--- libvirt-0.7.5.orig/debian/README.Debian +++ libvirt-0.7.5/debian/README.Debian @@ -0,0 +1,176 @@ +Xen +=== +To manage xen domains with libvirt you have to set: + +(xend-unix-server yes) + +in /etc/xen/xend-config.sxp. + +For xend HTTP access (not recommended) you also have to set: + +(xend-http-server yes) +# only allow access from localhost: +(xend-address localhost) + +Note that *every* user on the system has access to xend then. Better use +libvirtd to access xen with unprivileged users and add the users to the +"libvirt" group (see "Access Control" below). + +Debugging +========= +Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.: + +LIBVIRT_DEBUG=1 +export LIBVIRT_DEBUG +virt-manager + +The default NAT network +======================= +To ease network configuration libvirt defines a NATed network named "default". +VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them +via dnsmasq. This network is not automatically started. To start it use: + + virsh net-start default + +To make the default network start automatically use: + + virsh net-autostart default + +In order for things to work this way you need to have the recommended packages +dnsmasq-base, bridge-utils and iptables installed. + +You don't need the package dnsmasq. However, if you install it, Debian's +default dnsmasq needs to be adjusted slightly to interoperate with libvirtd: + +cat </etc/dnsmasq.d/00_libvirtd.conf +# only bind to loopback by default +interface=lo +bind-interfaces +EOF + +This makes dnsmasq only bind to the loopback interface by default so libvirtd +can handle the virtual bridges. + +Access Control +============== +Access to the libvirt socket is controlled by membership in the "libvirt" group. +If you want to manage VMs as non root you need to add a user to that group. + + -- Guido Guenther Thu, 15 May 2008 14:13:03 +0100 + + +AppArmor Profile +---------------- +Libvirt now contains AppArmor integration when using KVM or QEMU using +libvirt's sVirt infrastructure. Libvirtd can be configured to launch virtual +machines that are confined by uniquely restrictive AppArmor profiles. This +feature significantly improves virtualization in Ubuntu by providing user-space +host protection as well as guest isolation. + +In the sVirt model, if a profile is loaded for the libvirtd daemon, then each +qemu:///system QEMU virtual machine will have a profile created for it when +the virtual machine is started if one does not already exist. This generated +profile is based on a template file and uses a profile name based on the UUID +of the QEMU virtual machine and contains rules allowing access to only the +files it needs to run, such as its disks, pid file and log files. Just before +the QEMU virtual machine is started, the libvirtd daemon will change into this +unique profile, preventing the QEMU process from accessing any file resources +that are present in another QEMU process or the host machine. + +The AppArmor sVirt implementation is flexible in that it allows a user to +customize the template file in /etc/apparmor.d/libvirt/TEMPLATE for +site-specific access for all newly created QEMU virtual machines. When a +new profile is generated, two files are created: + + /etc/apparmor.d/libvirt/libvirt- + /etc/apparmor.d/libvirt/libvirt-.files + +The former can be fine-tuned by the administrator to allow custom access for +this particular QEMU virtual machine, and the latter will be updated +appropriately when required file access changes, such as when a disk is added. +This flexibility allows for situations such as having one virtual machine in +complain mode with all others in enforce mode. + +Profiles for /usr/sbin/libvirtd, /usr/lib/libvirt/virt-aa-helper (a helper +program which the libvirtd daemon uses instead of manipulating AppArmor +directly), and /etc/apparmor.d/abstractions/libvirt-qemu are used to configure +AppArmor confinement with sVirt. Administrators of libvirt in production +environments are encouraged to review these files (especially 'libvirt-qemu') +to ensure that only the access required is given to the virtual machines. + +If the sVirt security model is active, then the node capabilities XML will +include its details. If a virtual machine is currently protected by the +security model, then the guest XML will include its assigned profile name. If +enabled at compile time, the sVirt security model will be activated if AppArmor +is available on the host OS and a profile for the libvirtd daemon is loaded +when libvirtd is started. To disable sVirt, and revert to the basic level of +AppArmor protection (host protection only), the /etc/libvirt/qemu.conf file can +be used to change the setting to security_driver="none". Users may also +disable AppArmor integration through AppArmor itself by performing: + +$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd +$ sudo ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/usr.sbin.libvirtd + +If your system uses AppArmor, please note that the shipped profile works with +the default installation, and changes in your configuration may require changes +to the installed apparmor profile. Before filing a bug against this software, +please see https://wiki.ubuntu.com/DebuggingApparmor before filing a bug +against this software. + +qemu:///system +-------------- +Adding users to the libvirtd group effectively grants them root access. In +Ubuntu, users in the admin group (who already have 'sudo' access) are added to +this group automatically. + +Virtual machines started from qemu:///system run with root privileges. As +discussed above, in Ubuntu Qemu/KVM virtual machines are fully isolated and +confined by the AppArmor security driver. Users may optionally choose to adjust +/etc/libvirt/qemu.conf so that virtual machines started under qemu:///system +run as a non-privileged user (new in libvirt 0.7). The 'libvirt-qemu' user and +'kvm' group are configured for this purpose. + +While the current non-root implementation does reduce the privileges of virtual +machines running under qemu:///system, all VMs run under the same user and +there is no guest isolation. Additionally, if each VM ran under its own user, +an attacker could potentially break out of the VM and have unconfined user +access to the host machine. + +Considering that the current implementation is new and not as well tested, +libvirt in Ubuntu will by default run virtual machines with root privileges, +but fully confined by AppArmor. Once there is consensus among the community on +the implementation, running VMs as non-root can be considered as an additional +protection to the AppArmor driver. + +Disk migration +============== +Libvirt versions earlier that 0.8.3 would probe a qemu disk to determine its +format and did not require that the format be declared in the XML. Newer +versions of libvirt will default to the 'raw' format when the format is not +specified in the XML. As a result, non-raw disks without unspecified disk +format will no longer be available in virtual machines. + +libvirt-migrate-qemu-disks is provided to aid in transitioning virtual +machine definitions to the new required format. In essence, it will check +all domains for affected virtual machines, probe the affected disks and update +the domain definition accordingly. For example, a domain with: + + + + +
+ + +will be updated to have: + + + + + +
+ + +This command will be run automatically on upgrade to 0.8.3-1ubuntu1. See +'man 1 libvirt-migrate-qemu-disks' for details. + + -- Jamie Strandboge Thu, 12 Aug 2010 15:03:07 -0500 --- libvirt-0.7.5.orig/debian/libvirt-dev.install +++ libvirt-0.7.5/debian/libvirt-dev.install @@ -0,0 +1,4 @@ +usr/lib/libvirt.so +usr/lib/libvirt.a +usr/include/* +usr/lib/pkgconfig/* --- libvirt-0.7.5.orig/debian/libvirt0.symbols +++ libvirt-0.7.5/debian/libvirt0.symbols @@ -0,0 +1,31 @@ +libvirt.so.0 libvirt0 #MINVER# + *@LIBVIRT_0.0.3 0.0.3 + *@LIBVIRT_0.0.5 0.0.5 + *@LIBVIRT_0.1.0 0.1.0 + *@LIBVIRT_0.1.1 0.1.1 + *@LIBVIRT_0.1.4 0.1.4 + *@LIBVIRT_0.1.5 0.1.5 + *@LIBVIRT_0.1.9 0.1.9 + *@LIBVIRT_0.2.0 0.2.0 + *@LIBVIRT_0.2.1 0.2.1 + *@LIBVIRT_0.2.3 0.2.3 + *@LIBVIRT_0.3.0 0.3.0 + *@LIBVIRT_0.3.2 0.3.2 + *@LIBVIRT_0.3.3 0.3.3 + *@LIBVIRT_0.4.0 0.4.0 + *@LIBVIRT_0.4.1 0.4.1 + *@LIBVIRT_0.4.2 0.4.2 + *@LIBVIRT_0.4.5 0.4.5 + *@LIBVIRT_0.5.0 0.5.0 + *@LIBVIRT_0.6.0 0.6.0 + *@LIBVIRT_0.6.1 0.6.1 + *@LIBVIRT_0.6.3 0.6.3 + *@LIBVIRT_0.6.4 0.6.4 + *@LIBVIRT_0.6.5 0.6.5 + *@LIBVIRT_0.7.0 0.7.0 + *@LIBVIRT_0.7.1 0.7.1 + *@LIBVIRT_0.7.2 0.7.2 + *@LIBVIRT_0.7.3 0.7.3 + *@LIBVIRT_0.7.4 0.7.4 + *@LIBVIRT_0.7.5 0.7.5 + *@LIBVIRT_PRIVATE_0.7.5 0.7.5 --- libvirt-0.7.5.orig/debian/changelog +++ libvirt-0.7.5/debian/changelog @@ -0,0 +1,1967 @@ +libvirt (0.7.5-5ubuntu27.9) lucid-security; urgency=low + + * SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing + checks for read only connections. + - CVE-2011-1146 + + -- Jamie Strandboge Tue, 15 Mar 2011 16:21:40 -0500 + +libvirt (0.7.5-5ubuntu27.8) lucid-proposed; urgency=low + + * debian/patches/9903-lp668042.patch: When libvirtd is restarted, do not + remove network interface details from active domains. Patched based on + upstream git commit. (LP: #668042) + + -- Dave Walker (Daviey) Thu, 25 Nov 2010 02:41:24 +0000 + +libvirt (0.7.5-5ubuntu27.7) lucid-security; urgency=low + + * debian/patches/9902-lp665531.patch: restore use of '' (LP: #665531) + + -- Jamie Strandboge Sat, 23 Oct 2010 11:01:42 -0500 + +libvirt (0.7.5-5ubuntu27.6) lucid-security; urgency=low + + Renable the changes in 27.3, which were mistakenly dropped (LP: #665182) + + [ Nigel Jones ] + * debian/patches/9024-free-memory-for-invalid-devices.patch: updated + to match upstream patch which includes a fix for an entry path + not found originally, LP: #571093 + * debian/patches/9025-avoid-NULL-dereference-upon-disk-op-fail.patch: + backport upstream patch to avoid failures when attempting to attach + a disk or image twice. LP: #455832 + + -- Jamie Strandboge Fri, 22 Oct 2010 11:01:25 -0500 + +libvirt (0.7.5-5ubuntu27.5) lucid-security; urgency=low + + * SECURITY UPDATE: fix multiple issues with disk format for backing stores + which could allow a privileged guest user to access arbitrary files on + the host. + - debian/patches/9900-CVE-2010-2237-2238-2239.patch: + + update security drivers to honor the user defined disk format when + looking up disk backing stores + + update security drivers to honor the defined backing store disk format + when recursing into disk image backing stores + + explicitly set the user defined backing store format when creating a + new image + - migrate virtual machine definitions with non-raw disks and previously + unspecified disk format with a one time probe on upgrades: + + add debian/libvirt-migrate-qemu-disks + + add debian/libvirt-migrate-qemu-disks.1 + + debian/libvirt-bin.postinst: updated to run + 'libvirt-migrate-qemu-disks -a' on upgrades + + debian/rules: cp debian/libvirt-migrate-qemu-disks into place + + debian/libvirt-bin.manpages: install libvirt-migrate-qemu-disks.1 + + debian/README.Debian: updated for libvirt-migrate-qemu-disks + - CVE-2010-2237 + - CVE-2010-2238 + - CVE-2010-2239 + * SECURITY UPDATE: fix to disallow privileged users in guests from accessing + privileged resources, such as NFS + - debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules + to use ports 1024-65535 + - CVE-2010-2242 + + -- Jamie Strandboge Wed, 01 Sep 2010 10:22:04 -0500 + +libvirt (0.7.5-5ubuntu27.2) lucid-proposed; urgency=low + + [ Nigel Jones ] + * debian/patches/9024-free-memory-for-invalid-devices.patch: clean + up a memory leak affecting multipath+libvirt, LP: #571093 + + -- Dustin Kirkland Wed, 07 Jul 2010 10:18:48 -0400 + +libvirt (0.7.5-5ubuntu27) lucid; urgency=low + + * debian/libvirt-bin.postinst: ensure that the convenience feature + of adding users to the libvirtd group does cause package setup + failure, LP: #565380 + * debian/patches/9023-virt-pki-validate_fixes.patch: fix a bashism, + a missing autoconf substitution, and an insufficient sed call, in + order to get this working on Ubuntu, LP: #562266; patch submitted + upstream + + -- Dustin Kirkland Wed, 21 Apr 2010 15:59:49 -0500 + +libvirt (0.7.5-5ubuntu26) lucid; urgency=low + + * debian/patches/9022-dont-leak-log-fd.path.patch: Fix FD leak in + qemudStartVMDaemon (LP: #567392) + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for LVM + volumes and searching /sys/bus/usb/devices/ (LP: #565691) + + -- Jamie Strandboge Tue, 20 Apr 2010 13:45:12 -0500 + +libvirt (0.7.5-5ubuntu25) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for + eucalyptus (LP: #564914) + + -- Jamie Strandboge Fri, 16 Apr 2010 14:10:06 -0500 + +libvirt (0.7.5-5ubuntu24) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: eek, the /dev change from + the last upload was a wee bit too aggressive. Revert that and allow access + to .img, .qcow{,2}, and .vmdk (file extensions that actually support + backingstore) and .[iI][sS][oO] since it is so common (LP: #517714) + + -- Jamie Strandboge Thu, 15 Apr 2010 08:52:27 -0500 + +libvirt (0.7.5-5ubuntu23) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: also allow /opt but deny + access to /dev to suppress confusing, non-fatal profile denials. + + -- Jamie Strandboge Wed, 14 Apr 2010 07:36:13 -0500 + +libvirt (0.7.5-5ubuntu22) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow ro access to files + in /mnt, /media and /srv + + -- Jamie Strandboge Tue, 13 Apr 2010 08:27:46 -0500 + +libvirt (0.7.5-5ubuntu21) lucid; urgency=low + + * debian/libvirt-bin.upstart: simplify pidfile cleanup logic, + per discussion with Jamie Strandboge and Loic Minier in LP: #510658 + + -- Dustin Kirkland Wed, 07 Apr 2010 16:09:05 -0500 + +libvirt (0.7.5-5ubuntu20) lucid; urgency=low + + * debian/libvirt-bin.upstart: + - remove unnecessary pid file existence test, LP: #510658 + - revert virbr0 up/down hack added in 0.7.5-5ubuntu17, LP: #345485 + + -- Dustin Kirkland Wed, 07 Apr 2010 15:39:39 -0500 + +libvirt (0.7.5-5ubuntu19) lucid; urgency=low + + * fix for hostdev devices (LP: #545795). This can be dropped in 0.7.8 + - debian/patches/9021-apparmor-fix-hostdev.patch: adjust virt-aa-helper to + handle pci devices. Update valid_path() to have an override array to + check against, and add "/sys/devices/pci" to it. Then rename + file_iterate_cb() to file_iterate_hostdev_cb() and create + file_iterate_pci_cb() based on it. Update tests suite for this and SDL + - debian/apparmor/libvirt-qemu: adjust for the above + - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to + /sys/devices + + -- Jamie Strandboge Mon, 05 Apr 2010 19:50:15 -0500 + +libvirt (0.7.5-5ubuntu18) lucid; urgency=low + + * handle SDL graphics (LP: #545426). This can be dropped in 0.7.8 + - 9019-apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL + graphics, specifically Xauthority. Also remove a couple redundant + checks. + - debian/apparmor/libvirt-qemu: add comment about /dev/fb* + * handle backingstore (LP: #470636). This can be dropped in 0.7.8 + - debian/patches/9020-apparmor-fix-backingstore.patch: adjust + virt-aa-helper to handle disks with backing stores + - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to + user-tmp, non-hidden files in @{HOME} and storage pools + + -- Jamie Strandboge Mon, 05 Apr 2010 16:56:25 -0500 + +libvirt (0.7.5-5ubuntu17) lucid; urgency=low + + * debian/libvirt-bin.upstart: bring virbr0 up/down on upstart start/stop + of libvirt, LP: #345485 + + -- Dustin Kirkland Thu, 01 Apr 2010 23:08:33 -0500 + +libvirt (0.7.5-5ubuntu16) lucid; urgency=low + + * debian/libvirt-bin.upstart: libvirt has a nasty habit of leaving + it's pidfile lying around when/if it crashes; add a pre-start + check that removes the pidfile if it exists but the daemon is + not actually running, LP: #510658 + + -- Dustin Kirkland Thu, 01 Apr 2010 19:47:04 -0500 + +libvirt (0.7.5-5ubuntu15) lucid; urgency=low + + * debian/apparmor/libvirt-qemu, examples/apparmor/libvirt-qemu: + allow seabios in the apparmor profile, LP: #545302 + + -- Dustin Kirkland Tue, 23 Mar 2010 11:28:28 -0700 + +libvirt (0.7.5-5ubuntu14) lucid; urgency=low + + * debian/patches/9018-fix-pty-console.patch: fix issue using + console in virsh. + (LP: #542324) + + -- Scott Moser Fri, 19 Mar 2010 15:58:21 -0400 + +libvirt (0.7.5-5ubuntu13) lucid; urgency=low + + * debian/patches/9017-dont-disable-ipv6.patch: don't disable IPv6 + on the bridge interface. The original intent of disabling IPv6 was + to prevent RAs received from client VMs from accidentally adding + addresses to the bridge interface. However, only accept_ra=0 is + necessary to fix this, without the side-effect of disabling IPv6. + (LP: #528934) + + -- Jeremy Visser Thu, 04 Mar 2010 17:33:11 +1100 + +libvirt (0.7.5-5ubuntu12) lucid; urgency=low + + * Build against parted 2.2. + + -- Colin Watson Tue, 09 Mar 2010 01:18:49 +0000 + +libvirt (0.7.5-5ubuntu11) lucid; urgency=low + + * Make sure cache setting is output by virDomainGetXMLDesc (and, by + extension, "virsh dumpxml"), even if no special driverName is set. + (LP: #531741) + + -- Soren Hansen Thu, 04 Mar 2010 22:19:52 +0100 + +libvirt (0.7.5-5ubuntu10) lucid; urgency=low + + * debian/patches/9015-autodetect-nc-params.patch: autodetect if the + remote nc command supports the -q option. (LP: #517478) + * debian/patches/0006-Terminate-nc-on-EOF.patch: disabled + as the previous patch replaces it. + + -- Marc Deslauriers Thu, 04 Mar 2010 07:58:52 -0500 + +libvirt (0.7.5-5ubuntu9) lucid; urgency=low + + * debian/apparmor/libvirt-qemu: + - explicitly deny setpcap to silence denials. See LP: 522845 for details + - allow read access to /proc/*/status + * debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch: + Don't exit with error if the user unloaded the profile outside of libvirt + (LP: #530400) + + -- Jamie Strandboge Wed, 03 Mar 2010 06:29:39 -0600 + +libvirt (0.7.5-5ubuntu8) lucid; urgency=low + + * Build against parted 2.1. + + -- Colin Watson Fri, 26 Feb 2010 18:11:14 +0000 + +libvirt (0.7.5-5ubuntu7) lucid; urgency=low + + * debian/patches/0010-Use-base-16-for-product-vendor.patch: parse the USB + and PCI product and vendor ids in hexadecimal. This fixes incorrect + USB ids being used in virt-manager. (LP: #514610) + + -- Marc Deslauriers Sun, 07 Feb 2010 11:08:23 -0500 + +libvirt (0.7.5-5ubuntu6) lucid; urgency=low + + * debian/patches/9013-apparmor-dont-clear-caps.patch: Don't clear + capabilities when calling virt-aa-helper. When built with libcap-ng, + clearing caps makes virt-aa-helper lose MAC_ADMIN, which is (obviously) + needed by apparmor_parser. This restores libcap-ng behavior to what it was + when not built with libcap-ng. (LP: #517714) + + -- Jamie Strandboge Fri, 05 Feb 2010 16:48:42 -0600 + +libvirt (0.7.5-5ubuntu5) lucid; urgency=low + + * Build-Depend on libcap-ng. (LP: #488963) + + -- Soren Hansen Thu, 04 Feb 2010 14:50:40 -0800 + +libvirt (0.7.5-5ubuntu4) lucid; urgency=low + + * debian/patches/9011-node_device_driver.patch: Don't free an uninitalized + pointer in update_driver_name() in src/node_device/node_device_driver.c + (LP: #513544) + * debian/patches/9012-dont-crash-on-restart.patch: don't crash on restart + if domain(s) with PCI devices are running + + -- Jamie Strandboge Thu, 28 Jan 2010 08:26:14 -0600 + +libvirt (0.7.5-5ubuntu3) lucid; urgency=low + + * 9008-fix-daemon-conf-ftbfs.patch: fix for FTBFS on Ubuntu buildds by + disabling running libvirtd with a valid config file in the daemon-conf + test. This patch used to be 9008-warn-on-daemon-conf-test-wait.patch + + -- Jamie Strandboge Mon, 25 Jan 2010 21:08:46 -0600 + +libvirt (0.7.5-5ubuntu2) lucid; urgency=low + + * debian/patches/9010-apparmor-ftbfs.patch: updated to match upstream + and give proper attribution + + -- Jamie Strandboge Mon, 25 Jan 2010 17:44:30 -0600 + +libvirt (0.7.5-5ubuntu1) lucid; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: + + Build-Depends on qemu-kvm, not qemu + + Build-Depends on open-iscsi-utils, not open-iscsi + + Build-Depends on libxml2-utils + + Build-Depends on libapparmor-dev and Suggests apparmor (>= + 2.3+1289-0ubuntu14) + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin + + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such + + We call libxen-dev libxen3-dev, so change all references + + temporarily remove Build-Depends on libcap-ng-dev, which isn't + available in Ubuntu main yet + + Rename Vcs-* to XS-Debian-Vcs-* + - debian/libvirt-bin.postinst: + + rename the libvirt group to libvirtd + + add each admin user to the libvirtd group + + reload apparmor profiles + + 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the + profile changed from usr.bin.virt-aa-helper to + usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user + made no changes to the old profile, remove it, otherwise, update the + paths, preserving the shipped usr.lib.libvirt.virt-aa-helper + - debian/libvirt-bin.postrm: + + rename the libvirt group to libvirtd + + remove apparmor symlinks on purge + - debian/libvirt-bin.preinst: added to force complain on certain + upgrades + - debian/README.Debian: add AppArmor section based on the upstream + documentation + - debian/rules: + + update DEB_DH_INSTALLINIT_ARGS for upstart + + add DEB_MAKE_CHECK_TARGET := check + + use --with-apparmor + + copy apparmor and apport hook to debian/tmp + - add debian/libvirt-bin.upstart + - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, + /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, + /etc/apparmor.d/libvirt, /etc/cron.daily and + /usr/share/apport/package-hooks + - add debian/libvirt-bin.cron.daily + - add debian/libvirt-bin.apport + - debian/libvirt-bin.install: install apparmor profiles, abstractions + and apport hook + - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + + 9000-delayed_iff_up_bridge.patch + + 9001-dont_clobber_existing_bridges.patch + + 9002-better_default_uri_virsh.patch + + 9003-increase-logoutput-timeout.patch + + 9004-better-default-arch.patch + + 9005-libvirtd-group-name.patch + + 9006-increase-unix-socket-timeout.patch + + 9007-default-config-test-case.patch + + 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016) + - Dropped the following patches now including upstream: + + 0005-Fix-SELinux-linking-issues.patch + + 9008-apparmor-caps-mockup.patch + + 9009-apparmor-lp453335.patch + + 9010-apparmor-lp460271.patch + + 9011-apparmor-code-cleanups.patch + + 9012-apparmor-add-virt-aa-helper-test.patch + + 9013-apparmor-examples.patch + + 9014-event-fuzz.patch + + 9015-hal-startup-failure-is-nonfatal.patch + * debian/patches/9009-run-as-root-by-default.patch: run virtual machines + via qemu:///system as root. As of 0.7, upstream libvirt has the ability to + run VMs started via qemu:///system as an unprivileged user. Debian's + libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream + implementation is contentious among the community and while it does + reduce the privileges of the VMs running under qemu:///system, all VMs + currently run under the same user, so there is no guest isolation. Even if + each user ran under its own user, an attacker could potentially break out + of the VM and have unconfined user access (albeit non-root). In Ubuntu, + Qemu/KVM virtual machines are already fully isolated and confined by the + AppArmor security driver so this feature has been disabled. Once there is + consensus among the community on the implementation and its use, changing + this default in Ubuntu can be considered as an additional protection to + the AppArmor driver. + * debian/README.Debian: add section discussing the security implications of + using qemu:///system + * debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in + virt-aa-helper.c and automake dependency declaration. This should be + dropped in 0.7.6 or higher. + + -- Jamie Strandboge Mon, 25 Jan 2010 12:48:13 -0600 + +libvirt (0.7.5-5) unstable; urgency=low + + [ Guido Günther ] + * [d8e60e8] Add css to docs + * [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if- + info-chard.patch qemu: Use log output for pty assignment if 'info + chardev' is unavailable - thanks to Matthias Bolte + + [ Laurent Léonard ] + * [0905f82] Fix QEMU driver custom domain status XML extensions. - + thanks to Daniel P. Berrange + + -- Laurent Léonard Tue, 19 Jan 2010 23:16:16 +0100 + +libvirt (0.7.5-4) unstable; urgency=low + + * [18520c0] Same description of supported virt techs in all binary packages + (Closes: #564909) - thanks to Loïc Minier + * [49c357c] Implement path lookup for USB by vendor:product (Closes: + #563502) - thanks to Cole Robinson + + -- Guido Günther Wed, 13 Jan 2010 23:57:26 +0100 + +libvirt (0.7.5-3) unstable; urgency=low + + * [4d41fd7] Also look for dmi information in /sys/class older kernels such + as 2.6.26 have it there. (Closes: #564020) + * [1c0e0b5] Explicitly disable ESX support + * [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas + for the patch + + -- Guido Günther Fri, 08 Jan 2010 11:07:34 +0100 + +libvirt (0.7.5-2) unstable; urgency=low + + * Upload to unstable + * [d6c5ca5] Add debugging symbols for all packages + + -- Guido Günther Sun, 03 Jan 2010 20:01:12 +0100 + +libvirt (0.7.5-1) experimental; urgency=low + + [ Laurent Léonard ] + * [96f8d94] Imported Upstream version 0.7.5 + * [f8089a1] Redo patches. + * [294ce3d] Update libvirt0 symbols. + * [1c97be7] Allow DM upload and add myself as uploader. + * [5635a32] Clean debian/watch. + + [ Guido Günther ] + * [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch + applied upstream. + + -- Guido Günther Sat, 26 Dec 2009 17:45:47 +0100 + +libvirt (0.7.4-2) experimental; urgency=low + + * [65d3755] Disable SELinux to work around #559356 + * [19bd427] Run qemu instances as qemu-libvirt instead of root by default + (Closes: #558197) + * [0a6c03b] Use kvm as primary group for libvirt-qemu user + * [e5ae24b] Fix udev backend startup + * [f610a8e] Use udev instead of hal backend + + -- Guido Günther Mon, 07 Dec 2009 21:20:20 +0100 + +libvirt (0.7.4-1) unstable; urgency=low + + [ Laurent Léonard ] + * [8f2761b] Imported Upstream version 0.7.4 + * [20b6b3d] Drop patches. + * 0005-Fix-SELinux-linking-issues.patch - fixed upstream. + * 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch - + fixed upstream. + * 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch - + applied upstream. + * 0008-Fix-qemu-session.patch - fixed upstream. + * [e41f8c6] Update libvirt0 symbols. + * [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts + commit 213ca47bbbefe2dc95be58a09db34669e3be5797. + * [65084d2] Enhance handling of examples. + + -- Guido Günther Tue, 01 Dec 2009 18:51:18 +0100 + +libvirt (0.7.2-4ubuntu6) lucid; urgency=low + + * Update libvirt0 description to match the other packages in supported + virtualization technologies. + * Rename Vcs-* to XS-Debian-Vcs-*. + + -- Loïc Minier Tue, 12 Jan 2010 17:22:02 +0100 + +libvirt (0.7.2-4ubuntu5) lucid; urgency=low + + * debian/rules, debian/libvirt-bin.upstart: migrate libvirt to upstart + (LP: #446036) + * debian/control: depend on open-iscsi-utils, rather than open-iscsi, + fixed again, grrr (LP: #414986) + + -- Dustin Kirkland Tue, 05 Jan 2010 23:23:28 -0600 + +libvirt (0.7.2-4ubuntu4) lucid; urgency=low + + * debian/libvirt-bin.postinst: don't sed a non-existent file (LP: #493582) + + -- Jamie Strandboge Mon, 07 Dec 2009 08:55:03 -0600 + +libvirt (0.7.2-4ubuntu3) lucid; urgency=low + + * debian/patches/9016-warn-on-daemon-conf-test-wait.patch: workaround FTBFS + on buildd by not failing when waiting on pid + + -- Jamie Strandboge Wed, 02 Dec 2009 12:12:17 -0600 + +libvirt (0.7.2-4ubuntu2) lucid; urgency=low + + * debian/control: Build-Depends on qemu-kvm, not qemu + * debian/patches/9007-default-config-test-case.patch: revert last change + which caused a different failure on buildd + + -- Jamie Strandboge Wed, 02 Dec 2009 11:14:59 -0600 + +libvirt (0.7.2-4ubuntu1) lucid; urgency=low + + * Merge from debian testing. Remaining changes: + - debian/control: + + Don't build-depend on QEmu + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin + + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such + + We call libxen-dev libxen3-dev, so change all references + + Build-Depends on libxml2-utils + + Build-Depends on open-iscsi-utils instead of open-iscsi due to + LP: #414986 + - debian/postinst: + + rename the libvirt group to libvirtd + + add each admin user to the libvirtd group + - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd + - debian/rules: add DEB_MAKE_CHECK_TARGET := check + - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2 + - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + - AppArmor integration: + + debian/control: Build-Depends on libapparmor-dev and Suggests + apparmor (>= 2.3+1289-0ubuntu14) + + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, + /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, + /etc/cron.daily and /usr/share/apport/package-hooks + + add debian/libvirt-bin.cron.daily (LP: #438165) + + add debian/libvirt-bin.apport + + debian/libvirt-bin.install: install apparmor profiles, abstractions + and apport hook + + debian/postinst: reload apparmor profiles + + debian/libvirt-bin.postrm: remove apparmor symlinks on purge + + debian/libvirt-bin.preinst: added to force complain on certain + upgrades + + debian/README.Debian: add AppArmor section based on the upstream + documentation + + debian/rules: use --with-apparmor and copy apparmor and apport hook to + debian/tmp + - Dropped the following patches now included upstream: + + 0005-Close-logfile-fd-after-spawning-qemu.patch + + 9090-reenable-nonfile-labels.patch + + 9091-apparmor.patch + + 9092-apparmor-autoreconf.patch + * AppArmor integration updates: + - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to + /usr/lib/libvirt/* (LP: #480478) + - debian/apparmor/libvirt-qemu: allow guests access to + /etc/pki/libvirt-vnc/** (LP: #484562) + - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to + /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper + to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user + made no changes to the old profile, remove it, otherwise, update the + paths, preserving the shipped usr.lib.libvirt.virt-aa-helper + - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in + 0.7.4): + + debian/patches/9008-apparmor-caps-mockup.patch + + debian/patches/9009-apparmor-lp453335.patch + + debian/patches/9010-apparmor-lp460271.patch + + debian/patches/9011-apparmor-code-cleanups.patch + - add virt-aa-helper-test and examples/apparmor that were omitted from the + upstream tarball (can be dropped in 0.7.5): + + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch + + debian/patches/9013-apparmor-examples.patch + + debian/rules: add post-patches target to make virt-aa-helper-test + executable + * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work + when both apparmor and selinux are available. This patch should be + dropped in 0.7.4. + * debian/patches/9007-default-config-test-case.patch: updated to not fail + if building in a deep directory + * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite + so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels. + Can be dropped in 0.7.5. + * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal + driver if hald is not running instead of dying. Can be dropped in + 0.7.4. + * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which + isn't available in Ubuntu main yet + * revert change to new source format 3.0 (quilt) since Launchpad can't + handle it yet (see LP: #293106) + + -- Jamie Strandboge Wed, 02 Dec 2009 09:22:21 -0600 + +libvirt (0.7.2-4) unstable; urgency=low + + * [213ca47] switch to new source format 3.0 (quilt) + * [f5a10e9] Depend on hal (Closes: #556730) + * [7d1422d] Drop build-dep on libpolkit-dbus-dev (Closes: #549500) + * [95ad85c] Depend on libcap-ng-dev for lxc driver. + + -- Guido Günther Wed, 25 Nov 2009 20:39:17 +0100 + +libvirt (0.7.2-3) unstable; urgency=low + + * [2c0aa82] Fix qemu:///session Backported from upsgtream's + 79218cdd9887b132eb0f29fe2048f89e90beae1 (Closes: #554869) + + -- Guido Günther Sat, 07 Nov 2009 12:50:54 +0100 + +libvirt (0.7.2-2) unstable; urgency=low + + [ Laurent Léonard ] + * [a9ea205] Change requirement of libvirt-bin in libvirt- suspendonreboot. + * [a4db804] Update debian/patches/0006-Don-t-let-parent-of-daemon- + exit-until-basic-initiali.patch. Fix use of an uninitialized variable that + was causing a bug on i386 systems. + * [59e1e53] Redo patches. + + [ Guido Günther ] + * upload to unstable + * [43f106a] Only remove masquerade roles for VIR_NETWORK_FORWARD_NAT + (Closes: #549949) - thanks to Rob S. Wolfram