No change, just rebuild against new libparted with bumped soname.

Set kernel/initrd in security driver, fixes some URL installs (bz 566425)

.cvsignore

@@ -1,24 +1,19 @@
-libvirt-0.0.3.tar.gz
-libvirt-0.0.4.tar.gz
-libvirt-0.0.5.tar.gz
-libvirt-0.0.6.tar.gz
-libvirt-0.1.0.tar.gz
-libvirt-0.1.2.tar.gz
-libvirt-0.1.1.tar.gz
-libvirt-0.1.3.tar.gz
-libvirt-0.1.4.tar.gz
-libvirt-0.1.5.tar.gz
-libvirt-0.1.6.tar.gz
-libvirt-0.1.7.tar.gz
-libvirt-0.1.8.tar.gz
-libvirt-0.1.9.tar.gz
-libvirt-0.1.10.tar.gz
-libvirt-0.1.11.tar.gz
-libvirt-0.2.0.tar.gz
-libvirt-0.2.1.tar.gz
-libvirt-0.2.2.tar.gz
-libvirt-0.2.3.tar.gz
-libvirt-0.3.0.tar.gz
-libvirt-0.3.1.tar.gz
-libvirt-0.3.2.tar.gz
-libvirt-0.3.3.tar.gz
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz
+libvirt-0.6.0.tar.gz
+libvirt-0.6.1.tar.gz
+libvirt-0.6.2.tar.gz
+libvirt-0.6.3.tar.gz
+libvirt-0.6.4.tar.gz
+libvirt-0.6.5.tar.gz
+libvirt-0.7.0.tar.gz
+libvirt-0.7.1.tar.gz
+libvirt-0.7.2.tar.gz
+libvirt-0.7.3.tar.gz
+libvirt-0.7.4.tar.gz
+libvirt-0.7.5.tar.gz
+libvirt-0.7.6.tar.gz
+libvirt-0.7.7.tar.gz

Makefile

@@ -4,7 +4,7 @@ NAME := libvirt
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

