Really fix restore file labelling this time

- Avoid compressing small log files (#531030)

.cvsignore

@@ -11,3 +11,4 @@ libvirt-0.6.4.tar.gz
 libvirt-0.6.5.tar.gz
 libvirt-0.7.0.tar.gz
 libvirt-0.7.1.tar.gz
+libvirt-0.7.2.tar.gz

libvirt-0.6.4-svirt-sound.patch

@@ -1,51 +0,0 @@
-From 127a39777e9809053bb98a9082e27c73543ccfa2 Mon Sep 17 00:00:00 2001
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 17 Aug 2009 08:32:08 +0100
-Subject: [PATCH] Disable sound cards when running sVirt
-
-Temporary hack till PulseAudio autostart problems are sorted out when
-SELinux enforcing (bz 486112)
-
-Fedora-patch: libvirt-0.6.4-svirt-sound.patch
----
- src/qemu_conf.c |   17 ++++++++++++++++-
- 1 files changed, 16 insertions(+), 1 deletions(-)
-
-diff --git a/src/qemu_conf.c b/src/qemu_conf.c
-index f92bcef..f3b4ef0 100644
---- a/src/qemu_conf.c
-+++ b/src/qemu_conf.c
-@@ -1510,6 +1510,20 @@ int qemudBuildCommandLine(virConnectPtr conn,
-     char uuid[VIR_UUID_STRING_BUFLEN];
-     char domid[50];
-     const char *cpu = NULL;
-+    int skipSound = 0;
-+
-+    if (driver->securityDriver &&
-+        driver->securityDriver->name &&
-+        STREQ(driver->securityDriver->name, "selinux") &&
-+        getuid() == 0) {
-+        static int soundWarned = 0;
-+        skipSound = 1;
-+        if (def->nsounds &&
-+            !soundWarned) {
-+            soundWarned = 1;
-+            VIR_WARN0("Sound cards for VMs are disabled while SELinux security model is active");
-+        }
-+    }
- 
-     uname_normalize(&ut);
- 
-@@ -2181,7 +2195,8 @@ int qemudBuildCommandLine(virConnectPtr conn,
-     }
- 
-     /* Add sound hardware */
--    if (def->nsounds) {
-+    if (def->nsounds &&
-+        !skipSound) {
-         int size = 100;
-         char *modstr;
-         if (VIR_ALLOC_N(modstr, size+1) < 0)
--- 
-1.6.2.5
-

libvirt-fix-drv-supports-feature-bogus-error.patch

@@ -1,32 +0,0 @@
-From 2f6e857ac7d6ed5cd417e684147dd9c98775ab3d Mon Sep 17 00:00:00 2001
-From: Chris Lalancette <clalance@redhat.com>
-Date: Mon, 21 Sep 2009 14:53:31 +0200
-Subject: [PATCH] Don't do virSetConnError when virDrvSupportsFeature is successful.
-
-Signed-off-by: Chris Lalancette <clalance@redhat.com>
-Fedora-patch: libvirt-fix-drv-supports-feature-bogus-error.patch
----
- src/libvirt.c |    7 +++++--
- 1 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/libvirt.c b/src/libvirt.c
-index 4a11688..fa59dc7 100644
---- a/src/libvirt.c
-+++ b/src/libvirt.c
-@@ -1349,8 +1349,11 @@ virDrvSupportsFeature (virConnectPtr conn, int feature)
-     }
- 
-     ret = VIR_DRV_SUPPORTS_FEATURE (conn->driver, conn, feature);
--    /* Copy to connection error object for back compatability */
--    virSetConnError(conn);
-+
-+    if (ret < 0)
-+        /* Copy to connection error object for back compatability */
-+        virSetConnError(conn);
-+
-     return ret;
- }
- 
--- 
-1.6.2.5
-