for testing + + -- Guido Günther Thu, 05 Nov 2009 20:44:21 +0100 + +libvirt (0.7.2-1) experimental; urgency=low + + [ Laurent Léonard ] + * [51a4814] Imported Upstream version 0.7.2 + * [12268f6] Update patches. + * [175d497] Fix SELinux linking issues. Pulled from upstream + 309acaa0230494b8ec08d03375c10238cb2daf55. + * [5cfdaf8] Update libvirt-doc docs. + * [dc2059f] Update libvirt-bin manpages. + * [a62a4a7] Update libvirt-bin examples. + * [9e38cbc] Update libvirt0 symbols. + * [412b12f] Make init.d script provide itself. + * [35451bf] Update debian/rules to support new example files. + * [43b7dac] Don't let parent of daemon exit until basic initialization is + done. + * [5a37e69] Make init.d provide libvirtd for backward compatibility. + + -- Guido Günther Mon, 26 Oct 2009 20:14:23 +0100 + +libvirt (0.7.1-2) unstable; urgency=low + + * [f5299d3] document changes and release 0.7.1-1 + * [f137c00] Allow for older versions of dpkg-dev to ease backports. + * [74f5832] Use Policykit 1.0 (Closes: #549500) + + -- Guido Günther Fri, 09 Oct 2009 20:32:02 +0200 + +libvirt (0.7.1-1) unstable; urgency=low + + [ Laurent Léonard ] + * [40fb620] Bump Debhelper version to 7. + * [e0e89f2] Bump Standards-Version to 3.8.3. + * [50a862f] Clean debian/rules. + * [e9c9906] Change build dependency on libreadline5-dev to + libreadline-dev. + * [b6cb738] Imported Upstream version 0.7.1 + * [780f6a7] Redo patches. + * [3d66f37] Update libvirt-bin examples. + * [c01ed84] Update libvirt0 symbols. + + -- Guido Günther Sat, 26 Sep 2009 17:15:02 +0200 + +libvirt (0.7.0-1ubuntu15) lucid; urgency=low + + * Run test suite at build time. + * Add libxml2-utils dependency. Needed by the test suite. + * Remove "Connecting to uri: " notice from virsh. It breaks the test + suite, the information is readily available with the "uri" command + inside virsh, and it's a usability delta with upstream, so + constantly causes confusion. + + -- Soren Hansen Fri, 27 Nov 2009 11:21:53 +0100 + +libvirt (0.7.0-1ubuntu14) lucid; urgency=low + + * debian/patches/9093-lp460271.patch: require absolute path for dynamic + added files (LP: #460271) + * debian/patches/9094-lp453335.patch: suppress confusing and misleading + apparmor denied message when kvm/qemu tries to open a libvirt specified + readonly file (such as a cdrom) with write permissions. libvirt uses the + readonly attribute for the security driver only, and has no way of telling + kvm/qemu that the device should be opened readonly. (LP: #453335) + * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to + work (LP: #461528) + * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by + allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) + + -- Jamie Strandboge Mon, 09 Nov 2009 17:11:05 -0600 + +libvirt (0.7.0-1ubuntu13) karmic; urgency=low + + * allow save/restore to work in $HOME. This is a workaround until upstream + https://bugzilla.redhat.com/show_bug.cgi?id=529363 is fixed. (LP: #457716) + * debian/libvirt-bin.cron.daily: don't comlain if no domain XML definitions + or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607) + + -- Jamie Strandboge Fri, 23 Oct 2009 03:52:33 -0500 + +libvirt (0.7.0-1ubuntu12) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: a couple more fixes for pulseaudio + LP: #453329 + + -- Jamie Strandboge Fri, 16 Oct 2009 17:06:15 -0500 + +libvirt (0.7.0-1ubuntu11) karmic; urgency=low + + * debian/patches/9091-apparmor.patch: + - src/virt-aa-helper.c: update to parse XML for guest's architecture and + os.type rather than just trying to make something up. + - tests/virt-aa-helper-test: add some tests for the above and fix another + test + - LP: #448671 + + -- Jamie Strandboge Wed, 14 Oct 2009 14:55:20 -0500 + +libvirt (0.7.0-1ubuntu10) karmic; urgency=low + + * debian/patches/0005-Close-logfile-fd-after-spawning-qemu.patch: fix + egregious file descriptor leak with cherry-pick from upstream git, + LP: #438815 + + -- Dustin Kirkland Tue, 06 Oct 2009 18:57:22 -0500 + +libvirt (0.7.0-1ubuntu9) karmic; urgency=low + + * allow access for sound (LP: #437854) + - abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We + do not use the audio abstraction because the virtual machine runs as root + and therefore DAC cannot be used as a fallback. + - debian/README.Debian: add some text to encourage review of the AppArmor + profiles and abstraction when using in production environments + * debian/libvirt-bin.cron.daily: added to clean out old profiles that are no + longer associated with a virtual machine definition (LP: #438165) + * debian/patches/9091-apparmor.patch: + - quote the pid, monitor and logfile in case any of them have weird + characters (complete fix for LP: #432810) + - support for disks + + -- Jamie Strandboge Mon, 05 Oct 2009 16:31:12 -0500 + +libvirt (0.7.0-1ubuntu8) karmic; urgency=low + + * debian/patches/9091-apparmor.patch: sync with upstream for maintenance, + licensing compliance with upstream and bug fixes: + - handle files with spaces in the name (LP: #432810) + - add serial, console, kernel and initrd support (LP: #432581) + - allow read only access to /boot, /vmlinuz and /initrd.img + - allow access to character devices (eg USB devices) + - have virt-aa-helper accept XML on stdin, which allows for adding + other devices in the future and helps ensure we always have the most + up to date definition + - update profile on attach and detach of devices (LP: #435527) + - add --dryrun option to virt-aa-helper, and greatly improve the + virt-aa-helper-test script + * revert workaround for LP: #431090 now that kernel, initrd, et al is + properly supported + * debian/apparmor/usr.sbin.libvirtd: add various capabilities + recommended by upstream to prevent potential regressions + + -- Jamie Strandboge Tue, 22 Sep 2009 20:04:58 -0500 + +libvirt (0.7.0-1ubuntu7) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: add chown capability (LP: #434417) + + -- Jamie Strandboge Tue, 22 Sep 2009 08:03:21 -0500 + +libvirt (0.7.0-1ubuntu6) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: workaround eucalyptus serial console, + kernel and initrd location. This should be removed after virt-aa-helper is + able to get these from XML. (LP: #431090) + + -- Jamie Strandboge Thu, 17 Sep 2009 11:35:42 -0500 + +libvirt (0.7.0-1ubuntu5) karmic; urgency=low + + * debian/apparmor/usr.sbin.libvirtd: switch to enforcing by default. Please + note that this was only in complain mode temporarily to work around kernel + bugs in the 2.6.31-9 kernel. Confinement of virtual machines (controlled + by /etc/apparmor.d/libvirt/TEMPLATE) was already in enforcing mode. + (LP: #427338) + * debian/README.Debian: update AppArmor section based on the upstream + documentation + + -- Jamie Strandboge Thu, 10 Sep 2009 08:05:45 -0500 + +libvirt (0.7.0-1ubuntu4) karmic; urgency=low + + * debian/libvirt-bin.postinst: add each admin user to libvirtd, + LP: #410226; note that this is only a partial fix, as admin users + added after libvirt's install will need to be individually added + to libvirtd; however, this should fix a huge number of + single-admin-user-in-default-Ubuntu-system annoyances + * debian/control: bump standards version + + -- Dustin Kirkland Tue, 08 Sep 2009 17:56:52 -0500 + +libvirt (0.7.0-1ubuntu3) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: allow access to /dev/kqemu + * debian/apparmor/usr.bin.virt-aa-helper: use @{PROC} instead of /proc + + -- Jamie Strandboge Wed, 26 Aug 2009 12:19:24 -0500 + +libvirt (0.7.0-1ubuntu2) karmic; urgency=low + + * Add AppArmor support (LP: #388422): + - debian/patches/9090-reenable-nonfile-labels.patch: add back in + virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor + labels are not stored on disk + - debian/patches/9091-apparmor.patch: add AppArmor security driver + - debian/patches/9092-apparmor-autoreconf.patch: after installing libtool + and the build dependencies, run autoreconf to pull in changes to + Makefile.am and configure.in in 9091-apparmor.patch + - debian/rules: use --with-apparmor and copy debian/apparmor/* to + debian/tmp + - debian/control: Build-Depends on libapparmor-dev and Suggests apparmor + >= 2.3+1289-0ubuntu14 + - add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will + default to complain mode until LP: #401931 is sorted out + - debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt, + /etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain + - debian/libvirt-bin.install: install profiles and abstractions + - debian/libvirt-bin.preinst: newly added to force complain on certian + upgrades + - debian/libvirt-bin.postinst: (re)load profile + - debian/libvirt-bin.postrm: remove force-complain profile on purge + * 9006-increase-unix-socket-timeout.patch: + increase timeout waiting for unix socket in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the logoutput timeout + adjustment in 9003-increase-logoutput-timeout.patch. This is needed with + the new qemudOpenMonitorUnix() function introduced in 0.7.0. + * add apport hook: + - add debian/libvirt-bin.apport + - debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks + - debian/libvirt-bin.install: add source_libvirt-bin.py + - debian/rules: install libvirt-bin.apport + + -- Jamie Strandboge Tue, 25 Aug 2009 11:51:42 -0500 + +libvirt (0.7.0-1ubuntu1) karmic; urgency=low + + * Merge from debian experimental, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + + We call libxen-dev libxen3-dev, so change all references. + + Build-Depends on open-iscsi-utils instead of open-iscsi due to + LP: #414986 + - 9000-delayed_iff_up_bridge.patch: + Don't try to bring up the bridge before at least one interface has been + added to it. + - 9001-dont_clobber_existing_bridges.patch: + Assign the name of the virtual bridge dynamically to avoid interfering + with existing bridges. + - 9002-better_default_uri_virsh.patch: + Default to qemu:///system if the user has write access to the libvirt + socket, otherwise qemu:///session. + - 9003-increase-logoutput-timeout.patch: + increase timeout waiting for log output in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the disk-wait in + mdadm. (LP #344400) + - 9004-better-default-arch.patch: + If a domain does not specify its architecture, attempt to match the host. + (LP #344913) + - 9005-libvirtd-group-name.patch: + Rename libvirt group to libvirtd. + - rename the libvirt group to libvirtd in postinst/postrm + * Dropped the following patches from debian/patches (they don't apply any + more were not applied in 0.6.4-1ubuntu2): + - dynamic_bridge_names.patch + - event-loop-hang.diff + - more-flexible-emulator-on-x86.patch + - xen-events-handling-fix.diff + + -- Jamie Strandboge Thu, 13 Aug 2009 20:24:24 -0500 + +libvirt (0.7.0-1) experimental; urgency=low + + [ Laurent Léonard ] + * [4fb1a38] Imported Upstream version 0.7.0 + * [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer- + QEMU.patch. Fixed upstream. + * [9a8afd0] Redo patches. + * [937ab63] Update symbols. + * [b4bd1ea] Update section in doc-base control file. + + -- Guido Günther Sun, 09 Aug 2009 13:35:42 +0200 + +libvirt (0.6.5-3) unstable; urgency=low + + * [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316) + * [ae20998] fix Debian Xen path patch to also cover the testsuite + * [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer- + QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with + newer kvm. + + -- Guido Günther Wed, 29 Jul 2009 12:17:52 +0200 + +libvirt (0.6.5-2) unstable; urgency=low + + * [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673) + + -- Guido Günther Sun, 12 Jul 2009 15:03:08 +0200 + +libvirt (0.6.5-1) unstable; urgency=low + + [ Guido Günther ] + * [05e9a39] build-depend on policykit so polkit auth works with virsh + as well + + [ C.J. Adams-Collier ] + * [a161c5f] allow to qemu to emulate arm + + [ Guido Günther ] + * [b1e4c4b] Imported Upstream version 0.6.5 + * [e764583] change private symbols to 0.6.5 + * [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream. + * [7ad7896] bump standards version + * [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses + private symbols + + -- Guido Günther Sun, 05 Jul 2009 13:07:53 +0200 + +libvirt (0.6.4-1ubuntu2) karmic; urgency=low + + * Also rename the libvirt group to libvirtd in postinst/postrm. + (LP: #392696) + + -- Soren Hansen Fri, 26 Jun 2009 22:49:45 +0200 + +libvirt (0.6.4-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - 9000-delayed_iff_up_bridge.patch: + Don't try to bring up the bridge before at least one interface has been + added to it. + - 9001-dont_clobber_existing_bridges.patch + Assign the name of the virtual bridge dynamically to avoid interfering + with existing bridges. + - 9002-better_default_uri_virsh.patch: + Default to qemu:///system if the user has write access to the libvirt + socket, otherwise qemu:///session. + - 9003-increase-logoutput-timeout.patch: + increase timeout waiting for log output in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the disk-wait in + mdadm. (LP #344400) + - 9004-better-default-arch.patch: + If a domain does not specify its architecture, attempt to match the host. + (LP #344913) + - 9005-libvirtd-group-name.patch: + Rename libvirt group to libvirtd. + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Mon, 22 Jun 2009 11:14:57 +0200 + +libvirt (0.6.4-1) unstable; urgency=low + + * [dd3adb2] Imported Upstream version 0.6.4 + * [2320162] update symbols file + * [89c9720] remove bashism (Closes: #530122) + * [30d86c1] drop patches fixed upstream: + 0005-don-t-crash-with-def-NULL.patch + 0006-Fix-QEMU-ARGV-detection-with-kvm-85.patch + 0007-Declare-support-for-QEMU-migration-in-capabilities.patch + + -- Guido Günther Thu, 04 Jun 2009 12:50:01 +0200 + +libvirt (0.6.3-4) unstable; urgency=low + + * [3607f2f] Install libvirt_lxc that got list somewhere between our + testbuilds. (Closes: #529578) + * [070ddd5] install augeas lense + * [c9b034d] install schema files + + -- Guido Günther Wed, 20 May 2009 14:33:18 +0200 + +libvirt (0.6.3-3) unstable; urgency=low + + * [4087b7d] disable lxc on ia64 to work around FTBFS until we have + access to a test machine + * [df5f5a0] pull some kvm/qemu related patches from upstream + (Closes: #529324) + + -- Guido Günther Tue, 19 May 2009 19:14:57 +0200 + +libvirt (0.6.3-2) unstable; urgency=low + + * [35898d3] fix crash when libvirt_lxc is called without arguments + * [449ca60] enable lxc support (Closes: #526718) - thanks to Daniel + Pittman for testing this + * [335a4e6] update description with supported virtualization solutions + * [92eba47] delay libvirt-bin start until after avahi + * [8ebd17d] update startup priorities due to changed libvirt-bin + startup priority. Also add an LSB header. (Closes: #526944) + + -- Guido Günther Thu, 07 May 2009 13:28:40 +0200 + +libvirt (0.6.3-1) unstable; urgency=low + + * [0cb2f83] Imported Upstream version 0.6.3 + * virtual box support + * [06fe518] 0001-remove-RHism.diff.patch: use invoke-rc.d + * [ec2fd52] drop patches merged upstream: + * 0003-allow-libvirt-group-to-access-the-socket.patch series + * 0004-fix-Debian-specific-path-to-hvm-loader.patch + * [6977bde] enable vbox support + * [93c4423] add symbols file + + -- Guido Günther Sun, 03 May 2009 23:33:28 +0200 + +libvirt (0.6.2-2) unstable; urgency=low + + * [031b9c1] Don't hardcode buffer size for getgrnam_r. Works around + #520744 and fixes possible problems with implementations having + _SC_GETGR_R_SIZE_MAX != 1024. + * [bbe7743] respect log priority for qemu domain logs (Closes: #524145) + * [a2e4cb0] don't rely on log_end_msg returning 0 this isn't the case + with splashy. (Closes: #523712) + * [ddfafda] move debug package into section debug + + -- Guido Günther Thu, 16 Apr 2009 15:28:31 +0200 + +libvirt (0.6.2-1) unstable; urgency=low + + * [99fd06c] Imported Upstream version 0.6.2 (Closes: #521785) + * [78cd5c8] drop /var/run/libvirt created by init script + * [2a7cb3b] move startup of libvirtd after hal (Closes: #522310) + * [b8707ed] bump standards version 0.8.1 (no changes necessary) + + -- Guido Günther Thu, 09 Apr 2009 22:48:57 +0200 + +libvirt (0.6.1-1) unstable; urgency=low + + * [3be7341] Imported Upstream version 0.6.1 + * [38fde15] rediff Debian specific patches + * [9b59a19] drop patches applied upstream: + * 0004-Don-t-hardcode-ssh-port.patch + * 0005-minimal-workaround-for-qemu-startup-race.patch + * [95d4b7f] drop patches backported from upstream + * 0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch + * [8171d83] build-dep on module-init-tools so configure can figure out + the path to modprobe + + -- Guido Günther Thu, 05 Mar 2009 13:58:41 +0100 + +libvirt (0.6.1-0ubuntu5) jaunty; urgency=low + + * Fix logic error when applying %d bridge name rewriting. (LP: #350780) + + -- Soren Hansen Thu, 16 Apr 2009 20:48:49 +0200 + +libvirt (0.6.1-0ubuntu4) jaunty; urgency=low + + [ Marc Deslauriers ] + * 0008-increase-logoutput-timeout.patch: increase timeout waiting + for log output in src/qemu_driver.c, set to 30 seconds, which 10x + longer than before, and matches the disk-wait in mdadm, LP: #344400 + + -- Dustin Kirkland Fri, 27 Mar 2009 10:57:53 -0500 + +libvirt (0.6.1-0ubuntu3) jaunty; urgency=low + + * Fix "libvirt's defaults are slightly less than sane" (LP: #344913) + - more-flexible-emulator-on-x86.patch (from upstream) + - default-arch.patch + + -- Soren Hansen Thu, 19 Mar 2009 00:23:14 +0100 + +libvirt (0.6.1-0ubuntu2) jaunty; urgency=low + + * Add fix for event loop hang (LP: #344195) + http://article.gmane.org/gmane.comp.emulators.libvirt/12437 + * Add fix for Xen events handling. + http://git.et.redhat.com/?p=libvirt.git;a=commit;h=124cfcbc2bcd1b71b51e720b9bfc7d8e69e8af89 + + -- Soren Hansen Fri, 13 Mar 2009 16:51:33 +0100 + +libvirt (0.6.1-0ubuntu1) jaunty; urgency=low + + * New upstream release. (FFe: LP: #339868) + * Dropped 0004-Don-t-hardcode-ssh-port.patch: Included upstream. + * Rewrote dynamic_bridge_names.patch to work with refactored upstream + bridging code. + + -- Soren Hansen Mon, 09 Mar 2009 11:18:01 +0100 + +libvirt (0.6.0-1ubuntu3) jaunty; urgency=low + + * No change rebuild for python2.6. + + -- Matthias Klose Wed, 25 Feb 2009 12:17:13 +0000 + +libvirt (0.6.0-1ubuntu2) jaunty; urgency=low + + * Accidentally dropped our changes to + 0003-allow-libvirt-group-to-access-the-socket.patch, causing the + group as which libvirtd expected to run to be wrong. Change it back + to "libvirtd" rather than "libvirt". (LP: #328093) + + -- Soren Hansen Wed, 11 Feb 2009 16:10:28 +0100 + +libvirt (0.6.0-1ubuntu1) jaunty; urgency=low + + * Merge with Debian experimental. Remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge + before at least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the + user has write access to the libvirt socket, otherwise + qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + - Included (but did not enable) opennebula patch (since it's not in + main yet). + + -- Soren Hansen Wed, 11 Feb 2009 01:01:42 +0100 + +libvirt (0.6.0-1) experimental; urgency=low + + * [30be86d] Imported Upstream version 0.6.0 + * [179781c] drop patches + * fixed upstream: + 0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch + * applied upstream: + 0004-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch + 0005-qemu-fix-parallel-serial-mode-tcp-and-unix.patch + 0007-don-t-fail-on-missing-locales.patch + * [d80a176] adjust remaining patches to new upstream version + * [208c924] add minimal workaround for qemu startup race + * [6e8caa0] restart libvirt daemon on upgrades if possible + (Closes: #492694, #499008) + + -- Guido Günther Thu, 05 Feb 2009 18:40:10 +0100 + +libvirt (0.5.1-7) unstable; urgency=low + + * [1238706] Recommend dnsmasq-base instead of dnsmasq this keeps us + out of all the dnsmasq already running troubles. (Closes: #516443) - + thanks to Bin Zhang for the suggestion and the doc update + * [5c9dfd7] don't rotate empty logfiles (Closes: #517040) + * [1c9a023] libvirt_proxy: Fix use of uninitalized memory We currently + don't build this code (CVE-2009-0036). + * [4ea1ea9] fix path to hvmloader (Closes: #517059) + * [879b632] suggest devhelp + * [f22f1ef] add ${misc:Depends} + * [c6f579e] README.Debian: fix typo + + -- Guido Günther Thu, 26 Feb 2009 14:45:32 +0100 + +libvirt (0.5.1-6) unstable; urgency=low + + * upload to unstable + + -- Guido Günther Mon, 16 Feb 2009 21:27:21 +0100 + +libvirt (0.5.1-5) experimental; urgency=low + + * [d4a69d1] don't fail on missing locales (Closes: #512721) + * [cecac4c] don't hardcode ssh port - based on a patch by Adrian + Bridgett. (Closes: #513605) + * [4565a65] drop superflous headers and footers from remaining patches + + -- Guido Günther Fri, 30 Jan 2009 23:06:29 +0100 + +libvirt (0.5.1-4ubuntu1) jaunty; urgency=low + + * Merge with Debian experimental. + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge + before at least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the + user has write access to the libvirt socket, otherwise + qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + * Included (but did not enable) opennebula patch (since it's not in + the archive yet). + + -- Soren Hansen Thu, 08 Jan 2009 23:01:16 +0100 + +libvirt (0.5.1-4) experimental; urgency=low + + * [2fd5224] apply upstream patch for CVE-2008-5086 (Closes: #509106) + + -- Guido Günther Thu, 18 Dec 2008 16:12:00 +0100 + +libvirt (0.5.1-3) experimental; urgency=low + + * [d30438c] create libvirt log directory (Closes: #508129) + * [417a23c] qemu: fix parallel/serial mode "tcp" and "unix" + (Closes: #507608) + + -- Guido Günther Thu, 11 Dec 2008 12:38:01 +0100 + +libvirt (0.5.1-2) experimental; urgency=low + + * [4cd547b] create /var/run/libvirt (Closes: #507578) + * [fe96870] merge back master + * [d46313f] drop patches for issues fixed upstream + - 0007-also-look-for-usr-bin-kvm.patch + - 0008-Increase-initial-qemu-monitor-read-timeout.patch + - 0009-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch + - 0010-raise-error-on-invalid-volume-format.patch + + -- Guido Günther Sat, 06 Dec 2008 10:37:12 +0100 + +libvirt (0.5.1-1) experimental; urgency=low + + * [d76b3a1] Imported Upstream version 0.5.1 (Closes: #507677, #507547) + * [2e550ae] enable hal for device enumeration + * [0d9116a] rotate qemu monitor logs (Closes: #507553) - thanks to + Harald Staub + * [5f85e66] depend on logrotate + * [6e955a3] open qemu monitor O_APPEND instead of O_TRUNC for logrotate + * [7dbea84] drop 0004-xen-prefer-xenstoraged-driver-for- + listDomains.patch - applied upstream + + -- Guido Günther Fri, 05 Dec 2008 09:36:54 +0100 + +libvirt (0.5.0-1) experimental; urgency=low + + * [717ef21] Imported Upstream version 0.5.0 + * [b7a1fbd] enable OpenVZ support (Closes: #504597) - thanks to Pierre + Chifflier for the patch + * [ee3590a] drop patches, fixed upstream: + * 0004-support-virtio-and-scsi-disks-in-qemudDomainBlockSta.patch + * 0005-fix-define-vs.-defined-typos.patch + * [f4f601f] bump shlibs to 0.5.0 + + -- Guido Günther Fri, 28 Nov 2008 16:40:38 +0100 + +libvirt (0.4.6-10) unstable; urgency=low + + * [5878698] cherry-pick patch for CVE-2008-5086 from experimental + + -- Guido Günther Thu, 18 Dec 2008 16:59:45 +0100 + +libvirt (0.4.6-9) unstable; urgency=low + + * [d30438c] create libvirt log directory (Closes: #508129) + + -- Guido Günther Mon, 08 Dec 2008 10:12:28 +0100 + +libvirt (0.4.6-8) unstable; urgency=low + + * [e771da9] drop superflous 0011-Fix-segfault-on-missing-volume- + format.patch - not needed. + + -- Guido Günther Fri, 05 Dec 2008 10:17:01 +0100 + +libvirt (0.4.6-7) unstable; urgency=low + + * [ea12bd9] create /var/run/libvirt fixes /var/run on tmpfs + (Closes: #507578) + * [97e5706] also look for /usr/bin/kvm (Closes: #507547) + * [311b4c1] increase initial qemu monitor read timeout + (Closes: #499720) + * [fbe4e00] open qemu monitor log O_APPEND instead of O_TRUNC + * [f8ce017] raise error on invalid volume format + * [40edcf8] rotate qemu monitor logs (Closes: #507553) - thanks to + Harald Staub + * [46ea43a] fix segfault on missing volume format (Closes: #507677) - + thanks to Daniel Veillard + * [ee377f3] bump shlibs version to 0.4.6 + * [504d55d] depend on logrotate + + -- Guido Günther Thu, 04 Dec 2008 17:50:45 +0100 + +libvirt (0.4.6-6) unstable; urgency=low + + * [ff8e9ae] README.Debian: clarify xen configuration + * [c07c68f] prefer xenstoraged driver for listDomains - avoids seeing "ghost + domains" due to bugs in several versions of the xen HV + + -- Guido Günther Thu, 27 Nov 2008 18:06:48 +0100 + +libvirt (0.4.6-5ubuntu2) jaunty; urgency=low + + * SECURITY UPDATE: fix privilege escalation due to missing read only + connection checks + - debian/patches/0009-CVE-2008-5086.patch: update functions in + src/libvirt.c to check against VIR_CONNECT_RO and return with operation + denied error + - CVE-2008-5086 + + -- Jamie Strandboge Tue, 16 Dec 2008 10:47:09 -0600 + +libvirt (0.4.6-5ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since + we used to ship them as such. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + * Add qemu migration patch (from upstream git (adjusted for 0.4.6)). + * Add dynamic_bridge_names.patch to again support dynamic bridge names. + + -- Soren Hansen Tue, 18 Nov 2008 18:04:40 +0100 + +libvirt (0.4.6-5) unstable; urgency=low + + * [411ada3] add more details about dnsmasq vs. libvirtd (Closes: #504605) + * [2f8f07d] add default image dir virt-manager assumes they exist and + they're used in the SELinux policies too. (Closes: #505577) + * [9eb3a83] fix #define vs. #defined typos - affects non Linux architectures + and fixes the build with gcc 4.4 (Closes: #505607) - thanks to Martin + Michlmayr + * [0e21634] fix uploader + + -- Guido Günther Fri, 14 Nov 2008 14:54:48 +0100 + +libvirt (0.4.6-4) unstable; urgency=low + + * upload to unstable + * [50b27f5] add libvirt-suspendonreboot script (Closes: #501155) - + thanks to Andreas Barth + + -- Guido Günther Sat, 01 Nov 2008 19:33:36 +0100 + +libvirt (0.4.6-3) experimental; urgency=low + + * [8fa5a3c] add a versioned recommends on qemu (Closes: #501692) + * [d1539bc] recommend pkg-config + * [f08bb18] explain libvirt group (Closes: #501824) + + -- Guido Günther Sun, 12 Oct 2008 20:27:25 +0200 + +libvirt (0.4.6-2) experimental; urgency=low + + * [2039095] tighten libvirt dependency + * [06dbe8a] qemu/kvm: fix domain block stats for virtio and scsi devices + + -- Guido Günther Thu, 02 Oct 2008 22:03:05 +0200 + +libvirt (0.4.6-1) experimental; urgency=low + + * [e20d3d4] Imported Upstream version 0.4.6 + * [0c840ab] disable numactl + * [ca2c5cb] cleanup doc installation (Closes: #492075) + * [714ab94] drop 0004-for-kvm-determine-maxVCPUs-at-runtime.patch - applied + upstream + * [e7563a8] drop 0005-fix-crash-when-no-emulator-is-defined-for-kvm- + qemu.patch - fixed upstream + + -- Guido Guenther Thu, 25 Sep 2008 12:31:45 +0200 + +libvirt (0.4.5-2) experimental; urgency=low + + * [17647cd] libvirt-bin.default: add keytab default + * [0ef01e7] fix runtime vcpu detection (0004-for-kvm-determine- + maxVCPUs-at-runtime.patch) (Closes: #495950) + * [b91e1eb] don't crash when no emulator is defined (0005-fix-crash- + when-no-emulator-is-defined-for-kvm-qemu.patch) + + -- Guido Guenther Mon, 22 Sep 2008 20:11:04 +0200 + +libvirt (0.4.5-1) experimental; urgency=low + + * [ab8b4e6] Imported Upstream version 0.4.5 + * [4aaef27] tighten dependency on libvirt + * [fa253be] drop 0002-qemu-path.diff.patch - fixed upstream + * [87fc2db] drop 0005-check-for-the-existence-of-the-migrate- + command.patch applied upstream + * [bc311aa] drop 0006-wrong-open-failure-detection.patch applied + upstream + * [38e615d] rebase the remaining patches + * [9a04bb7] bump shlibs version to 0.4.5 + * [9fadd6f] disable LXC + * [179c869] build-dep on libselinux1-dev for selinux support + + -- Guido Guenther Thu, 18 Sep 2008 19:02:55 +0200 + +libvirt (0.4.4-3ubuntu3) intrepid; urgency=low + + * debian/patches/0008-lp287533.patch: allow 16 VCPUs when using kvm + (LP: #287533) + + -- Jamie Strandboge Wed, 22 Oct 2008 10:13:12 -0500 + +libvirt (0.4.4-3ubuntu2) intrepid; urgency=low + + * Make QEmu a suggested package of libvirt0 rather than a recommended one. + * Make kvm a recommended package of libvirt0. + + -- Soren Hansen Mon, 11 Aug 2008 16:18:03 +0200 + +libvirt (0.4.4-3ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since + we used to ship them as such. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Mon, 11 Aug 2008 15:36:54 +0200 + +libvirt (0.4.4-3) unstable; urgency=low + + * upload to unstable + * [96c6727] add /var/cache/libvirt needed by qemuDriver for temporary + storage + * [794f95c] bump standards version to 3.8.0 + * [05184af] add README.source + + -- Guido Guenther Wed, 23 Jul 2008 11:30:31 -0400 + +libvirt (0.4.4-2) experimental; urgency=low + + * [facb983] README.Debian explain "default" network startup + * [395a510] add /var/lib/libvirt needed for the dnsmasq lease file + * [9c588ac] promote bridge-utils & dnsmasq to Recommends: since + they're needed for the default NAT network + * [9ed2cd4] recommend iptables - needed for the default NAT network + + -- Guido Guenther Wed, 23 Jul 2008 00:23:58 -0400 + +libvirt (0.4.4-1) experimental; urgency=low + + * [0ff1e68] new upstream version + * [2098f96] rebase patches for 0.4.4 + * [abbd15e] enable with-storage-disk now that we have parted1.8 + * [3942b25] start libvirtd by default + + -- Guido Guenther Fri, 27 Jun 2008 10:06:00 +0200 + +libvirt (0.4.4-0ubuntu1) intrepid; urgency=low + + * New upstream release + - Drop nic-model, disk-bus, and ancient_parted.patch. They're all + upstream now (in some form). + - Add new libdevmapper-dev build-dependency. + + -- Soren Hansen Wed, 25 Jun 2008 18:51:21 +0200 + +libvirt (0.4.2-6ubuntu1) UNRELEASED; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + - debian/libvirt-bin.default + + Make libvirtd start by default + - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store + its state info. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - Build iscsi and disk storage support. + - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - nic-model.patch: Add support for NIC configuration. + - disk-bus.patch: Add support for bus='foo' attributes for disk targets. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - ancient_parted.patch: Fix builds against libparted1.7 + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Wed, 25 Jun 2008 16:40:46 +0200 + +libvirt (0.4.2-6) unstable; urgency=low + + * reenable open-iscsi support - thanks to to the open-iscsi + maintainers for fixing this up + * build a libvirt0-dbg package + * register documentation with doc-base (Closes: #480294) - thanks to + Tzafrir Cohen for the patch + * control: fix typo + * README.Debian: explain debugging + + -- Guido Guenther Thu, 15 May 2008 18:04:20 +0200 + +libvirt (0.4.2-5ubuntu2) intrepid; urgency=low + + * We call libxen-dev libxen3-dev. + * Make libvirt-dev installable alongside libvirt0-dbg. + + -- Soren Hansen Fri, 02 May 2008 10:59:50 +0200 + +libvirt (0.4.2-5ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + - Add libvirt0-dbg package + - debian/libvirt-bin.default + + Make libvirtd start by default + - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store + its state info. + - Create /var/run/libvirt in libvirt-bin's init script. + - Install PolicyKit and sasl stuff in libvirt-bin. + - Rename libvirt group to libvirtd. + - Build iscsi and disk storage support. + - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - nic-model.patch: Add support for NIC configuration. + - disk-bus.patch: Add support for bus='foo' attributes for disk targets. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - ancient_parted.patch: Fix builds against libparted1.7 + + -- Soren Hansen Fri, 02 May 2008 01:50:32 +0200 + +libvirt (0.4.2-5) unstable; urgency=low + + * no need to depend on python-all-dev we only build an extension for + the current python version + + -- Guido Guenther Tue, 22 Apr 2008 11:26:13 +0200 + +libvirt (0.4.2-4) unstable; urgency=low + + * only build-dep on qemu on architectures that have it + (Closes: #476290) + * the packages containing the daemon should suggest polkit + + -- Guido Guenther Fri, 18 Apr 2008 10:41:38 +0200 + +libvirt (0.4.2-3) unstable; urgency=low + + * drop the {build-,}dependency on open-iscsi too + * suggest policykit + + -- Guido Guenther Mon, 14 Apr 2008 15:27:20 +0200 + +libvirt (0.4.2-2) unstable; urgency=low + + * disable the iscsi storage backend until #423368 is fixed in unstable + * disable polkit authentication by default so the libvirt stays accessible + for members of the libvirt group + + -- Guido Guenther Mon, 14 Apr 2008 14:20:23 +0200 + +libvirt (0.4.2-1) unstable; urgency=low + + * drop no-mac.diff - applied upstream + * no need to explicitly link against libpthread + * always enable debugging + * add Homepage URL + * add Vcs-{Git,Browser} fields + * symlink devhelp docs + * enable policy kit + + -- Guido Guenther Fri, 11 Apr 2008 17:54:06 +0200 + +libvirt (0.4.1-1) experimental; urgency=low + + * new upstream version + * Xen 3.2 fixes + * storage pool support + * partition based storage pools are disabled, since this needs parted 1.8 + which is only in experimental + * update patches for new upstream release + * boot-dev-error.diff - applied upstream + * qemu-parse-error.diff - applied upstream + * qemu-path.diff - adjust to new hypervisor detection code + * rediff the rest + * new patches: + * no-mac.diff: don't set mac address on tun device since it breaks kvm + * bump shlibs version + + -- Guido Guenther Fri, 07 Mar 2008 10:17:21 +0100 + +libvirt (0.4.0-6) unstable; urgency=low + + * depend on libxen-dev (Closes:#467598) + * allow members of the libvirt group to manage virtual machines + + -- Guido Guenther Sun, 02 Mar 2008 16:11:49 +0100 + +libvirt (0.4.0-5) unstable; urgency=low + + * thanks to the xen maintainers Debian now has a working libxen-dev, so + enable xen support in the default build (Closes: #453826) + * recommend netcat-openbsd for unix domain socket support (Closes: #453627) + * README.Debian: document necessary xend options + * fix spelling of Python + + -- Guido Guenther Wed, 20 Feb 2008 11:14:22 +0100 + +libvirt (0.4.0-4) unstable; urgency=low + + * don't segfault on broken boot device configuration (Closes: #463686) + * don't segfault due to missing errorhandling in the XML parsing code + + -- Guido Guenther Tue, 05 Feb 2008 13:12:54 +0100 + +libvirt (0.4.0-3) unstable; urgency=low + + * add and remove the libvirt group for the socket + * be a bit more verbose on libvirtd reload + * depend on adduser since we add the libvirt user + * don't restart libvirtd on upgrades since it kills running qemus + * enable debugging via DEB_BUILD_OPTS + + -- Guido Guenther Sun, 03 Feb 2008 14:21:46 +0100 + +libvirt (0.4.0-2ubuntu8) hardy; urgency=low + + * disk-bus.patch: + - Add bus attribute to disk/target tags. Allows you to create virtio disks. + (LP: #213991) + * nic-model.patch: + - Add support to network interfaces. (LP: #213991) + * graceful_shutdown.patch: + - Rather than pulling the power from virtual machines, send an ACPI power + button event and let the OS handle it. + * better_default_uri_virsh.patch: + - Updated patch: Output connection URI to stderr instead of stdout to avoid + breaking scripts that use virsh. + + -- Soren Hansen Wed, 16 Apr 2008 10:35:03 +0200 + +libvirt (0.4.0-2ubuntu7) hardy; urgency=low + + * better_default_uri_virsh.patch: + - Make virsh connect to qemu:///system by default if the user has write + access to /var/run/libvirt/libvirt-sock and qemu:///session if not. + + -- Soren Hansen Tue, 01 Apr 2008 10:32:59 +0200 + +libvirt (0.4.0-2ubuntu6) hardy; urgency=low + + * *Actually* apply our patches to the -dbg version. + + -- Soren Hansen Tue, 11 Mar 2008 14:49:03 +0100 + +libvirt (0.4.0-2ubuntu5) hardy; urgency=low + + * Create /var/lib/libvirt in libvirt-bin. (LP: #191636) + + -- Soren Hansen Wed, 13 Feb 2008 22:17:33 +0100 + +libvirt (0.4.0-2ubuntu4) hardy; urgency=low + + * dont_clobber_existing_bridges.patch: + - Change bridge name from virbr0 to virbr%d, to ensure we never clobber + existing bridges. + * Add iptables dependency + + -- Soren Hansen Wed, 13 Feb 2008 00:53:20 +0100 + +libvirt (0.4.0-2ubuntu3) hardy; urgency=low + + * Build against libxen3-dev instead of libxen3.2-dev. + * libvirt-bin: + + Replace "Suggests: dnsmasq" with "Depends: dnsmasq-base". + + Add dependency on netcat-openbsd (to enable qemu+ssh:// style remote + management) + + -- Soren Hansen Fri, 08 Feb 2008 17:24:48 +0100 + +libvirt (0.4.0-2ubuntu2) hardy; urgency=low + + * Build against libxen-3.2 instead of 3.1. + * Bump bridge-utils from Suggests: to Depends:. + + -- Soren Hansen Tue, 05 Feb 2008 10:34:31 +0100 + +libvirt (0.4.0-2ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - DebianMaintainerField. + - Add libxen3.1-dev to enable Xen management. + - Add libpolkit-dbus-dev to enable polkit integration. + - Build libvirt0-dbg flavour. + - Start libvirtd by default. + - Install polkit policy. + - Install sasl config. + - Install sample qemu and libvirtd config. + - Create libvirtd group in postinst. + - libvirt-remote-ssh.patch: Fix foo+ssh:// urls. + - delayed_iff_up_bridge.patch: Don't try to IFF_UP the bridge interface + until an interface gets added to it. + * Create /var/run if it doesn't exist (LP: #178106). + + -- Soren Hansen Wed, 30 Jan 2008 16:43:11 +0100 + +libvirt (0.4.0-2) unstable; urgency=low + + * libvirt-bin.init: fix the reload target + * add configuration examples + + -- Guido Guenther Sat, 15 Dec 2007 18:59:11 +0100 + +libvirt (0.4.0-1) unstable; urgency=low + + * new upstream version + * enable sasl support + * leave policykit support disabled since it's not in unstable yet + * bump shlibs version + * remove CVS metadata + * rediff patches + * libvirtd-bin.init: libvirtd supports reload + + -- Guido Guenther Fri, 21 Dec 2007 16:49:13 +0100 + +libvirt (0.4.0-0ubuntu3) hardy; urgency=low + + * Clean up debian/rules (should reenable concurrent builds). + * Don't restart libvirt on upgrades (if there's a good reason, we'll + add it to postinst/prerm with checks for specific versions). + + -- Soren Hansen Fri, 18 Jan 2008 19:07:19 +0100 + +libvirt (0.4.0-0ubuntu2) hardy; urgency=low + + * IFF_UP'ing a bridge interface doesn't work until the first interface has + been added to it. + * Fix remote ssh connections. + + -- Soren Hansen Tue, 15 Jan 2008 10:53:25 +0100 + +libvirt (0.4.0-0ubuntu1) hardy; urgency=low + + * New upstream release. + * Don't change the default URI. It appears that too many applications + still depend on this broken behaviour. + * Change maintainer to ubuntu-core-dev. + + -- Soren Hansen Fri, 21 Dec 2007 11:24:02 +0100 + +libvirt (0.3.3-6ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - Add libvirt0-dbg package. + - Start libvirtd by default. + - Create libvirtd group, and have libvirtd's sockets have group ownership + "libvirtd". + - Add libxen as a build-dependency to enable libvirt's Xen features. + + -- Soren Hansen Thu, 20 Dec 2007 11:28:00 +0100 + +libvirt (0.3.3-6) unstable; urgency=low + + * don't include precompiled examples in the doc package (Closes: #456825) + * remove RHism from manpage (Closes: #455859) + * bump standards version + + -- Guido Guenther Wed, 19 Dec 2007 13:45:58 +0100 + +libvirt (0.3.3-5.xen0) unstable; urgency=low + + * rebuild with xen support + + -- Guido Guenther Tue, 08 Jan 2008 11:00:24 +0100 + +libvirt (0.3.3-5) unstable; urgency=low + + * make libs match overrides + * move to team maintenance + * suggest dnsmasq and bridge-utils for qemu networking + * remove stale PID files + + -- Guido Guenther Thu, 13 Dec 2007 21:34:16 +0100 + +libvirt (0.3.3-4.xen0) unstable; urgency=low + + * UNRELEASED + * build with xen support + * debian/control: we also support xen + + -- Guido Guenther Thu, 06 Dec 2007 15:43:03 +0100 + +libvirt (0.3.3-4ubuntu5) hardy; urgency=low + + * Made default_uri a configurable. + + -- Soren Hansen Wed, 19 Dec 2007 00:56:31 +0100 + +libvirt (0.3.3-4ubuntu4) hardy; urgency=low + + * Add "Provides: libvirt0" to libvirt0-dbg. + * Make virsh understand that the default URI is not xen:///. + + -- Soren Hansen Wed, 19 Dec 2007 00:13:10 +0100 + +libvirt (0.3.3-4ubuntu3) hardy; urgency=low + + * Change default URI to qemu:///session + * Add libvirt0-dbg package, which is just like libvirt0, but built + with --enable-debug=yes. + + -- Soren Hansen Thu, 13 Dec 2007 21:37:39 +0100 + +libvirt (0.3.3-4ubuntu2) hardy; urgency=low + + * Start libvirtd by default. + * Create libvirtd group, and have libvirtd's sockets have group ownership + "libvirtd". + + -- Soren Hansen Thu, 13 Dec 2007 15:08:29 +0100 + +libvirt (0.3.3-4ubuntu1) hardy; urgency=low + + * Fakesync with Debian. + * Reenable Xen. + + -- Soren Hansen Thu, 06 Dec 2007 13:33:13 +0100 + +libvirt (0.3.3-4) unstable; urgency=low + + * put packages into the proper sections + * fix messed up Standards-Version (Closes: #453900) + + -- Guido Guenther Sun, 02 Dec 2007 14:50:11 +0100 + +libvirt (0.3.3-3.xen0) unstable; urgency=low + + * build with xen support - depend on our hacked up xen-utils for that + + -- Guido Guenther Sat, 01 Dec 2007 16:27:32 +0000 + +libvirt (0.3.3-3) unstable; urgency=low + + * add initscript to start libvirtd + + -- Guido Guenther Wed, 28 Nov 2007 10:30:29 +0100 + +libvirt (0.3.3-2) unstable; urgency=low + + * debian/copyright: + * update FSF address + * update upstream author and copyright information + * install the virsh manpage + * use binary:Version instead of Source-Version + + -- Guido Guenther Fri, 23 Nov 2007 22:31:26 +0100 + +libvirt (0.3.3-1) unstable; urgency=low + + * repackage for Debian (Closes: #384300) + * enable avahi + * build with qemu/kvm support + * disable xen support until #402249 is fixed + * disable qemu autonetwork for now, causes libvirtd to seqfault + * fix path to kvm + * switch off DH_VERBOSE + * thanks to the Ubuntu maintainers for their work! + + -- Guido Guenther Fri, 23 Nov 2007 01:58:56 +0100 + +libvirt (0.3.3-0ubuntu1) hardy; urgency=low + + * New upstream release. + * Update maintainer. + + -- Soren Hansen Wed, 14 Nov 2007 23:09:33 +0100 + +libvirt (0.3.0-0ubuntu2) gutsy; urgency=low + + * Add lingnutls-dev Build-Dep. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 12:10:41 +0200 + +libvirt (0.3.0-0ubuntu1) gutsy; urgency=low + + * Import new upstram release that can actually build on xen-3.1. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 10:23:04 +0200 + +libvirt (0.2.2-0ubuntu1) gutsy; urgency=low + + * Depends on libxen3.1-dev. + + -- Chuck Short Fri, 13 Jul 2007 11:04:00 -0400 + +libvirt (0.2.2-0ubuntu0) gutsy; urgency=low + + * New upstream version. + * Updated libvirt-bin.install, thanks to Marcelo Boveto Shima. + + -- Chuck Short Sun, 24 Jun 2007 09:54:54 -0400 + +libvirt (0.1.8-0ubuntu2) feisty; urgency=low + + * Rebuild for python2.5 as the default python version. + + -- Matthias Klose Fri, 12 Jan 2007 13:21:55 +0000 + +libvirt (0.1.8-0ubuntu1) feisty; urgency=low + + * Initial release + + -- Andrew Mitchell Mon, 23 Oct 2006 20:00:28 +1300 + --- libvirt-0.7.5.orig/debian/libvirt-bin.postrm +++ libvirt-0.7.5/debian/libvirt-bin.postrm @@ -0,0 +1,47 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + if getent group libvirtd >/dev/null; then + delgroup libvirtd || true + fi + + rm -f /etc/apparmor.d/force-complain/usr.sbin.libvirtd >/dev/null 2>&1 || true + rm -f /etc/apparmor.d/disable/usr.sbin.libvirtd >/dev/null 2>&1 || true + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- libvirt-0.7.5.orig/debian/libvirt-bin.manpages +++ libvirt-0.7.5/debian/libvirt-bin.manpages @@ -0,0 +1,2 @@ +tools/virsh.1 +debian/libvirt-migrate-qemu-disks.1 --- libvirt-0.7.5.orig/debian/libvirt-doc.docs +++ libvirt-0.7.5/debian/libvirt-doc.docs @@ -0,0 +1,9 @@ +docs/*.rng +docs/*.png +docs/*.xml +docs/*.html +docs/*.gif +docs/*.css +docs/html/ +docs/devhelp/ +examples/ --- libvirt-0.7.5.orig/debian/libvirt-bin.examples +++ libvirt-0.7.5/debian/libvirt-bin.examples @@ -0,0 +1,5 @@ +daemon/libvirtd.conf +daemon/libvirtd.policy-0 +daemon/libvirtd.policy-1 +daemon/libvirtd.sasl +debian/libvirt-suspendonreboot --- libvirt-0.7.5.orig/debian/control +++ libvirt-0.7.5/debian/control @@ -0,0 +1,104 @@ +Source: libvirt +Section: libs +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Libvirt Maintainers +Uploaders: Guido Günther , Laurent Léonard +Build-Depends: cdbs (>= 0.4.43), debhelper (>= 7), libxml2-dev, libncurses5-dev, libreadline-dev, zlib1g-dev, libgnutls-dev, python-dev (>= 2.3.5-11), python-central (>= 0.5.6), quilt, libavahi-client-dev, libsasl2-dev, libxen3-dev [i386 amd64], lvm2, qemu-kvm [amd64 i386 powerpc sparc], open-iscsi-utils, libparted0-dev (>= 2.2), libdevmapper-dev, uuid-dev, + libudev-dev, + libpciaccess-dev, + module-init-tools, + policykit-1, + dpkg-dev (<< 1.15.3) | dpkg-dev (>> 1.15.3), + libxml2-utils, libapparmor-dev, libcap-ng-dev +XS-Python-Version: current +Build-Conflicts: dpkg-dev (= 1.15.3) +XS-Debian-Vcs-Git: git://git.debian.org/git/pkg-libvirt/libvirt.git +XS-Debian-Vcs-Browser: http://git.debian.org/?p=pkg-libvirt/libvirt.git +Homepage: http://libvirt.org +Standards-Version: 3.8.3 +DM-Upload-Allowed: yes + +Package: libvirt-bin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libvirt0 (= ${binary:Version}), logrotate, + hal, + bridge-utils, netcat-openbsd, dnsmasq-base (>= 2.46-1), iptables +Enhances: qemu, kvm, xen +Section: admin +Recommends: qemu-kvm (>= 0.11.0-0ubuntu6) +Suggests: policykit-1, apparmor (>= 2.3+1289-0ubuntu14) +Description: the programs for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the supporting binaries to use with libvirt + +Package: libvirt0 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: libvirt0-dbg (<< 0.4.2-6ubuntu1) +Replaces: libvirt0-dbg (<< 0.4.2-6ubuntu1) +Recommends: lvm2 +Description: library for interfacing with different virtualization systems + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + +Package: libvirt0-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libvirt0 (= ${binary:Version}) +Priority: extra +Section: debug +Description: library for interfacing with different virtualization systems + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the debugging symbols. + +Package: libvirt-doc +Architecture: all +Section: doc +Depends: ${misc:Depends} +Suggests: devhelp +Description: documentation for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the documentation. + +Package: libvirt-dev +Architecture: any +Section: libdevel +Depends: ${misc:Depends}, libvirt0 (= ${binary:Version}), libxen3-dev [i386 amd64] +Recommends: pkg-config +Description: development files for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the header files and static libraries which are + needed for developing the applications with libvirt. + +Package: python-libvirt +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, libvirt0 (>= ${binary:Version}) +Provides: ${python:Provides} +Section: python +XB-Python-Version: ${python:Versions} +Description: libvirt Python bindings + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains Python bindings for the libvirt library + --- libvirt-0.7.5.orig/debian/README.source +++ libvirt-0.7.5/debian/README.source @@ -0,0 +1,57 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- libvirt-0.7.5.orig/debian/rules +++ libvirt-0.7.5/debian/rules @@ -0,0 +1,75 @@ +#!/usr/bin/make -f + +DEB_PYTHON_SYSTEM = pycentral + +ifneq (,$(findstring $(DEB_HOST_ARCH), i386 amd64)) + BUILD_XEN = --with-xen + BUILD_VBOX = --with-vbox +else + BUILD_XEN = --without-xen + BUILD_VBOX = --without-vbox +endif + +ifneq (,$(findstring $(DEB_HOST_ARCH), ia64)) + BUILD_LXC = --without-lxc +else + BUILD_LXC = --with-lxc +endif + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/class/python-distutils.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +DEB_CONFIGURE_EXTRA_FLAGS := \ + --disable-rpath \ + --with-qemu \ + --with-qemu-user=libvirt-qemu \ + --with-qemu-group=kvm \ + --with-openvz \ + --with-avahi \ + --with-sasl \ + --with-polkit \ + --with-udev \ + --with-storage-fs \ + --with-storage-lvm \ + --with-storage-iscsi \ + --with-storage-disk \ + --with-init-scripts=none \ + --with-apparmor \ + --without-numactl \ + --without-selinux \ + --without-esx \ + --without-libssh2 \ + --enable-debug \ + $(BUILD_XEN) \ + $(BUILD_VBOX) \ + $(BUILD_LXC) + +DEB_COMPRESS_EXCLUDE = .o event-test hellolibvirt info1 suspend +DEB_PYTHON_SETUP_CMD = /dev/null +DEB_DH_MAKESHLIBS_ARGS_libvirt0 += -V 'libvirt0 (>= 0.5.0)' +DEB_DH_INSTALLINIT_ARGS = --upstart-only +DEB_DH_INSTALLLOGROTATE_ARGS = --name=libvirtd +DEB_MAKE_CHECK_TARGET := check + +EXAMPLES_DIR = $(CURDIR)/debian/libvirt-doc/usr/share/doc/libvirt-doc/examples/ + +binary-install/libvirt-doc:: + find $(EXAMPLES_DIR) -name "*.o" -type f -delete -o -name .libs -type d -exec rm -rf {} \; + rm -f $(EXAMPLES_DIR)domain-events/events-c/event-test + rm -f $(EXAMPLES_DIR)dominfo/info1 + rm -f $(EXAMPLES_DIR)domsuspend/suspend + rm -f $(EXAMPLES_DIR)hellolibvirt/hellolibvirt + +build/libvirt-bin:: + mkdir -p debian/tmp/etc/apparmor.d/abstractions debian/tmp/etc/apparmor.d/libvirt + cp -f debian/apparmor/libvirt-qemu debian/tmp/etc/apparmor.d/abstractions + cp -f debian/apparmor/usr.lib.libvirt.virt-aa-helper debian/tmp/etc/apparmor.d + cp -f debian/apparmor/usr.sbin.libvirtd debian/tmp/etc/apparmor.d + cp -f debian/apparmor/TEMPLATE debian/tmp/etc/apparmor.d/libvirt + mkdir -p debian/tmp/usr/share/apport/package-hooks + cp -f debian/libvirt-bin.apport debian/tmp/usr/share/apport/package-hooks/source_libvirt-bin.py + mkdir -p debian/tmp/usr/sbin + cp -f debian/libvirt-migrate-qemu-disks debian/tmp/usr/sbin + --- libvirt-0.7.5.orig/debian/libvirt0.install +++ libvirt-0.7.5/debian/libvirt0.install @@ -0,0 +1,2 @@ +usr/lib/libvirt.so.* + --- libvirt-0.7.5.orig/debian/libvirt-bin.default +++ libvirt-0.7.5/debian/libvirt-bin.default @@ -0,0 +1,11 @@ +# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) +# This is a POSIX shell fragment + +# Start libvirtd to handle qemu/kvm: +start_libvirtd="yes" + +# options passed to libvirtd, add "-l" to listen on tcp +libvirtd_opts="-d" + +# pass in location of kerberos keytab +#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab --- libvirt-0.7.5.orig/debian/libvirt-migrate-qemu-disks.1 +++ libvirt-0.7.5/debian/libvirt-migrate-qemu-disks.1 @@ -0,0 +1,92 @@ +.TH LIBVIRT-MIGRATE-QEMU-DISKS: "1" "" "August 2010" "August 2010" + +.SH NAME +libvirt\-migrate\-qemu\-disks \- program for migrating pre-0.8.3 domain definitions +.PP +.SH DESCRIPTION +Libvirt versions earlier that 0.8.3 would probe a qemu disk to determine its +format and did not require that the format be declared in the XML. Newer +versions of libvirt will default to the 'raw' format when the format is not +specified in the XML. As a result, non-raw disks without unspecified disk +format will no longer be available in virtual machines. + +libvirt\-migrate\-qemu\-disks aids in transitioning virtual machine definitions +to the new required format. In essence, it will check all domains for affected +virtual machines, probe the affected disks and update the domain definition +accordingly. For example, a domain with: + + + + +
+ + +will be updated to have: + + + + + +
+ + + +.SH USAGE +.TP +libvirt\-migrate\-qemu\-disks [\fB\-c URI\fR] [\fB\-d\fR] \fB-a\fR +.TP +libvirt\-migrate\-qemu\-disks [\fB\-c URI\fR] [\fB\-d\fR] \fB-t TYPE\fR \fB\fR + +.SH OPTIONS +.TP +\fB\-h\fR, \fB\-\-help\fR +show help message and exit +.TP +\fB\-a\fR +probe all domains and migrate if necessary +.TP +\fB\-c URI\fR +connection URI to use. If one is not specified, will use qemu:///system. Only +qemu:///system and qemu:///session is supported. +.TP +\fB\-t TYPE\fR +migrate specified domains from raw to disk format TYPE +.TP +\fB\-d\fR +debug output + +.SH EXAMPLES +.PP +To probe and migrate all exisiting domains (root may be needed to probe the +disk): + + # libvirt\-migrate\-qemu\-disks -a + +.PP +To migrate the 'vm1' and 'vm2' domains: + + # libvirt\-migrate\-qemu\-disks -t qcow2 vm1 vm2 + +.SH BUGS +.PP +In the event that libvirt\-migrate\-qemu\-disks is unable to migrate your +disks, virsh can be used directly. For example: + + $ qemu-img info + $ virsh dumpxml > domain.xml + ... edit domain.xml to use the file format seen with qemu-img ... + $ virsh define domain.xml + +See http://libvirt.org/formatdomain.html#elementsDisks for more information. + +.SH SEE ALSO +.PP +\fBvirsh\fR(1) + +.SH AUTHOR +.PP +libvirt\-migrate\-qemu\-disks is Copyright 2010, Canonical Ltd. + +.PP +libvirt\-migrate\-qemu\-disks and this manual page was originally written by +Jamie Strandboge --- libvirt-0.7.5.orig/debian/copyright +++ libvirt-0.7.5/debian/copyright @@ -0,0 +1,44 @@ +libvirt was initially debianized by Andrew Mitchell + +It was downloaded from http://libvirt.org/sources/ + +Upstream Author: + + Daniel Veillard or + +Copyright: + + 2005,2006 Red Hat, Inc + +Licenses: + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + + src/hash.c: + + Copyright (C) 2000 Bjorn Reese and Daniel Veillard. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS AND + CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. + + +On Debian systems, the complete text of the GNU Lesser General +Public License can be found in `/usr/share/common-licenses/LGPL'. --- libvirt-0.7.5.orig/debian/libvirt-bin.init +++ libvirt-0.7.5/debian/libvirt-bin.init @@ -0,0 +1,170 @@ +#! /bin/sh +# +# Init script for libvirtd +# +# (c) 2007 Guido Guenther +# based on the skeletons that comes with dh_make +# +### BEGIN INIT INFO +# Provides: libvirt-bin libvirtd +# Required-Start: $network $local_fs +# Required-Stop: +# Should-Start: hal avahi +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: libvirt management daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/libvirtd +NAME=libvirtd +DESC="libvirt management daemon" + +test -x $DAEMON || exit 0 +. /lib/lsb/init-functions + +PIDFILE=/var/run/$NAME.pid +DODTIME=1 # Time to wait for the server to die, in seconds + +# Include libvirtd defaults if available +if [ -f /etc/default/libvirt-bin ] ; then + . /etc/default/libvirt-bin +fi + +check_start_libvirtd_option() { + if [ ! "$start_libvirtd" = "yes" ]; then + log_warning_msg "Not starting libvirt management daemon libvirtd, disabled via /etc/default/libvirt-bin" + return 1 + else + return 0 + fi +} + +running_pid() +{ + # Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected child? + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() +{ +# Check if the process is running looking at /proc +# (works for all users) + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + # Obtain the pid and check it against the binary name + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +force_stop() { +# Forcefully kill the process + [ ! -f "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + kill -9 $pid + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + echo "Cannot kill $LABEL (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE + return 0 +} + +mkdir -p /var/run/libvirt +case "$1" in + start) + if check_start_libvirtd_option; then + log_daemon_msg "Starting $DESC" "$NAME" + if running ; then + log_progress_msg "already running" + log_end_msg 0 + exit 0 + fi + rm -f /var/run/libvirtd.pid + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $libvirtd_opts + if running; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if ! running ; then + log_progress_msg "not running" + log_end_msg 0 + exit 0 + fi + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --exec $DAEMON + log_end_msg 0 + ;; + force-stop) + log_daemon_msg "Forcefully stopping $DESC" "$NAME" + force_stop + if ! running; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + if check_start_libvirtd_option; then + log_daemon_msg "Restarting $DESC" "$DAEMON" + start-stop-daemon --oknodo --stop --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + [ -n "$DODTIME" ] && sleep $DODTIME + start-stop-daemon --start --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $libvirtd_opts + if running; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + reload|force-reload) + if running; then + log_daemon_msg "Reloading configuration of $DESC" "$NAME" + start-stop-daemon --stop --signal 1 --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + log_end_msg 0 + else + log_warning_msg "libvirtd not running, doing nothing." + fi + ;; + status) + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "not running" + log_end_msg 1 + fi + ;; + *) + N=/etc/init.d/libvirt-bin + echo "Usage: $N {start|stop|restart|reload|force-reload|status|force-stop}" >&2 + exit 1 + ;; +esac + +exit 0 --- libvirt-0.7.5.orig/debian/libvirt-doc.links +++ libvirt-0.7.5/debian/libvirt-doc.links @@ -0,0 +1 @@ +usr/share/doc/libvirt-doc/devhelp/ /usr/share/gtk-doc/html/libvirt --- libvirt-0.7.5.orig/debian/watch +++ libvirt-0.7.5/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://libvirt.org/sources/libvirt-(.*)\.tar\.gz --- libvirt-0.7.5.orig/debian/libvirt-migrate-qemu-disks +++ libvirt-0.7.5/debian/libvirt-migrate-qemu-disks @@ -0,0 +1,239 @@ +#!/bin/bash +# +# libvirt-migrate-qemu-disks +# +# Author: Jamie Strandboge +# Copyright 2010 Canonical Ltd. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# This script probes qemu VMs and migrates the xml to the proper disk format +# if it is discovered that the disk file format is not raw. + +# Since virsh can hang forever under certain circumstances, we need to account +# for this when migrating. This is accomplished by creating a stampdir and +# passing this to a backgrounded migrate_vm(). migrate_vm() will use this +# directory for its temporary files, and will remove the stampdir after the +# migration. The parent will poll for the stampdir's existance, and if it still +# exists after too long, it will remove it and kill all children. + +set -e + +debug() { + test "$debug" = "yes" && echo "DEBUG: $*" >&2 || true +} + +help() { + cat << EOM +USAGE: +libvirt-migrate-qemu-disks -a +libvirt-migrate-qemu-disks -t TYPE vm1 vm2... + + -c connect URI (defaults to qemu:///system) + -a probe all domains and migrate if necessary + -t TYPE migrate specified domains to disk format TYPE + +You must specify domains when using '-t'. You may not specify both '-a' and +'-t'. +EOM +} + +wait_for_libvirtd() { + # Used to make sure libvirtd is responding + virsh -c $connect capabilities >/dev/null 2>&1 + rm -f "$1" +} + +migrate_vm() { + dir="$1" + vm="$2" + format="$3" + + migrate="" + found= + in_disk= + fn="$dir/$vm.xml" + + virsh -c $connect dumpxml "$vm" 2>/dev/null | while read line && test -d "$dir" ; do + # This assumes the following format: + # ... + # + # + # + # ... + if [ -z "$in_disk" ] && echo "$line" | grep -q "" ; then + found="yes" + continue + fi + in_disk= + elif [ "$found" = "yes" ]; then + disk=`echo $line | cut -d "'" -f 2` + if [ -n "$format" ]; then + echo "" >> "$fn" + migrate="yes" + elif [ -r "$disk" ]; then + probe_format=`LANG=C qemu-img info "$disk" | grep '^file format: ' | cut -d ' ' -f 3` + if [ -n "$probe_format" ] && [ "$probe_format" != "raw" ]; then + echo "" >> "$fn" + migrate="yes" + fi + else + debug "'$disk' is not readble. Defaulting to 'raw'." + echo "" >> "$fn" + fi + found= + in_disk= + fi + echo "$line" >> "$fn" + if [ "$line" = "" ]; then + if [ "$migrate" = "yes" ]; then + echo "Migrating '$vm'" + virsh -c $connect define "$fn" >/dev/null + debug "Using new xml:" + debug `cat $fn` + else + debug "nothing to migrate" + fi + rm -rf "$dir" + break + fi + done +} + +connect="qemu:///system" +do_all= +debug= +while getopts adc:t: f ; do + case "$f" in + a) do_all="yes";; + c) connect=$OPTARG;; + d) debug="yes";; + t) type=$OPTARG;; + \?) help; exit 1;; + esac +done +shift `expr $OPTIND - 1` + +if [ -n "$type" ] && ! echo "$type" | egrep -q "^(raw|qcow2|qcow|cow|vdi|vmdk|vpc|cloop)$" ; then + echo "'$type' is not supported. See 'man qemu-img' for details." >&2 + exit 1 +fi + +if [ "$connect" != "qemu:///system" ] && [ "$connect" != "qemu:///session" ]; then + echo "Only qemu:///system and qemu:///session is supported" >&2 + exit 1 +fi + +xml_dir="/etc/libvirt/qemu" +if [ "$connect" = "qemu:///session" ]; then + xml_dir="$HOME/.libvirt/qemu" +fi + +vms= +if [ "$do_all" = "yes" ]; then + # grab these from /etc/libvirt/qemu/*xml rather than virsh, since it + # is a) the qemu driver that changed and b) virsh could hang + cd "$xml_dir" + vms=`ls -1 *.xml 2>/dev/null | sed 's/\.xml$//'` + if [ -z "$vms" ]; then + debug "no VMs to migrate" + exit 0 + fi + cd - >/dev/null +else + vms="$*" +fi + +if [ -z "$vms" ]; then + help + exit 1 +elif [ -z "$do_all" ] && [ -z "$type" ]; then + help + exit 1 +elif [ -n "$do_all" ] && [ -n "$type" ]; then + help + exit 1 +fi + +mypid="$$" +script=`basename $0` + +# Alas, we need to make sure libvirtd is not only running, but responding to +# requests, otherwise migrate_vm() will fail for the first few VMs. +if [ "$connect" = "qemu:///system" ]; then + pidfile="/var/run/libvirtd.pid" + + # Wait up to 10 seconds for libvirtd to come up before bailing. + echo "Waiting up to 10 seconds for libvirtd to start... " + count=0 + while [ ! -e "$pidfile" ]; do + if [ $count -gt 100 ]; then + break + fi + sleep 0.1 + count=$((count+1)) + done + if [ ! -e "$pidfile" ]; then + echo "Aborting. '$pidfile' does not exist. Is libvirtd running?" + exit 1 + fi + + stamp=`mktemp` + wait_for_libvirtd "$stamp" & + + # Wait up to 30 seconds for libvirtd to respond before bailing. + echo "Waiting up to 30 seconds for libvirtd to respond to requests... " + count=0 + while [ -e "$stamp" ]; do + if [ $count -gt 300 ]; then + break + fi + sleep 0.1 + count=$((count+1)) + done + if [ -e "$stamp" ]; then + echo "libvirtd is not responding. Aborting" + kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-disks" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true + rm -f "$stamp" + exit 1 + fi +fi +echo "Checking domains defined in $xml_dir... " + +for i in $vms ; do + debug "checking $i" + stampdir=`mktemp -d` + + migrate_vm "$stampdir" "$i" "$type" & + + count=0 + while [ -d "$stampdir" ]; do + debug $count + if [ $count -gt 100 ]; then + break + fi + sleep 0.1 + count=$((count+1)) + done + if [ -d "$stampdir" ]; then + echo "migrate_vm \"$i\" is not responding. Aborting" + kill `ps a | grep "/bin/sh .*libvirt-migrate-qemu-disks" | grep -v "$mypid" | awk '{print $1}'` 2>/dev/null || true + rm -rf "$stampdir" + fi +done + +echo "Migration complete" --- libvirt-0.7.5.orig/debian/pycompat +++ libvirt-0.7.5/debian/pycompat @@ -0,0 +1 @@ +2 --- libvirt-0.7.5.orig/debian/libvirt-bin.install +++ libvirt-0.7.5/debian/libvirt-bin.install @@ -0,0 +1,13 @@ +usr/bin/* +usr/sbin/* +etc/apparmor.d/abstractions/libvirt-qemu +etc/apparmor.d/libvirt/TEMPLATE +etc/apparmor.d/usr.lib.libvirt.virt-aa-helper +etc/apparmor.d/usr.sbin.libvirtd +etc/libvirt/* +etc/sasl2/* +usr/share/polkit-1/* +usr/lib/libvirt/* +usr/share/augeas/* +usr/share/libvirt/* +usr/share/apport/package-hooks/source_libvirt-bin.py --- libvirt-0.7.5.orig/debian/libvirt-bin.postinst +++ libvirt-0.7.5/debian/libvirt-bin.postinst @@ -0,0 +1,122 @@ +#!/bin/sh +# postinst script for libvirt-bin +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + if ! getent group libvirtd >/dev/null; then + addgroup --system libvirtd + fi + + # Add each admin user to the libvirtd group + for u in $(grep "^admin:" /etc/group | sed -e "s/^.*://" -e "s/,/ /g"); do + adduser "$u" libvirtd >/dev/null || true + done + + # user and group libvirt runs qemu/kvm instances with + if ! getent group kvm >/dev/null; then + addgroup --quiet --system kvm + fi + if ! getent passwd libvirt-qemu >/dev/null; then + adduser --quiet \ + --system \ + --ingroup kvm \ + --quiet \ + --disabled-login \ + --disabled-password \ + --home /var/lib/libvirt \ + --no-create-home \ + -gecos "Libvirt Qemu" \ + libvirt-qemu + fi + + # libvirt from 0.6.0 on is safe to restart with running vms: + if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.6.0; then + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d libvirt-bin stop + else + /etc/init.d/libvirt-bin stop + fi + sleep 1 + fi + + if dpkg --compare-versions "$2" lt "0.6.1-2"; then + if [ -e /etc/rc2.d/S20libvirt-bin ] && \ + [ -e /etc/rc3.d/S20libvirt-bin ] && \ + [ -e /etc/rc4.d/S20libvirt-bin ] && \ + [ -e /etc/rc5.d/S20libvirt-bin ] && \ + [ -e /etc/rc0.d/K20libvirt-bin ] && \ + [ -e /etc/rc1.d/K20libvirt-bin ] && \ + [ -e /etc/rc6.d/K20libvirt-bin ]; then + update-rc.d -f libvirt-bin remove >/dev/null + fi + fi + + # 0.7.2 moved virt-aa-helper to /usr/lib/libvirt, so preserve + # the user changes (if any). If the old profile was changed, + # then update it for the new path, then move into place. + old_profile="/etc/apparmor.d/usr.bin.virt-aa-helper" + new_profile="/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" + if dpkg --compare-versions "$2" le-nl "0.7.0-1ubuntu15" && [ -f "$old_profile" ]; then + sed -i "s#/usr/bin/virt-aa-helper#/usr/lib/libvirt/virt-aa-helper#g" "$old_profile" + old_md5sum="$(md5sum $old_profile | sed -e 's/ .*//')" + new_md5sum="$(md5sum $new_profile | sed -e 's/ .