
|
||||||
+endif ! WITH_POLKIT0
|
|
||||||
+
|
|
||||||
else ! WITH_POLKIT
|
|
||||||
install-data-polkit::
|
|
||||||
uninstall-data-polkit::
|
|
||||||
diff --git a/daemon/libvirt.rules b/daemon/libvirt.rules
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..01a15fa
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/daemon/libvirt.rules
|
|
||||||
@@ -0,0 +1,9 @@
|
|
||||||
+// Allow any user in the 'libvirt' group to connect to system libvirtd
|
|
||||||
+// without entering a password.
|
|
||||||
+
|
|
||||||
+polkit.addRule(function(action, subject) {
|
|
||||||
+ if (action.id == "org.libvirt.unix.manage" &&
|
|
||||||
+ subject.isInGroup("libvirt")) {
|
|
||||||
+ return polkit.Result.YES;
|
|
||||||
+ }
|
|
||||||
+});
|
|
||||||
diff --git a/libvirt.spec.in b/libvirt.spec.in
|
|
||||||
index dc327a2..a23629d 100644
|
|
||||||
--- a/libvirt.spec.in
|
|
||||||
+++ b/libvirt.spec.in
|
|
||||||
@@ -1631,9 +1631,9 @@ then
|
|
||||||
fi
|
|
||||||
|
|
||||||
%if %{with_libvirtd}
|
|
||||||
+%pre daemon
|
|
||||||
%if ! %{with_driver_modules}
|
|
||||||
%if %{with_qemu}
|
|
||||||
-%pre daemon
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
||||||
# We want soft static allocation of well-known ids, as disk images
|
|
||||||
# are commonly shared across NFS mounts by id rather than name; see
|
|
||||||
@@ -1647,11 +1647,21 @@ if ! getent passwd qemu >/dev/null; then
|
|
||||||
useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
-exit 0
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
+ %if %{with_polkit}
|
|
||||||
+ %if 0%{?fedora} || 0%{?rhel} >= 6
|
|
||||||
+# 'libvirt' group is just to allow password-less polkit access to
|
|
||||||
+# libvirtd. The uid number is irrelevant, so we use dynamic allocation
|
|
||||||
+# described at the above link.
|
|
||||||
+getent group libvirt >/dev/null || groupadd -r libvirt
|
|
||||||
+ %endif
|
|
||||||
+ %endif
|
|
||||||
+
|
|
||||||
+exit 0
|
|
||||||
+
|
|
||||||
%post daemon
|
|
||||||
|
|
||||||
%if %{with_systemd}
|
|
||||||
@@ -1925,6 +1935,7 @@ exit 0
|
|
||||||
%if 0%{?fedora} || 0%{?rhel} >= 6
|
|
||||||
%{_datadir}/polkit-1/actions/org.libvirt.unix.policy
|
|
||||||
%{_datadir}/polkit-1/actions/org.libvirt.api.policy
|
|
||||||
+%{_datadir}/polkit-1/rules.d/50-libvirt.rules
|
|
||||||
%else
|
|
||||||
%{_datadir}/PolicyKit/policy/org.libvirt.unix.policy
|
|
||||||
%endif
|
|
3299
libvirt.spec
3299
libvirt.spec
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue