rpms/libvirt/devel libvirt-qemu-save-restore-2.patch, NONE, 1.1 libvirt-logrotate-avoid-compressing-small-logs.patch, 1.1, 1.2 libvirt-qemu-machine-type-fixes2.patch, 1.1, 1.2 libvirt-qemu-save-restore.patch, 1.1, 1.2 libvirt.spec, 1.197, 1.198
Daniel P. Berrange
berrange at fedoraproject.org
Thu Nov 19 12:51:33 UTC 2009
Author: berrange
Update of /cvs/pkgs/rpms/libvirt/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32130
Modified Files:
libvirt-logrotate-avoid-compressing-small-logs.patch
libvirt-qemu-machine-type-fixes2.patch
libvirt-qemu-save-restore.patch libvirt.spec
Added Files:
libvirt-qemu-save-restore-2.patch
Log Message:
Really fix restore file labelling this time
libvirt-qemu-save-restore-2.patch:
qemu/qemu_driver.c | 11 ++++++++++-
security/security_driver.h | 5 +++++
security/security_selinux.c | 12 +++++++++++-
3 files changed, 26 insertions(+), 2 deletions(-)
--- NEW FILE libvirt-qemu-save-restore-2.patch ---
>From 096fc1216eb2654bbff376dcc5bb8177d6498f82 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange at redhat.com>
Date: Thu, 19 Nov 2009 12:16:30 +0000
Subject: [PATCH] Fix labelling on QEMU restore images
Even though QEMU does not directly open the saved image when
restoring, it must be correctly labelled to allow QEMU to
read from it because labelling is passed around with open
file descriptors.
The labelling should not allow writing to the saved image
again, only reading.
* src/qemu/qemu_driver.c: Label the save image when restoring
* src/security/security_driver.h: Add a virSecurityDomainSetSavedStateLabelRO
method for labelling a saved image for restore
* src/security/security_selinux.c: Implement labelling of RO
save images for restore
Fedora-patch: libvirt-qemu-save-restore-2.patch
---
src/qemu/qemu_driver.c | 11 ++++++++++-
src/security/security_driver.h | 5 +++++
src/security/security_selinux.c | 11 +++++++++++
3 files changed, 26 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 171ac8f..e6abb05 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -3266,7 +3266,7 @@ static int qemudDomainSave(virDomainPtr dom,
if (driver->securityDriver &&
driver->securityDriver->domainRestoreSavedStateLabel &&
- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1)
+ driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
goto cleanup;
ret = 0;
@@ -3813,6 +3813,11 @@ static int qemudDomainRestore(virConnectPtr conn,
}
def = NULL;
+ if (driver->securityDriver &&
+ driver->securityDriver->domainSetSavedStateLabelRO &&
+ driver->securityDriver->domainSetSavedStateLabelRO(conn, vm, path) == -1)
+ goto cleanup;
+
if (header.version == 2) {
const char *intermediate_argv[3] = { NULL, "-dc", NULL };
const char *prog = qemudSaveCompressionTypeToString(header.compressed);
@@ -3847,6 +3852,10 @@ static int qemudDomainRestore(virConnectPtr conn,
close(intermediatefd);
close(fd);
fd = -1;
+ if (driver->securityDriver &&
+ driver->securityDriver->domainRestoreSavedStateLabel &&
+ driver->securityDriver->domainRestoreSavedStateLabel(conn, vm, path) == -1)
+ VIR_WARN("Unable to restore labelling on %s", path);
if (ret < 0) {
if (!vm->persistent) {
virDomainRemoveInactive(&driver->domains,
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 5514962..5144976 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -45,7 +45,11 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
virDomainObjPtr vm,
const char *savefile);
+typedef int (*virSecurityDomainSetSavedStateLabelRO) (virConnectPtr conn,
+ virDomainObjPtr vm,
+ const char *savefile);
typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
+ virDomainObjPtr vm,
const char *savefile);
typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
virDomainObjPtr sec);
@@ -77,6 +81,7 @@ struct _virSecurityDriver {
virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
+ virSecurityDomainSetSavedStateLabelRO domainSetSavedStateLabelRO;
virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
/*
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 4f2d1d3..0c130e5 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -639,7 +639,17 @@ SELinuxSetSavedStateLabel(virConnectPtr conn,
static int
+SELinuxSetSavedStateLabelRO(virConnectPtr conn,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
+ const char *savefile)
+{
+ return SELinuxSetFilecon(conn, savefile, default_content_context);
+}
+
+
+static int
SELinuxRestoreSavedStateLabel(virConnectPtr conn,
+ virDomainObjPtr vm ATTRIBUTE_UNUSED,
const char *savefile)
{
return SELinuxRestoreSecurityFileLabel(conn, savefile);
@@ -716,5 +726,6 @@ virSecurityDriver virSELinuxSecurityDriver = {
.domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
.domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
.domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
+ .domainSetSavedStateLabelRO = SELinuxSetSavedStateLabelRO,
.domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
};
--
1.6.5.2
libvirt-logrotate-avoid-compressing-small-logs.patch:
libvirtd.logrotate.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libvirt-logrotate-avoid-compressing-small-logs.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/devel/libvirt-logrotate-avoid-compressing-small-logs.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libvirt-logrotate-avoid-compressing-small-logs.patch 29 Oct 2009 17:26:05 -0000 1.1
+++ libvirt-logrotate-avoid-compressing-small-logs.patch 19 Nov 2009 12:51:32 -0000 1.2
@@ -27,5 +27,5 @@ index 093651c..0c51fd3 100644
+ minsize 100k
}
--
-1.6.2.5
+1.6.5.2
libvirt-qemu-machine-type-fixes2.patch:
qemu_conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Index: libvirt-qemu-machine-type-fixes2.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/devel/libvirt-qemu-machine-type-fixes2.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libvirt-qemu-machine-type-fixes2.patch 29 Oct 2009 10:57:55 -0000 1.1
+++ libvirt-qemu-machine-type-fixes2.patch 19 Nov 2009 12:51:32 -0000 1.2
@@ -38,5 +38,5 @@ index ac63570..b881f1e 100644
return 0;
--
-1.6.2.5
+1.6.5.2
libvirt-qemu-save-restore.patch:
qemu/qemu_driver.c | 35 ++++++++++++++++++++++++++++++++---
security/security_driver.h | 7 +++++++
security/security_selinux.c | 24 +++++++++++++++++++++++-
3 files changed, 62 insertions(+), 4 deletions(-)
Index: libvirt-qemu-save-restore.patch
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/devel/libvirt-qemu-save-restore.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libvirt-qemu-save-restore.patch 11 Nov 2009 15:33:52 -0000 1.1
+++ libvirt-qemu-save-restore.patch 19 Nov 2009 12:51:32 -0000 1.2
@@ -1,4 +1,4 @@
-From 076fffe1514b72ffc9a041f7f68348f5487ee8ba Mon Sep 17 00:00:00 2001
+From 1151cdcad3f4b68478b076832843338256b94644 Mon Sep 17 00:00:00 2001
From: Daniel P. Berrange <berrange at redhat.com>
Date: Wed, 11 Nov 2009 12:07:00 +0000
Subject: [PATCH] Fix save and restore with non-privileged guests and SELinux
@@ -164,5 +164,5 @@ index 7e0f71a..4f2d1d3 100644
+ .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
};
--
-1.6.2.5
+1.6.5.2
Index: libvirt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libvirt/devel/libvirt.spec,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -p -r1.197 -r1.198
--- libvirt.spec 11 Nov 2009 18:11:49 -0000 1.197
+++ libvirt.spec 19 Nov 2009 12:51:32 -0000 1.198
@@ -155,7 +155,7 @@
Summary: Library providing a simple API virtualization
Name: libvirt
Version: 0.7.2
-Release: 5%{?dist}%{?extra_release}
+Release: 6%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
@@ -168,6 +168,7 @@ Patch02: libvirt-logrotate-avoid-compres
# Fix QEMU save/restore permissions / labelling
Patch03: libvirt-qemu-save-restore.patch
+Patch04: libvirt-qemu-save-restore-2.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
URL: http://libvirt.org/
@@ -384,6 +385,7 @@ of recent versions of Linux (and other O
%patch01 -p1
%patch02 -p1
%patch03 -p1
+%patch04 -p1
%build
%if ! %{with_xen}
@@ -796,6 +798,9 @@ fi
%endif
%changelog
+* Thu Nov 19 2009 Daniel P. Berrange <berrange at redhat.com> - 0.7.2-6
+- Really fix restore file labelling this time
+
* Wed Nov 11 2009 Daniel P. Berrange <berrange at redhat.com> - 0.7.2-5
- Disable numactl on s390[x]. Again.
More information about the fedora-extras-commits
mailing list