*//')" + if [ "$old_md5sum" = "$new_md5sum" ]; then + rm -f "$old_profile" + else + echo "Migrating user changes to $new_profile ..." + mv -f "$new_profile" "$new_profile".dpkg-new + mv -f "$old_profile" "$new_profile" + fi + fi + + profile="/etc/apparmor.d/usr.sbin.libvirtd" + if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then + apparmor_parser -r -W -T "$profile" || true + fi + profile="/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" + if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then + apparmor_parser -r -W -T "$profile" || true + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# This must run after libvirt-bin has started +if [ "$1" = "configure" ]; then + if dpkg --compare-versions "$2" lt-nl "0.7.5-5ubuntu27.5" ; then + libvirt-migrate-qemu-disks -a || true + fi +fi + +exit 0 + + --- libvirt-0.7.5.orig/debian/libvirt-suspendonreboot +++ libvirt-0.7.5/debian/libvirt-suspendonreboot @@ -0,0 +1,48 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: libvirt-suspendonreboot +# Required-Start: libvirt-bin +# Required-Stop: libvirt-bin $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: suspend/resmum vms on reboot +### END INIT INFO +# (c) Andi Barth 2008 +# Distributable under the terms of the GNU GPL version 2. +# +# copy to /etc/init.d/libvirt-suspendonreboot and use +# update-rc.d libvirt-suspendonreboot defaults 29 71 +# to enable + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +suspenddir=/var/lib/libvirt/autosuspend + +case "$1" in + start) + for domain in ${suspenddir}/*dump; do + if [ -f $domain ]; then + domain=$(basename $domain .dump) + echo "resuming $domain ..." + virsh restore ${suspenddir}/${domain}.dump && rm ${suspenddir}/${domain}.dump + fi + done + ;; + stop) + for domain in /etc/libvirt/qemu/*xml; do + domain=$(basename $domain .xml) + state=$(virsh domstate $domain) + if [ "$state" = "running" ]; then + echo "suspending $domain ..." + virsh save ${domain} ${suspenddir}/${domain}.dump + fi + done + ;; + reload|force-reload|restart) + # No action, nothing to reload + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 +esac + --- libvirt-0.7.5.orig/debian/libvirt-bin.preinst +++ libvirt-0.7.5/debian/libvirt-bin.preinst @@ -0,0 +1,38 @@ +#!/bin/sh +# preinst script for libvirt-bin +# +# see: dh_installdeb(1) + +set -e + +APP_PROFILE="usr.sbin.libvirtd" +APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE" +APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE" +if [ "$1" = "upgrade" ]; then + mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true + if dpkg --compare-versions $2 lt "0.1.8-0ubuntu2" ; then + # force-complain for pre-apparmor upgrades + ln -sf $APP_CONFFILE $APP_COMPLAIN + elif dpkg --compare-versions $2 lt "0.6.1-0ubuntu6" ; then + if [ -e "$APP_CONFFILE" ]; then + md5sum="`md5sum \"$APP_CONFFILE\" | sed -e \"s/ .*//\"`" + pkg_md5sum="`sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' $APP_CONFFILE'{s/.* //;p}}\" /var/lib/dpkg/status`" + if [ "$md5sum" = "$pkg_md5sum" ]; then + # force-complain on upgrade from pre-shipped profile and + # existing profile is same as in conffiles + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + else + # force-complain on upgrade from pre-shipped profile and + # there is no existing profile + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + fi +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- libvirt-0.7.5.orig/debian/libvirt-bin.apport +++ libvirt-0.7.5/debian/libvirt-bin.apport @@ -0,0 +1,59 @@ +'''apport package hook for libvirt-bin + +(c) 2009 Canonical Ltd. +Author: +Jamie Strandboge + +''' + +from apport.hookutils import * +from os import path +import re + +def recent_kernlog(pattern): + '''Extract recent messages from kern.log or message which match a regex. + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/kern.log'): + file = '/var/log/kern.log' + elif os.path.exists('/var/log/messages'): + file = '/var/log/messages' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def recent_auditlog(pattern): + '''Extract recent messages from kern.log or message which match a regex. + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/audit/audit.log'): + file = '/var/log/audit/audit.log' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def add_info(report): + attach_conffiles(report, 'libvirt-bin') + attach_related_packages(report, ['apparmor', 'libapparmor1', + 'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit0']) + + # get apparmor stuff. copied from source_apparmor.py until apport runs + # runs hooks via attach_related_packages + attach_file(report, '/proc/version_signature', 'ProcVersionSignature') + attach_file(report, '/proc/cmdline', 'ProcCmdline') + + sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE) + report['KernLog'] = recent_kernlog(sec_re) + + if os.path.exists("/var/log/audit"): + # this needs to be run as root + report['AuditLog'] = recent_auditlog(sec_re) + --- libvirt-0.7.5.orig/debian/python-libvirt.install +++ libvirt-0.7.5/debian/python-libvirt.install @@ -0,0 +1,2 @@ +usr/lib/python*/*/*.so +usr/lib/python*/*/*.py --- libvirt-0.7.5.orig/debian/libvirt-doc.doc-base.libvirt-doc +++ libvirt-0.7.5/debian/libvirt-doc.doc-base.libvirt-doc @@ -0,0 +1,8 @@ +Document: libvirt-doc +Title: Libvirt the virtualization API +Abstract: Local copy of the web site of libvirt +Section: System/Administration + +Format: HTML +Index: /usr/share/doc/libvirt-doc/intro.html +Files: /usr/share/doc/libvirt-doc/*.html --- libvirt-0.7.5.orig/debian/libvirt-bin.cron.daily +++ libvirt-0.7.5/debian/libvirt-bin.cron.daily @@ -0,0 +1,34 @@ +#!/bin/sh +# +# clean out AppArmor profiles for virtual machines that no longer exist +# +set -e + +PROFILES_DIR="/etc/apparmor.d/libvirt" +AA_PROFILES="/sys/kernel/security/apparmor/profiles" + +uuids="" +remove_if_unused() { + uuid=`basename "$1" | sed 's/libvirt-//' | egrep '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'` || return + + # don't remove a profile for an existing VM + echo "$uuids" | grep -q "$uuid" && return + + # don't remove a loaded profile + if [ -e "$AA_PROFILES" ] && grep -q "$uuid" "$AA_PROFILES" ; then + return + fi + + find $PROFILES_DIR -name "libvirt-${uuid}*" -prune -type f -exec rm -f -- '{}' \; +} + +# read in all existing uuids +for i in `ls -1 /etc/libvirt/qemu/*.xml 2>/dev/null` ; do + uuid=`grep '' "$i" | sed 's#.*\(.*\).*#\1#'` + uuids="$uuids $uuid" +done + +for i in `ls -1 $PROFILES_DIR/libvirt-* 2>/dev/null` ; do + basename "$i" | egrep -q '\.' && continue + remove_if_unused "$i" || true +done --- libvirt-0.7.5.orig/debian/libvirt-bin.upstart +++ libvirt-0.7.5/debian/libvirt-bin.upstart @@ -0,0 +1,18 @@ +description "libvirt daemon" +author "Dustin Kirkland " + +start on runlevel [2345] +stop on runlevel [!2345] + +expect daemon +respawn + +pre-start script + mkdir -p /var/run/libvirt + # Clean up a pidfile that might be left around + rm -f /var/run/libvirtd.pid +end script + +# If you used to set $libvirtd_opts in /etc/default/libvirt-bin, +# change the 'exec' line here instead. +exec /usr/sbin/libvirtd -d --- libvirt-0.7.5.orig/debian/libvirt-bin.dirs +++ libvirt-0.7.5/debian/libvirt-bin.dirs @@ -0,0 +1,10 @@ +/etc/apparmor.d/abstractions +/etc/apparmor.d/disable +/etc/apparmor.d/force-complain +/etc/apparmor.d/libvirt +/etc/cron.daily +/usr/share/apport/package-hooks +/var/lib/libvirt/images +/var/lib/libvirt/boot +/var/cache/libvirt +/var/log/libvirt/qemu --- libvirt-0.7.5.orig/debian/libvirt-bin.libvirtd.logrotate +++ libvirt-0.7.5/debian/libvirt-bin.libvirtd.logrotate @@ -0,0 +1,9 @@ +/var/log/libvirt/qemu/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + copytruncate +} --- libvirt-0.7.5.orig/debian/compat +++ libvirt-0.7.5/debian/compat @@ -0,0 +1 @@ +7 --- libvirt-0.7.5.orig/debian/patches/9008-fix-daemon-conf-ftbfs.patch +++ libvirt-0.7.5/debian/patches/9008-fix-daemon-conf-ftbfs.patch @@ -0,0 +1,48 @@ +Author: Jamie Strandboge +Description: don't FTBFS on Ubuntu's buildd + Disable running libvirtd with a valid config file, which has multiple + problems on the Ubuntu buildd. Also, don't fail on waiting for the pid, but + instead warn that it failed and show the log. In 0.7.2 this was all that was + needed but with 0.7.5 need to disable starting libvirtd entirely. + . + The problem is sometimes the path to the unix socket is too long and + libvirtd fails to start. Upstream was alerted to this and a fix will hopefully + appear soon. + . + Another problem exists because the dbus message bus is not available in the + Ubuntu buildd. This causes the following errors: + 19:04:36.834: error : halDeviceMonitorStartup:722 : dbus_bus_get failed + 19:04:36.834: error : halDeviceMonitorStartup:780 : org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory + 19:04:36.856: error : main:3089 : Driver state initialization failed + . + This portion of the test needs to stay disabled until these issues are fully + resolved. + +Index: libvirt-0.7.5/tests/daemon-conf +=================================================================== +--- libvirt-0.7.5.orig/tests/daemon-conf 2010-01-25 21:13:46.000000000 -0600 ++++ libvirt-0.7.5/tests/daemon-conf 2010-01-25 21:15:31.000000000 -0600 +@@ -76,13 +76,18 @@ + || fail=1 + mv k tmp.conf || fail=1 + +-printf "running libvirtd with a valid config file ($sleep_secs seconds)\n" 1>&2 +-$abs_top_builddir/daemon/libvirtd --pid-file=pid-file --config=tmp.conf > log 2>&1 & pid=$! +-sleep $sleep_secs +-kill $pid ++printf "Skipping test (due to Ubuntu buildd FTBFS): running libvirtd with a valid config file ($sleep_secs seconds)\n" 1>&2 ++#$abs_top_builddir/daemon/libvirtd --pid-file=pid-file --config=tmp.conf > log 2>&1 & pid=$! ++#sleep $sleep_secs ++#kill $pid + + # Expect an orderly shut-down and successful exit. +-wait $pid || fail=1 ++#wait $pid || fail=1 ++# warn, but do not fail since Ubuntu buildds do not work too well with this test ++wait $pid || { ++ printf "WARNING: wait failed (TODO: update test suite). Reason:\n" 1>&2 ++ cat log 1>&2 ++} + + # "cat log" would print this for non-root: + # Cannot set group when not running as root --- libvirt-0.7.5.orig/debian/patches/9904-CVE-2011-1146.patch +++ libvirt-0.7.5/debian/patches/9904-CVE-2011-1146.patch @@ -0,0 +1,63 @@ +Origin: 71753cb7f7a16ff800381c0b5ee4e99eea92fed3 +Description: Add missing checks for read only connections. Patch adapted from + upstream for the following entry points: + - virConnectDomainXMLToNative + - virNodeDeviceDettach + - virNodeDeviceReAttach + - virNodeDeviceReset + +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=683650 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617773 + +Index: libvirt-0.7.5/src/libvirt.c +=================================================================== +--- libvirt-0.7.5.orig/src/libvirt.c 2011-03-15 16:06:03.000000000 -0500 ++++ libvirt-0.7.5/src/libvirt.c 2011-03-15 16:06:50.000000000 -0500 +@@ -2985,6 +2985,11 @@ + return (NULL); + } + ++ if (conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (nativeFormat == NULL || domainXml == NULL) { + virLibConnError(conn, VIR_ERR_INVALID_ARG, __FUNCTION__); + return (NULL); +@@ -8858,6 +8863,11 @@ + return (-1); + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceDettach) { + int ret; + ret = dev->conn->driver->nodeDeviceDettach (dev); +@@ -8901,6 +8911,11 @@ + return (-1); + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceReAttach) { + int ret; + ret = dev->conn->driver->nodeDeviceReAttach (dev); +@@ -8946,6 +8961,11 @@ + return (-1); + } + ++ if (dev->conn->flags & VIR_CONNECT_RO) { ++ virLibConnError(dev->conn, VIR_ERR_OPERATION_DENIED, __FUNCTION__); ++ goto error; ++ } ++ + if (dev->conn->driver->nodeDeviceReset) { + int ret; + ret = dev->conn->driver->nodeDeviceReset (dev); --- libvirt-0.7.5.orig/debian/patches/0002-qemu-disable-network.diff.patch +++ libvirt-0.7.5/debian/patches/0002-qemu-disable-network.diff.patch @@ -0,0 +1,38 @@ +From: Guido Guenther +Date: Fri, 7 Mar 2008 09:08:26 +0100 +Subject: [PATCH] qemu-disable-network.diff + +--- + src/Makefile.am | 3 --- + src/Makefile.in | 3 --- + 2 files changed, 0 insertions(+), 6 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 8ef0e81..f59eb08 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -913,9 +913,6 @@ if WITH_NETWORK + test -z "$(UUID)" || \ + sed -i -e "s,,\n $(UUID)," \ + $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +- test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +- ln -s ../default.xml \ +- $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + endif + + uninstall-local:: +diff --git a/src/Makefile.in b/src/Makefile.in +index 5301dfc..143fe64 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -4197,9 +4197,6 @@ install-data-local: + @WITH_NETWORK_TRUE@ test -z "$(UUID)" || \ + @WITH_NETWORK_TRUE@ sed -i -e "s,,\n $(UUID)," \ + @WITH_NETWORK_TRUE@ $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +-@WITH_NETWORK_TRUE@ test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +-@WITH_NETWORK_TRUE@ ln -s ../default.xml \ +-@WITH_NETWORK_TRUE@ $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + + uninstall-local:: + rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt" ||: +-- --- libvirt-0.7.5.orig/debian/patches/9001-dont_clobber_existing_bridges.patch +++ libvirt-0.7.5/debian/patches/9001-dont_clobber_existing_bridges.patch @@ -0,0 +1,11 @@ +diff -Nur libvirt-0.7.5/src/network/default.xml libvirt-0.7.5.new/src/network/default.xml +--- libvirt-0.7.5/src/network/default.xml 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/network/default.xml 2010-01-22 14:44:06.549525060 -0600 +@@ -1,6 +1,6 @@ + + default +- ++ + + + --- libvirt-0.7.5.orig/debian/patches/9006-increase-unix-socket-timeout.patch +++ libvirt-0.7.5/debian/patches/9006-increase-unix-socket-timeout.patch @@ -0,0 +1,17 @@ +# +# Description: increase timeout for waiting on a Unix socket to avoid +# 'monitor socket did not show up.: No such file or directory' +# errors +# +diff -Nur libvirt-0.7.5/src/qemu/qemu_monitor.c libvirt-0.7.5.new/src/qemu/qemu_monitor.c +--- libvirt-0.7.5/src/qemu/qemu_monitor.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_monitor.c 2010-01-22 14:52:38.249530490 -0600 +@@ -228,7 +228,7 @@ + { + struct sockaddr_un addr; + int monfd; +- int timeout = 3; /* In seconds */ ++ int timeout = 30; /* In seconds */ + int ret, i = 0; + + if ((monfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { --- libvirt-0.7.5.orig/debian/patches/series +++ libvirt-0.7.5/debian/patches/series @@ -0,0 +1,41 @@ +0001-remove-RHism.diff.patch +#0002-qemu-disable-network.diff.patch +0003-allow-libvirt-group-to-access-the-socket.patch +0004-fix-Debian-specific-path-to-hvm-loader.patch +0005-Also-look-for-dmi-information-in-sys-class.patch +#0006-Terminate-nc-on-EOF.patch +0007-Implement-path-lookup-for-USB-by-vendor-product.patch +0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch +0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch +0010-Use-base-16-for-product-vendor.patch +9000-delayed_iff_up_bridge.patch +9001-dont_clobber_existing_bridges.patch +9002-better_default_uri_virsh.patch +9003-increase-logoutput-timeout.patch +9004-better-default-arch.patch +9005-libvirtd-group-name.patch +9006-increase-unix-socket-timeout.patch +9007-default-config-test-case.patch +9008-fix-daemon-conf-ftbfs.patch +9009-run-as-root-by-default.patch +9010-apparmor-ftbfs.patch +9011-node_device_driver.patch +9012-dont-crash-on-restart.patch +9013-apparmor-dont-clear-caps.patch +9014-apparmor-remove-unloaded-profile-is-not-fatal.patch +9015-autodetect-nc-params.patch +9016-disk-cache-setting-xml.patch +9017-dont-disable-ipv6.patch +9018-fix-pty-console.patch +9019-apparmor-fix-xauth.patch +9020-apparmor-fix-backingstore.patch +9021-apparmor-fix-hostdev.patch +9022-dont-leak-log-fd.path.patch +9023-virt-pki-validate_fixes.patch +9024-free-memory-for-invalid-devices.patch +9025-avoid-NULL-dereference-upon-disk-op-fail.patch +9900-CVE-2010-2237-2238-2239.patch +9901-CVE-2010-2242.patch +9902-lp665531.patch +9903-lp668042.patch +9904-CVE-2011-1146.patch --- libvirt-0.7.5.orig/debian/patches/9018-fix-pty-console.patch +++ libvirt-0.7.5/debian/patches/9018-fix-pty-console.patch @@ -0,0 +1,80 @@ +author Matthew Booth + Wed, 6 Jan 2010 16:09:04 +0000 (17:09 +0100) +committer Daniel Veillard + Wed, 6 Jan 2010 16:09:04 +0000 (17:09 +0100) +commit c0a9b6a5338e54b64a4a28415ffbdb6bcc2b38c5 +tree fe4c2e1e53239b4adb0643f7d475ebc8a649d670 +parent aee70b7482b4eb7c69f5cacfeb364000294300aa + +Fix parsing of 'info chardev' line endings + +This change makes the 'info chardev' parser ignore any trailing +whitespace on a line. This fixes a specific problem handling a '\r\n' +line ending. + +* src/qemu/qemu_monitor_text.c: Ignore trailing whitespace in + 'info chardev' output. + +X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=blobdiff_plain;f=src%2Fqemu%2Fqemu_monitor_text.c;h=5b9ced21402fe1712f0e4db89bdf9f1d695159ff;hp=ab361c6f2b528592d1f96bb1846483fdf80536b1;hb=c0a9b6a5338e54b64a4a28415ffbdb6bcc2b38c5;hpb=aee70b7482b4eb7c69f5cacfeb364000294300aa + +diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c +index ab361c6..5b9ced2 100644 +--- a/src/qemu/qemu_monitor_text.c ++++ b/src/qemu/qemu_monitor_text.c +@@ -1705,15 +1705,26 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + goto cleanup; + } + +- char *pos = reply; /* The current start of searching */ +- char *end = pos + strlen(reply); /* The end of the reply string */ ++ char *pos; /* The current start of searching */ ++ char *next = reply; /* The start of the next line */ + char *eol; /* The character which ends the current line */ ++ char *end = reply + strlen(reply); /* The end of the reply string */ ++ ++ while (next) { ++ pos = next; + +- while (pos < end) { + /* Split the output into lines */ + eol = memchr(pos, '\n', end - pos); +- if (eol == NULL) ++ if (eol == NULL) { + eol = end; ++ next = NULL; ++ } else { ++ next = eol + 1; ++ } ++ ++ /* Ignore all whitespace immediately before eol */ ++ while (eol > pos && c_isspace(*(eol-1))) ++ eol -= 1; + + /* Look for 'filename=pty:' */ + #define NEEDLE "filename=pty:" +@@ -1721,13 +1732,13 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + + /* If it's not there we can ignore this line */ + if (!needle) +- goto next; ++ continue; + + /* id is everthing from the beginning of the line to the ':' + * find ':' and turn it into a terminator */ + char *colon = memchr(pos, ':', needle - pos); + if (colon == NULL) +- goto next; ++ continue; + *colon = '\0'; + char *id = pos; + +@@ -1747,9 +1758,6 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + goto cleanup; + } + #undef NEEDLE +- +- next: +- pos = eol + 1; + } + + ret = 0; --- libvirt-0.7.5.orig/debian/patches/9023-virt-pki-validate_fixes.patch +++ libvirt-0.7.5/debian/patches/9023-virt-pki-validate_fixes.patch @@ -0,0 +1,80 @@ +portability fixes to tools/virt-pki-validate.in + +A few fixes will help make tools/virt-pki-validate.in useful on Debian and Ubuntu. And one fix should be useful to everyone (see #4). + + 1) note our gnutls-bin package (in addition to your gnutls-utils package) in the no-certtool error text + + 2) adjust the ORG-setting sed regular expressions to work with both Red Hat and Ubuntu style cacert.pem Issuer format + + 3) fix a bashism, == should be = in the case where /bin/sh is a symlink to dash + + 4) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR everywhere + +This was tested against gnutls 2.8.5. And against both Red Hat and Ubuntu cacert.pem files. Credit Jamie Strandboge with the regular expression changes. + +Bug report: + * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266 + +Signed-off-by: Dustin Kirkland + +diff -uprN libvirt-0.7.5/tools/virt-pki-validate.in libvirt-0.7.5.new/tools/virt-pki-validate.in +--- libvirt-0.7.5/tools/virt-pki-validate.in 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tools/virt-pki-validate.in 2010-04-21 15:42:04.677879001 -0500 +@@ -16,8 +16,8 @@ PORT=16514 + CERTOOL=`which certtool 2>/dev/null` + if [ ! -x $CERTOOL ] + then +- echo Could not locate the certtool program +- echo make sure the gnutls-utils package is installed ++ echo "Could not locate the certtool program" ++ echo "make sure the gnutls-utils (or gnutls-bin) package is installed" + exit 1 + fi + echo Found $CERTOOL +@@ -25,7 +25,8 @@ echo Found $CERTOOL + # + # Check the directory structure + # +-PKI="$(SYSCONFDIR)/pki" ++SYSCONFDIR="@SYSCONFDIR@" ++PKI="$SYSCONFDIR/pki" + if [ ! -d $PKI ] + then + echo the $PKI directory is missing, it is usually +@@ -129,8 +130,8 @@ then + echo "as root do: chmod 644 $CA/cacert.pem" + exit 1 + fi +-ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed 's+Issuer: CN=++'` +-if [ "$ORG" == "" ] ++ORG=`$CERTOOL -i --infile $CA/cacert.pem | grep Issuer | sed -e 's+\s*Issuer: .*CN=++' -e 's+,EMAIL=.*++'` ++if [ "$ORG" = "" ] + then + echo the CA certificate $CA/cacert.pem does not define the organization + echo it should probably regenerated +@@ -240,19 +241,19 @@ fi + + if [ "$SERVER" = "1" ] + then +- if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ] ++ if [ -r $SYSCONFDIR/sysconfig/libvirtd ] + then +- if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ] ++ if [ "`grep '^LIBVIRTD_ARGS' $SYSCONFDIR/sysconfig/libvirtd | grep -- '--listen'`" = "" ] + then +- echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to ++ echo Make sure $SYSCONFDIR/sysconfig/libvirtd is setup to listen to + echo TCP/IP connections and restart the libvirtd service + fi + fi +- if [ -r $(SYSCONFDIR)/sysconfig/iptables ] ++ if [ -r $SYSCONFDIR/sysconfig/iptables ] + then +- if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ] ++ if [ "`grep $PORT $SYSCONFDIR/sysconfig/iptables`" = "" ] + then +- echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow ++ echo Make sure $SYSCONFDIR/sysconfig/iptables is setup to allow + echo incoming TCP/IP connections on port $PORT and + echo restart the iptables service + fi --- libvirt-0.7.5.orig/debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch +++ libvirt-0.7.5/debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch @@ -0,0 +1,39 @@ +Description: Don't exit with error if the user unloaded the profile outside of + libvirt +Author: Jamie Strandboge +Bug-Ubuntu: https://launchpad.net/ubuntu/bugs/530400 + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-03-03 09:14:40.000000000 -0600 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-03-03 09:14:44.000000000 -0600 +@@ -182,6 +182,8 @@ + { + char flag[3]; + char profile[PATH_MAX]; ++ int status; ++ int ret; + + if (strchr("arR", cmd) == NULL) { + vah_error(NULL, 0, "invalid flag"); +@@ -203,9 +205,17 @@ + const char * const argv[] = { + "/sbin/apparmor_parser", flag, profile, NULL + }; +- if (virRun(NULL, argv, NULL) != 0) { +- vah_error(NULL, 0, "failed to run apparmor_parser"); +- return -1; ++ if ((ret = virRun(NULL, argv, &status)) != 0 || ++ (WIFEXITED(status) && WEXITSTATUS(status) != 0)) { ++ if (ret != 0) { ++ vah_error(NULL, 0, "failed to run apparmor_parser"); ++ return -1; ++ } else if (cmd == 'R' && WIFEXITED(status) && WEXITSTATUS(status) == 234) { ++ vah_warning("unable to unload already unloaded profile (non-fatal)"); ++ } else { ++ vah_error(NULL, 0, "apparmor_parser exited with error"); ++ return -1; ++ } + } + } + --- libvirt-0.7.5.orig/debian/patches/9019-apparmor-fix-xauth.patch +++ libvirt-0.7.5/debian/patches/9019-apparmor-fix-xauth.patch @@ -0,0 +1,45 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle SDL graphics, specifically + Xauthority. Also remove a couple redundant checks. +Bug-Ubuntu: https://launchpad.net/bugs/545426 +Forwarded: Yes + +diff -Nur libvirt-0.7.5/src/security/virt-aa-helper.c libvirt-0.7.5.new/src/security/virt-aa-helper.c +--- libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 16:55:01.827314204 -0500 ++++ libvirt-0.7.5.new/src/security/virt-aa-helper.c 2010-04-05 16:55:08.386044026 -0500 +@@ -766,7 +766,7 @@ + + virBufferVSprintf(buf, " \"%s\" %s,\n", tmp, perms); + if (readonly) { +- virBufferVSprintf(buf, " # don't audit writes to readonly media\n"); ++ virBufferVSprintf(buf, " # don't audit writes to readonly files\n"); + virBufferVSprintf(buf, " deny \"%s\" w,\n", tmp); + } + +@@ -829,11 +829,11 @@ + if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0) + goto clean; + +- if (ctl->def->os.kernel && ctl->def->os.kernel) ++ if (ctl->def->os.kernel) + if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0) + goto clean; + +- if (ctl->def->os.initrd && ctl->def->os.initrd) ++ if (ctl->def->os.initrd) + if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0) + goto clean; + +@@ -841,6 +841,12 @@ + if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0) + goto clean; + ++ if (ctl->def->ngraphics == 1 && ++ ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL) ++ if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth, ++ "r") != 0) ++ goto clean; ++ + for (i = 0; i < ctl->def->nhostdevs; i++) + if (ctl->def->hostdevs[i]) { + virDomainHostdevDefPtr dev = ctl->def->hostdevs[i]; --- libvirt-0.7.5.orig/debian/patches/9025-avoid-NULL-dereference-upon-disk-op-fail.patch +++ libvirt-0.7.5/debian/patches/9025-avoid-NULL-dereference-upon-disk-op-fail.patch @@ -0,0 +1,22 @@ +commit eebf932e9418b8a626488ced40294e4f5d580e49 +Author: Jim Meyering +Date: Wed Dec 16 14:15:50 2009 +0100 + + qemu_driver.c: avoid NULL dereference upon disk-op failure + + * src/qemu/qemu_driver.c (qemudDomainAttachDevice): Call + virCgroupDenyDevicePath only if cgroup is non-NULL. + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a6a1a5a..4639478 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -5497,7 +5497,7 @@ static int qemudDomainAttachDevice(virDomainPtr dom, + virDomainDiskDeviceTypeToString(dev->data.disk->device)); + /* Fallthrough */ + } +- if (ret != 0) { ++ if (ret != 0 && cgroup) { + virCgroupDenyDevicePath(cgroup, + dev->data.disk->src); + } --- libvirt-0.7.5.orig/debian/patches/0004-fix-Debian-specific-path-to-hvm-loader.patch +++ libvirt-0.7.5/debian/patches/0004-fix-Debian-specific-path-to-hvm-loader.patch @@ -0,0 +1,88 @@ +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Thu, 26 Feb 2009 14:29:58 +0100 +Subject: [PATCH] fix Debian specific path to hvm loader + +Closes: #517059 +--- + src/xen/xen_hypervisor.c | 2 +- + tests/xencapsdata/xen-i686-pae-hvm.xml | 2 +- + tests/xencapsdata/xen-ia64-be-hvm.xml | 2 +- + tests/xencapsdata/xen-ia64-hvm.xml | 2 +- + tests/xencapsdata/xen-x86_64-hvm.xml | 4 ++-- + 5 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c +index 8279a74..5001d91 100644 +--- a/src/xen/xen_hypervisor.c ++++ b/src/xen/xen_hypervisor.c +@@ -2230,7 +2230,7 @@ xenHypervisorBuildCapabilities(virConnectPtr conn, + "/usr/lib64/xen/bin/qemu-dm" : + "/usr/lib/xen/bin/qemu-dm"), + (guest_archs[i].hvm ? +- "/usr/lib/xen/boot/hvmloader" : ++ "/usr/lib/xen-default/boot/hvmloader" : + NULL), + 1, + machines)) == NULL) { +diff --git a/tests/xencapsdata/xen-i686-pae-hvm.xml b/tests/xencapsdata/xen-i686-pae-hvm.xml +index 42b099c..2886c09 100644 +--- a/tests/xencapsdata/xen-i686-pae-hvm.xml ++++ b/tests/xencapsdata/xen-i686-pae-hvm.xml +@@ -34,7 +34,7 @@ + + 32 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-ia64-be-hvm.xml b/tests/xencapsdata/xen-ia64-be-hvm.xml +index 732b693..cf3dfc1 100644 +--- a/tests/xencapsdata/xen-ia64-be-hvm.xml ++++ b/tests/xencapsdata/xen-ia64-be-hvm.xml +@@ -31,7 +31,7 @@ + + 64 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-ia64-hvm.xml b/tests/xencapsdata/xen-ia64-hvm.xml +index ef48a95..871cd65 100644 +--- a/tests/xencapsdata/xen-ia64-hvm.xml ++++ b/tests/xencapsdata/xen-ia64-hvm.xml +@@ -28,7 +28,7 @@ + + 64 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-x86_64-hvm.xml b/tests/xencapsdata/xen-x86_64-hvm.xml +index 52c12c6..83dac3e 100644 +--- a/tests/xencapsdata/xen-x86_64-hvm.xml ++++ b/tests/xencapsdata/xen-x86_64-hvm.xml +@@ -31,7 +31,7 @@ + + 32 + /usr/lib64/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +@@ -49,7 +49,7 @@ + + 64 + /usr/lib64/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +-- --- libvirt-0.7.5.orig/debian/patches/9005-libvirtd-group-name.patch +++ libvirt-0.7.5/debian/patches/9005-libvirtd-group-name.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/daemon/libvirtd.conf libvirt-0.7.5.new/daemon/libvirtd.conf +--- libvirt-0.7.5/daemon/libvirtd.conf 2010-01-22 14:47:37.469547794 -0600 ++++ libvirt-0.7.5.new/daemon/libvirtd.conf 2010-01-22 14:48:22.690780210 -0600 +@@ -78,7 +78,7 @@ + # without becoming root. + # + # This is restricted to 'root' by default. +-unix_sock_group = "libvirt" ++unix_sock_group = "libvirtd" + + # Set the UNIX socket permissions for the R/O socket. This is used + # for monitoring VM status only --- libvirt-0.7.5.orig/debian/patches/9013-apparmor-dont-clear-caps.patch +++ libvirt-0.7.5/debian/patches/9013-apparmor-dont-clear-caps.patch @@ -0,0 +1,31 @@ +Author: Jamie Strandboge +Description: Don't clear capabilities when calling virt-aa-helper. When built + with libcap-ng, clearing caps makes virt-aa-helper lose MAC_ADMIN, which is + (obviously) needed by apparmor_parser. This restores libcap-ng behavior to + what it was when not built with libcap-ng. +diff -Nur libvirt-0.7.5/src/security/security_apparmor.c libvirt-0.7.5.new/src/security/security_apparmor.c +--- libvirt-0.7.5/src/security/security_apparmor.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/security/security_apparmor.c 2010-02-05 16:32:53.588796032 -0600 +@@ -174,19 +174,19 @@ + VIRT_AA_HELPER, "-c", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else if (disk && disk->src) { + const char *const argv[] = { + VIRT_AA_HELPER, "-r", "-u", profile, "-f", disk->src, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else { + const char *const argv[] = { + VIRT_AA_HELPER, "-r", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } + if (ret < 0) + goto clean; --- libvirt-0.7.5.orig/debian/patches/9902-lp665531.patch +++ libvirt-0.7.5/debian/patches/9902-lp665531.patch @@ -0,0 +1,24 @@ +Author: Jamie Strandboge +Description: don't fail with . + 'host_device' is for raw files that don't have holes, so treat it as such. +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/665531 + +Index: libvirt-0.7.5/src/conf/domain_conf.c +=================================================================== +--- libvirt-0.7.5.orig/src/conf/domain_conf.c 2010-10-23 10:30:44.000000000 -0500 ++++ libvirt-0.7.5/src/conf/domain_conf.c 2010-10-23 10:57:02.000000000 -0500 +@@ -5415,6 +5415,14 @@ + if (STREQ(formatStr, "aio")) + formatStr = "raw"; /* Xen compat */ + ++ /* Restore behavior for ++ * host_device. (LP: #665531) ++ */ ++ if (disk->driverName && ++ STREQ(disk->driverName, "qemu") && ++ STREQ(formatStr, "host_device")) ++ formatStr = "raw"; ++ + if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) { + virDomainReportError(conn, VIR_ERR_INTERNAL_ERROR, + _("unknown disk format '%s' for %s"), --- libvirt-0.7.5.orig/debian/patches/9004-better-default-arch.patch +++ libvirt-0.7.5/debian/patches/9004-better-default-arch.patch @@ -0,0 +1,17 @@ +diff -Nur libvirt-0.7.5/src/conf/capabilities.c libvirt-0.7.5.new/src/conf/capabilities.c +--- libvirt-0.7.5/src/conf/capabilities.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/conf/capabilities.c 2010-01-22 14:47:15.049530708 -0600 +@@ -504,6 +504,13 @@ + const char *ostype) + { + int i; ++ /* Let's first see if we can match the host arch */ ++ for (i = 0 ; i < caps->nguests ; i++) { ++ if (STREQ(caps->guests[i]->ostype, ostype) ++ && STREQ(caps->guests[i]->arch.name, caps->host.arch)) ++ return caps->guests[i]->arch.name; ++ } ++ /* If we couldn't we just grab the first match */ + for (i = 0 ; i < caps->nguests ; i++) { + if (STREQ(caps->guests[i]->ostype, ostype)) + return 1; --- libvirt-0.7.5.orig/debian/patches/0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch +++ libvirt-0.7.5/debian/patches/0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch @@ -0,0 +1,43 @@ +From: Matthias Bolte +Date: Mon, 18 Jan 2010 21:04:50 +0100 +Subject: [PATCH] qemu: Use log output for pty assignment if 'info chardev' is unavailable + +qemudFindCharDevicePTYsMonitor reports an error if 'info chardev' didn't +provide information for a requested device, even if the log output parsing +had found the pty path for that device. This makes pty assignment fail for +older QEMU/KVM versions. For example KVM 72 on Debian doesn't support +'info chardev', so qemuMonitorTextGetPtyPaths cannot parse any useful +information and the hash for device-id-to-pty-path mapping stays empty. + +Make qemudFindCharDevicePTYsMonitor report an error only if the log output +parsing and the 'info chardev' parsing failed to provide the pty path. +--- + src/qemu/qemu_driver.c | 14 +++++++++++--- + 1 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 7dfa78f..9e44b46 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -1428,9 +1428,17 @@ qemudFindCharDevicePTYsMonitor(virConnectPtr conn, + \ + const char *path = (const char *) virHashLookup(paths, id); \ + if (path == NULL) { \ +- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,\ +- _("no assigned pty for device %s"), id); \ +- return -1; \ ++ if (chr->data.file.path == NULL) { \ ++ /* neither the log output nor 'info chardev' had a */ \ ++ /* pty path for this chardev, report an error */ \ ++ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR, \ ++ _("no assigned pty for device %s"), id); \ ++ return -1; \ ++ } else { \ ++ /* 'info chardev' had no pty path for this chardev, */\ ++ /* but the log output had, so we're fine */ \ ++ continue; \ ++ } \ + } \ + \ + chr->data.file.path = strdup(path); \ +-- --- libvirt-0.7.5.orig/debian/patches/9021-apparmor-fix-hostdev.patch +++ libvirt-0.7.5/debian/patches/9021-apparmor-fix-hostdev.patch @@ -0,0 +1,132 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle pci devices. Update valid_path() + to have an override array to check against, and add "/sys/devices/pci" to it. + Then rename file_iterate_cb() to file_iterate_hostdev_cb() and create + file_iterate_pci_cb() based on it. +Bug-Ubuntu: https://launchpad.net/bugs/545795 +Forwarded: Yes + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-04-05 19:53:35.000000000 -0500 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 19:53:35.000000000 -0500 +@@ -490,7 +490,7 @@ + valid_path(const char *path, const bool readonly) + { + struct stat sb; +- int npaths; ++ int npaths, opaths; + const char * const restricted[] = { + "/bin/", + "/etc/", +@@ -516,6 +516,10 @@ + "/initrd", + "/initrd.img" + }; ++ /* override the above with these */ ++ const char * const override[] = { ++ "/sys/devices/pci" /* for hostdev pci devices */ ++ }; + + if (path == NULL || strlen(path) > PATH_MAX - 1) { + vah_error(NULL, 0, "bad pathname"); +@@ -553,9 +557,12 @@ + } + } + ++ opaths = sizeof(override)/sizeof *(override); ++ + npaths = sizeof(restricted)/sizeof *(restricted); +- if (array_starts_with(path, restricted, npaths) == 0) +- return 1; ++ if (array_starts_with(path, restricted, npaths) == 0 && ++ array_starts_with(path, override, opaths) != 0) ++ return 1; + + npaths = sizeof(restricted_rw)/sizeof *(restricted_rw); + if (!readonly) { +@@ -778,9 +785,18 @@ + } + + static int +-file_iterate_cb(virConnectPtr conn ATTRIBUTE_UNUSED, +- usbDevice *dev ATTRIBUTE_UNUSED, +- const char *file, void *opaque) ++file_iterate_hostdev_cb(virConnectPtr conn ATTRIBUTE_UNUSED, ++ usbDevice *dev ATTRIBUTE_UNUSED, ++ const char *file, void *opaque) ++{ ++ virBufferPtr buf = opaque; ++ return vah_add_file(buf, file, "rw"); ++} ++ ++static int ++file_iterate_pci_cb(virConnectPtr conn ATTRIBUTE_UNUSED, ++ usbDevice *dev ATTRIBUTE_UNUSED, ++ const char *file, void *opaque) + { + virBufferPtr buf = opaque; + return vah_add_file(buf, file, "rw"); +@@ -825,7 +841,7 @@ + path = NULL; + + if (ret < 0) { +- vah_warning("skipping backingStore check (open failed)"); ++ vah_warning("could not open path, skipping"); + continue; + } + +@@ -890,13 +906,12 @@ + continue; + + rc = usbDeviceFileIterate(NULL, usb, +- file_iterate_cb, &buf); ++ file_iterate_hostdev_cb, &buf); + usbFreeDevice(NULL, usb); + if (rc != 0) + goto clean; + break; + } +-/* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { + pciDevice *pci = pciGetDevice(NULL, + dev->source.subsys.u.pci.domain, +@@ -907,12 +922,12 @@ + if (pci == NULL) + continue; + +- rc = pciDeviceFileIterate(NULL, pci, file_iterate_cb, &buf); ++ rc = pciDeviceFileIterate(NULL, pci, file_iterate_pci_cb, &buf); + pciFreeDevice(NULL, pci); + + break; + } +-*/ ++ + default: + rc = 0; + break; +Index: libvirt-0.7.5/tests/virt-aa-helper-test +=================================================================== +--- libvirt-0.7.5.orig/tests/virt-aa-helper-test 2010-04-05 19:54:36.000000000 -0500 ++++ libvirt-0.7.5/tests/virt-aa-helper-test 2010-04-05 19:54:57.000000000 -0500 +@@ -204,7 +204,8 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" + testme "0" "create hostdev (USB)" "-c -u $valid_uuid" "$test_xml" + +- cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" ++ cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" ++ + testme "0" "create hostdev (PCI)" "-c -u $valid_uuid" "$test_xml" + fi + +@@ -265,6 +266,9 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,/initrd.img,g" > "$test_xml" + testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml" + ++cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,g" > "$test_xml" ++testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" ++ + testme "0" "help" "-h" + + echo "" >$output --- libvirt-0.7.5.orig/debian/patches/9017-dont-disable-ipv6.patch +++ libvirt-0.7.5/debian/patches/9017-dont-disable-ipv6.patch @@ -0,0 +1,43 @@ +--- libvirt-0.7.5.orig/src/network/bridge_driver.c.orig 2010-02-26 10:37:27.264674533 +1100 ++++ libvirt-0.7.5/src/network/bridge_driver.c 2010-02-26 10:38:28.414672138 +1100 +@@ -837,30 +837,12 @@ networkEnableIpForwarding(void) + + #define SYSCTL_PATH "/proc/sys" + +-static int networkDisableIPV6(virConnectPtr conn, ++static int networkSetupIPv6(virConnectPtr conn, + virNetworkObjPtr network) + { + char *field = NULL; + int ret = -1; + +- if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6", network->def->bridge) < 0) { +- virReportOOMError(conn); +- goto cleanup; +- } +- +- if (access(field, W_OK) < 0 && errno == ENOENT) { +- VIR_DEBUG("ipv6 appears to already be disabled on %s", network->def->bridge); +- ret = 0; +- goto cleanup; +- } +- +- if (virFileWriteStr(field, "1") < 0) { +- virReportSystemError(conn, errno, +- _("cannot enable %s"), field); +- goto cleanup; +- } +- VIR_FREE(field); +- + if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/accept_ra", network->def->bridge) < 0) { + virReportOOMError(conn); + goto cleanup; +@@ -908,7 +890,7 @@ static int networkStartNetworkDaemon(vir + return -1; + } + +- if (networkDisableIPV6(conn, network) < 0) ++ if (networkSetupIPv6(conn, network) < 0) + goto err_delbr; + + if (brSetForwardDelay(driver->brctl, network->def->bridge, network->def->delay) < 0) --- libvirt-0.7.5.orig/debian/patches/9009-run-as-root-by-default.patch +++ libvirt-0.7.5/debian/patches/9009-run-as-root-by-default.patch @@ -0,0 +1,37 @@ +Author: Jamie Strandboge +Description: adjust qemu.conf to run as root, not the new Debian default of + libvirt-qemu:kvm + . + In Ubuntu, Qemu/KVM virtual machines are fully isolated and confined by the + AppArmor security driver. This new default in Debian is not as well-tested, + with the upstream implementation contentious among the KVM and libvirt + communities. + . + While the current implementation does reduce the privileges of the VMs + running under qemu:///system, all VMs currently run under the same user so + there is no guest isolation. Even if each user ran under its own user, an + attacker could potentially break out of the VM and have unconfined user + access (albeit non-root). + . + Once there is consensus among the community on the implementation, changing + this default in Ubuntu can be considered as an additional protection to the + AppArmor driver. + +diff -Nur libvirt-0.7.5/src/qemu/qemu.conf libvirt-0.7.5.new/src/qemu/qemu.conf +--- libvirt-0.7.5/src/qemu/qemu.conf 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu.conf 2010-01-22 17:21:16.189521666 -0600 +@@ -91,10 +91,12 @@ + + + # The user ID for QEMU processes run by the system instance +-#user = "root" ++#user = "libvirt-qemu" ++user = "root" + + # The group ID for QEMU processes run by the system instance +-#group = "root" ++#group = "kvm" ++group = "root" + + + # What cgroup controllers to make use of with QEMU guests --- libvirt-0.7.5.orig/debian/patches/9000-delayed_iff_up_bridge.patch +++ libvirt-0.7.5/debian/patches/9000-delayed_iff_up_bridge.patch @@ -0,0 +1,25 @@ +diff -Nur libvirt-0.7.5/src/util/bridge.c libvirt-0.7.5.new/src/util/bridge.c +--- libvirt-0.7.5/src/util/bridge.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/util/bridge.c 2010-01-22 14:43:32.899529653 -0600 +@@ -244,7 +244,10 @@ + const char *bridge, + const char *iface) + { +- return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface); ++ int ret; ++ if (ret = brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface)) ++ return ret; ++ return brSetInterfaceUp(ctl, bridge, 1); + } + #else + int +@@ -571,7 +574,8 @@ + ifr.ifr_flags = flags; + + if (ioctl(ctl->fd, SIOCSIFFLAGS, &ifr) < 0) +- return errno; ++ /* Just smile and wave, boys... */ ++ return 0; + } + + return 0; --- libvirt-0.7.5.orig/debian/patches/9015-autodetect-nc-params.patch +++ libvirt-0.7.5/debian/patches/9015-autodetect-nc-params.patch @@ -0,0 +1,63 @@ +Description: autodetect if the remote nc command supports the -q option +Author: Marc Deslauriers +Origin: other, based on http://hg.fedorahosted.org/hg/virt-manager/rev/1f781890ea4a +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=562176 + +diff -Nur libvirt-0.7.5/src/remote/remote_driver.c libvirt-0.7.5.new/src/remote/remote_driver.c +--- libvirt-0.7.5/src/remote/remote_driver.c 2009-12-22 11:45:39.000000000 -0500 ++++ libvirt-0.7.5.new/src/remote/remote_driver.c 2010-03-03 19:25:48.000000000 -0500 +@@ -730,7 +730,8 @@ + } + + case trans_ssh: { +- int j, nr_args = 6; ++ int j, nr_args = 4; ++ virBuffer cmd_netcat = VIR_BUFFER_INITIALIZER; + + if (username) nr_args += 2; /* For -l username */ + if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */ +@@ -763,12 +764,37 @@ + cmd_argv[j++] = strdup ("none"); + } + cmd_argv[j++] = strdup (priv->hostname); +- cmd_argv[j++] = strdup (netcat ? netcat : "nc"); +- cmd_argv[j++] = strdup ("-U"); +- cmd_argv[j++] = strdup (sockname ? sockname : +- (flags & VIR_CONNECT_RO +- ? LIBVIRTD_PRIV_UNIX_SOCKET_RO +- : LIBVIRTD_PRIV_UNIX_SOCKET)); ++ ++ /* ++ * This ugly thing is a shell script to detect availability of ++ * the -q option for 'nc': debian and suse based distros need this ++ * flag to ensure the remote nc will exit on EOF, so it will go away ++ * when we close the VNC tunnel. If it doesn't go away, subsequent ++ * VNC connection attempts will hang. ++ * ++ * Fedora's 'nc' doesn't have this option, and apparently defaults ++ * to the desired behavior. ++ */ ++ ++ virBufferVSprintf(&cmd_netcat, "%s -q 2>&1 | grep -q 'requires an argument';" ++ "if [ $? -eq 0 ] ; then" ++ " CMD='-q 0';" ++ "else" ++ " CMD='';" ++ "fi;%s $CMD -U %s", ++ netcat ? netcat : "nc", ++ netcat ? netcat : "nc", ++ sockname ? sockname : ++ (flags & VIR_CONNECT_RO ++ ? LIBVIRTD_PRIV_UNIX_SOCKET_RO ++ : LIBVIRTD_PRIV_UNIX_SOCKET)); ++ ++ if (virBufferError(&cmd_netcat)) { ++ virBufferFreeAndReset(&cmd_netcat); ++ goto out_of_memory; ++ } ++ ++ cmd_argv[j++] = virBufferContentAndReset(&cmd_netcat); + cmd_argv[j++] = 0; + assert (j == nr_args); + for (j = 0; j < (nr_args-1); j++) --- libvirt-0.7.5.orig/debian/patches/0001-remove-RHism.diff.patch +++ libvirt-0.7.5/debian/patches/0001-remove-RHism.diff.patch @@ -0,0 +1,22 @@ +From: Guido Guenther +Date: Fri, 7 Mar 2008 09:08:25 +0100 +Subject: [PATCH] remove-RHism.diff + +--- + tools/virsh.pod | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/tools/virsh.pod b/tools/virsh.pod +index ee8cc11..d2458f5 100644 +--- a/tools/virsh.pod ++++ b/tools/virsh.pod +@@ -34,7 +34,7 @@ the program. + + All B operations rely upon the libvirt library. + For any virsh commands to run xend/qemu, or what ever virtual library that libvirt supports. For this reason you should start xend/qemu as a service when your system first boots using xen/qemu. This can usually be done using the command +-B . ++B . + + Most B commands require root privileges to run due to the + communications channels used to talk to the hypervisor. Running as +-- --- libvirt-0.7.5.orig/debian/patches/9011-node_device_driver.patch +++ libvirt-0.7.5/debian/patches/9011-node_device_driver.patch @@ -0,0 +1,29 @@ +Description: Don't free an uninitalized pointer in update_driver_name() + This invalid free results in heap corruption. Some symptoms I saw + because of this were libvirtd crashing and virt-manager hanging + while trying to enumerate devices. +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=338e7c3c8d5b861f3ad376863519f3496736987e +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=556815 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/513544 + +diff -Nur libvirt-0.7.5/src/node_device/node_device_driver.c libvirt-0.7.5.new/src/node_device/node_device_driver.c +--- libvirt-0.7.5/src/node_device/node_device_driver.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/node_device/node_device_driver.c 2010-01-28 08:24:22.765837964 -0600 +@@ -78,7 +78,7 @@ + virNodeDeviceObjPtr dev) + { + char *driver_link = NULL; +- char *devpath; ++ char *devpath = NULL; + char *p; + int ret = -1; + +@@ -114,7 +114,7 @@ + + cleanup: + VIR_FREE(driver_link); +- free(devpath); ++ VIR_FREE(devpath); + return ret; + } + #else --- libvirt-0.7.5.orig/debian/patches/9002-better_default_uri_virsh.patch +++ libvirt-0.7.5/debian/patches/9002-better_default_uri_virsh.patch @@ -0,0 +1,53 @@ +diff -Nur libvirt-0.7.5/tools/Makefile.am libvirt-0.7.5.new/tools/Makefile.am +--- libvirt-0.7.5/tools/Makefile.am 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tools/Makefile.am 2010-01-22 14:44:25.889976145 -0600 +@@ -45,9 +45,11 @@ + -I$(top_srcdir)/gnulib/lib -I../gnulib/lib \ + -I../include -I$(top_srcdir)/include \ + -I$(top_srcdir)/src \ ++ -I$(top_srcdir)/src/remote \ + -I$(top_srcdir)/src/util \ + -DGETTEXT_PACKAGE=\"$(PACKAGE)\" \ + -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ ++ -DLOCAL_STATE_DIR=\""$(localstatedir)"\" \ + $(COVERAGE_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(READLINE_CFLAGS) +diff -Nur libvirt-0.7.5/tools/Makefile.in libvirt-0.7.5.new/tools/Makefile.in +--- libvirt-0.7.5/tools/Makefile.in 2009-12-23 09:17:44.000000000 -0600 ++++ libvirt-0.7.5.new/tools/Makefile.in 2010-01-22 14:44:25.900780145 -0600 +@@ -969,9 +969,11 @@ + -I$(top_srcdir)/gnulib/lib -I../gnulib/lib \ + -I../include -I$(top_srcdir)/include \ + -I$(top_srcdir)/src \ ++ -I$(top_srcdir)/src/remote \ + -I$(top_srcdir)/src/util \ + -DGETTEXT_PACKAGE=\"$(PACKAGE)\" \ + -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ ++ -DLOCAL_STATE_DIR=\""$(localstatedir)"\" \ + $(COVERAGE_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(READLINE_CFLAGS) +diff -Nur libvirt-0.7.5/tools/virsh.c libvirt-0.7.5.new/tools/virsh.c +--- libvirt-0.7.5/tools/virsh.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tools/virsh.c 2010-01-22 14:44:25.889976145 -0600 +@@ -58,6 +58,8 @@ + #define VSH_PROMPT_RW "virsh # " + #define VSH_PROMPT_RO "virsh > " + ++#include "remote_driver.h" ++ + #define GETTIMEOFDAY(T) gettimeofday(T, NULL) + #define DIFF_MSEC(T, U) \ + ((((int) ((T)->tv_sec - (U)->tv_sec)) * 1000000.0 + \ +@@ -8945,6 +8947,10 @@ + + if ((defaultConn = getenv("VIRSH_DEFAULT_CONNECT_URI"))) { + ctl->name = strdup(defaultConn); ++ } else if (!access(LIBVIRTD_PRIV_UNIX_SOCKET, W_OK)) { ++ ctl->name = strdup("qemu:///system"); ++ } else { ++ ctl->name = strdup("qemu:///session"); + } + + if (!vshParseArgv(ctl, argc, argv)) { --- libvirt-0.7.5.orig/debian/patches/9012-dont-crash-on-restart.patch +++ libvirt-0.7.5/debian/patches/9012-dont-crash-on-restart.patch @@ -0,0 +1,33 @@ +Description: Fix a crash when restarting libvirtd. + If you shutdown libvirtd while a domain with PCI devices is running, then try + to restart libvirtd, libvirtd will crash. + . + This happens because qemuUpdateActivePciHostdevs() is calling + pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying to dereference + it. This patch fixes it up so that qemuUpdateActivePciHostdevs() steals the + devices after first Get()'ting them, avoiding the crash. +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=7cc5410bfd78f67300fe0344658e66df6482aa25 + +diff -Nur libvirt-0.7.5/src/qemu/qemu_driver.c libvirt-0.7.5.new/src/qemu/qemu_driver.c +--- libvirt-0.7.5/src/qemu/qemu_driver.c 2010-01-28 08:35:14.467104576 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_driver.c 2010-01-28 08:35:43.735863804 -0600 +@@ -1771,6 +1771,7 @@ + virDomainDefPtr def) + { + pciDeviceList *pcidevs; ++ int i; + int ret = -1; + + if (!def->nhostdevs) +@@ -1779,8 +1780,9 @@ + if (!(pcidevs = qemuGetPciHostDeviceList(NULL, def))) + return -1; + +- while (pciDeviceListCount(pcidevs) > 0) { +- pciDevice *dev = pciDeviceListSteal(NULL, pcidevs, 0); ++ for (i = 0; i < pciDeviceListCount(pcidevs); i++) { ++ pciDevice *dev = pciDeviceListGet(pcidevs, i); ++ pciDeviceListSteal(NULL, pcidevs, dev); + if (pciDeviceListAdd(NULL, + driver->activePciHostdevs, + dev) < 0) { --- libvirt-0.7.5.orig/debian/patches/0010-Use-base-16-for-product-vendor.patch +++ libvirt-0.7.5/debian/patches/0010-Use-base-16-for-product-vendor.patch @@ -0,0 +1,48 @@ +From 3238081efd6212babb45e42bc3fd918d3df939fe Mon Sep 17 00:00:00 2001 +From: Cole Robinson +Date: Tue, 12 Jan 2010 13:39:46 -0500 +Subject: [PATCH] node_device: udev: Use base 16 for product/vendor + +udev doesn't prefix USB product/vendor info with '0x', so the +strtol conversions were wrong for the product field (vendor already +set the correct base). Make the change for PCI product/vendor as +well to be safe. + +This fixes USB device assignment via virt-manager. +--- + src/node_device/node_device_udev.c | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c +index 7a9c1e5..55cfee2 100644 +--- a/src/node_device/node_device_udev.c ++++ b/src/node_device/node_device_udev.c +@@ -457,14 +457,14 @@ static int udevProcessPCI(struct udev_device *device, + if (udevGetUintSysfsAttr(device, + "vendor", + &data->pci_dev.vendor, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + + if (udevGetUintSysfsAttr(device, + "device", + &data->pci_dev.product, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + +@@ -522,7 +522,7 @@ static int udevProcessUSBDevice(struct udev_device *device, + if (udevGetUintProperty(device, + "ID_MODEL_ID", + &data->usb_dev.product, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + +-- +1.6.3.3 + --- libvirt-0.7.5.orig/debian/patches/0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch +++ libvirt-0.7.5/debian/patches/0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch @@ -0,0 +1,181 @@ +From: Daniel P. Berrange +Date: Mon, 18 Jan 2010 16:24:25 +0000 +Subject: [PATCH] Fix QEMU driver custom domain status XML extensions + +Invoking the virConnectGetCapabilities() method causes the QEMU +driver to rebuild its internal capabilities object. Unfortunately +it was forgetting to register the custom domain status XML hooks +again. + +To avoid this kind of error in the future, the code which builds +capabilities is refactored into one single method, which can be +called from all locations, ensuring reliable rebuilds. + +* src/qemu/qemu_driver.c: Fix rebuilding of capabilities XML and + guarentee it is always consistent +--- + src/qemu/qemu_driver.c | 110 +++++++++++++++++++++++------------------------- + 1 files changed, 53 insertions(+), 57 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 9e44b46..0d4833e 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -885,34 +885,6 @@ qemuReconnectDomains(struct qemud_driver *driver) + + + static int +-qemudSecurityCapsInit(virSecurityDriverPtr secdrv, +- virCapsPtr caps) +-{ +- const char *doi, *model; +- +- doi = virSecurityDriverGetDOI(secdrv); +- model = virSecurityDriverGetModel(secdrv); +- +- caps->host.secModel.model = strdup(model); +- if (!caps->host.secModel.model) { +- virReportOOMError(NULL); +- return -1; +- } +- +- caps->host.secModel.doi = strdup(doi); +- if (!caps->host.secModel.doi) { +- virReportOOMError(NULL); +- return -1; +- } +- +- VIR_DEBUG("Initialized caps for security driver \"%s\" with " +- "DOI \"%s\"", model, doi); +- +- return 0; +-} +- +- +-static int + qemudSecurityInit(struct qemud_driver *qemud_drv) + { + int ret; +@@ -933,15 +905,52 @@ qemudSecurityInit(struct qemud_driver *qemud_drv) + qemud_drv->securityDriver = security_drv; + + VIR_INFO("Initialized security driver %s", security_drv->name); +- +- /* +- * Add security policy host caps now that the security driver is +- * initialized. +- */ +- return qemudSecurityCapsInit(security_drv, qemud_drv->caps); ++ return 0; + } + + ++static virCapsPtr ++qemuCreateCapabilities(virCapsPtr oldcaps, ++ virSecurityDriverPtr secDriver) ++{ ++ virCapsPtr caps; ++ ++ /* Basic host arch / guest machine capabilities */ ++ if (!(caps = qemudCapsInit(oldcaps))) { ++ virReportOOMError(NULL); ++ return NULL; ++ } ++ ++ /* Domain XML parser hooks */ ++ caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; ++ caps->privateDataFreeFunc = qemuDomainObjPrivateFree; ++ caps->privateDataXMLFormat = qemuDomainObjPrivateXMLFormat; ++ caps->privateDataXMLParse = qemuDomainObjPrivateXMLParse; ++ ++ ++ /* Security driver data */ ++ if (secDriver) { ++ const char *doi, *model; ++ ++ doi = virSecurityDriverGetDOI(secDriver); ++ model = virSecurityDriverGetModel(secDriver); ++ ++ if (!(caps->host.secModel.model = strdup(model))) ++ goto no_memory; ++ if (!(caps->host.secModel.doi = strdup(doi))) ++ goto no_memory; ++ ++ VIR_DEBUG("Initialized caps for security driver \"%s\" with " ++ "DOI \"%s\"", model, doi); ++ } ++ ++ return caps; ++ ++no_memory: ++ virReportOOMError(NULL); ++ virCapabilitiesFree(caps); ++ return NULL; ++} + + /** + * qemudStartup: +@@ -1067,13 +1076,12 @@ qemudStartup(int privileged) { + virStrerror(-rc, buf, sizeof(buf))); + } + +- if ((qemu_driver->caps = qemudCapsInit(NULL)) == NULL) +- goto out_of_memory; ++ if (qemudSecurityInit(qemu_driver) < 0) ++ goto error; + +- qemu_driver->caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; +- qemu_driver->caps->privateDataFreeFunc = qemuDomainObjPrivateFree; +- qemu_driver->caps->privateDataXMLFormat = qemuDomainObjPrivateXMLFormat; +- qemu_driver->caps->privateDataXMLParse = qemuDomainObjPrivateXMLParse; ++ if ((qemu_driver->caps = qemuCreateCapabilities(NULL, ++ qemu_driver->securityDriver)) == NULL) ++ goto error; + + if ((qemu_driver->activePciHostdevs = pciDeviceListNew(NULL)) == NULL) + goto error; +@@ -1097,10 +1105,6 @@ qemudStartup(int privileged) { + } + } + +- if (qemudSecurityInit(qemu_driver) < 0) { +- goto error; +- } +- + /* If hugetlbfs is present, then we need to create a sub-directory within + * it, since we can't assume the root mount point has permissions that + * will let our spawned QEMU instances use it. +@@ -2859,15 +2863,12 @@ static char *qemudGetCapabilities(virConnectPtr conn) { + char *xml = NULL; + + qemuDriverLock(driver); +- if ((caps = qemudCapsInit(qemu_driver->caps)) == NULL) +- goto no_memory; + +- caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; +- caps->privateDataFreeFunc = qemuDomainObjPrivateFree; +- +- if (qemu_driver->securityDriver && +- qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) +- goto no_memory; ++ if ((caps = qemuCreateCapabilities(qemu_driver->caps, ++ qemu_driver->securityDriver)) == NULL) { ++ virCapabilitiesFree(caps); ++ goto cleanup; ++ } + + virCapabilitiesFree(qemu_driver->caps); + qemu_driver->caps = caps; +@@ -2879,11 +2880,6 @@ cleanup: + qemuDriverUnlock(driver); + + return xml; +- +-no_memory: +- virCapabilitiesFree(caps); +- virReportOOMError(conn); +- goto cleanup; + } + + +-- --- libvirt-0.7.5.orig/debian/patches/9900-CVE-2010-2237-2238-2239.patch +++ libvirt-0.7.5/debian/patches/9900-CVE-2010-2237-2238-2239.patch @@ -0,0 +1,2312 @@ +Description: fix for the following CVEs: + CVE-2010-2237: ignoring defined main disk format when looking up disk backing + stores + CVE-2010-2238: ignoring defined disk backing store format when recursing into + disk image backing stores + CVE-2010-2239: not setting user defined backing store format when creating new + image + + Summary of changes (from upstream commits): + * When QEMU opens a backing store for a QCow2 file, it will + normally auto-probe for the format of the backing store, + rather than assuming it has the same format as the referencing + file. There is a QCow2 extension that allows an explicit format + for the backing store to be embedded in the referencing file. + This closes the auto-probing security hole in QEMU. This backing store + format can be useful for libvirt users of virStorageFileGetMetadata, so + extract this data and report it. Callers of virStorageFileGetMeta need to + be told of the backing store format. If no format is declared, + they can make a decision whether to allow format probing or + not. + * Instead of including a field in FileTypeInfo struct for the + disk format, rely on the array index matching the format. + Use verify() to assert the correct number of elements in the + array. + * The virStorageFileGetMetadataFromFD did two jobs in one. First + it probed for storage type, then it extracted metadata for the + type. It is desirable to be able to separate these jobs, allowing + probing without querying metadata, and querying metadata without + probing. + * Require the disk image to be passed into virStorageFileGetMetadata. + If this is set to VIR_STORAGE_FILE_AUTO, then the format will be + resolved using probing. This makes it easier to control when + probing will be used + * There is duplicated code which iterates over disk backing stores + performing some action. Provide a convenient helper for doing + this to eliminate duplication & risk of mistakes with disk format + probing + * Update the SELinux and AppArmor security drivers over to use the shared + helper API virDomainDiskDefForeachPath(). + * Adjust security driver params + * Disk format probing is now disabled by default. A new config + option in /etc/qemu/qemu.conf will re-enable it for existing + deployments where this causes trouble + * Record a default driver name/type in capabilities struct. Use this + when parsing disks if value is not set in XML config. + * When creating qcow2 files with a backing store, it is important + to set an explicit format to prevent QEMU probing. The storage + backend was only doing this if it found a 'kvm-img' binary. This + is wrong because plenty of kvm-img binaries don't support an + explicit format, and plenty of 'qemu-img' binaries do support + a format. The result was that most qcow2 files were not getting + a backing store format. + +Origin: (sometimes heavily) adapted from upstream git: + 7b91c43bef0348c8cc18037bec5aef668b51fc90 + 66c633413960e869a15062cee8667db51e6c817a + f8d3e740cee4903bd2eef1a072e8190f5e9e92b9 + 7b2c30d0af7938df533b85e948918cfdff2e5f01 + 494b96317334716f846436a5ec485963411cb4a3 + e2ebe4b785eccb930f36f400a22940fa9660a24b + 38d7c5a26e4c12a784619f1ed4fc993d9af82032 + e7db25186de8cb278f2b5f5c51e965129defaa11 + f087f0656f882be305783e24d55921b57fbbcb97 + 6883117e3c6a6cabd760b6e6a468b69ad7b02839 + 8c145200e7fe410cb4fb99b3bbce17fba4a680ca + 8f86eaca4900b9788bf7d877770ac15adf948738 + d01340e796fd86328ed1ecb1788bdaa0b48c8743 + adde0e2cf60f8ad558de40361d9306e5da8ca9ab + 05c9a413364d5ab94117bbd3ae281ad0748d7fbb + +Index: libvirt-0.7.5/src/util/storage_file.c +=================================================================== +--- libvirt-0.7.5.orig/src/util/storage_file.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/util/storage_file.c 2010-09-01 09:42:12.000000000 -0500 +@@ -50,7 +50,6 @@ + + /* Either 'magic' or 'extension' *must* be provided */ + struct FileTypeInfo { +- int type; /* One of the constants above */ + const char *magic; /* Optional string of file magic + * to check at head of file */ + const char *extension; /* Optional file extension to check */ +@@ -70,82 +69,86 @@ + int qcowCryptOffset; /* Byte offset from start of file + * where to find encryption mode, + * -1 if encryption is not used */ +- int (*getBackingStore)(virConnectPtr conn, char **res, ++ int (*getBackingStore)(virConnectPtr conn, char **res, int *format, + const unsigned char *buf, size_t buf_size); + }; + +-static int cowGetBackingStore(virConnectPtr, char **, ++static int cowGetBackingStore(virConnectPtr, char **, int *, + const unsigned char *, size_t); +-static int qcowXGetBackingStore(virConnectPtr, char **, ++static int qcow1GetBackingStore(virConnectPtr, char **, int *, + const unsigned char *, size_t); +-static int vmdk4GetBackingStore(virConnectPtr, char **, ++static int qcow2GetBackingStore(virConnectPtr, char **, int *, ++ const unsigned char *, size_t); ++static int vmdk4GetBackingStore(virConnectPtr, char **, int *, + const unsigned char *, size_t); + + + static struct FileTypeInfo const fileTypeInfo[] = { +- /* Bochs */ +- /* XXX Untested +- { VIR_STORAGE_FILE_BOCHS, "Bochs Virtual HD Image", NULL, +- LV_LITTLE_ENDIAN, 64, 0x20000, +- 32+16+16+4+4+4+4+4, 8, 1, -1, NULL },*/ +- /* CLoop */ +- /* XXX Untested +- { VIR_STORAGE_VOL_CLOOP, "#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", NULL, +- LV_LITTLE_ENDIAN, -1, 0, +- -1, 0, 0, -1, NULL }, */ +- /* Cow */ +- { VIR_STORAGE_FILE_COW, "OOOM", NULL, +- LV_BIG_ENDIAN, 4, 2, +- 4+4+1024+4, 8, 1, -1, cowGetBackingStore }, +- /* DMG */ +- /* XXX QEMU says there's no magic for dmg, but we should check... */ +- { VIR_STORAGE_FILE_DMG, NULL, ".dmg", +- 0, -1, 0, +- -1, 0, 0, -1, NULL }, +- /* XXX there's probably some magic for iso we can validate too... */ +- { VIR_STORAGE_FILE_ISO, NULL, ".iso", +- 0, -1, 0, +- -1, 0, 0, -1, NULL }, +- /* Parallels */ +- /* XXX Untested +- { VIR_STORAGE_FILE_PARALLELS, "WithoutFreeSpace", NULL, +- LV_LITTLE_ENDIAN, 16, 2, +- 16+4+4+4+4, 4, 512, -1, NULL }, +- */ +- /* QCow */ +- { VIR_STORAGE_FILE_QCOW, "QFI", NULL, +- LV_BIG_ENDIAN, 4, 1, +- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcowXGetBackingStore }, +- /* QCow 2 */ +- { VIR_STORAGE_FILE_QCOW2, "QFI", NULL, +- LV_BIG_ENDIAN, 4, 2, +- 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcowXGetBackingStore }, +- /* VMDK 3 */ +- /* XXX Untested +- { VIR_STORAGE_FILE_VMDK, "COWD", NULL, +- LV_LITTLE_ENDIAN, 4, 1, +- 4+4+4, 4, 512, -1, NULL }, +- */ +- /* VMDK 4 */ +- { VIR_STORAGE_FILE_VMDK, "KDMV", NULL, +- LV_LITTLE_ENDIAN, 4, 1, +- 4+4+4, 8, 512, -1, vmdk4GetBackingStore }, +- /* Connectix / VirtualPC */ +- /* XXX Untested +- { VIR_STORAGE_FILE_VPC, "conectix", NULL, +- LV_BIG_ENDIAN, -1, 0, +- -1, 0, 0, -1, NULL}, +- */ ++ [VIR_STORAGE_FILE_RAW] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL }, ++ [VIR_STORAGE_FILE_DIR] = { NULL, NULL, LV_LITTLE_ENDIAN, -1, 0, 0, 0, 0, 0, NULL }, ++ [VIR_STORAGE_FILE_BOCHS] = { ++ /*"Bochs Virtual HD Image", */ /* Untested */ NULL, ++ NULL, ++ LV_LITTLE_ENDIAN, 64, 0x20000, ++ 32+16+16+4+4+4+4+4, 8, 1, -1, NULL ++ }, ++ [VIR_STORAGE_FILE_CLOOP] = { ++ /*"#!