libvirt-0.3.3-example-config.patch

@@ -1,207 +0,0 @@
-changeset:   1147:7481eafdde8d
-user:        berrange
-date:        Fri Oct 12 18:54:15 2007 +0000
-files:       libvirt.spec.in qemud/Makefile.am qemud/libvirtd.conf src/Makefile.am src/qemu.conf
-description:
-Added default example configs for libvirtd/qemu driver
-
-
-diff -r c48e81e685a3 -r 7481eafdde8d qemud/libvirtd.conf
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/qemud/libvirtd.conf	Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,141 @@
-+# Master libvirt daemon configuration file
-+#
-+# For further information consult http://libvirt.org/format.html
-+
-+
-+# Flag listening for secure TLS connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# It is neccessary to setup a CA and issue server certificates before
-+# using this capability.
-+#
-+# This is enabled by default, uncomment this to disable it
-+# listen_tls = 0
-+
-+# Listen for unencrypted TCP connections on the public TCP/IP port.
-+# NB, must pass the --listen flag to the libvirtd process for this to
-+# have any effect.
-+#
-+# NB, this is insecure. Do not use except for development.
-+#
-+# This is disabled by default, uncomment this to enable it.
-+# listen_tcp = 1
-+
-+
-+
-+# Override the port for accepting secure TLS connections
-+# This can be a port number, or service name
-+#
-+# tls_port = "16514"
-+
-+# Override the port for accepting insecure TCP connections
-+# This can be a port number, or service name
-+# 
-+# tcp_port = "16509"
-+
-+
-+
-+# Flag toggling mDNS advertizement of the libvirt service.
-+#
-+# Alternatively can disable for all services on a host by
-+# stopping the Avahi daemon
-+#
-+# This is enabled by default, uncomment this to disable it
-+# mdns_adv = 0
-+
-+# Override the default mDNS advertizement name. This must be
-+# unique on the immediate broadcast network.
-+# 
-+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
-+# is subsituted for the short hostname of the machine (without domain)
-+#
-+# mdns_name "Virtualization Host Joe Demo" 
-+
-+
-+
-+# Set the UNIX domain socket group ownership. This can be used to
-+# allow a 'trusted' set of users access to management capabilities
-+# without becoming root.
-+# 
-+# This is restricted to 'root' by default. 
-+# unix_sock_group "libvirt"
-+
-+# Set the UNIX socket permissions for the R/O socket. This is used
-+# for monitoring VM status only
-+#
-+# Default allows any user. If setting group ownership may want to
-+# restrict this to:
-+# unix_sock_ro_perms "0777"
-+
-+# Set the UNIX socket permissions for the R/W socket. This is used
-+# for full management of VMs
-+#
-+# Default allows only root. If setting group ownership may want to
-+# relax this to:
-+# unix_sock_rw_perms "octal-perms" 	"0770"
-+
-+
-+
-+# Flag to disable verification of client certificates
-+#
-+# Client certificate verification is the primary authentication mechanism.
-+# Any client which does not present a certificate signed by the CA
-+# will be rejected.
-+#
-+# Default is to always verify. Uncommenting this will disable
-+# verification - make sure an IP whitelist is set
-+# tls_no_verify_certificate 1 
-+
-+# Flag to disable verification of client IP address
-+#
-+# Client IP address will be verified against the CommonName field
-+# of the x509 certificate. This has minimal security benefit since
-+# it is easy to spoof source IP.
-+#
-+# Uncommenting this will disable verification
-+# tls_no_verify_address 1
-+
-+# Override the default server key file path
-+#
-+# key_file "/etc/pki/libvirt/private/serverkey.pem"
-+
-+# Override the default server certificate file path
-+#
-+# cert_file "/etc/pki/libvirt/servercert.pem"
-+
-+# Override the default CA certificate path
-+#
-+# ca_file "/etc/pki/CA/cacert.pem"
-+
-+# Specify a certificate revocation list.
-+# 
-+# Defaults to not using a CRL, uncomment to enable it
-+# crl_file "/etc/pki/CA/crl.pem"
-+
-+# A whitelist of allowed x509  Distinguished Names
-+# This list may contain wildcards such as 
-+#
-+#    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
-+#
-+# See the POSIX fnmatch function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no DN's are checked
-+# tls_allowed_dn_list ["DN1", "DN2"]
-+
-+
-+# A whitelist of allowed client IP addresses
-+#
-+# This list may contain wildcards such as 192.168.* See the POSIX fnmatch 
-+# function for the format of the wildcards.
-+#
-+# NB If this is an empty list, no client can connect, so comment out
-+# entirely rather than using empty list to disable these checks
-+#
-+# By default, no IP's are checked. This can be IPv4 or IPv6 addresses
-+# tls_allowed_ip_list ["ip1", "ip2", "ip3"]
-+
-+
-diff -r c48e81e685a3 -r 7481eafdde8d src/qemu.conf
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/src/qemu.conf	Fri Oct 12 18:54:15 2007 +0000
-@@ -0,0 +1,49 @@
-+# Master configuration file for the QEMU driver.
-+# All settings described here are optional - if omitted, sensible
-+# defaults are used.
-+
-+# VNC is configured to listen on 127.0.0.1 by default.
-+# To make it listen on all public interfaces, uncomment
-+# this next option.
-+#
-+# NB, strong recommendation to enable TLS + x509 certificate
-+# verification when allowing public access
-+#
-+# vnc_listen = "0.0.0.0"
-+
-+
-+# Enable use of TLS encryption on the VNC server. This requires
-+# a VNC client which supports the VeNCrypt protocol extension.
-+# Examples include vinagre, virt-viewer, virt-manager and vencrypt
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is neccessary to setup CA and issue a server certificate
-+# before enabling this.
-+#
-+# vnc_tls = 1
-+
-+
-+# Use of TLS requires that x509 certificates be issued. The
-+# default it to keep them in /etc/pki/libvirt-vnc. This directory
-+# must contain
-+#
-+#  ca-cert.pem - the CA master certificate
-+#  server-cert.pem - the server certificate signed with ca-cert.pem
-+#  server-key.pem  - the server private key
-+#
-+# This option allows the certificate directory to be changed
-+#
-+# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
-+
-+
-+# The default TLS configuration only uses certificates for the server
-+# allowing the client to verify the server's identity and establish
-+# and encrypted channel. 
-+#
-+# It is possible to use x509 certificates for authentication too, by
-+# issuing a x509 certificate to every client who needs to connect.
-+# 
-+# Enabling this option will reject any client who does not have a
-+# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
-+#
-+# vnc_tls_x509_verify = 1
-