libvirt-fix-net-hotunplug-double-free.patch

@@ -1,46 +0,0 @@
-From d09ff3c35c29d14760d5ea03559042cc024e09ab Mon Sep 17 00:00:00 2001
-From: Mark McLoughlin <markmc@redhat.com>
-Date: Thu, 17 Sep 2009 15:31:08 +0100
-Subject: [PATCH] Fix net/disk hot-unplug segfault
-
-When we hot-unplug the last device, we're currently double-freeing
-the device definition.
-
-Reported by Michal Nowak here:
-
-  https://bugzilla.redhat.com/523953
-
-* src/qemu_driver.c: fix double free
-
-(cherry-picked from commit 8881ae1bf8783006777429403cc543c33187175d)
-
-Fedora-patch: libvirt-fix-net-hotunplug-double-free.patch
----
- src/qemu_driver.c |    4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/qemu_driver.c b/src/qemu_driver.c
-index a65334f..de31581 100644
---- a/src/qemu_driver.c
-+++ b/src/qemu_driver.c
-@@ -5998,7 +5998,7 @@ try_command:
-             /* ignore, harmless */
-         }
-     } else {
--        VIR_FREE(vm->def->disks[0]);
-+        VIR_FREE(vm->def->disks);
-         vm->def->ndisks = 0;
-     }
-     virDomainDiskDefFree(detach);
-@@ -6100,7 +6100,7 @@ qemudDomainDetachNetDevice(virConnectPtr conn,
-             /* ignore, harmless */
-         }
-     } else {
--        VIR_FREE(vm->def->nets[0]);
-+        VIR_FREE(vm->def->nets);
-         vm->def->nnets = 0;
-     }
-     virDomainNetDefFree(detach);
--- 
-1.6.2.5
-

libvirt-fix-pci-hostdev-hotunplug-leak.patch

@@ -1,50 +0,0 @@
-From d04ac8624f5fabe7587982796f2e2161220b0fcc Mon Sep 17 00:00:00 2001
-From: Mark McLoughlin <markmc@redhat.com>
-Date: Thu, 17 Sep 2009 15:32:45 +0100
-Subject: [PATCH] Fix leak in PCI hostdev hot-unplug
-
-* src/qemu_driver.c: sync the hostdev hot-unplug code with the disk/net
-  code.
-
-(cherry-picked from commit a70da51ff76ed860bfc0cdee2e1d556da997c557)
-
-Fedora-patch: libvirt-fix-pci-hostdev-hotunplug-leak.patch
----
- src/qemu_driver.c |   20 +++++++++++++-------
- 1 files changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/src/qemu_driver.c b/src/qemu_driver.c
-index de31581..2ddcdc0 100644
---- a/src/qemu_driver.c
-+++ b/src/qemu_driver.c
-@@ -6206,14 +6206,20 @@ static int qemudDomainDetachHostPciDevice(virConnectPtr conn,
-         pciFreeDevice(conn, pci);
-     }
- 
--    if (i != --vm->def->nhostdevs)
--        memmove(&vm->def->hostdevs[i],
--                &vm->def->hostdevs[i+1],
--                sizeof(*vm->def->hostdevs) * (vm->def->nhostdevs-i));
--    if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs) < 0) {
--        virReportOOMError(conn);
--        ret = -1;
-+    if (vm->def->nhostdevs > 1) {
-+        memmove(vm->def->hostdevs + i,
-+                vm->def->hostdevs + i + 1,
-+                sizeof(*vm->def->hostdevs) *
-+                (vm->def->nhostdevs - (i + 1)));
-+        vm->def->nhostdevs--;
-+        if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs) < 0) {
-+            /* ignore, harmless */
-+        }
-+    } else {
-+        VIR_FREE(vm->def->hostdevs);
-+        vm->def->nhostdevs = 0;
-     }
-+    virDomainHostdevDefFree(detach);
- 
-     return ret;
- }
--- 
-1.6.2.5
-

libvirt-fix-qemu-raw-format-save.patch

@@ -1,53 +0,0 @@
-From e50c91fdcea5d81e3eb2051c05f4e51a16c3e692 Mon Sep 17 00:00:00 2001
-From: Charles Duffy <Charles_Duffy@dell.com>
-Date: Fri, 18 Sep 2009 11:32:35 -0500
-Subject: [PATCH] Prevent attempt to call cat -c during virDomainSave to raw
-
-Fedora-patch: libvirt-fix-qemu-raw-format-save.patch
----
- src/qemu_driver.c |   28 ++++++++++++++++++----------
- 1 files changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/src/qemu_driver.c b/src/qemu_driver.c
-index 2ddcdc0..7c7b985 100644
---- a/src/qemu_driver.c
-+++ b/src/qemu_driver.c
-@@ -3905,17 +3905,25 @@ static int qemudDomainSave(virDomainPtr dom,
-         goto cleanup;
-     }
- 
--    const char *prog = qemudSaveCompressionTypeToString(header.compressed);
--    if (prog == NULL) {
--        qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
--                         _("Invalid compress format %d"), header.compressed);
--        goto cleanup;
--    }
-+    {
-+        const char *prog = qemudSaveCompressionTypeToString(header.compressed);
-+        const char *args;
- 
--    if (STREQ (prog, "raw"))
--        prog = "cat";
--    internalret = virAsprintf(&command, "migrate \"exec:"
--                              "%s -c >> '%s' 2>/dev/null\"", prog, safe_path);
-+        if (prog == NULL) {
-+            qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
-+                             _("Invalid compress format %d"), header.compressed);
-+            goto cleanup;
-+        }
-+
-+        if (STREQ (prog, "raw")) {
-+            prog = "cat";
-+            args = "";
-+        } else {
-+            args = "-c";
-+        }
-+        internalret = virAsprintf(&command, "migrate \"exec:"
-+                                  "%s %s >> '%s' 2>/dev/null\"", prog, args, safe_path);
-+    }
- 
-     if (internalret < 0) {
-         virReportOOMError(dom->conn);
--- 
-1.6.2.5
-

libvirt-logrotate-avoid-compressing-small-logs.patch

@@ -0,0 +1,31 @@
+From d7cca87f6c5ad2316934af8ecb95829b95b662c6 Mon Sep 17 00:00:00 2001
+From: Dan Kenigsberg <danken@redhat.com>
+Date: Wed, 21 Oct 2009 13:56:04 +0200
+Subject: [PATCH] Do not log rotate very small logs
+
+Without this, after few weeks without use, each defined domain grows a
+tail of empty gzipped logs, instead of keeping just the last log of
+interest.
+
+* daemon/libvirtd.logrotate.in: only rotate when the log is over 100 KBytes
+
+(cherry picked from commit b03fe2d0aefb57a096a102bf23375f0a167ca189)
+
+Fedora-patch: libvirt-logrotate-avoid-compressing-small-logs.patch
+---
+ daemon/libvirtd.logrotate.in |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/daemon/libvirtd.logrotate.in b/daemon/libvirtd.logrotate.in
+index 093651c..0c51fd3 100644
+--- a/daemon/libvirtd.logrotate.in
++++ b/daemon/libvirtd.logrotate.in
+@@ -5,4 +5,5 @@
+         compress
+         delaycompress
+         copytruncate
++        minsize 100k
+ }
+-- 
+1.6.5.2
+

libvirt-qemu-machine-type-fixes2.patch

@@ -0,0 +1,42 @@
+From b7b6a28eb9eae641762de9408a90971d849ce92e Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Thu, 15 Oct 2009 12:09:17 +0100
+Subject: [PATCH] Don't copy old machines from a domain which has none
+
+If the the qemu and kvm binaries are the same, we don't include machine
+types in the kvm domain info.
+
+However, the code which refreshes the machine types info from the
+previous capabilities structure first looks at the kvm domain's info,
+finds it matches and then copies the empty machine types list over
+for the top-level qemu domain.
+
+That doesn't make sense, we shouldn't copy an empty machin types list.
+
+* src/qemu/qemu_conf.c: qemudGetOldMachinesFromInfo(): don't copy an
+  empty machine types list.
+
+(cherry picked from commit 2210f8a3a8e2774ca4fb8b42e21899e5b85ca913)
+
+Fedora-patch: libvirt-qemu-machine-type-fixes2.patch
+---
+ src/qemu/qemu_conf.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index ac63570..b881f1e 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -505,6 +505,9 @@ qemudGetOldMachinesFromInfo(virCapsGuestDomainInfoPtr info,
+     virCapsGuestMachinePtr *list;
+     int i;
+ 
++    if (!info->nmachines)
++        return 0;
++
+     if (!info->emulator || !STREQ(emulator, info->emulator))
+         return 0;
+ 
+-- 
+1.6.5.2
+