/bin/sh\n#V2.0 Format\nmodprobe cloop file=$0 && mount -r -t iso9660 /dev/cloop $1\n", */ /* Untested */ NULL, ++ NULL, ++ LV_LITTLE_ENDIAN, -1, 0, ++ -1, 0, 0, -1, NULL ++ }, ++ [VIR_STORAGE_FILE_COW] = { ++ "OOOM", NULL, ++ LV_BIG_ENDIAN, 4, 2, ++ 4+4+1024+4, 8, 1, -1, cowGetBackingStore ++ }, ++ [VIR_STORAGE_FILE_DMG] = { ++ NULL, /* XXX QEMU says there's no magic for dmg, but we should check... */ ++ ".dmg", ++ 0, -1, 0, ++ -1, 0, 0, -1, NULL ++ }, ++ [VIR_STORAGE_FILE_ISO] = { ++ NULL, /* XXX there's probably some magic for iso we can validate too... */ ++ ".iso", ++ 0, -1, 0, ++ -1, 0, 0, -1, NULL ++ }, ++ [VIR_STORAGE_FILE_QCOW] = { ++ "QFI", NULL, ++ LV_BIG_ENDIAN, 4, 1, ++ 4+4+8+4+4, 8, 1, 4+4+8+4+4+8+1+1+2, qcow1GetBackingStore ++ }, ++ [VIR_STORAGE_FILE_QCOW2] = { ++ "QFI", NULL, ++ LV_BIG_ENDIAN, 4, 2, ++ 4+4+8+4+4, 8, 1, 4+4+8+4+4+8, qcow2GetBackingStore ++ }, ++ [VIR_STORAGE_FILE_VMDK] = { ++ "KDMV", NULL, ++ LV_LITTLE_ENDIAN, 4, 1, ++ 4+4+4, 8, 512, -1, vmdk4GetBackingStore ++ }, ++ [VIR_STORAGE_FILE_VPC] = { ++ "conectix", NULL, ++ LV_BIG_ENDIAN, 12, 0x10000, ++ 8 + 4 + 4 + 8 + 4 + 4 + 2 + 2 + 4, 8, 1, -1, NULL ++ }, + }; ++verify(ARRAY_CARDINALITY(fileTypeInfo) == VIR_STORAGE_FILE_LAST); + + static int + cowGetBackingStore(virConnectPtr conn, + char **res, ++ int *format, + const unsigned char *buf, + size_t buf_size) + { + #define COW_FILENAME_MAXLEN 1024 + *res = NULL; ++ *format = VIR_STORAGE_FILE_AUTO; ++ + if (buf_size < 4+4+ COW_FILENAME_MAXLEN) + return BACKING_STORE_INVALID; + if (buf[4+4] == '\0') /* cow_header_v2.backing_file[0] */ +@@ -159,32 +162,100 @@ + return BACKING_STORE_OK; + } + ++ ++#define QCOWX_HDR_BACKING_FILE_OFFSET 4+4 ++#define QCOWX_HDR_BACKING_FILE_SIZE 4+4+8 ++ ++#define QCOW2_HDR_TOTAL_SIZE 4+4+8+4+4+8+4+4+8+8+4+4+8 ++#define QCOW2_HDR_EXTENSION_END 0 ++#define QCOW2_HDR_EXTENSION_BACKING_FORMAT 0xE2792ACA ++ ++static int ++qcow2GetBackingStoreFormat(int *format, ++ const unsigned char *buf, ++ size_t buf_size, ++ size_t extension_start, ++ size_t extension_end) ++{ ++ size_t offset = extension_start; ++ ++ /* ++ * The extensions take format of ++ * ++ * int32: magic ++ * int32: length ++ * byte[length]: payload ++ * ++ * Unknown extensions can be ignored by skipping ++ * over "length" bytes in the data stream. ++ */ ++ while (offset < (buf_size-8) && ++ offset < (extension_end-8)) { ++ int magic = (buf[offset] << 24) + ++ (buf[offset+1] << 16) + ++ (buf[offset+2] << 8) + ++ (buf[offset+3]); ++ int len = (buf[offset+4] << 24) + ++ (buf[offset+5] << 16) + ++ (buf[offset+6] << 8) + ++ (buf[offset+7]); ++ ++ offset += 8; ++ if ((offset + len) > buf_size) ++ break; ++ ++ switch (magic) { ++ case QCOW2_HDR_EXTENSION_END: ++ goto done; ++ ++ case QCOW2_HDR_EXTENSION_BACKING_FORMAT: ++ if (buf[offset+len] != '\0') ++ break; ++ *format = virStorageFileFormatTypeFromString( ++ ((const char *)buf)+offset); ++ break; ++ } ++ ++ offset += len; ++ } ++ ++done: ++ ++ return 0; ++} ++ ++ + static int + qcowXGetBackingStore(virConnectPtr conn, + char **res, ++ int *format, + const unsigned char *buf, +- size_t buf_size) ++ size_t buf_size, ++ bool isQCow2) + { + unsigned long long offset; + unsigned long size; + + *res = NULL; +- if (buf_size < 4+4+8+4) ++ if (format) ++ *format = VIR_STORAGE_FILE_AUTO; ++ ++ if (buf_size < QCOWX_HDR_BACKING_FILE_OFFSET+8+4) + return BACKING_STORE_INVALID; +- offset = (((unsigned long long)buf[4+4] << 56) +- | ((unsigned long long)buf[4+4+1] << 48) +- | ((unsigned long long)buf[4+4+2] << 40) +- | ((unsigned long long)buf[4+4+3] << 32) +- | ((unsigned long long)buf[4+4+4] << 24) +- | ((unsigned long long)buf[4+4+5] << 16) +- | ((unsigned long long)buf[4+4+6] << 8) +- | buf[4+4+7]); /* QCowHeader.backing_file_offset */ ++ offset = (((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET] << 56) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+1] << 48) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+2] << 40) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+3] << 32) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+4] << 24) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+5] << 16) ++ | ((unsigned long long)buf[QCOWX_HDR_BACKING_FILE_OFFSET+6] << 8) ++ | buf[QCOWX_HDR_BACKING_FILE_OFFSET+7]); /* QCowHeader.backing_file_offset */ + if (offset > buf_size) + return BACKING_STORE_INVALID; +- size = ((buf[4+4+8] << 24) +- | (buf[4+4+8+1] << 16) +- | (buf[4+4+8+2] << 8) +- | buf[4+4+8+3]); /* QCowHeader.backing_file_size */ ++ size = ((buf[QCOWX_HDR_BACKING_FILE_SIZE] << 24) ++ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+1] << 16) ++ | (buf[QCOWX_HDR_BACKING_FILE_SIZE+2] << 8) ++ | buf[QCOWX_HDR_BACKING_FILE_SIZE+3]); /* QCowHeader.backing_file_size */ + if (size == 0) + return BACKING_STORE_OK; + if (offset + size > buf_size || offset + size < offset) +@@ -197,13 +268,66 @@ + } + memcpy(*res, buf + offset, size); + (*res)[size] = '\0'; ++ ++ /* ++ * Traditionally QCow2 files had a layout of ++ * ++ * [header] ++ * [backingStoreName] ++ * ++ * Although the backingStoreName typically followed ++ * the header immediately, this was not required by ++ * the format. By specifying a higher byte offset for ++ * the backing file offset in the header, it was ++ * possible to leave space between the header and ++ * start of backingStore. ++ * ++ * This hack is now used to store extensions to the ++ * qcow2 format: ++ * ++ * [header] ++ * [extensions] ++ * [backingStoreName] ++ * ++ * Thus the file region to search for extensions is ++ * between the end of the header (QCOW2_HDR_TOTAL_SIZE) ++ * and the start of the backingStoreName (offset) ++ */ ++ if (isQCow2) ++ qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset); ++ + return BACKING_STORE_OK; + } + + + static int ++qcow1GetBackingStore(virConnectPtr conn, ++ char **res, ++ int *format, ++ const unsigned char *buf, ++ size_t buf_size) ++{ ++ /* QCow1 doesn't have the extensions capability ++ * used to store backing format */ ++ *format = VIR_STORAGE_FILE_AUTO; ++ return qcowXGetBackingStore(conn, res, NULL, buf, buf_size, false); ++} ++ ++static int ++qcow2GetBackingStore(virConnectPtr conn, ++ char **res, ++ int *format, ++ const unsigned char *buf, ++ size_t buf_size) ++{ ++ return qcowXGetBackingStore(conn, res, format, buf, buf_size, true); ++} ++ ++ ++static int + vmdk4GetBackingStore(virConnectPtr conn, + char **res, ++ int *format, + const unsigned char *buf, + size_t buf_size) + { +@@ -213,6 +337,12 @@ + size_t len; + + *res = NULL; ++ /* XXX should we set VMDK instead ? QEMU does auto ++ * probing, but this isn't in compliance with the ++ * VMDK spec/VMWare impl which presumes only VMDK ++ * backing format ++ */ ++ *format = VIR_STORAGE_FILE_AUTO; + + if (buf_size <= 0x200) + return BACKING_STORE_INVALID; +@@ -269,144 +399,319 @@ + return res; + } + +-/** +- * Probe the header of a file to determine what type of disk image +- * it is, and info about its capacity if available. +- */ +-int +-virStorageFileGetMetadataFromFD(virConnectPtr conn, +- const char *path, +- int fd, +- virStorageFileMetadata *meta) ++ ++static int ++virStorageFileMatchesMagic(int format, ++ unsigned char *buf, ++ size_t buflen) + { +- unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */ +- int len, i; ++ int mlen; + +- /* If all else fails, call it a raw file */ +- meta->format = VIR_STORAGE_FILE_RAW; ++ if (fileTypeInfo[format].magic == NULL) ++ return 0; + +- if ((len = read(fd, head, sizeof(head))) < 0) { +- virReportSystemError(conn, errno, _("cannot read header '%s'"), path); +- return -1; ++ /* Validate magic data */ ++ mlen = strlen(fileTypeInfo[format].magic); ++ if (mlen > buflen) ++ return 0; ++ ++ if (memcmp(buf, fileTypeInfo[format].magic, mlen) != 0) ++ return 0; ++ ++ return 1; ++} ++ ++ ++static int ++virStorageFileMatchesExtension(int format, ++ const char *path) ++{ ++ if (fileTypeInfo[format].extension == NULL) ++ return 0; ++ ++ if (virFileHasSuffix(path, fileTypeInfo[format].extension)) ++ return 1; ++ ++ return 0; ++} ++ ++ ++static int ++virStorageFileMatchesVersion(int format, ++ unsigned char *buf, ++ size_t buflen) ++{ ++ int version; ++ ++ /* Validate version number info */ ++ if (fileTypeInfo[format].versionOffset == -1) ++ return 0; ++ ++ if ((fileTypeInfo[format].versionOffset + 4) > buflen) ++ return 0; ++ ++ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) { ++ version = ++ (buf[fileTypeInfo[format].versionOffset+3] << 24) | ++ (buf[fileTypeInfo[format].versionOffset+2] << 16) | ++ (buf[fileTypeInfo[format].versionOffset+1] << 8) | ++ (buf[fileTypeInfo[format].versionOffset]); ++ } else { ++ version = ++ (buf[fileTypeInfo[format].versionOffset] << 24) | ++ (buf[fileTypeInfo[format].versionOffset+1] << 16) | ++ (buf[fileTypeInfo[format].versionOffset+2] << 8) | ++ (buf[fileTypeInfo[format].versionOffset+3]); + } ++ if (version != fileTypeInfo[format].versionNumber) ++ return 0; + +- /* First check file magic */ +- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) { +- int mlen; ++ return 1; ++} + +- if (fileTypeInfo[i].magic == NULL) +- continue; + +- /* Validate magic data */ +- mlen = strlen(fileTypeInfo[i].magic); +- if (mlen > len) +- continue; +- if (memcmp(head, fileTypeInfo[i].magic, mlen) != 0) +- continue; +- +- /* Validate version number info */ +- if (fileTypeInfo[i].versionNumber != -1) { +- int version; +- +- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) { +- version = (head[fileTypeInfo[i].versionOffset+3] << 24) | +- (head[fileTypeInfo[i].versionOffset+2] << 16) | +- (head[fileTypeInfo[i].versionOffset+1] << 8) | +- head[fileTypeInfo[i].versionOffset]; +- } else { +- version = (head[fileTypeInfo[i].versionOffset] << 24) | +- (head[fileTypeInfo[i].versionOffset+1] << 16) | +- (head[fileTypeInfo[i].versionOffset+2] << 8) | +- head[fileTypeInfo[i].versionOffset+3]; +- } +- if (version != fileTypeInfo[i].versionNumber) +- continue; +- } ++static int ++virStorageFileGetMetadataFromBuf(virConnectPtr conn, ++ int format, ++ const char *path, ++ unsigned char *buf, ++ size_t buflen, ++ virStorageFileMetadata *meta) ++{ ++ /* XXX we should consider moving virStorageBackendUpdateVolInfo ++ * code into this method, for non-magic files ++ */ ++ if (!fileTypeInfo[format].magic) { ++ return 0; ++ } + +- /* Optionally extract capacity from file */ +- if (fileTypeInfo[i].sizeOffset != -1) { +- if (fileTypeInfo[i].endian == LV_LITTLE_ENDIAN) { +- meta->capacity = +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7] << 56) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 48) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 40) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 32) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 24) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 16) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 8) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset]); +- } else { +- meta->capacity = +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset] << 56) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+1] << 48) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+2] << 40) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+3] << 32) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+4] << 24) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+5] << 16) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+6] << 8) | +- ((unsigned long long)head[fileTypeInfo[i].sizeOffset+7]); +- } +- /* Avoid unlikely, but theoretically possible overflow */ +- if (meta->capacity > (ULLONG_MAX / fileTypeInfo[i].sizeMultiplier)) +- continue; +- meta->capacity *= fileTypeInfo[i].sizeMultiplier; ++ /* Optionally extract capacity from file */ ++ if (fileTypeInfo[format].sizeOffset != -1) { ++ if ((fileTypeInfo[format].sizeOffset + 8) > buflen) ++ return 1; ++ ++ if (fileTypeInfo[format].endian == LV_LITTLE_ENDIAN) { ++ meta->capacity = ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7] << 56) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 48) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 40) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 32) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 24) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 16) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 8) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset]); ++ } else { ++ meta->capacity = ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset] << 56) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+1] << 48) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+2] << 40) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+3] << 32) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+4] << 24) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+5] << 16) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+6] << 8) | ++ ((unsigned long long)buf[fileTypeInfo[format].sizeOffset+7]); + } ++ /* Avoid unlikely, but theoretically possible overflow */ ++ if (meta->capacity > (ULLONG_MAX / fileTypeInfo[format].sizeMultiplier)) ++ return 1; ++ meta->capacity *= fileTypeInfo[format].sizeMultiplier; ++ } ++ ++ if (fileTypeInfo[format].qcowCryptOffset != -1) { ++ int crypt_format; + +- if (fileTypeInfo[i].qcowCryptOffset != -1) { +- int crypt_format; ++ crypt_format = ++ (buf[fileTypeInfo[format].qcowCryptOffset] << 24) | ++ (buf[fileTypeInfo[format].qcowCryptOffset+1] << 16) | ++ (buf[fileTypeInfo[format].qcowCryptOffset+2] << 8) | ++ (buf[fileTypeInfo[format].qcowCryptOffset+3]); ++ meta->encrypted = crypt_format != 0; ++ } + +- crypt_format = (head[fileTypeInfo[i].qcowCryptOffset] << 24) | +- (head[fileTypeInfo[i].qcowCryptOffset+1] << 16) | +- (head[fileTypeInfo[i].qcowCryptOffset+2] << 8) | +- head[fileTypeInfo[i].qcowCryptOffset+3]; +- meta->encrypted = crypt_format != 0; ++ if (fileTypeInfo[format].getBackingStore != NULL) { ++ char *backing; ++ int backingFormat; ++ int ret = fileTypeInfo[format].getBackingStore(conn, &backing, ++ &backingFormat, ++ buf, buflen); ++ if (ret == BACKING_STORE_INVALID) ++ return 1; ++ ++ if (ret == BACKING_STORE_ERROR) ++ return -1; ++ ++ if (backing != NULL) { ++ meta->backingStore = absolutePathFromBaseFile(path, backing); ++ VIR_FREE(backing); ++ if (meta->backingStore == NULL) { ++ virReportOOMError(NULL); ++ return -1; ++ } ++ meta->backingStoreFormat = backingFormat; ++ } else { ++ meta->backingStore = NULL; ++ meta->backingStoreFormat = VIR_STORAGE_FILE_AUTO; + } ++ } + +- /* Validation passed, we know the file format now */ +- meta->format = fileTypeInfo[i].type; +- if (fileTypeInfo[i].getBackingStore != NULL) { +- char *base; ++ return 0; ++} + +- switch (fileTypeInfo[i].getBackingStore(conn, &base, head, len)) { +- case BACKING_STORE_OK: +- break; + +- case BACKING_STORE_INVALID: +- continue; ++static int ++virStorageFileProbeFormatFromBuf(const char *path, ++ unsigned char *buf, ++ size_t buflen) ++{ ++ int format = VIR_STORAGE_FILE_RAW; ++ int i; + +- case BACKING_STORE_ERROR: +- return -1; +- } +- if (base != NULL) { +- meta->backingStore = absolutePathFromBaseFile(path, base); +- VIR_FREE(base); +- if (meta->backingStore == NULL) { +- virReportOOMError(conn); +- return -1; +- } +- } ++ /* First check file magic */ ++ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) { ++ if (virStorageFileMatchesMagic(i, buf, buflen) && ++ virStorageFileMatchesVersion(i, buf, buflen)) { ++ format = i; ++ goto cleanup; + } +- return 0; + } + + /* No magic, so check file extension */ +- for (i = 0 ; i < ARRAY_CARDINALITY(fileTypeInfo) ; i++) { +- if (fileTypeInfo[i].extension == NULL) +- continue; ++ for (i = 0 ; i < VIR_STORAGE_FILE_LAST ; i++) { ++ if (virStorageFileMatchesExtension(i, path)) { ++ format = i; ++ goto cleanup; ++ } ++ } + +- if (!virFileHasSuffix(path, fileTypeInfo[i].extension)) +- continue; ++cleanup: ++ return format; ++} + +- meta->format = fileTypeInfo[i].type; +- return 0; ++ ++/** ++ * virStorageFileProbeFormatFromFD: ++ * ++ * Probe for the format of 'fd' (which is an open file descriptor ++ * pointing to 'path'), returning the detected disk format. ++ * ++ * Callers are advised never to trust the returned 'format' ++ * unless it is listed as VIR_STORAGE_FILE_RAW, since a ++ * malicious guest can turn a file into any other non-raw ++ * format at will. ++ * ++ * Best option: Don't use this function ++ */ ++ ++int ++virStorageFileProbeFormatFromFD(virConnectPtr conn, const char *path, int fd) ++{ ++ unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */ ++ int len; ++ ++ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { ++ virReportSystemError(conn, errno, _("cannot set to start of '%s'"), path); ++ return -1; + } + +- return 0; ++ if ((len = read(fd, head, sizeof(head))) < 0) { ++ virReportSystemError(conn, errno, _("cannot read header '%s'"), path); ++ return -1; ++ } ++ ++ return virStorageFileProbeFormatFromBuf(path, head, len); + } + ++/** ++ * virStorageFileProbeFormat: ++ * ++ * Probe for the format of 'path', returning the detected ++ * disk format. ++ * ++ * Callers are advised never to trust the returned 'format' ++ * unless it is listed as VIR_STORAGE_FILE_RAW, since a ++ * malicious guest can turn a file into any other non-raw ++ * format at will. ++ * ++ * Best option: Don't use this function ++ */ ++int ++virStorageFileProbeFormat(virConnectPtr conn, const char *path) ++{ ++ int fd, ret; ++ ++ if ((fd = open(path, O_RDONLY)) < 0) { ++ virReportSystemError(conn, errno, _("cannot open file '%s'"), path); ++ return -1; ++ } ++ ++ ret = virStorageFileProbeFormatFromFD(conn, path, fd); ++ ++ close(fd); ++ ++ return ret; ++} ++ ++/** ++ * virStorageFileGetMetadataFromFD: ++ * ++ * Probe for the format of 'fd' (which is an open file descriptor ++ * for the file 'path'), filling 'meta' with the detected ++ * format and other associated metadata. ++ * ++ * Callers are advised never to trust the returned 'meta->format' ++ * unless it is listed as VIR_STORAGE_FILE_RAW, since a ++ * malicious guest can turn a file into any other non-raw ++ * format at will. ++ */ ++int ++virStorageFileGetMetadataFromFD(virConnectPtr conn, ++ const char *path, ++ int fd, ++ int format, ++ virStorageFileMetadata *meta) ++{ ++ unsigned char head[20*512]; /* vmdk4GetBackingStore needs this much. */ ++ int len; ++ ++ memset(meta, 0, sizeof (*meta)); ++ ++ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) { ++ virReportSystemError(conn, errno, _("cannot set to start of '%s'"), path); ++ return -1; ++ } ++ ++ if ((len = read(fd, head, sizeof(head))) < 0) { ++ virReportSystemError(conn, errno, _("cannot read header '%s'"), path); ++ return -1; ++ } ++ ++ if (format == VIR_STORAGE_FILE_AUTO) ++ format = virStorageFileProbeFormatFromBuf(path, head, len); ++ ++ if (format < 0 || ++ format >= VIR_STORAGE_FILE_LAST) { ++ virReportSystemError(conn, EINVAL, _("unknown storage file format %d"), format); ++ return -1; ++ } ++ ++ return virStorageFileGetMetadataFromBuf(conn, format, path, head, len, meta); ++} ++ ++/** ++ * virStorageFileGetMetadata: ++ * ++ * Probe for the format of 'path', filling 'meta' with the detected ++ * format and other associated metadata. ++ * ++ * Callers are advised never to trust the returned 'meta->format' ++ * unless it is listed as VIR_STORAGE_FILE_RAW, since a ++ * malicious guest can turn a file into any other non-raw ++ * format at will. ++ */ + int + virStorageFileGetMetadata(virConnectPtr conn, + const char *path, ++ int format, + virStorageFileMetadata *meta) + { + int fd, ret; +@@ -416,7 +721,7 @@ + return -1; + } + +- ret = virStorageFileGetMetadataFromFD(conn, path, fd, meta); ++ ret = virStorageFileGetMetadataFromFD(conn, path, fd, format, meta); + + close(fd); + +Index: libvirt-0.7.5/src/util/storage_file.h +=================================================================== +--- libvirt-0.7.5.orig/src/util/storage_file.h 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/util/storage_file.h 2010-09-01 09:42:12.000000000 -0500 +@@ -28,6 +28,7 @@ + #include + + enum virStorageFileFormat { ++ VIR_STORAGE_FILE_AUTO = -1, + VIR_STORAGE_FILE_RAW = 0, + VIR_STORAGE_FILE_DIR, + VIR_STORAGE_FILE_BOCHS, +@@ -45,18 +46,25 @@ + VIR_ENUM_DECL(virStorageFileFormat); + + typedef struct _virStorageFileMetadata { +- int format; + char *backingStore; ++ int backingStoreFormat; + unsigned long long capacity; + bool encrypted; + } virStorageFileMetadata; + ++int virStorageFileProbeFormat(virConnectPtr conn, const char *path); ++int virStorageFileProbeFormatFromFD(virConnectPtr conn, ++ const char *path, ++ int fd); ++ + int virStorageFileGetMetadata(virConnectPtr conn, + const char *path, ++ int format, + virStorageFileMetadata *meta); + int virStorageFileGetMetadataFromFD(virConnectPtr conn, + const char *path, + int fd, ++ int format, + virStorageFileMetadata *meta); + + #endif /* __VIR_STORAGE_FILE_H__ */ +Index: libvirt-0.7.5/src/libvirt_private.syms +=================================================================== +--- libvirt-0.7.5.orig/src/libvirt_private.syms 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/libvirt_private.syms 2010-09-01 09:42:12.000000000 -0500 +@@ -174,6 +174,7 @@ + virDomainObjListDeinit; + virDomainObjRef; + virDomainObjUnref; ++virDomainDiskDefForeachPath; + + + # domain_event.h +@@ -460,6 +461,7 @@ + virSecurityDriverInit; + virSecurityDriverSetDOI; + virSecurityDriverGetDOI; ++virSecurityDriverGetAllowDiskFormatProbing; + virSecurityDriverGetModel; + + +@@ -507,6 +509,8 @@ + # storage_file.h + virStorageFileFormatTypeToString; + virStorageFileFormatTypeFromString; ++virStorageFileProbeFormat; ++virStorageFileProbeFormatFromFD; + virStorageFileGetMetadata; + virStorageFileGetMetadataFromFD; + +Index: libvirt-0.7.5/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/qemu_driver.c 2010-09-01 09:42:12.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/qemu_driver.c 2010-09-01 09:42:12.000000000 -0500 +@@ -851,7 +851,9 @@ + if (obj->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + driver->securityDriver && + driver->securityDriver->domainReserveSecurityLabel && +- driver->securityDriver->domainReserveSecurityLabel(NULL, obj) < 0) ++ driver->securityDriver->domainReserveSecurityLabel(NULL, ++ driver->securityDriver, ++ obj) < 0) + goto error; + + if (obj->def->id >= driver->nextvmid) +@@ -891,7 +893,8 @@ + virSecurityDriverPtr security_drv; + + ret = virSecurityDriverStartup(&security_drv, +- qemud_drv->securityDriverName); ++ qemud_drv->securityDriverName, ++ qemud_drv->allowDiskFormatProbing); + if (ret == -1) { + VIR_ERROR0(_("Failed to start security driver")); + return -1; +@@ -921,6 +924,14 @@ + return NULL; + } + ++ if (secDriver && virSecurityDriverGetAllowDiskFormatProbing(secDriver)) { ++ caps->defaultDiskDriverName = NULL; ++ caps->defaultDiskDriverType = NULL; ++ } else { ++ caps->defaultDiskDriverName = "qemu"; ++ caps->defaultDiskDriverType = "raw"; ++ } ++ + /* Domain XML parser hooks */ + caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; + caps->privateDataFreeFunc = qemuDomainObjPrivateFree; +@@ -2391,7 +2402,9 @@ + if (vm->def->seclabel.type == VIR_DOMAIN_SECLABEL_DYNAMIC && + driver->securityDriver && + driver->securityDriver->domainGenSecurityLabel && +- driver->securityDriver->domainGenSecurityLabel(conn, vm) < 0) ++ driver->securityDriver->domainGenSecurityLabel(conn, ++ driver->securityDriver, ++ vm) < 0) + return -1; + + /* Ensure no historical cgroup for this VM is lieing around bogus settings */ +@@ -3736,7 +3749,9 @@ + + if (driver->securityDriver && + driver->securityDriver->domainSetSavedStateLabel && +- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1) ++ driver->securityDriver->domainSetSavedStateLabel(dom->conn, ++ driver->securityDriver, ++ vm, path) == -1) + goto endjob; + + if (header.compressed == QEMUD_SAVE_FORMAT_RAW) { +@@ -3771,7 +3786,9 @@ + + if (driver->securityDriver && + driver->securityDriver->domainRestoreSavedStateLabel && +- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1) ++ driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, ++ driver->securityDriver, ++ path) == -1) + goto endjob; + + ret = 0; +@@ -3866,7 +3883,9 @@ + + if (driver->securityDriver && + driver->securityDriver->domainSetSavedStateLabel && +- driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1) ++ driver->securityDriver->domainSetSavedStateLabel(dom->conn, ++ driver->securityDriver, ++ vm, path) == -1) + goto endjob; + + /* Migrate will always stop the VM, so the resume condition is +@@ -3901,7 +3920,9 @@ + + if (driver->securityDriver && + driver->securityDriver->domainRestoreSavedStateLabel && +- driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1) ++ driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, ++ driver->securityDriver, ++ path) == -1) + goto endjob; + + endjob: +@@ -5386,7 +5408,9 @@ + if (qemuDomainSetDeviceOwnership(conn, driver, dev, 0) < 0) + return -1; + if (driver->securityDriver && +- driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, dev->data.hostdev) < 0) ++ driver->securityDriver->domainSetSecurityHostdevLabel(conn, ++ driver->securityDriver, ++ vm, dev->data.hostdev) < 0) + return -1; + + switch (hostdev->source.subsys.type) { +@@ -5463,7 +5487,9 @@ + case VIR_DOMAIN_DISK_DEVICE_CDROM: + case VIR_DOMAIN_DISK_DEVICE_FLOPPY: + if (driver->securityDriver) +- driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk); ++ driver->securityDriver->domainSetSecurityImageLabel(dom->conn, ++ driver->securityDriver, ++ vm, dev->data.disk); + + if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 0) < 0) + goto endjob; +@@ -5473,7 +5499,9 @@ + + case VIR_DOMAIN_DISK_DEVICE_DISK: + if (driver->securityDriver) +- driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk); ++ driver->securityDriver->domainSetSecurityImageLabel(dom->conn, ++ driver->securityDriver, ++ vm, dev->data.disk); + + if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 0) < 0) + goto endjob; +@@ -5789,7 +5817,9 @@ + } + + if (driver->securityDriver && +- driver->securityDriver->domainSetSecurityHostdevLabel(conn, vm, dev->data.hostdev) < 0) ++ driver->securityDriver->domainSetSecurityHostdevLabel(conn, ++ driver->securityDriver, ++ vm, dev->data.hostdev) < 0) + VIR_WARN0("Failed to restore device labelling"); + + if (qemuDomainSetDeviceOwnership(conn, driver, dev, 1) < 0) +@@ -5836,7 +5866,9 @@ + dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_VIRTIO)) { + ret = qemudDomainDetachPciDiskDevice(dom->conn, driver, vm, dev); + if (driver->securityDriver) +- driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, vm, dev->data.disk); ++ driver->securityDriver->domainRestoreSecurityImageLabel(dom->conn, ++ driver->securityDriver, ++ vm, dev->data.disk); + if (qemuDomainSetDeviceOwnership(dom->conn, driver, dev, 1) < 0) + VIR_WARN0("Fail to restore disk device ownership"); + } else if (dev->type == VIR_DOMAIN_DEVICE_NET) { +Index: libvirt-0.7.5/src/security/security_selinux.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/security_selinux.c 2010-09-01 09:42:11.000000000 -0500 ++++ libvirt-0.7.5/src/security/security_selinux.c 2010-09-01 09:42:12.000000000 -0500 +@@ -157,6 +157,7 @@ + + static int + SELinuxGenSecurityLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm) + { + int rc = -1; +@@ -219,6 +220,7 @@ + + static int + SELinuxReserveSecurityLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm) + { + security_context_t pctx; +@@ -260,13 +262,15 @@ + } + + static int +-SELinuxSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv) ++SELinuxSecurityDriverOpen(virConnectPtr conn ATTRIBUTE_UNUSED, ++ virSecurityDriverPtr drv, ++ bool allowDiskFormatProbing) + { + /* + * Where will the DOI come from? SELinux configuration, or qemu + * configuration? For the moment, we'll just set it to "0". + */ +- virSecurityDriverSetDOI(conn, drv, SECURITY_SELINUX_VOID_DOI); ++ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing); + return SELinuxInitialize(conn); + } + +@@ -376,6 +380,7 @@ + + static int + SELinuxRestoreSecurityImageLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainDiskDefPtr disk) + { +@@ -397,52 +402,45 @@ + } + + static int ++SELinuxSetSecurityFileLabel(virDomainDiskDefPtr disk, ++ const char *path, ++ unsigned int depth, ++ void *opaque) ++{ ++ const virSecurityLabelDefPtr secdef = opaque; ++ ++ if (depth == 0) { ++ if (disk->shared) { ++ return SELinuxSetFilecon(path, default_image_context); ++ } else if (disk->readonly) { ++ return SELinuxSetFilecon(path, default_content_context); ++ } else if (secdef->imagelabel) { ++ return SELinuxSetFilecon(path, secdef->imagelabel); ++ } else { ++ return 0; ++ } ++ } else { ++ return SELinuxSetFilecon(path, default_content_context); ++ } ++} ++ ++static int + SELinuxSetSecurityImageLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + virDomainDiskDefPtr disk) + + { + const virSecurityLabelDefPtr secdef = &vm->def->seclabel; +- const char *path; +- +- if (!disk->src) +- return 0; +- +- path = disk->src; +- do { +- virStorageFileMetadata meta; +- int ret; ++ bool allowDiskFormatProbing = virSecurityDriverGetAllowDiskFormatProbing(drv); + +- memset(&meta, 0, sizeof(meta)); +- +- ret = virStorageFileGetMetadata(conn, path, &meta); +- +- if (path != disk->src) +- VIR_FREE(path); +- path = NULL; +- +- if (ret < 0) +- return -1; +- +- if (meta.backingStore != NULL && +- SELinuxSetFilecon(conn, meta.backingStore, +- default_content_context) < 0) { +- VIR_FREE(meta.backingStore); +- return -1; +- } +- +- path = meta.backingStore; +- } while (path != NULL); +- +- if (disk->shared) { +- return SELinuxSetFilecon(conn, disk->src, default_image_context); +- } else if (disk->readonly) { +- return SELinuxSetFilecon(conn, disk->src, default_content_context); +- } else if (secdef->imagelabel) { +- return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel); +- } +- +- return 0; ++ return virDomainDiskDefForeachPath(conn, ++ disk, ++ true, ++ allowDiskFormatProbing, ++ false, ++ (virDomainDiskDefPathIterator) SELinuxSetSecurityFileLabel, ++ secdef); + } + + +@@ -470,6 +468,7 @@ + + static int + SELinuxSetSecurityHostdevLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm, + virDomainHostdevDefPtr dev) + +@@ -541,6 +540,7 @@ + + static int + SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainHostdevDefPtr dev) + + { +@@ -626,6 +626,7 @@ + + static int + SELinuxSetSavedStateLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm, + const char *savefile) + { +@@ -637,6 +638,7 @@ + + static int + SELinuxRestoreSavedStateLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + const char *savefile) + { + return SELinuxRestoreSecurityFileLabel(conn, savefile); +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-09-01 09:42:12.000000000 -0500 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-09-01 09:51:39.000000000 -0500 +@@ -36,11 +36,11 @@ + #include "uuid.h" + #include "hostusb.h" + #include "pci.h" +-#include "storage_file.h" + + static char *progname; + + typedef struct { ++ bool allowDiskFormatProbing; + char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */ + bool dryrun; /* dry run */ + char cmd; /* 'c' create +@@ -803,6 +803,31 @@ + } + + static int ++add_file_path(virDomainDiskDefPtr disk, ++ const char *path, ++ size_t depth, ++ void *opaque) ++{ ++ virBufferPtr buf = opaque; ++ int ret; ++ ++ if (depth == 0) { ++ if (disk->readonly) ++ ret = vah_add_file(buf, path, "r"); ++ else ++ ret = vah_add_file(buf, path, "rw"); ++ } else { ++ ret = vah_add_file(buf, path, "r"); ++ } ++ ++ if (ret != 0) ++ ret = -1; ++ ++ return ret; ++} ++ ++ ++static int + get_files(vahControl * ctl) + { + virBuffer buf = VIR_BUFFER_INITIALIZER; +@@ -823,45 +848,19 @@ + goto clean; + } + +- for (i = 0; i < ctl->def->ndisks; i++) +- if (ctl->def->disks[i] && ctl->def->disks[i]->src) { +- int ret; +- const char *path; +- +- path = ctl->def->disks[i]->src; +- do { +- virStorageFileMetadata meta; +- +- memset(&meta, 0, sizeof(meta)); +- +- ret = virStorageFileGetMetadata(NULL, path, &meta); +- +- if (path != ctl->def->disks[i]->src) +- VIR_FREE(path); +- path = NULL; +- +- if (ret < 0) { +- vah_warning("could not open path, skipping"); +- continue; +- } +- +- if (meta.backingStore != NULL && +- (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) { +- VIR_FREE(meta.backingStore); +- goto clean; +- } +- +- path = meta.backingStore; +- } while (path != NULL); +- +- if (ctl->def->disks[i]->readonly) +- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r"); +- else +- ret = vah_add_file(&buf, ctl->def->disks[i]->src, "rw"); +- +- if (ret != 0) +- goto clean; +- } ++ for (i = 0; i < ctl->def->ndisks; i++) { ++ /* XXX passing ignoreOpenFailure = true to get back to the behavior ++ * from before using virDomainDiskDefForeachPath. actually we should ++ * be passing ignoreOpenFailure = false and handle open errors more ++ * careful than just ignoring them */ ++ int ret = virDomainDiskDefForeachPath(NULL, ctl->def->disks[i], ++ ctl->allowDiskFormatProbing, ++ true, ++ (virDomainDiskDefPathIterator) add_file_path, ++ &buf); ++ if (ret != 0) ++ goto clean; ++ } + + for (i = 0; i < ctl->def->nserials; i++) + if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path) +@@ -922,7 +921,10 @@ + if (pci == NULL) + continue; + +- rc = pciDeviceFileIterate(NULL, pci, file_iterate_pci_cb, &buf); ++ rc = pciDeviceFileIterate(NULL, ++ pci, ++ (pciDeviceFileActor) file_iterate_pci_cb, ++ &buf); + pciFreeDevice(NULL, pci); + + break; +@@ -957,6 +959,7 @@ + { + int arg, idx = 0; + struct option opt[] = { ++ {"probing", 1, 0, 'p' }, + {"add", 0, 0, 'a'}, + {"create", 0, 0, 'c'}, + {"dryrun", 0, 0, 'd'}, +@@ -969,7 +972,7 @@ + {0, 0, 0, 0} + }; + +- while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:f:", opt, ++ while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:p:f:", opt, + &idx)) != -1) { + switch (arg) { + case 'a': +@@ -1005,6 +1008,12 @@ + PROFILE_NAME_SIZE) == NULL) + vah_error(ctl, 1, "error copying UUID"); + break; ++ case 'p': ++ if (STREQ(optarg, "1")) ++ ctl->allowDiskFormatProbing = true; ++ else ++ ctl->allowDiskFormatProbing = false; ++ break; + default: + vah_error(ctl, 1, "unsupported option"); + break; +Index: libvirt-0.7.5/src/storage/storage_backend_fs.c +=================================================================== +--- libvirt-0.7.5.orig/src/storage/storage_backend_fs.