libvirt-0.3.3-qemu-config.patch

@@ -1,230 +0,0 @@
-changeset:   1146:c48e81e685a3
-user:        berrange
-date:        Fri Oct 12 15:05:44 2007 +0000
-files:       ChangeLog src/qemu_conf.c src/qemu_conf.h src/qemu_driver.c
-description:
-Added QEMU driver config file
-
-
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.c
---- a/src/qemu_conf.c	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.c	Fri Oct 12 15:05:44 2007 +0000
-@@ -45,6 +45,7 @@
- #include "qemu_conf.h"
- #include "uuid.h"
- #include "buf.h"
-+#include "conf.h"
- 
- #define qemudLog(level, msg...) fprintf(stderr, msg)
- 
-@@ -65,6 +66,68 @@ void qemudReportError(virConnectPtr conn
-     __virRaiseError(conn, dom, net, VIR_FROM_QEMU, code, VIR_ERR_ERROR,
-                     NULL, NULL, NULL, -1, -1, errorMessage);
- }
-+
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+                          const char *filename) {
-+    virConfPtr conf;
-+    virConfValuePtr p;
-+
-+    /* Setup 2 critical defaults */
-+    strcpy(driver->vncListen, "127.0.0.1");
-+    if (!(driver->vncTLSx509certdir = strdup(SYSCONF_DIR "/pki/libvirt-vnc"))) {
-+        qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+                         "vncTLSx509certdir");
-+        return -1;
-+    }
-+
-+    /* Just check the file is readable before opening it, otherwise
-+     * libvirt emits an error.
-+     */
-+    if (access (filename, R_OK) == -1) return 0;
-+
-+    conf = virConfReadFile (filename);
-+    if (!conf) return 0;
-+
-+
-+#define CHECK_TYPE(name,typ) if (p && p->type != (typ)) {               \
-+        qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,      \
-+                         "remoteReadConfigFile: %s: %s: expected type " #typ "\n", \
-+                         filename, (name));                             \
-+        virConfFree(conf);                                              \
-+        return -1;                                                      \
-+    }
-+
-+    p = virConfGetValue (conf, "vnc_tls");
-+    CHECK_TYPE ("vnc_tls", VIR_CONF_LONG);
-+    if (p) driver->vncTLS = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_tls_x509_verify");
-+    CHECK_TYPE ("vnc_tls_x509_verify", VIR_CONF_LONG);
-+    if (p) driver->vncTLSx509verify = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_tls_x509_cert_dir");
-+    CHECK_TYPE ("vnc_tls_x509_cert_dir", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        free(driver->vncTLSx509certdir);
-+        if (!(driver->vncTLSx509certdir = strdup(p->str))) {
-+            qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
-+                             "vncTLSx509certdir");
-+            virConfFree(conf);
-+            return -1;
-+        }
-+    }
-+
-+    p = virConfGetValue (conf, "vnc_listen");
-+    CHECK_TYPE ("vnc_listen", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        strncpy(driver->vncListen, p->str, sizeof(driver->vncListen));
-+        driver->vncListen[sizeof(driver->vncListen)-1] = '\0';
-+    }
-+
-+    virConfFree (conf);
-+    return 0;
-+}
-+
- 
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver, int id) {
-     struct qemud_vm *vm = driver->vms;
-@@ -1234,7 +1297,7 @@ static struct qemud_vm_def *qemudParseXM
-             if (vnclisten && *vnclisten)
-                 strncpy(def->vncListen, (char *)vnclisten, BR_INET_ADDR_MAXLEN-1);