libvirt-qemu-save-restore-2.patch

@@ -0,0 +1,118 @@
+From 096fc1216eb2654bbff376dcc5bb8177d6498f82 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 19 Nov 2009 12:16:30 +0000
+Subject: [PATCH] Fix labelling on QEMU restore images
+
+Even though QEMU does not directly open the saved image when
+restoring, it must be correctly labelled to allow QEMU to
+read from it because labelling is passed around with open
+file descriptors.
+
+The labelling should not allow writing to the saved image
+again, only reading.
+
+* src/qemu/qemu_driver.c: Label the save image when restoring
+* src/security/security_driver.h: Add a virSecurityDomainSetSavedStateLabelRO
+  method for labelling a saved image for restore
+* src/security/security_selinux.c: Implement labelling of RO
+  save images for restore
+
+Fedora-patch: libvirt-qemu-save-restore-2.patch
+---
+ src/qemu/qemu_driver.c          |   11 ++++++++++-
+ src/security/security_driver.h  |    5 +++++
+ src/security/security_selinux.c |   11 +++++++++++
+ 3 files changed, 26 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 171ac8f..e6abb05 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -3266,7 +3266,7 @@ static int qemudDomainSave(virDomainPtr dom,
+ 
+     if (driver->securityDriver &&
+         driver->securityDriver->domainRestoreSavedStateLabel &&
+-        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1)
++        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, vm, path) == -1)
+         goto cleanup;
+ 
+     ret = 0;
+@@ -3813,6 +3813,11 @@ static int qemudDomainRestore(virConnectPtr conn,
+     }
+     def = NULL;
+ 
++    if (driver->securityDriver &&
++        driver->securityDriver->domainSetSavedStateLabelRO &&
++        driver->securityDriver->domainSetSavedStateLabelRO(conn, vm, path) == -1)
++        goto cleanup;
++
+     if (header.version == 2) {
+         const char *intermediate_argv[3] = { NULL, "-dc", NULL };
+         const char *prog = qemudSaveCompressionTypeToString(header.compressed);
+@@ -3847,6 +3852,10 @@ static int qemudDomainRestore(virConnectPtr conn,
+         close(intermediatefd);
+     close(fd);
+     fd = -1;
++    if (driver->securityDriver &&
++        driver->securityDriver->domainRestoreSavedStateLabel &&
++        driver->securityDriver->domainRestoreSavedStateLabel(conn, vm, path) == -1)
++        VIR_WARN("Unable to restore labelling on %s", path);
+     if (ret < 0) {
+         if (!vm->persistent) {
+             virDomainRemoveInactive(&driver->domains,
+diff --git a/src/security/security_driver.h b/src/security/security_driver.h
+index 5514962..5144976 100644
+--- a/src/security/security_driver.h
++++ b/src/security/security_driver.h
+@@ -45,7 +45,11 @@ typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
+ typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
+                                                     virDomainObjPtr vm,
+                                                     const char *savefile);
++typedef int (*virSecurityDomainSetSavedStateLabelRO) (virConnectPtr conn,
++                                                      virDomainObjPtr vm,
++                                                      const char *savefile);
+ typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
++                                                        virDomainObjPtr vm,
+                                                         const char *savefile);
+ typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
+                                           virDomainObjPtr sec);
+@@ -77,6 +81,7 @@ struct _virSecurityDriver {
+     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
+     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
+     virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
++    virSecurityDomainSetSavedStateLabelRO domainSetSavedStateLabelRO;
+     virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
+ 
+     /*
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 4f2d1d3..0c130e5 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -639,7 +639,17 @@ SELinuxSetSavedStateLabel(virConnectPtr conn,
+ 
+ 
+ static int
++SELinuxSetSavedStateLabelRO(virConnectPtr conn,
++                            virDomainObjPtr vm ATTRIBUTE_UNUSED,
++                            const char *savefile)
++{
++    return SELinuxSetFilecon(conn, savefile, default_content_context);
++}
++
++
++static int
+ SELinuxRestoreSavedStateLabel(virConnectPtr conn,
++                              virDomainObjPtr vm ATTRIBUTE_UNUSED,
+                               const char *savefile)
+ {
+     return SELinuxRestoreSecurityFileLabel(conn, savefile);
+@@ -716,5 +726,6 @@ virSecurityDriver virSELinuxSecurityDriver = {
+     .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
+     .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
+     .domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
++    .domainSetSavedStateLabelRO = SELinuxSetSavedStateLabelRO,
+     .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
+ };
+-- 
+1.6.5.2
+

libvirt-qemu-save-restore.patch

@@ -0,0 +1,168 @@
+From 1151cdcad3f4b68478b076832843338256b94644 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Wed, 11 Nov 2009 12:07:00 +0000
+Subject: [PATCH] Fix save and restore with non-privileged guests and SELinux
+
+When running qemu:///system instance, libvirtd runs as root,
+but QEMU may optionally be configured to run non-root. When
+then saving a guest to a state file, the file is initially
+created as root, and thus QEMU cannot write to it. It is also
+missing labelling required to allow access via SELinux.
+
+* src/qemu/qemu_driver.c: Set ownership on save image before
+  running migrate command in virDomainSave impl. Call out to
+  security driver to set save image labelling
+* src/security/security_driver.h: Add driver APIs for setting
+  and restoring saved state file labelling
+* src/security/security_selinux.c: Implement saved state file
+  labelling for SELinux
+
+(cherry picked from commit bc0010b3d149df00406b82c37eb59874d8525af4)
+
+Fedora-patch: libvirt-qemu-save-restore.patch
+---
+ src/qemu/qemu_driver.c          |   35 ++++++++++++++++++++++++++++++++---
+ src/security/security_driver.h  |    7 +++++++
+ src/security/security_selinux.c |   23 +++++++++++++++++++++++
+ 3 files changed, 62 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index c544c4b..171ac8f 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -3146,6 +3146,7 @@ static int qemudDomainSave(virDomainPtr dom,
+     char *xml = NULL;
+     struct qemud_save_header header;
+     int ret = -1;
++    int rc;
+     virDomainEventPtr event = NULL;
+ 
+     memset(&header, 0, sizeof(header));
+@@ -3226,9 +3227,22 @@ static int qemudDomainSave(virDomainPtr dom,
+     }
+     fd = -1;
+ 
++    if (driver->privileged &&
++        chown(path, driver->user, driver->group) < 0) {
++        virReportSystemError(NULL, errno,
++                             _("unable to set ownership of '%s' to user %d:%d"),
++                             path, driver->user, driver->group);
++        goto cleanup;
++    }
++
++    if (driver->securityDriver &&
++        driver->securityDriver->domainSetSavedStateLabel &&
++        driver->securityDriver->domainSetSavedStateLabel(dom->conn, vm, path) == -1)
++        goto cleanup;
++
+     if (header.compressed == QEMUD_SAVE_FORMAT_RAW) {
+         const char *args[] = { "cat", NULL };
+-        ret = qemuMonitorMigrateToCommand(vm, 0, args, path);
++        rc = qemuMonitorMigrateToCommand(vm, 0, args, path);
+     } else {
+         const char *prog = qemudSaveCompressionTypeToString(header.compressed);
+         const char *args[] = {
+@@ -3236,12 +3250,27 @@ static int qemudDomainSave(virDomainPtr dom,
+             "-c",
+             NULL
+         };
+-        ret = qemuMonitorMigrateToCommand(vm, 0, args, path);
++        rc = qemuMonitorMigrateToCommand(vm, 0, args, path);
+     }
+ 
+-    if (ret < 0)
++    if (rc < 0)
+         goto cleanup;
+ 
++    if (driver->privileged &&
++        chown(path, 0, 0) < 0) {
++        virReportSystemError(NULL, errno,
++                             _("unable to set ownership of '%s' to user %d:%d"),
++                             path, 0, 0);
++        goto cleanup;
++    }
++
++    if (driver->securityDriver &&
++        driver->securityDriver->domainRestoreSavedStateLabel &&
++        driver->securityDriver->domainRestoreSavedStateLabel(dom->conn, path) == -1)
++        goto cleanup;
++
++    ret = 0;
++
+     /* Shut it down */
+     qemudShutdownVMDaemon(dom->conn, driver, vm);
+     event = virDomainEventNewFromObj(vm,
+diff --git a/src/security/security_driver.h b/src/security/security_driver.h
+index fde2978..5514962 100644
+--- a/src/security/security_driver.h
++++ b/src/security/security_driver.h
+@@ -42,6 +42,11 @@ typedef int (*virSecurityDomainRestoreHostdevLabel) (virConnectPtr conn,
+ typedef int (*virSecurityDomainSetHostdevLabel) (virConnectPtr conn,
+                                                  virDomainObjPtr vm,
+                                                  virDomainHostdevDefPtr dev);
++typedef int (*virSecurityDomainSetSavedStateLabel) (virConnectPtr conn,
++                                                    virDomainObjPtr vm,
++                                                    const char *savefile);
++typedef int (*virSecurityDomainRestoreSavedStateLabel) (virConnectPtr conn,
++                                                        const char *savefile);
+ typedef int (*virSecurityDomainGenLabel) (virConnectPtr conn,
+                                           virDomainObjPtr sec);
+ typedef int (*virSecurityDomainReserveLabel) (virConnectPtr conn,
+@@ -71,6 +76,8 @@ struct _virSecurityDriver {
+     virSecurityDomainRestoreLabel domainRestoreSecurityLabel;
+     virSecurityDomainRestoreHostdevLabel domainRestoreSecurityHostdevLabel;
+     virSecurityDomainSetHostdevLabel domainSetSecurityHostdevLabel;
++    virSecurityDomainSetSavedStateLabel domainSetSavedStateLabel;
++    virSecurityDomainRestoreSavedStateLabel domainRestoreSavedStateLabel;
+ 
+     /*
+      * This is internally managed driver state and should only be accessed
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 7e0f71a..4f2d1d3 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -525,6 +525,7 @@ done:
+     return ret;
+ }
+ 
++
+ static int
+ SELinuxRestoreSecurityPCILabel(virConnectPtr conn,
+                                pciDevice *dev ATTRIBUTE_UNUSED,
+@@ -625,6 +626,26 @@ SELinuxRestoreSecurityLabel(virConnectPtr conn,
+     return rc;
+ }
+ 
++
++static int
++SELinuxSetSavedStateLabel(virConnectPtr conn,
++                          virDomainObjPtr vm,
++                          const char *savefile)
++{
++    const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
++
++    return SELinuxSetFilecon(conn, savefile, secdef->imagelabel);
++}
++
++
++static int
++SELinuxRestoreSavedStateLabel(virConnectPtr conn,
++                              const char *savefile)
++{
++    return SELinuxRestoreSecurityFileLabel(conn, savefile);
++}
++
++
+ static int
+ SELinuxSecurityVerify(virConnectPtr conn, virDomainDefPtr def)
+ {
+@@ -694,4 +715,6 @@ virSecurityDriver virSELinuxSecurityDriver = {
+     .domainSetSecurityLabel     = SELinuxSetSecurityLabel,
+     .domainSetSecurityHostdevLabel = SELinuxSetSecurityHostdevLabel,
+     .domainRestoreSecurityHostdevLabel = SELinuxRestoreSecurityHostdevLabel,
++    .domainSetSavedStateLabel = SELinuxSetSavedStateLabel,
++    .domainRestoreSavedStateLabel = SELinuxRestoreSavedStateLabel,
+ };
+-- 
+1.6.5.2
+

libvirt.spec

@@ -22,14 +22,14 @@
 %endif
 
 
-# Now set the defaults for all the important features, independant
+# Now set the defaults for all the important features, independent
 # of any particular OS
 
 # First the daemon itself
 %define with_libvirtd      0%{!?_without_libvirtd:%{server_drivers}}
 %define with_avahi         0%{!?_without_avahi:%{server_drivers}}
 
-# Then the hypervisor drivers
+# Then the hypervisor drivers that run on local host
 %define with_xen           0%{!?_without_xen:%{server_drivers}}
 %define with_xen_proxy     0%{!?_without_xen_proxy:%{server_drivers}}
 %define with_qemu          0%{!?_without_qemu:%{server_drivers}}
@@ -37,9 +37,12 @@
 %define with_lxc           0%{!?_without_lxc:%{server_drivers}}
 %define with_vbox          0%{!?_without_vbox:%{server_drivers}}
 %define with_uml           0%{!?_without_uml:%{server_drivers}}
+# XXX this shouldn't be here, but it mistakenly links into libvirtd
 %define with_one           0%{!?_without_one:%{server_drivers}}
-%define with_phyp          0%{!?_without_phyp:%{server_drivers}}
-%define with_esx           0%{!?_without_esx:%{server_drivers}}
+
+# Then the hypervisor drivers that talk a native remote protocol
+%define with_phyp          0%{!?_without_phyp:1}
+%define with_esx           0%{!?_without_esx:1}
 
 # Then the secondary host drivers
 %define with_network       0%{!?_without_network:%{server_drivers}}
@@ -100,6 +103,7 @@
 %endif
 %define with_xen 0
 %endif
+
 # If Xen isn't turned on, we shouldn't build the xen proxy either
 %if ! %{with_xen}
 %define with_xen_proxy 0
@@ -150,25 +154,21 @@
 
 Summary: Library providing a simple API virtualization
 Name: libvirt
-Version: 0.7.1
+Version: 0.7.2
 Release: 6%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: http://libvirt.org/sources/libvirt-%{version}.tar.gz
 
-# Temporary hack till PulseAudio autostart problems are sorted
-# out when SELinux enforcing (bz 486112)
-Patch00: libvirt-0.6.4-svirt-sound.patch
+# Fix qemu machine types handling
+Patch01: libvirt-qemu-machine-type-fixes2.patch
 
-# A couple of hot-unplug memory handling fixes (#523953)
-Patch01: libvirt-fix-net-hotunplug-double-free.patch
-Patch02: libvirt-fix-pci-hostdev-hotunplug-leak.patch
+# Avoid compressing small log files (#531030)
+Patch02: libvirt-logrotate-avoid-compressing-small-logs.patch
 
-# Don't set a bogus error in virDrvSupportsFeature()
-Patch03: libvirt-fix-drv-supports-feature-bogus-error.patch
-
-# Fix raw save format
-Patch04: libvirt-fix-qemu-raw-format-save.patch
+# Fix QEMU save/restore permissions / labelling
+Patch03: libvirt-qemu-save-restore.patch
+Patch04: libvirt-qemu-save-restore-2.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 URL: http://libvirt.org/
@@ -356,7 +356,7 @@ virtualization capabilities of recent versions of Linux (and other OSes).
 %package devel
 Summary: Libraries, includes, etc. to compile with the libvirt library
 Group: Development/Libraries
-Requires: libvirt = %{version}-%{release}
+Requires: libvirt-client = %{version}-%{release}
 Requires: pkgconfig
 %if %{with_xen}
 Requires: xen-devel
@@ -370,7 +370,7 @@ the virtualization capabilities of recent versions of Linux (and other OSes).
 %package python
 Summary: Python bindings for the libvirt library
 Group: Development/Libraries
-Requires: libvirt = %{version}-%{release}
+Requires: libvirt-client = %{version}-%{release}
 
 %description python
 The libvirt-python package contains a module that permits applications
@@ -382,7 +382,6 @@ of recent versions of Linux (and other OSes).
 %prep
 %setup -q
 
-%patch00 -p1
 %patch01 -p1
 %patch02 -p1
 %patch03 -p1
@@ -530,10 +529,10 @@ gzip -9 ChangeLog
 rm -fr %{buildroot}
 
 %makeinstall
-(cd docs/examples ; make clean ; rm -rf .deps Makefile Makefile.in)
-(cd docs/examples/python ; rm -rf .deps Makefile Makefile.in)
-(cd examples/hellolibvirt ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
-(cd examples/domain-events/events-c ;  make clean ;rm -rf .deps .libs Makefile Makefile.in)
+for i in domain-events/events-c dominfo domsuspend hellolibvirt python
+do
+  (cd examples/$i ; make clean ; rm -rf .deps .libs Makefile Makefile.in)
+done
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
 rm -f $RPM_BUILD_ROOT%{_libdir}/python*/site-packages/*.la
@@ -560,6 +559,11 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
 %endif
 %find_lang %{name}
 
+%if ! %{with_lxc}
+rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_lxc.aug
+rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
+%endif
+
 %if ! %{with_python}
 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-python-%{version}
 %endif
@@ -571,6 +575,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version}
 %if ! %{with_qemu}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf
 %endif
+%if ! %{with_lxc}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf
+%endif
 
 %if %{with_libvirtd}
 chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd
@@ -611,7 +618,7 @@ fi
 
 /sbin/chkconfig --add libvirtd
 if [ "$1" -ge "1" ]; then
-    /sbin/service libvirtd condrestart > /dev/null 2>&1
+	/sbin/service libvirtd condrestart > /dev/null 2>&1
 fi
 %endif
 
@@ -644,10 +651,16 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/libvirtd
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/
+%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/uml/
 
 %if %{with_qemu}
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %endif
+%if %{with_lxc}
+%config(noreplace) %{_sysconfdir}/libvirt/lxc.conf
+%endif
 
 %dir %{_datadir}/libvirt/
 
@@ -689,6 +702,11 @@ fi
 %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
 %endif
 
+%if %{with_lxc}
+%{_datadir}/augeas/lenses/libvirtd_lxc.aug
+%{_datadir}/augeas/lenses/tests/test_libvirtd_lxc.aug
+%endif
+
 %{_datadir}/augeas/lenses/libvirtd.aug
 %{_datadir}/augeas/lenses/tests/test_libvirtd.aug
 
@@ -701,13 +719,11 @@ fi
 %endif
 
 %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/
-%if %{with_qemu}
-%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
-%endif
 
 %if %{with_xen_proxy}
 %attr(4755, root, root) %{_libexecdir}/libvirt_proxy
 %endif
+
 %if %{with_lxc}
 %attr(0755, root, root) %{_libexecdir}/libvirt_lxc
 %endif
@@ -724,8 +740,10 @@ fi
 
 %{_mandir}/man1/virsh.1*
 %{_mandir}/man1/virt-xml-validate.1*
+%{_mandir}/man1/virt-pki-validate.1*
 %{_bindir}/virsh
 %{_bindir}/virt-xml-validate
+%{_bindir}/virt-pki-validate
 %{_libdir}/lib*.so.*
 
 %dir %{_datadir}/libvirt/
@@ -759,9 +777,12 @@ fi
 %doc %{_datadir}/gtk-doc/html/libvirt/*.css
 
 %doc docs/*.html docs/html docs/*.gif
-%doc docs/examples
 %doc docs/libvirt-api.xml
-%doc examples
+%doc examples/hellolibvirt
+%doc examples/domain-events/events-c
+%doc examples/dominfo
+%doc examples/domsuspend
+%doc examples/xml
 
 %if %{with_python}
 %files python
@@ -772,11 +793,56 @@ fi
 %{_libdir}/python*/site-packages/libvirtmod*
 %doc python/tests/*.py
 %doc python/TODO
-%doc python/libvirtclass.txt
-%doc docs/examples/python
+%doc examples/python
+%doc examples/domain-events/events-python
 %endif
 
 %changelog
+* Thu Nov 19 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-6
+- Really fix restore file labelling this time
+
+* Wed Nov 11 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-5
+- Disable numactl on s390[x]. Again.
+
+* Wed Nov 11 2009 Daniel P. Berrange <berrange@redhat.com> - 0.7.2-4
+- Fix QEMU save/restore permissions / labelling
+
+* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-3
+- Avoid compressing small log files (#531030)
+
+* Thu Oct 29 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.2-2
+- Make libvirt-devel require libvirt-client, not libvirt
+- Fix qemu machine types handling
+
+* Wed Oct 14 2009 Daniel Veillard <veillard@redhat.com> - 0.7.2-1
+- Upstream release of 0.7.2
+- Allow to define ESX domains
+- Allows suspend and resulme of LXC domains
+- API for data streams
+- many bug fixes
+
+* Tue Oct 13 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-12
+- Fix restore of qemu guest using raw save format (#523158)
+
+* Fri Oct  9 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-11
+- Fix libvirtd memory leak during error reply sending (#528162)
+- Add several PCI hot-unplug typo fixes from upstream
+
+* Tue Oct  6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-10
+- Create /var/log/libvirt/{lxc,uml} dirs for logrotate
+- Make libvirt-python dependon on libvirt-client
+- Sync misc minor changes from upstream spec
+
+* Tue Oct  6 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-9
+- Change logrotate config to weekly (#526769)
+
+* Thu Oct  1 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-8
+- Disable sound backend, even when selinux is disabled (#524499)
+- Re-label qcow2 backing files (#497131)
+
+* Wed Sep 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.7.1-7
+- Fix USB device passthrough (#522683)
+
 * Mon Sep 21 2009 Chris Weyl <cweyl@alumni.drew.edu> - 0.7.1-6
 - rebuild for libssh2 1.2
 

sources

@@ -1 +1 @@
-f1cd360a5da38b847e166c6482141940  libvirt-0.7.1.tar.gz
+133aead8c46c0601b6b37e024c6aa86a  libvirt-0.7.2.tar.gz