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/storage/storage_backend_fs.c 2010-09-01 09:42:12.000000000 -0500 +@@ -78,14 +78,19 @@ + + memset(&meta, 0, sizeof(meta)); + +- if (virStorageFileGetMetadataFromFD(conn, target->path, fd, &meta) < 0) { ++ if ((target->format = virStorageFileProbeFormatFromFD(conn, target->path, fd)) < 0) { + close(fd); + return -1; + } + +- close(fd); ++ if (virStorageFileGetMetadataFromFD(conn, target->path, fd, ++ target->format, ++ &meta) < 0) { ++ close(fd); ++ return -1; ++ } + +- target->format = meta.format; ++ close(fd); + + if (backingStore) { + *backingStore = meta.backingStore; +Index: libvirt-0.7.5/src/conf/domain_conf.c +=================================================================== +--- libvirt-0.7.5.orig/src/conf/domain_conf.c 2010-09-01 09:42:12.000000000 -0500 ++++ libvirt-0.7.5/src/conf/domain_conf.c 2010-09-01 09:42:12.000000000 -0500 +@@ -41,6 +41,7 @@ + #include "c-ctype.h" + #include "logging.h" + #include "network.h" ++#include "storage_file.h" + + #define VIR_FROM_THIS VIR_FROM_DOMAIN + +@@ -736,6 +737,7 @@ + */ + static virDomainDiskDefPtr + virDomainDiskDefParseXML(virConnectPtr conn, ++ virCapsPtr caps, + xmlNodePtr node, + int flags) { + virDomainDiskDefPtr def; +@@ -952,6 +954,16 @@ + def->serial = serial; + serial = NULL; + ++ if (!def->driverType && ++ caps->defaultDiskDriverType && ++ !(def->driverType = strdup(caps->defaultDiskDriverType))) ++ goto no_memory; ++ ++ if (!def->driverName && ++ caps->defaultDiskDriverName && ++ !(def->driverName = strdup(caps->defaultDiskDriverName))) ++ goto no_memory; ++ + cleanup: + VIR_FREE(bus); + VIR_FREE(type); +@@ -967,6 +979,9 @@ + + return def; + ++no_memory: ++ virReportOOMError(conn); ++ + error: + virDomainDiskDefFree(def); + def = NULL; +@@ -2619,7 +2634,7 @@ + + if (xmlStrEqual(node->name, BAD_CAST "disk")) { + dev->type = VIR_DOMAIN_DEVICE_DISK; +- if (!(dev->data.disk = virDomainDiskDefParseXML(conn, node, flags))) ++ if (!(dev->data.disk = virDomainDiskDefParseXML(conn, caps, node, flags))) + goto error; + } else if (xmlStrEqual(node->name, BAD_CAST "filesystem")) { + dev->type = VIR_DOMAIN_DEVICE_FS; +@@ -3028,7 +3043,7 @@ + if (n && VIR_ALLOC_N(def->disks, n) < 0) + goto no_memory; + for (i = 0 ; i < n ; i++) { +- virDomainDiskDefPtr disk = virDomainDiskDefParseXML(conn, ++ virDomainDiskDefPtr disk = virDomainDiskDefParseXML(conn, caps, + nodes[i], + flags); + if (!disk) +@@ -5379,4 +5394,103 @@ + return -1; + } + ++int virDomainDiskDefForeachPath(virConnectPtr conn, ++ virDomainDiskDefPtr disk, ++ bool allowProbing, ++ bool ignoreOpenFailure, ++ virDomainDiskDefPathIterator iter, ++ void *opaque) ++{ ++ virHashTablePtr paths; ++ int format; ++ int ret = -1; ++ int depth = 0; ++ char *nextpath = NULL; ++ ++ if (!disk->src) ++ return 0; ++ ++ if (disk->driverType) { ++ const char *formatStr = disk->driverType; ++ if (STREQ(formatStr, "aio")) ++ formatStr = "raw"; /* Xen compat */ ++ ++ if ((format = virStorageFileFormatTypeFromString(formatStr)) < 0) { ++ virDomainReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("unknown disk format '%s' for %s"), ++ disk->driverType, disk->src); ++ return -1; ++ } ++ } else { ++ if (allowProbing) { ++ format = VIR_STORAGE_FILE_AUTO; ++ } else { ++ virDomainReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("no disk format for %s and probing is disabled"), ++ disk->src); ++ return -1; ++ } ++ } ++ ++ paths = virHashCreate(5); ++ ++ do { ++ virStorageFileMetadata meta; ++ const char *path = nextpath ? nextpath : disk->src; ++ int fd; ++ ++ if (iter(disk, path, depth, opaque) < 0) ++ goto cleanup; ++ ++ if (virHashLookup(paths, path)) { ++ virDomainReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("backing store for %s is self-referential"), ++ disk->src); ++ goto cleanup; ++ } ++ ++ if ((fd = open(path, O_RDONLY)) < 0) { ++ if (ignoreOpenFailure) { ++ char ebuf[1024]; ++ VIR_WARN("Ignoring open failure on %s: %s", path, ++ virStrerror(errno, ebuf, sizeof(ebuf))); ++ break; ++ } else { ++ virReportSystemError(conn, errno, ++ _("unable to open disk path %s"), ++ path); ++ goto cleanup; ++ } ++ } ++ ++ if (virStorageFileGetMetadataFromFD(conn, path, fd, format, &meta) < 0) { ++ close(fd); ++ goto cleanup; ++ } ++ close(fd); ++ ++ if (virHashAddEntry(paths, path, (void*)0x1) < 0) { ++ virReportOOMError(conn); ++ goto cleanup; ++ } ++ ++ depth++; ++ nextpath = meta.backingStore; ++ ++ format = meta.backingStoreFormat; ++ ++ if (format == VIR_STORAGE_FILE_AUTO && ++ !allowProbing) ++ format = VIR_STORAGE_FILE_RAW; /* Stops further recursion */ ++ } while (nextpath); ++ ++ ret = 0; ++ ++cleanup: ++ virHashFree(paths, NULL); ++ VIR_FREE(nextpath); ++ ++ return ret; ++} ++ + #endif /* ! PROXY */ +Index: libvirt-0.7.5/src/conf/domain_conf.h +=================================================================== +--- libvirt-0.7.5.orig/src/conf/domain_conf.h 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/conf/domain_conf.h 2010-09-01 09:42:12.000000000 -0500 +@@ -827,6 +827,18 @@ + int maxnames); + + ++typedef int (*virDomainDiskDefPathIterator)(virDomainDiskDefPtr disk, ++ const char *path, ++ unsigned int depth, ++ void *opaque); ++ ++int virDomainDiskDefForeachPath(virConnectPtr conn, ++ virDomainDiskDefPtr disk, ++ bool allowProbing, ++ bool ignoreOpenFailure, ++ virDomainDiskDefPathIterator iter, ++ void *opaque); ++ + VIR_ENUM_DECL(virDomainVirt) + VIR_ENUM_DECL(virDomainBoot) + VIR_ENUM_DECL(virDomainFeature) +Index: libvirt-0.7.5/src/security/security_apparmor.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/security_apparmor.c 2010-09-01 09:42:12.000000000 -0500 ++++ libvirt-0.7.5/src/security/security_apparmor.c 2010-09-01 09:42:12.000000000 -0500 +@@ -148,14 +148,15 @@ + * load (add) a profile. Will create one if necessary + */ + static int +-load_profile(virConnectPtr conn, const char *profile, virDomainObjPtr vm, +- virDomainDiskDefPtr disk) ++load_profile(virConnectPtr conn, virSecurityDriverPtr drv, const char *profile, ++ virDomainObjPtr vm, virDomainDiskDefPtr disk) + { + int rc = -1, status, ret; + bool create = true; + char *xml = NULL; + int pipefd[2]; + pid_t child; ++ const char *probe = virSecurityDriverGetAllowDiskFormatProbing(drv) ? "1" : "0"; + + if (pipe(pipefd) < -1) { + virReportSystemError(conn, errno, "%s", _("unable to create pipe")); +@@ -171,19 +172,19 @@ + + if (create) { + const char *const argv[] = { +- VIRT_AA_HELPER, "-c", "-u", profile, NULL ++ VIRT_AA_HELPER, "-p", probe, "-c", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, + pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else if (disk && disk->src) { + const char *const argv[] = { +- VIRT_AA_HELPER, "-r", "-u", profile, "-f", disk->src, NULL ++ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, "-f", disk->src, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, + pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else { + const char *const argv[] = { +- VIRT_AA_HELPER, "-r", "-u", profile, NULL ++ VIRT_AA_HELPER, "-p", probe, "-r", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, + pipefd[0], NULL, NULL, VIR_EXEC_NONE); +@@ -310,9 +311,11 @@ + * currently not used. + */ + static int +-AppArmorSecurityDriverOpen(virConnectPtr conn, virSecurityDriverPtr drv) ++AppArmorSecurityDriverOpen(virConnectPtr conn ATTRIBUTE_UNUSED, ++ virSecurityDriverPtr drv, ++ bool allowDiskFormatProbing) + { +- virSecurityDriverSetDOI(conn, drv, SECURITY_APPARMOR_VOID_DOI); ++ virSecurityDriverSetAllowDiskFormatProbing(drv, allowDiskFormatProbing); + return 0; + } + +@@ -322,7 +325,8 @@ + * called on shutdown. + */ + static int +-AppArmorGenSecurityLabel(virConnectPtr conn, virDomainObjPtr vm) ++AppArmorGenSecurityLabel(virConnectPtr conn, virSecurityDriverPtr drv, ++ virDomainObjPtr vm) + { + int rc = -1; + char *profile_name = NULL; +@@ -340,7 +344,7 @@ + + /* if the profile is not already loaded, then load one */ + if (profile_loaded(profile_name) < 0) { +- if (load_profile(conn, profile_name, vm, NULL) < 0) { ++ if (load_profile(conn, drv, profile_name, vm, NULL) < 0) { + virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR, + _("cannot generate AppArmor profile " + "\'%s\'"), profile_name); +@@ -479,6 +483,7 @@ + /* Called when hotplugging */ + static int + AppArmorRestoreSecurityImageLabel(virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + virDomainDiskDefPtr disk ATTRIBUTE_UNUSED) + { +@@ -492,7 +497,7 @@ + + /* Update the profile only if it is loaded */ + if (profile_loaded(secdef->imagelabel) >= 0) { +- if (load_profile(conn, secdef->imagelabel, vm, NULL) < 0) { ++ if (load_profile(conn, drv, secdef->imagelabel, vm, NULL) < 0) { + virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR, + _("cannot update AppArmor profile " + "\'%s\'"), +@@ -510,7 +515,7 @@ + + /* Called when hotplugging */ + static int +-AppArmorSetSecurityImageLabel(virConnectPtr conn, ++AppArmorSetSecurityImageLabel(virConnectPtr conn, virSecurityDriverPtr drv, + virDomainObjPtr vm, virDomainDiskDefPtr disk) + { + const virSecurityLabelDefPtr secdef = &vm->def->seclabel; +@@ -533,7 +538,7 @@ + + /* update the profile only if it is loaded */ + if (profile_loaded(secdef->imagelabel) >= 0) { +- if (load_profile(conn, secdef->imagelabel, vm, disk) < 0) { ++ if (load_profile(conn, drv, secdef->imagelabel, vm, disk) < 0) { + virSecurityReportError(conn, VIR_ERR_INTERNAL_ERROR, + _("cannot update AppArmor profile " + "\'%s\'"), +@@ -568,6 +573,7 @@ + + static int + AppArmorReserveSecurityLabel(virConnectPtr conn ATTRIBUTE_UNUSED, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED) + { + /* NOOP. Nothing to reserve with AppArmor */ +@@ -576,6 +582,7 @@ + + static int + AppArmorSetSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainObjPtr vm ATTRIBUTE_UNUSED, + virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) + +@@ -586,6 +593,7 @@ + + static int + AppArmorRestoreSecurityHostdevLabel(virConnectPtr conn ATTRIBUTE_UNUSED, ++ virSecurityDriverPtr drv ATTRIBUTE_UNUSED, + virDomainHostdevDefPtr dev ATTRIBUTE_UNUSED) + + { +Index: libvirt-0.7.5/src/security/security_driver.h +=================================================================== +--- libvirt-0.7.5.orig/src/security/security_driver.h 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/security/security_driver.h 2010-09-01 09:42:12.000000000 -0500 +@@ -28,28 +28,41 @@ + + typedef struct _virSecurityDriver virSecurityDriver; + typedef virSecurityDriver *virSecurityDriverPtr; ++ ++typedef struct _virSecurityDriverState virSecurityDriverState; ++typedef virSecurityDriverState *virSecurityDriverStatePtr; ++ + typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void); + typedef int (*virSecurityDriverOpen) (virConnectPtr conn, +- virSecurityDriverPtr drv); ++ virSecurityDriverPtr drv, ++ bool allowDiskFormatProbing); + typedef int (*virSecurityDomainRestoreImageLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + virDomainDiskDefPtr disk); + typedef int (*virSecurityDomainSetImageLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + virDomainDiskDefPtr disk); + typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainHostdevDefPtr dev); + typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + virDomainHostdevDefPtr dev); + typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr vm, + const char *savefile); + typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + const char *savefile); + typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr sec); + typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn, ++ virSecurityDriverPtr drv, + virDomainObjPtr sec); + typedef int (*virSecurityDomainGetLabel) (virConnectPtr conn, + virDomainObjPtr vm, +@@ -85,12 +98,14 @@ + */ + struct { + char doi[VIR_SECURITY_DOI_BUFLEN]; ++ bool allowDiskFormatProbing; + } _private; + }; + + /* Global methods */ + int virSecurityDriverStartup(virSecurityDriverPtr *drv, +- const char *name); ++ const char *name, ++ bool allowDiskFormatProbing); + + int + virSecurityDriverVerify(virConnectPtr conn, virDomainDefPtr def); +@@ -104,7 +119,10 @@ + int virSecurityDriverSetDOI(virConnectPtr conn, + virSecurityDriverPtr drv, + const char *doi); ++void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv, ++ bool allowDiskFormatProbing); + const char *virSecurityDriverGetDOI(virSecurityDriverPtr drv); + const char *virSecurityDriverGetModel(virSecurityDriverPtr drv); ++bool virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv); + + #endif /* __VIR_SECURITY_H__ */ +Index: libvirt-0.7.5/src/qemu/libvirtd_qemu.aug +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/libvirtd_qemu.aug 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/libvirtd_qemu.aug 2010-09-01 09:42:12.000000000 -0500 +@@ -36,6 +36,7 @@ + | str_array_entry "cgroup_device_acl" + | str_entry "save_image_format" + | str_entry "hugetlbfs_mount" ++ | bool_entry "allow_disk_format_probing" + + (* Each enty in the config is one of the following three ... *) + let entry = vnc_entry +Index: libvirt-0.7.5/src/qemu/qemu.conf +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/qemu.conf 2010-09-01 09:42:11.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/qemu.conf 2010-09-01 09:42:12.000000000 -0500 +@@ -159,3 +159,13 @@ + # This currently requires ebtables to be installed. + # + # mac_filter = 1 ++ ++# If allow_disk_format_probing is enabled, libvirt will probe disk ++# images to attempt to identify their format, when not otherwise ++# specified in the XML. This is disabled by default. ++# ++# WARNING: Enabling probing is a security hole in almost all ++# deployments. It is strongly recommended that users update their ++# guest XML elements to include ++# elements instead of enabling this option. ++# allow_disk_format_probing = 1 +Index: libvirt-0.7.5/src/qemu/qemu_conf.c +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/qemu_conf.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/qemu_conf.c 2010-09-01 09:42:12.000000000 -0500 +@@ -340,6 +340,10 @@ + } + } + ++ p = virConfGetValue (conf, "allow_disk_format_probing"); ++ CHECK_TYPE ("allow_disk_format_probing", VIR_CONF_LONG); ++ if (p) driver->allowDiskFormatProbing = p->l; ++ + virConfFree (conf); + return 0; + } +Index: libvirt-0.7.5/src/qemu/qemu_conf.h +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/qemu_conf.h 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/qemu_conf.h 2010-09-01 09:42:12.000000000 -0500 +@@ -120,6 +120,7 @@ + + unsigned int macFilter : 1; + ebtablesContext *ebtables; ++ unsigned int allowDiskFormatProbing : 1; + + virCapsPtr caps; + +Index: libvirt-0.7.5/src/qemu/test_libvirtd_qemu.aug +=================================================================== +--- libvirt-0.7.5.orig/src/qemu/test_libvirtd_qemu.aug 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/qemu/test_libvirtd_qemu.aug 2010-09-01 09:42:12.000000000 -0500 +@@ -93,6 +93,8 @@ + save_image_format = \"gzip\" + + hugetlbfs_mount = \"/dev/hugepages\" ++ ++allow_disk_format_probing = 1 + " + + test Libvirtd_qemu.lns get conf = +@@ -195,4 +197,6 @@ + { "#empty" } + { "save_image_format" = "gzip" } + { "#empty" } +-{ "hugetlbfs_mount" = "/dev/hugepages" } +\ No newline at end of file ++{ "hugetlbfs_mount" = "/dev/hugepages" } ++{ "#empty" } ++{ "allow_disk_format_probing" = "1" } +Index: libvirt-0.7.5/src/security/security_driver.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/security_driver.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/security/security_driver.c 2010-09-01 09:42:12.000000000 -0500 +@@ -56,7 +56,8 @@ + + int + virSecurityDriverStartup(virSecurityDriverPtr *drv, +- const char *name) ++ const char *name, ++ bool allowDiskFormatProbing) + { + unsigned int i; + +@@ -72,7 +73,7 @@ + switch (tmp->probe()) { + case SECURITY_DRIVER_ENABLE: + virSecurityDriverInit(tmp); +- if (tmp->open(NULL, tmp) == -1) { ++ if (tmp->open(NULL, tmp, allowDiskFormatProbing) == -1) { + return -1; + } else { + *drv = tmp; +@@ -144,3 +145,15 @@ + { + return drv->name; + } ++ ++void virSecurityDriverSetAllowDiskFormatProbing(virSecurityDriverPtr drv, ++ bool allowDiskFormatProbing) ++{ ++ drv->_private.allowDiskFormatProbing = allowDiskFormatProbing; ++} ++ ++bool ++virSecurityDriverGetAllowDiskFormatProbing(virSecurityDriverPtr drv) ++{ ++ return drv->_private.allowDiskFormatProbing; ++} +Index: libvirt-0.7.5/tests/seclabeltest.c +=================================================================== +--- libvirt-0.7.5.orig/tests/seclabeltest.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/tests/seclabeltest.c 2010-09-01 09:42:12.000000000 -0500 +@@ -15,7 +15,7 @@ + const char *doi, *model; + virSecurityDriverPtr security_drv; + +- ret = virSecurityDriverStartup (&security_drv, "selinux"); ++ ret = virSecurityDriverStartup (&security_drv, "selinux", false); + if (ret == -1) + { + fprintf (stderr, "Failed to start security driver"); +Index: libvirt-0.7.5/src/conf/capabilities.h +=================================================================== +--- libvirt-0.7.5.orig/src/conf/capabilities.h 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/conf/capabilities.h 2010-09-01 09:42:12.000000000 -0500 +@@ -120,6 +120,8 @@ + virCapsGuestPtr *guests; + unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN]; + unsigned int emulatorRequired : 1; ++ const char *defaultDiskDriverName; ++ const char *defaultDiskDriverType; + void *(*privateDataAllocFunc)(void); + void (*privateDataFreeFunc)(void *); + int (*privateDataXMLFormat)(virBufferPtr, void *); +Index: libvirt-0.7.5/src/storage/storage_backend.c +=================================================================== +--- libvirt-0.7.5.orig/src/storage/storage_backend.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/src/storage/storage_backend.c 2010-09-01 09:42:12.000000000 -0500 +@@ -453,15 +453,79 @@ + return ret; + } + ++enum { ++ QEMU_IMG_BACKING_FORMAT_NONE = 0, ++ QEMU_IMG_BACKING_FORMAT_FLAG, ++ QEMU_IMG_BACKING_FORMAT_OPTIONS, ++}; ++ ++static int virStorageBackendQEMUImgBackingFormat(virConnectPtr conn, ++ const char *qemuimg) ++{ ++ const char *const qemuarg[] = { qemuimg, "-h", NULL }; ++ const char *const qemuenv[] = { "LC_ALL=C", NULL }; ++ pid_t child = 0; ++ int status; ++ int newstdout = -1; ++ char *help = NULL; ++ enum { MAX_HELP_OUTPUT_SIZE = 1024*8 }; ++ int len; ++ char *start; ++ char *end; ++ char *tmp; ++ int ret = -1; ++ ++ if (virExec(conn, qemuarg, qemuenv, NULL, ++ &child, -1, &newstdout, NULL, VIR_EXEC_CLEAR_CAPS) < 0) ++ goto cleanup; ++ ++ if ((len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help)) < 0) { ++ virReportSystemError(conn, errno, ++ _("Unable to read '%s -h' output"), ++ qemuimg); ++ goto cleanup; ++ } ++ ++ start = strstr(help, " create "); ++ end = strstr(start, "\n"); ++ if ((tmp = strstr(start, "-F fmt")) && tmp < end) ++ ret = QEMU_IMG_BACKING_FORMAT_FLAG; ++ else if ((tmp = strstr(start, "[-o options]")) && tmp < end) ++ ret = QEMU_IMG_BACKING_FORMAT_OPTIONS; ++ else ++ ret = QEMU_IMG_BACKING_FORMAT_NONE; ++ ++cleanup: ++ VIR_FREE(help); ++ close(newstdout); ++rewait: ++ if (child) { ++ if (waitpid(child, &status, 0) != child) { ++ if (errno == EINTR) ++ goto rewait; ++ ++ VIR_ERROR(_("Unexpected exit status from qemu %d pid %lu"), ++ WEXITSTATUS(status), (unsigned long)child); ++ } ++ if (WEXITSTATUS(status) != 0) { ++ VIR_WARN("Unexpected exit status '%d', qemu probably failed", ++ WEXITSTATUS(status)); ++ } ++ } ++ ++ return ret; ++} ++ ++ + static int + virStorageBackendCreateQemuImg(virConnectPtr conn, + virStorageVolDefPtr vol, + virStorageVolDefPtr inputvol, + unsigned int flags ATTRIBUTE_UNUSED) + { ++ int ret = 0; + char size[100]; + char *create_tool; +- short use_kvmimg; + + const char *type = virStorageFileFormatTypeToString(vol->target.format); + const char *backingType = vol->backingStore.path ? +@@ -472,41 +536,10 @@ + const char *inputPath = inputvol ? inputvol->target.path : NULL; + /* Treat input block devices as 'raw' format */ + const char *inputType = inputPath ? +- virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? VIR_STORAGE_FILE_RAW : inputvol->target.format) : +- NULL; +- +- const char **imgargv; +- /* The extra NULL field is for indicating encryption (-e). */ +- const char *imgargvnormal[] = { +- NULL, "create", +- "-f", type, +- vol->target.path, +- size, +- NULL, +- NULL +- }; +- /* Extra NULL fields are for including "backingType" when using +- * kvm-img (-F backingType), and for indicating encryption (-e). +- */ +- const char *imgargvbacking[] = { +- NULL, "create", +- "-f", type, +- "-b", vol->backingStore.path, +- vol->target.path, +- size, +- NULL, +- NULL, +- NULL, +- NULL +- }; +- const char *convargv[] = { +- NULL, "convert", +- "-f", inputType, +- "-O", type, +- inputPath, +- vol->target.path, +- NULL, +- }; ++ virStorageFileFormatTypeToString(inputvol->type == VIR_STORAGE_VOL_BLOCK ? ++ VIR_STORAGE_FILE_RAW : ++ inputvol->target.format) : ++ NULL; + + if (type == NULL) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, +@@ -580,50 +613,114 @@ + } + } + +- if ((create_tool = virFindFileInPath("kvm-img")) != NULL) +- use_kvmimg = 1; +- else if ((create_tool = virFindFileInPath("qemu-img")) != NULL) +- use_kvmimg = 0; +- else { ++ /* Size in KB */ ++ snprintf(size, sizeof(size), "%lluK", vol->capacity/1024); ++ ++ /* KVM is usually ahead of qemu on features, so try that first */ ++ create_tool = virFindFileInPath("kvm-img"); ++ if (!create_tool) ++ create_tool = virFindFileInPath("qemu-img"); ++ ++ if (!create_tool) { + virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, + "%s", _("unable to find kvm-img or qemu-img")); + return -1; + } + + if (inputvol) { +- convargv[0] = create_tool; +- imgargv = convargv; ++ const char *imgargv[] = { ++ create_tool, ++ "convert", ++ "-f", inputType, ++ "-O", type, ++ inputPath, ++ vol->target.path, ++ NULL, ++ }; ++ if (virRun(conn, imgargv, NULL) < 0) { ++ ret = -1; ++ goto cleanup; ++ } + } else if (vol->backingStore.path) { +- imgargvbacking[0] = create_tool; +- if (use_kvmimg) { +- imgargvbacking[6] = "-F"; +- imgargvbacking[7] = backingType; +- imgargvbacking[8] = vol->target.path; +- imgargvbacking[9] = size; ++ const char *imgargv[] = { ++ create_tool, ++ "create", ++ "-f", type, ++ "-b", vol->backingStore.path, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL ++ }; ++ int imgformat = virStorageBackendQEMUImgBackingFormat(conn, create_tool); ++ char *optflag = NULL; ++ if (imgformat < 0) ++ goto cleanup; ++ ++ switch (imgformat) { ++ case QEMU_IMG_BACKING_FORMAT_FLAG: ++ imgargv[6] = "-F"; ++ imgargv[7] = backingType; ++ imgargv[8] = vol->target.path; ++ imgargv[9] = size; + if (vol->target.encryption != NULL) +- imgargvbacking[10] = "-e"; +- } else if (vol->target.encryption != NULL) +- imgargvbacking[8] = "-e"; +- imgargv = imgargvbacking; ++ imgargv[10] = "-e"; ++ break; ++ ++ case QEMU_IMG_BACKING_FORMAT_OPTIONS: ++ if (virAsprintf(&optflag, "backing_fmt=%s", backingType) < 0) { ++ virReportOOMError(conn); ++ goto cleanup; ++ } ++ imgargv[6] = "-o"; ++ imgargv[7] = optflag; ++ imgargv[8] = vol->target.path; ++ imgargv[9] = size; ++ if (vol->target.encryption != NULL) ++ imgargv[10] = "-e"; ++ break; ++ ++ default: ++ VIR_INFO("Unable to set backing store format for %s with %s", ++ vol->target.path, create_tool); ++ imgargv[6] = vol->target.path; ++ imgargv[7] = size; ++ if (vol->target.encryption != NULL) ++ imgargv[8] = "-e"; ++ } ++ ++ if (virRun(conn, imgargv, NULL) < 0) { ++ ret = -1; ++ VIR_FREE(optflag); ++ goto cleanup; ++ } ++ VIR_FREE(optflag); + } else { +- imgargvnormal[0] = create_tool; +- imgargv = imgargvnormal; ++ /* The extra NULL field is for indicating encryption (-e). */ ++ const char *imgargv[] = { ++ create_tool, ++ "create", ++ "-f", type, ++ vol->target.path, ++ size, ++ NULL, ++ NULL ++ }; + if (vol->target.encryption != NULL) + imgargv[6] = "-e"; +- } +- +- +- /* Size in KB */ +- snprintf(size, sizeof(size), "%lluK", vol->capacity/1024); + +- if (virRun(conn, imgargv, NULL) < 0) { +- VIR_FREE(imgargv[0]); +- return -1; ++ if (virRun(conn, imgargv, NULL) < 0) { ++ ret = -1; ++ goto cleanup; ++ } + } + +- VIR_FREE(imgargv[0]); ++ cleanup: ++ VIR_FREE(create_tool); + +- return 0; ++ return ret; + } + + /* +Index: libvirt-0.7.5/tests/secaatest.c +=================================================================== +--- libvirt-0.7.5.orig/tests/secaatest.c 2010-09-01 09:42:05.000000000 -0500 ++++ libvirt-0.7.5/tests/secaatest.c 2010-09-01 09:42:12.000000000 -0500 +@@ -15,7 +15,7 @@ + const char *doi, *model; + virSecurityDriverPtr security_drv; + +- ret = virSecurityDriverStartup (&security_drv, "apparmor"); ++ ret = virSecurityDriverStartup (&security_drv, "apparmor", false); + if (ret == -1) + { + fprintf (stderr, "Failed to start security driver"); +Index: libvirt-0.7.5/tests/virt-aa-helper-test +=================================================================== +--- libvirt-0.7.5.orig/tests/virt-aa-helper-test 2010-09-01 09:42:12.000000000 -0500 ++++ libvirt-0.7.5/tests/virt-aa-helper-test 2010-09-01 09:42:12.000000000 -0500 +@@ -76,6 +76,7 @@ + + /usr/bin/kvm + ++ + + + +@@ -143,6 +144,7 @@ + testme "1" "invalid arg" "-z" + testme "1" "invalid case" "-A" + testme "1" "not enough args" "-c" ++testme "1" "not enough args" "-p" + + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml" + testme "1" "no -u with -c" "-c" "$test_xml" +@@ -159,17 +161,24 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$bad_disk,g" > "$test_xml" + testme "1" "bad disk" "-c -u $valid_uuid" "$test_xml" + +-cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$bad_disk,g" | sed "s,,,g" > "$test_xml" ++cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$bad_disk,g" | sed "s,,,g" > "$test_xml" + testme "1" "bad disk2" "-c -u $valid_uuid" "$test_xml" + + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml" + testme "1" "malformed xml" "-c -u $valid_uuid" "$test_xml" + +-cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,/boot/initrd,g" > "$test_xml" +-testme "1" "disk in /boot" "-r -u $valid_uuid" "$test_xml" +- +-cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,/boot/initrd,g" > "$test_xml" +-testme "1" "-r with invalid -f" "-r -u $valid_uuid -f $bad_disk" "$test_xml" ++initrd=`ls -1 /boot/initrd* | head -1` ++if [ -z "$initrd" ]; then ++ echo "Skipping /boot/initrd* tests. Could not find /boot/initrd*" ++else ++ cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$initrd,g" > "$test_xml" ++ testme "1" "disk in /boot without probing" "-p 0 -r -u $valid_uuid" "$test_xml" ++ testme "1" "disk in /boot with probing" "-p 1 -r -u $valid_uuid" "$test_xml" ++ ++ cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,/boot/initrd,g" > "$test_xml" ++ testme "1" "-r with invalid -f with probing" "-p 1 -r -u $valid_uuid -f $bad_disk" "$test_xml" ++ testme "1" "-r with invalid -f without probing" "-p 0 -r -u $valid_uuid -f $bad_disk" "$test_xml" ++fi + + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" > "$test_xml" + testme "1" "-c with malformed xml" "-c -u $valid_uuid" "$test_xml" +@@ -194,7 +203,7 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,arch='x86_64',arch='ppc',g" > "$test_xml" + testme "0" "create (ppc)" "-c -u $valid_uuid" "$test_xml" + +-cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml" ++cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,,g" > "$test_xml" + testme "0" "create multiple disks" "-c -u $valid_uuid" "$test_xml" + + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###',${disk1}'/> "$test_xml" --- libvirt-0.7.5.orig/debian/patches/9024-free-memory-for-invalid-devices.patch +++ libvirt-0.7.5/debian/patches/9024-free-memory-for-invalid-devices.patch @@ -0,0 +1,72 @@ +commit e7f3bad46edf352abd9f700af9ec59882762c4ca +Author: David Allan +Date: Fri May 28 22:22:05 2010 -0400 + + Fix leaks in udev device add/remove v3 + + * This patch is a modification of a patch submitted by Nigel Jones. + It fixes several memory leaks on device addition/removal: + + 1. Free the virNodeDeviceDefPtr in udevAddOneDevice if the return + value is non-zero + + 2. Always release the node device reference after the device has been + processed. + + * Refactored for better readability per the suggestion of clalance + +diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c +index 6e3ecd7..73217c5 100644 +--- a/src/node_device/node_device_udev.c ++++ b/src/node_device/node_device_udev.c +@@ -1235,10 +1235,11 @@ static int udevAddOneDevice(struct udev_device *device) + goto out; + } + ++ /* If this is a device change, the old definition will be freed ++ * and the current definition will take its place. */ + dev = virNodeDeviceAssignDef(NULL, &driverState->devs, def); + if (dev == NULL) { + VIR_ERROR("Failed to create device for '%s'\n", def->name); +- virNodeDeviceDefFree(def); + goto out; + } + +@@ -1247,6 +1248,10 @@ static int udevAddOneDevice(struct udev_device *device) + ret = 0; + + out: ++ if (ret != 0) { ++ virNodeDeviceDefFree(def); ++ } ++ + return ret; + } + +@@ -1261,15 +1266,17 @@ static int udevProcessDeviceListEntry(struct udev *udev, + name = udev_list_entry_get_name(list_entry); + + device = udev_device_new_from_syspath(udev, name); ++ + if (device != NULL) { + if (udevAddOneDevice(device) != 0) { + VIR_INFO("Failed to create node device for udev device '%s'\n", + name); + } +- udev_device_unref(device); + ret = 0; + } + ++ udev_device_unref(device); ++ + return ret; + } + +@@ -1373,6 +1380,7 @@ static void udevEventHandleCallback(int watch ATTRIBUTE_UNUSED, + } + + out: ++ udev_device_unref(device); + return; + } + --- libvirt-0.7.5.orig/debian/patches/9022-dont-leak-log-fd.path.patch +++ libvirt-0.7.5/debian/patches/9022-dont-leak-log-fd.path.patch @@ -0,0 +1,16 @@ +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=caad0a878337b52c4453444bb227b74cce6e6d5f +Description: qemu: Fix FD leak in qemudStartVMDaemon +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/567392 +diff -Nur libvirt-0.7.5/src/qemu/qemu_driver.c libvirt-0.7.5.new/src/qemu/qemu_driver.c +--- libvirt-0.7.5/src/qemu/qemu_driver.c 2010-04-20 13:38:05.868030650 -0500 ++++ libvirt-0.7.5.new/src/qemu/qemu_driver.c 2010-04-20 13:40:05.121886018 -0500 +@@ -2588,6 +2588,9 @@ + if (virDomainSaveStatus(conn, driver->caps, driver->stateDir, vm) < 0) + goto abort; + ++ if (logfile != -1) ++ close(logfile); ++ + return 0; + + cleanup: --- libvirt-0.7.5.orig/debian/patches/9003-increase-logoutput-timeout.patch +++ libvirt-0.7.5/debian/patches/9003-increase-logoutput-timeout.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/src/qemu/qemu_driver.c libvirt-0.7.5.new/src/qemu/qemu_driver.c +--- libvirt-0.7.5/src/qemu/qemu_driver.c 2010-01-22 14:45:02.470772805 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_driver.c 2010-01-22 14:46:37.039529964 -0600 +@@ -1523,7 +1523,7 @@ + + ret = qemudReadLogOutput(conn, vm, logfd, buf, sizeof(buf), + qemudFindCharDevicePTYs, +- "console", 3); ++ "console", 30); + if (close(logfd) < 0) { + char ebuf[4096]; + VIR_WARN(_("Unable to close logfile: %s\n"), --- libvirt-0.7.5.orig/debian/patches/0006-Terminate-nc-on-EOF.patch +++ libvirt-0.7.5/debian/patches/0006-Terminate-nc-on-EOF.patch @@ -0,0 +1,32 @@ +From: Gabor Gombas +Date: Fri, 8 Jan 2010 11:00:07 +0100 +Subject: [PATCH] Terminate nc on EOF + +Closes: #564053 +--- + src/remote/remote_driver.