-             else
--                strcpy(def->vncListen, "127.0.0.1");
-+                strcpy(def->vncListen, driver->vncListen);
-             def->vncListen[BR_INET_ADDR_MAXLEN-1] = '\0';
-             xmlFree(vncport);
-             xmlFree(vnclisten);
-@@ -1750,15 +1813,30 @@ int qemudBuildCommandLine(virConnectPtr 
-     }
- 
-     if (vm->def->graphicsType == QEMUD_GRAPHICS_VNC) {
--        char vncdisplay[BR_INET_ADDR_MAXLEN+20];
-+        char vncdisplay[PATH_MAX];
-         int ret;
--        if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON)
--            ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d",
-+
-+        if (vm->qemuCmdFlags & QEMUD_CMD_FLAG_VNC_COLON) {
-+            char options[PATH_MAX] = "";
-+            if (driver->vncTLS) {
-+                strcat(options, ",tls");
-+                if (driver->vncTLSx509verify) {
-+                    strcat(options, ",x509verify=");
-+                } else {
-+                    strcat(options, ",x509=");
-+                }
-+                strncat(options, driver->vncTLSx509certdir,
-+                        sizeof(options) - (strlen(driver->vncTLSx509certdir)-1));
-+                options[sizeof(options)-1] = '\0';
-+            }
-+            ret = snprintf(vncdisplay, sizeof(vncdisplay), "%s:%d%s",
-                            vm->def->vncListen,
--                           vm->def->vncActivePort - 5900);
--        else
-+                           vm->def->vncActivePort - 5900,
-+                           options);
-+        } else {
-             ret = snprintf(vncdisplay, sizeof(vncdisplay), "%d",
-                            vm->def->vncActivePort - 5900);
-+        }
-         if (ret < 0 || ret >= (int)sizeof(vncdisplay))
-             goto error;
- 
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_conf.h
---- a/src/qemu_conf.h	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_conf.h	Fri Oct 12 15:05:44 2007 +0000
-@@ -289,6 +289,10 @@ struct qemud_driver {
-     char *networkConfigDir;
-     char *networkAutostartDir;
-     char logDir[PATH_MAX];
-+    int vncTLS : 1;
-+    int vncTLSx509verify : 1;
-+    char *vncTLSx509certdir;
-+    char vncListen[BR_INET_ADDR_MAXLEN];
- };
- 
- 
-@@ -311,6 +315,8 @@ void qemudReportError(virConnectPtr conn
-     ATTRIBUTE_FORMAT(printf,5,6);
- 
- 
-+int qemudLoadDriverConfig(struct qemud_driver *driver,
-+                          const char *filename);
- 
- struct qemud_vm *qemudFindVMByID(const struct qemud_driver *driver,
-                                  int id);
-diff -r 522efe7f7e8f -r c48e81e685a3 src/qemu_driver.c
---- a/src/qemu_driver.c	Wed Oct 10 18:46:17 2007 +0000
-+++ b/src/qemu_driver.c	Fri Oct 12 15:05:44 2007 +0000
-@@ -155,6 +155,7 @@ qemudStartup(void) {
-     uid_t uid = geteuid();
-     struct passwd *pw;
-     char *base = NULL;
-+    char driverConf[PATH_MAX];
- 
-     if (!(qemu_driver = calloc(1, sizeof(struct qemud_driver)))) {
-         return -1;
-@@ -167,7 +168,7 @@ qemudStartup(void) {
-         if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/log/libvirt/qemu", LOCAL_STATE_DIR) >= PATH_MAX)
-             goto snprintf_error;
- 
--        if ((base = strdup (SYSCONF_DIR "/libvirt/qemu")) == NULL)
-+        if ((base = strdup (SYSCONF_DIR "/libvirt")) == NULL)
-             goto out_of_memory;
-     } else {