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c +index d6f5fce..a4055f8 100644 +--- a/src/remote/remote_driver.c ++++ b/src/remote/remote_driver.c +@@ -730,7 +730,7 @@ doRemoteOpen (virConnectPtr conn, + } + + case trans_ssh: { +- int j, nr_args = 6; ++ int j, nr_args = 8; + + if (username) nr_args += 2; /* For -l username */ + if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */ +@@ -764,6 +764,8 @@ doRemoteOpen (virConnectPtr conn, + } + cmd_argv[j++] = strdup (priv->hostname); + cmd_argv[j++] = strdup (netcat ? netcat : "nc"); ++ cmd_argv[j++] = strdup ("-q"); ++ cmd_argv[j++] = strdup ("0"); + cmd_argv[j++] = strdup ("-U"); + cmd_argv[j++] = strdup (sockname ? sockname : + (flags & VIR_CONNECT_RO +-- --- libvirt-0.7.5.orig/debian/patches/0007-Implement-path-lookup-for-USB-by-vendor-product.patch +++ libvirt-0.7.5/debian/patches/0007-Implement-path-lookup-for-USB-by-vendor-product.patch @@ -0,0 +1,307 @@ +From: Cole Robinson +Date: Wed, 13 Jan 2010 15:50:05 -0500 +Subject: [PATCH] Implement path lookup for USB by vendor:product + +Based off how QEMU does it, look through /sys/bus/usb/devices/* for +matching vendor:product info, and if found, use info from the surrounding +files to build the device's /dev/bus/usb path. + +This fixes USB device assignment by vendor:product when running qemu +as non-root (well, it should, but for some reason I couldn't reproduce +the failure people are seeing in [1], but it appears to work properly) + +[1] https://bugzilla.redhat.com/show_bug.cgi?id=542450 + +v2: + Drop 'bus.addr only' checks in security drivers + Use various util helpers + +Signed-off-by: Cole Robinson +--- + po/POTFILES.in | 1 + + src/qemu/qemu_driver.c | 9 +-- + src/security/security_selinux.c | 25 ++++----- + src/security/virt-aa-helper.c | 32 +++++------ + src/util/hostusb.c | 110 +++++++++++++++++++++++++++++++++++++- + src/util/hostusb.h | 4 +- + 6 files changed, 141 insertions(+), 40 deletions(-) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 1ab0859..22e9c3c 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -54,6 +54,7 @@ src/uml/uml_conf.c + src/uml/uml_driver.c + src/util/bridge.c + src/util/conf.c ++src/util/hostusb.c + src/util/json.c + src/util/logging.c + src/util/pci.c +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a6a1a5a..7dfa78f 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -2099,14 +2099,11 @@ static int qemuDomainSetHostdevUSBOwnership(virConnectPtr conn, + struct qemuFileOwner owner = { uid, gid }; + int ret = -1; + +- /* XXX what todo for USB devs assigned based on product/vendor ? Doom :-( */ +- if (!def->source.subsys.u.usb.bus || +- !def->source.subsys.u.usb.device) +- return 0; +- + usbDevice *dev = usbGetDevice(conn, + def->source.subsys.u.usb.bus, +- def->source.subsys.u.usb.device); ++ def->source.subsys.u.usb.device, ++ def->source.subsys.u.usb.vendor, ++ def->source.subsys.u.usb.product); + + if (!dev) + goto cleanup; +diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c +index 000bc8a..cb585ed 100644 +--- a/src/security/security_selinux.c ++++ b/src/security/security_selinux.c +@@ -481,20 +481,17 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn, + + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { +- if (dev->source.subsys.u.usb.bus && dev->source.subsys.u.usb.device) { +- usbDevice *usb = usbGetDevice(conn, +- dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); ++ usbDevice *usb = usbGetDevice(conn, ++ dev->source.subsys.u.usb.bus, ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); + +- if (!usb) +- goto done; ++ if (!usb) ++ goto done; + +- ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm); +- usbFreeDevice(conn, usb); +- } else { +- /* XXX deal with product/vendor better */ +- ret = 0; +- } ++ ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm); ++ usbFreeDevice(conn, usb); + break; + } + +@@ -556,7 +553,9 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn, + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { + usbDevice *usb = usbGetDevice(conn, + dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); + + if (!usb) + goto done; +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 35b29ad..3c8b49a 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -836,24 +836,22 @@ get_files(vahControl * ctl) + virDomainHostdevDefPtr dev = ctl->def->hostdevs[i]; + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { +- if (dev->source.subsys.u.usb.bus && +- dev->source.subsys.u.usb.device) { +- usbDevice *usb = usbGetDevice(NULL, +- dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); +- if (usb == NULL) +- continue; +- rc = usbDeviceFileIterate(NULL, usb, +- file_iterate_cb, &buf); +- usbFreeDevice(NULL, usb); +- if (rc != 0) +- goto clean; +- else { +- /* TODO: deal with product/vendor better */ +- rc = 0; +- } +- } ++ usbDevice *usb = usbGetDevice(NULL, ++ dev->source.subsys.u.usb.bus, ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); ++ ++ if (usb == NULL) ++ continue; ++ ++ rc = usbDeviceFileIterate(NULL, usb, ++ file_iterate_cb, &buf); ++ usbFreeDevice(NULL, usb); ++ if (rc != 0) ++ goto clean; + break; ++ } + } + /* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { +diff --git a/src/util/hostusb.c b/src/util/hostusb.c +index 07e10b1..8fbb486 100644 +--- a/src/util/hostusb.c ++++ b/src/util/hostusb.c +@@ -37,9 +37,10 @@ + #include "util.h" + #include "virterror_internal.h" + ++#define USB_SYSFS "/sys/bus/usb" + #define USB_DEVFS "/dev/bus/usb/" +-#define USB_ID_LEN 10 /* "XXXX XXXX" */ +-#define USB_ADDR_LEN 8 /* "XXX:XXX" */ ++#define USB_ID_LEN 10 /* "1234 5678" */ ++#define USB_ADDR_LEN 8 /* "123:456" */ + + struct _usbDevice { + unsigned bus; +@@ -57,11 +58,108 @@ struct _usbDevice { + virReportErrorHelper(conn, VIR_FROM_NONE, code, __FILE__, \ + __FUNCTION__, __LINE__, fmt) + ++static int usbSysReadFile(virConnectPtr conn, ++ const char *f_name, const char *d_name, ++ int base, unsigned *value) ++{ ++ int ret = -1, tmp; ++ char *buf = NULL; ++ char *filename = NULL; ++ char *ignore = NULL; ++ ++ tmp = virAsprintf(&filename, USB_SYSFS "/devices/%s/%s", d_name, f_name); ++ if (tmp < 0) { ++ virReportOOMError(conn); ++ goto error; ++ } ++ ++ if (virFileReadAll(filename, 1024, &buf) < 0) ++ goto error; ++ ++ if (virStrToLong_ui(buf, &ignore, base, value) < 0) { ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Could not parse usb file %s"), filename); ++ goto error; ++ } ++ ++ ret = 0; ++error: ++ VIR_FREE(filename); ++ VIR_FREE(buf); ++ return ret; ++} ++ ++static int usbFindBusByVendor(virConnectPtr conn, ++ unsigned vendor, unsigned product, ++ unsigned *bus, unsigned *devno) ++{ ++ DIR *dir = NULL; ++ int ret = -1, found = 0; ++ char *ignore = NULL; ++ struct dirent *de; ++ ++ dir = opendir(USB_SYSFS "/devices"); ++ if (!dir) { ++ virReportSystemError(conn, errno, ++ _("Could not open directory %s"), ++ USB_SYSFS "/devices"); ++ goto error; ++ } ++ ++ while ((de = readdir(dir))) { ++ unsigned found_prod, found_vend; ++ if (de->d_name[0] == '.' || strchr(de->d_name, ':')) ++ continue; ++ ++ if (usbSysReadFile(conn, "idVendor", de->d_name, ++ 16, &found_vend) < 0) ++ goto error; ++ if (usbSysReadFile(conn, "idProduct", de->d_name, ++ 16, &found_prod) < 0) ++ goto error; ++ ++ if (found_prod == product && found_vend == vendor) { ++ /* Lookup bus.addr info */ ++ char *tmpstr = de->d_name; ++ unsigned found_bus, found_addr; ++ ++ if (STREQ(de->d_name, "usb")) ++ tmpstr += 3; ++ ++ if (virStrToLong_ui(tmpstr, &ignore, 10, &found_bus) < 0) { ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Failed to parse dir name '%s'"), ++ de->d_name); ++ goto error; ++ } ++ ++ if (usbSysReadFile(conn, "devnum", de->d_name, ++ 10, &found_addr) < 0) ++ goto error; ++ ++ *bus = found_bus; ++ *devno = found_addr; ++ found = 1; ++ break; ++ } ++ } ++ ++ if (!found) ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Did not find USB device %x:%x"), vendor, product); ++ else ++ ret = 0; ++ ++error: ++ return ret; ++} + + usbDevice * + usbGetDevice(virConnectPtr conn, + unsigned bus, +- unsigned devno) ++ unsigned devno, ++ unsigned vendor, ++ unsigned product) + { + usbDevice *dev; + +@@ -70,6 +168,12 @@ usbGetDevice(virConnectPtr conn, + return NULL; + } + ++ if (vendor) { ++ /* Look up bus.dev by vendor:product */ ++ if (usbFindBusByVendor(conn, vendor, product, &bus, &devno) < 0) ++ return NULL; ++ } ++ + dev->bus = bus; + dev->dev = devno; + +diff --git a/src/util/hostusb.h b/src/util/hostusb.h +index 7f75c8b..739a4aa 100644 +--- a/src/util/hostusb.h ++++ b/src/util/hostusb.h +@@ -28,7 +28,9 @@ typedef struct _usbDevice usbDevice; + + usbDevice *usbGetDevice (virConnectPtr conn, + unsigned bus, +- unsigned devno); ++ unsigned devno, ++ unsigned vendor, ++ unsigned product); + void usbFreeDevice (virConnectPtr conn, + usbDevice *dev); + +-- --- libvirt-0.7.5.orig/debian/patches/9903-lp668042.patch +++ libvirt-0.7.5/debian/patches/9903-lp668042.patch @@ -0,0 +1,24 @@ +Description: Don't wipe generated iface target in active domains + . + Wipe generated interface target only when reading configuration of + inactive domains. +Author: Jiri Denemark +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=362bc09a4d9441f9abd14956546777f86d8b9d79 (adapted) +Applied-Upstream: commit:362bc09a4d9441f9abd14956546777f86d8b9d79 (adapted) +Author: Jiri Denemark +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=591438 +Bug-Ubuntu: https://launchpad.net/bugs/668042 +Last-Update: 2010-11-25 + +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -1155,7 +1155,8 @@ + xmlStrEqual(cur->name, BAD_CAST "target")) { + ifname = virXMLPropString(cur, "dev"); + if ((ifname != NULL) && +- (STRPREFIX((const char*)ifname, "vnet"))) { ++ ((flags & VIR_DOMAIN_XML_INACTIVE) && ++ (STRPREFIX((const char*)ifname, "vnet")))) { + /* An auto-generated target name, blank it out */ + VIR_FREE(ifname); + } --- libvirt-0.7.5.orig/debian/patches/0003-allow-libvirt-group-to-access-the-socket.patch +++ libvirt-0.7.5/debian/patches/0003-allow-libvirt-group-to-access-the-socket.patch @@ -0,0 +1,49 @@ +From: Guido Guenther +Date: Thu, 26 Jun 2008 20:01:38 +0200 +Subject: [PATCH] allow libvirt group to access the socket + +--- + daemon/libvirtd.conf | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf +index 49de466..cc5f056 100644 +--- a/daemon/libvirtd.conf ++++ b/daemon/libvirtd.conf +@@ -78,7 +78,7 @@ + # without becoming root. + # + # This is restricted to 'root' by default. +-#unix_sock_group = "libvirt" ++unix_sock_group = "libvirt" + + # Set the UNIX socket permissions for the R/O socket. This is used + # for monitoring VM status only +@@ -95,7 +95,7 @@ + # + # If not using PolicyKit and setting group ownership for access + # control then you may want to relax this to: +-#unix_sock_rw_perms = "0770" ++unix_sock_rw_perms = "0770" + + # Set the name of the directory in which sockets will be found/created. + #unix_sock_dir = "/var/run/libvirt" +@@ -126,7 +126,7 @@ + # + # To restrict monitoring of domains you may wish to enable + # an authentication mechanism here +-#auth_unix_ro = "none" ++auth_unix_ro = "none" + + # Set an authentication scheme for UNIX read-write sockets + # By default socket permissions only allow root. If PolicyKit +@@ -135,7 +135,7 @@ + # + # If the unix_sock_rw_perms are changed you may wish to enable + # an authentication mechanism here +-#auth_unix_rw = "none" ++auth_unix_rw = "none" + + # Change the authentication scheme for TCP sockets. + # +-- --- libvirt-0.7.5.orig/debian/patches/0005-Also-look-for-dmi-information-in-sys-class.patch +++ libvirt-0.7.5/debian/patches/0005-Also-look-for-dmi-information-in-sys-class.patch @@ -0,0 +1,41 @@ +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Thu, 7 Jan 2010 10:13:51 +0100 +Subject: [PATCH] Also look for dmi information in /sys/class + +older kernels such as 2.6.26 have it there. +--- + src/node_device/node_device_udev.c | 7 ++++++- + src/node_device/node_device_udev.h | 1 + + 2 files changed, 7 insertions(+), 1 deletions(-) + +diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c +index 22c5f2b..7a9c1e5 100644 +--- a/src/node_device/node_device_udev.c ++++ b/src/node_device/node_device_udev.c +@@ -1407,7 +1407,12 @@ static int udevSetupSystemDev(void) + device = udev_device_new_from_syspath(udev, DMI_DEVPATH); + if (device == NULL) { + VIR_ERROR("Failed to get udev device for syspath '%s'\n", DMI_DEVPATH); +- goto out; ++ ++ device = udev_device_new_from_syspath(udev, DMI_DEVPATH_FALLBACK); ++ if (device == NULL) { ++ VIR_ERROR("Failed to get udev device for syspath '%s'\n", DMI_DEVPATH_FALLBACK); ++ goto out; ++ } + } + + data = &def->caps->data; +diff --git a/src/node_device/node_device_udev.h b/src/node_device/node_device_udev.h +index 0fd39ae..6c83412 100644 +--- a/src/node_device/node_device_udev.h ++++ b/src/node_device/node_device_udev.h +@@ -26,6 +26,7 @@ + #define SYSFS_DATA_SIZE 4096 + #define DRV_STATE_UDEV_MONITOR(ds) ((struct udev_monitor *)((ds)->privateData)) + #define DMI_DEVPATH "/sys/devices/virtual/dmi/id" ++#define DMI_DEVPATH_FALLBACK "/sys/class/dmi/id" + #define PROPERTY_FOUND 0 + #define PROPERTY_MISSING 1 + #define PROPERTY_ERROR -1 +-- --- libvirt-0.7.5.orig/debian/patches/9020-apparmor-fix-backingstore.patch +++ libvirt-0.7.5/debian/patches/9020-apparmor-fix-backingstore.patch @@ -0,0 +1,49 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle backing store +Bug-Ubuntu: https://launchpad.net/bugs/470636 +Forwarded: Yes +diff -Nur libvirt-0.7.5/src/security/virt-aa-helper.c libvirt-0.7.5.new/src/security/virt-aa-helper.c +--- libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 17:17:04.866040612 -0500 ++++ libvirt-0.7.5.new/src/security/virt-aa-helper.c 2010-04-05 17:21:44.691615033 -0500 +@@ -36,6 +36,7 @@ + #include "uuid.h" + #include "hostusb.h" + #include "pci.h" ++#include "storage_file.h" + + static char *progname; + +@@ -809,6 +810,33 @@ + for (i = 0; i < ctl->def->ndisks; i++) + if (ctl->def->disks[i] && ctl->def->disks[i]->src) { + int ret; ++ const char *path; ++ ++ path = ctl->def->disks[i]->src; ++ do { ++ virStorageFileMetadata meta; ++ ++ memset(&meta, 0, sizeof(meta)); ++ ++ ret = virStorageFileGetMetadata(NULL, path, &meta); ++ ++ if (path != ctl->def->disks[i]->src) ++ VIR_FREE(path); ++ path = NULL; ++ ++ if (ret < 0) { ++ vah_warning("skipping backingStore check (open failed)"); ++ continue; ++ } ++ ++ if (meta.backingStore != NULL && ++ (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) { ++ VIR_FREE(meta.backingStore); ++ goto clean; ++ } ++ ++ path = meta.backingStore; ++ } while (path != NULL); + + if (ctl->def->disks[i]->readonly) + ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r"); --- libvirt-0.7.5.orig/debian/patches/9901-CVE-2010-2242.patch +++ libvirt-0.7.5/debian/patches/9901-CVE-2010-2242.patch @@ -0,0 +1,257 @@ +Origin: c567853089a2764c964002dd752e09e318524a38 (adapted) +Author: Daniel P. Berrange +Description: fix for CVE-2010-2242 + Apply a source port mapping to virtual network masquerading + + IPtables will seek to preserve the source port unchanged when + doing masquerading, if possible. NFS has a pseudo-security + option where it checks for the source port <= 1023 before + allowing a mount request. If an admin has used this to make the + host OS trusted for mounts, the default iptables behaviour will + potentially allow NAT'd guests access too. This needs to be + stopped. + + With this change, the iptables -t nat -L -n -v rules for the + default network will be + + Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes) + pkts bytes target prot opt in out source destination + 14 840 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 + 75 5752 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 + 0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24 + + * src/network/bridge_driver.c: Add masquerade rules for TCP + and UDP protocols + * src/util/iptables.c, src/util/iptables.c: Add source port + mappings for TCP & UDP protocols when masquerading. + +Index: libvirt-0.7.5/src/network/bridge_driver.c +=================================================================== +--- libvirt-0.7.5.orig/src/network/bridge_driver.c 2010-09-01 11:06:15.000000000 -0500 ++++ libvirt-0.7.5/src/network/bridge_driver.c 2010-09-01 11:09:27.000000000 -0500 +@@ -616,18 +616,74 @@ + goto masqerr2; + } + +- /* enable masquerading */ ++ /* ++ * Enable masquerading. ++ * ++ * We need to end up with 3 rules in the table in this order ++ * ++ * 1. protocol=tcp with sport mapping restricton ++ * 2. protocol=udp with sport mapping restricton ++ * 3. generic any protocol ++ * ++ * The sport mappings are required, because default IPtables ++ * MASQUERADE is maintain port number unchanged where possible. ++ * ++ * NFS can be configured to only "trust" port numbers < 1023. ++ * ++ * Guests using NAT thus need to be prevented from having port ++ * numbers < 1023, otherwise they can bypass the NFS "security" ++ * check on the source port number. ++ * ++ * Since we use '--insert' to add rules to the header of the ++ * chain, we actually need to add them in the reverse of the ++ * order just mentioned ! ++ */ ++ ++ /* First the generic masquerade rule for other protocols */ + if ((err = iptablesAddForwardMasquerade(driver->iptables, + network->def->network, +- network->def->forwardDev))) { ++ network->def->forwardDev, ++ NULL))) { + virReportSystemError(conn, err, + _("failed to add iptables rule to enable masquerading to '%s'\n"), + network->def->forwardDev ? network->def->forwardDev : NULL); + goto masqerr3; + } + ++ /* UDP with a source port restriction */ ++ if ((err = iptablesAddForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ "udp"))) { ++ virReportSystemError(conn, err, ++ _("failed to add iptables rule to enable UDP masquerading to '%s'\n"), ++ network->def->forwardDev ? network->def->forwardDev : NULL); ++ goto masqerr4; ++ } ++ ++ /* TCP with a source port restriction */ ++ if ((err = iptablesAddForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ "tcp"))) { ++ virReportSystemError(conn, err, ++ _("failed to add iptables rule to enable TCP masquerading to '%s'\n"), ++ network->def->forwardDev ? network->def->forwardDev : NULL); ++ goto masqerr5; ++ } ++ + return 1; + ++ masqerr5: ++ iptablesRemoveForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ "udp"); ++ masqerr4: ++ iptablesRemoveForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ NULL); + masqerr3: + iptablesRemoveForwardAllowRelatedIn(driver->iptables, + network->def->network, +@@ -781,8 +837,17 @@ + if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) { + if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) { + iptablesRemoveForwardMasquerade(driver->iptables, +- network->def->network, +- network->def->forwardDev); ++ network->def->network, ++ network->def->forwardDev, ++ "tcp"); ++ iptablesRemoveForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ "udp"); ++ iptablesRemoveForwardMasquerade(driver->iptables, ++ network->def->network, ++ network->def->forwardDev, ++ NULL); + iptablesRemoveForwardAllowRelatedIn(driver->iptables, + network->def->network, + network->def->bridge, +Index: libvirt-0.7.5/src/util/iptables.c +=================================================================== +--- libvirt-0.7.5.orig/src/util/iptables.c 2010-09-01 10:57:48.000000000 -0500 ++++ libvirt-0.7.5/src/util/iptables.c 2010-09-01 11:06:15.000000000 -0500 +@@ -692,25 +692,49 @@ + */ + static int + iptablesForwardMasquerade(iptablesContext *ctx, +- const char *network, +- const char *physdev, +- int action) ++ const char *network, ++ const char *physdev, ++ const char *protocol, ++ int action) + { +- if (physdev && physdev[0]) { +- return iptablesAddRemoveRule(ctx->nat_postrouting, +- action, +- "--source", network, +- "!", "--destination", network, +- "--out-interface", physdev, +- "--jump", "MASQUERADE", +- NULL); ++ if (protocol && protocol[0]) { ++ if (physdev && physdev[0]) { ++ return iptablesAddRemoveRule(ctx->nat_postrouting, ++ action, ++ "--source", network, ++ "-p", protocol, ++ "!", "--destination", network, ++ "--out-interface", physdev, ++ "--jump", "MASQUERADE", ++ "--to-ports", "1024-65535", ++ NULL); ++ } else { ++ return iptablesAddRemoveRule(ctx->nat_postrouting, ++ action, ++ "--source", network, ++ "-p", protocol, ++ "!", "--destination", network, ++ "--jump", "MASQUERADE", ++ "--to-ports", "1024-65535", ++ NULL); ++ } + } else { +- return iptablesAddRemoveRule(ctx->nat_postrouting, +- action, +- "--source", network, +- "!", "--destination", network, +- "--jump", "MASQUERADE", +- NULL); ++ if (physdev && physdev[0]) { ++ return iptablesAddRemoveRule(ctx->nat_postrouting, ++ action, ++ "--source", network, ++ "!", "--destination", network, ++ "--out-interface", physdev, ++ "--jump", "MASQUERADE", ++ NULL); ++ } else { ++ return iptablesAddRemoveRule(ctx->nat_postrouting, ++ action, ++ "--source", network, ++ "!", "--destination", network, ++ "--jump", "MASQUERADE", ++ NULL); ++ } + } + } + +@@ -719,6 +743,7 @@ + * @ctx: pointer to the IP table context + * @network: the source network name + * @physdev: the physical input device or NULL ++ * @protocol: the network protocol or NULL + * + * Add rules to the IP table context to allow masquerading + * network @network on @physdev. This allow the bridge to +@@ -729,9 +754,10 @@ + int + iptablesAddForwardMasquerade(iptablesContext *ctx, + const char *network, +- const char *physdev) ++ const char *physdev, ++ const char *protocol) + { +- return iptablesForwardMasquerade(ctx, network, physdev, ADD); ++ return iptablesForwardMasquerade(ctx, network, physdev, protocol, ADD); + } + + /** +@@ -739,6 +765,7 @@ + * @ctx: pointer to the IP table context + * @network: the source network name + * @physdev: the physical input device or NULL ++ * @protocol: the network protocol or NULL + * + * Remove rules from the IP table context to stop masquerading + * network @network on @physdev. This stops the bridge from +@@ -749,7 +776,8 @@ + int + iptablesRemoveForwardMasquerade(iptablesContext *ctx, + const char *network, +- const char *physdev) ++ const char *physdev, ++ const char *protocol) + { +- return iptablesForwardMasquerade(ctx, network, physdev, REMOVE); ++ return iptablesForwardMasquerade(ctx, network, physdev, protocol, REMOVE); + } +Index: libvirt-0.7.5/src/util/iptables.h +=================================================================== +--- libvirt-0.7.5.orig/src/util/iptables.h 2010-09-01 10:57:48.000000000 -0500 ++++ libvirt-0.7.5/src/util/iptables.h 2010-09-01 11:06:15.000000000 -0500 +@@ -85,9 +85,11 @@ + + int iptablesAddForwardMasquerade (iptablesContext *ctx, + const char *network, +- const char *physdev); ++ const char *physdev, ++ const char *protocol); + int iptablesRemoveForwardMasquerade (iptablesContext *ctx, + const char *network, +- const char *physdev); ++ const char *physdev, ++ const char *protocol); + + #endif /* __QEMUD_IPTABLES_H__ */ --- libvirt-0.7.5.orig/debian/patches/9016-disk-cache-setting-xml.patch +++ libvirt-0.7.5/debian/patches/9016-disk-cache-setting-xml.patch @@ -0,0 +1,17 @@ +Index: libvirt-0.7.5/src/conf/domain_conf.c +=================================================================== +--- libvirt-0.7.5.orig/src/conf/domain_conf.c 2010-03-04 22:14:05.254932520 +0100 ++++ libvirt-0.7.5/src/conf/domain_conf.c 2010-03-04 22:15:35.104926861 +0100 +@@ -3902,8 +3902,10 @@ + " \n", + type, device); + +- if (def->driverName) { +- virBufferVSprintf(buf, " driverName); ++ if (def->driverName || def->driverType || def->cachemode) { ++ virBufferVSprintf(buf, " driverName) ++ virBufferVSprintf(buf, " name='%s'", def->driverName); + if (def->driverType) + virBufferVSprintf(buf, " type='%s'", def->driverType); + if (def->cachemode) --- libvirt-0.7.5.orig/debian/patches/9007-default-config-test-case.patch +++ libvirt-0.7.5/debian/patches/9007-default-config-test-case.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/tests/daemon-conf libvirt-0.7.5.new/tests/daemon-conf +--- libvirt-0.7.5/tests/daemon-conf 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tests/daemon-conf 2010-01-22 14:53:38.039531290 -0600 +@@ -20,7 +20,7 @@ + conf="$abs_top_srcdir/daemon/libvirtd.conf" + + # Ensure that each commented out PARAMETER = VALUE line has the expected form. +-grep '[a-z_] *= *[^ ]' "$conf" | grep -vE '^#[a-z_]+ = ' \ ++grep '^#' "$conf" | grep '[a-z_] *= *[^ ]' | grep -vE '^#[a-z_]+ = ' \ + && { echo "$0: found unexpected lines (above) in $conf" 1>&2; exit 1; } + + # Start with the sample libvirtd.conf file, uncommenting all real directives. --- libvirt-0.7.5.orig/debian/patches/9010-apparmor-ftbfs.patch +++ libvirt-0.7.5/debian/patches/9010-apparmor-ftbfs.patch @@ -0,0 +1,60 @@ +Description: fix a miscommit and automake dependency ordering +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cfe49446d3d2b181db69330a01a609bf84490072 + http://libvirt.org/git/?p=libvirt.git;a=commit;h=9933c4f2f6b8c084bbda6195d5025e1bb103a611 + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-01-25 17:42:10.000000000 -0600 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-01-25 17:43:03.000000000 -0600 +@@ -851,7 +851,6 @@ + if (rc != 0) + goto clean; + break; +- } + } + /* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { +Index: libvirt-0.7.5/src/Makefile.am +=================================================================== +--- libvirt-0.7.5.orig/src/Makefile.am 2009-12-23 08:55:40.000000000 -0600 ++++ libvirt-0.7.5/src/Makefile.am 2010-01-25 17:42:10.000000000 -0600 +@@ -876,9 +876,9 @@ + virt_aa_helper_LDADD = \ + $(WARN_CFLAGS) \ + $(LIBXML_LIBS) \ +- @top_srcdir@/gnulib/lib/libgnu.la \ + @top_srcdir@/src/libvirt_conf.la \ +- @top_srcdir@/src/libvirt_util.la ++ @top_srcdir@/src/libvirt_util.la \ ++ @top_srcdir@/gnulib/lib/libgnu.la + virt_aa_helper_CFLAGS = \ + -I@top_srcdir@/src/conf \ + -I@top_srcdir@/src/security +Index: libvirt-0.7.5/src/Makefile.in +=================================================================== +--- libvirt-0.7.5.orig/src/Makefile.in 2009-12-23 09:17:42.000000000 -0600 ++++ libvirt-0.7.5/src/Makefile.in 2010-01-25 17:42:10.000000000 -0600 +@@ -758,9 +758,9 @@ + virt_aa_helper_OBJECTS = $(am_virt_aa_helper_OBJECTS) + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_DEPENDENCIES = $(am__DEPENDENCIES_2) \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(am__DEPENDENCIES_2) \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_conf.la \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la \ ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la + virt_aa_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(virt_aa_helper_CFLAGS) $(CFLAGS) $(virt_aa_helper_LDFLAGS) \ +@@ -2095,9 +2095,9 @@ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_LDADD = \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(WARN_CFLAGS) \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(LIBXML_LIBS) \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_conf.la \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la \ ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la + + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_CFLAGS = \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ -I@top_srcdir@/src/conf \ --- libvirt-0.7.5.orig/debian/apparmor/usr.sbin.libvirtd +++ libvirt-0.7.5/debian/apparmor/usr.sbin.libvirtd @@ -0,0 +1,51 @@ +# Last Modified: Mon Jul 6 17:23:58 2009 +#include +@{LIBVIRT}="libvirt" + +/usr/sbin/libvirtd { + #include + + capability kill, + capability net_admin, + capability net_raw, + capability setgid, + capability sys_admin, + capability sys_module, + capability sys_ptrace, + capability sys_nice, + capability sys_chroot, + capability setuid, + capability dac_override, + capability dac_read_search, + capability fowner, + capability chown, + capability setpcap, + capability mknod, + + network inet stream, + network inet dgram, + network inet6 stream, + network inet6 dgram, + + # for now, use a very lenient profile since we want to first focus on + # confining the guests + /** rwmkl, + + /bin/* Ux, + /sbin/* Ux, + /usr/bin/* Ux, + /usr/sbin/* Ux, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, + audit deny /etc/apparmor.d/libvirt/** wxl, + audit deny /sys/kernel/security/apparmor/features rwxl, + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + /usr/lib/libvirt/* PUxr, + + # allow changing to our UUID-based named profiles + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} --- libvirt-0.7.5.orig/debian/apparmor/usr.lib.libvirt.virt-aa-helper +++ libvirt-0.7.5/debian/apparmor/usr.lib.libvirt.virt-aa-helper @@ -0,0 +1,53 @@ +# Last Modified: Mon Jul 06 17:22:37 2009 +#include + +/usr/lib/libvirt/virt-aa-helper { + #include + #include + + # needed for searching directories + capability dac_override, + capability dac_read_search, + + # needed for when disk is on a network filesystem + network inet, + + deny @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, + + # for hostdev + /sys/devices/ r, + /sys/devices/** r, + /sys/bus/usb/devices/ r, + deny /dev/sd* r, + deny /dev/mapper/ r, + deny /dev/mapper/* r, + + /usr/lib/libvirt/virt-aa-helper mr, + /sbin/apparmor_parser Ux, + + /etc/apparmor.d/libvirt/* r, + /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, + + # For backingstore, virt-aa-helper needs to peek inside the disk image, so + # allow access to non-hidden files in @{HOME} as well as storage pools, and + # removable media and filesystems, and certain file extentions. A + # virt-aa-helper failure when checking a disk for backinsgstore is non-fatal + # (but obviously the backingstore won't be added). + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + @{HOME}/ r, + @{HOME}/** r, + + /var/lib/libvirt/images/ r, + /var/lib/libvirt/images/** r, + /var/lib/eucalyptus/instances/**/disk* r, + /{media,mnt,opt,srv}/** r, + + /**.img r, + /**.qcow{,2} r, + /**.vmdk r, + /**.[iI][sS][oO] r, + /**/disk{,.*} r, +} --- libvirt-0.7.5.orig/debian/apparmor/TEMPLATE +++ libvirt-0.7.5/debian/apparmor/TEMPLATE @@ -0,0 +1,9 @@ +# +# This profile is for the domain whose UUID matches this file. +# + +#include + +profile LIBVIRT_TEMPLATE { + #include +} --- libvirt-0.7.5.orig/debian/apparmor/libvirt-qemu +++ libvirt-0.7.5/debian/apparmor/libvirt-qemu @@ -0,0 +1,120 @@ +# Last Modified: Wed Jul 8 09:57:41 2009 + + #include + #include + #include + + # required for reading disk images + capability dac_override, + capability dac_read_search, + capability chown, + + # this is needed with libcap-ng support, however it breaks a lot of things + # atm, so just silence the denial until libcap-ng works right. LP: #522845 + deny capability setpcap, + + network inet stream, + network inet6 stream, + + /dev/net/tun rw, + /dev/kvm rw, + /dev/ptmx rw, + /dev/kqemu rw, + @{PROC}/*/status r, + + # For hostdev access. The actual devices will be added dynamically + /sys/bus/usb/devices/ r, + /sys/devices/*/*/usb[0-9]*/** r, + + # WARNING: this gives the guest direct access to host hardware and specific + # portions of shared memory. This is required for sound using ALSA with kvm, + # but may constitute a security risk. If your environment does not require + # the use of sound in your VMs, feel free to comment out or prepend 'deny' to + # the rules for files in /dev. + /dev/shm/ r, + /dev/shm/pulse-shm* r, + /dev/shm/pulse-shm* rwk, + /dev/snd/* rw, + capability ipc_lock, + # 'kill' is not required for sound and is a security risk. Do not enable + # unless you absolutely need it. + deny capability kill, + + # Uncomment the following if you need access to /dev/fb* + #/dev/fb* rw, + + /etc/pulse/client.conf r, + @{HOME}/.pulse-cookie rwk, + owner /root/.pulse-cookie rwk, + owner /root/.pulse/ rw, + owner /root/.pulse/* rw, + /usr/share/alsa/** r, + owner /tmp/pulse-*/ rw, + owner /tmp/pulse-*/* rw, + /var/lib/dbus/machine-id r, + + # access to firmware's etc + /usr/share/kvm/** r, + /usr/share/qemu/** r, + /usr/share/bochs/** r, + /usr/share/openbios/** r, + /usr/share/openhackware/** r, + /usr/share/proll/** r, + /usr/share/vgabios/** r, + /usr/share/seabios/** r, + + # access PKI infrastructure + /etc/pki/libvirt-vnc/** r, + + # the various binaries + /usr/bin/kvm rmix, + /usr/bin/qemu rmix, + /usr/bin/qemu-system-arm rmix, + /usr/bin/qemu-system-cris rmix, + /usr/bin/qemu-system-i386 rmix, + /usr/bin/qemu-system-m68k rmix, + /usr/bin/qemu-system-mips rmix, + /usr/bin/qemu-system-mips64 rmix, + /usr/bin/qemu-system-mips64el rmix, + /usr/bin/qemu-system-mipsel rmix, + /usr/bin/qemu-system-ppc rmix, + /usr/bin/qemu-system-ppc64 rmix, + /usr/bin/qemu-system-ppcemb rmix, + /usr/bin/qemu-system-sh4 rmix, + /usr/bin/qemu-system-sh4eb rmix, + /usr/bin/qemu-system-sparc rmix, + /usr/bin/qemu-system-sparc64 rmix, + /usr/bin/qemu-system-x86_64 rmix, + /usr/bin/qemu-alpha rmix, + /usr/bin/qemu-arm rmix, + /usr/bin/qemu-armeb rmix, + /usr/bin/qemu-cris rmix, + /usr/bin/qemu-i386 rmix, + /usr/bin/qemu-m68k rmix, + /usr/bin/qemu-mips rmix, + /usr/bin/qemu-mipsel rmix, + /usr/bin/qemu-ppc rmix, + /usr/bin/qemu-ppc64 rmix, + /usr/bin/qemu-ppc64abi32 rmix, + /usr/bin/qemu-sh4 rmix, + /usr/bin/qemu-sh4eb rmix, + /usr/bin/qemu-sparc rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-sparc32plus rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-x86_64 rmix, + + # for save and resume + /bin/dash rmix, + /bin/dd rmix, + /bin/cat rmix, + + # workaround https://launchpad.net/bugs/457716. The svirt driver does not + # relabel the state file (https://bugzilla.redhat.com/show_bug.cgi?id=529363) + # resulting in denied messages. The below works around this somewhat by + # allowing users to save state files in their home directories. We use + # 'owner' to make sure we don't overwrite the user's files. This will be + # removed when the upstream bug is fixed. + #include + owner @{HOME}/ r, + owner @{HOME}/** rw, --- libvirt-0.7.5.orig/examples/apparmor/libvirt-qemu +++ libvirt-0.7.5/examples/apparmor/libvirt-qemu @@ -56,6 +56,7 @@ /usr/share/openhackware/** r, /usr/share/proll/** r, /usr/share/vgabios/** r, + /usr/share/seabios/** r, # the various binaries /usr/bin/kvm rmix,