-         if (!(pw = getpwuid(uid))) {
-@@ -179,7 +180,7 @@ qemudStartup(void) {
-         if (snprintf(qemu_driver->logDir, PATH_MAX, "%s/.libvirt/qemu/log", pw->pw_dir) >= PATH_MAX)
-             goto snprintf_error;
- 
--        if (asprintf (&base, "%s/.libvirt/qemu", pw->pw_dir) == -1) {
-+        if (asprintf (&base, "%s/.libvirt", pw->pw_dir) == -1) {
-             qemudLog (QEMUD_ERR, "out of memory in asprintf");
-             goto out_of_memory;
-         }
-@@ -188,24 +189,36 @@ qemudStartup(void) {
-     /* Configuration paths are either ~/.libvirt/qemu/... (session) or
-      * /etc/libvirt/qemu/... (system).
-      */
--    if (asprintf (&qemu_driver->configDir, "%s", base) == -1)
-+    if (snprintf (driverConf, sizeof(driverConf), "%s/qemu.conf", base) == -1)
-         goto out_of_memory;
--
--    if (asprintf (&qemu_driver->autostartDir, "%s/autostart", base) == -1)
-+    driverConf[sizeof(driverConf)-1] = '\0';
-+
-+    if (asprintf (&qemu_driver->configDir, "%s/qemu", base) == -1)
-         goto out_of_memory;
- 
--    if (asprintf (&qemu_driver->networkConfigDir, "%s/networks", base) == -1)
-+    if (asprintf (&qemu_driver->autostartDir, "%s/qemu/autostart", base) == -1)
-         goto out_of_memory;
- 
--    if (asprintf (&qemu_driver->networkAutostartDir, "%s/networks/autostart",
-+    if (asprintf (&qemu_driver->networkConfigDir, "%s/qemu/networks", base) == -1)
-+        goto out_of_memory;
-+
-+    if (asprintf (&qemu_driver->networkAutostartDir, "%s/qemu/networks/autostart",
-                   base) == -1)
-         goto out_of_memory;
- 
--    if (qemudScanConfigs(qemu_driver) < 0)
-+    free(base);
-+
-+    if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
-         qemudShutdown();
-+        return -1;
-+    }
-+
-+    if (qemudScanConfigs(qemu_driver) < 0) {
-+        qemudShutdown();
-+        return -1;
-+    }
-     qemudAutostartConfigs(qemu_driver);
- 
--    free(base);
-     return 0;
- 
-  snprintf_error:
-

libvirt-0.7.7-fix-usb-product.patch

@@ -0,0 +1,233 @@
+From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:36:56 -0500
+Subject: [PATCH] qemu: Add some debugging at domain startup
+
+---
+ src/qemu/qemu_driver.c |   24 +++++++++++++++++++++++-
+ 1 files changed, 23 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index f8ab545..040d645 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     FD_ZERO(&keepfd);
+ 
++    DEBUG0("Beginning VM startup process");
++
+     if (virDomainObjIsActive(vm)) {
+         qemuReportError(VIR_ERR_OPERATION_INVALID,
+                         "%s", _("VM is already active"));
+@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
++    DEBUG0("Generating domain security label (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainGenSecurityLabel &&
+         driver->securityDriver->domainGenSecurityLabel(vm) < 0)
+         return -1;
+ 
++    DEBUG0("Generating setting domain security labels (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainSetSecurityAllLabel &&
+         driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
+         goto cleanup;
+ 
+-    /* Ensure no historical cgroup for this VM is lieing around bogus settings */
++    /* Ensure no historical cgroup for this VM is lying around bogus
++     * settings */
++    DEBUG0("Ensuring no historical cgroup is lying around");
+     qemuRemoveCgroup(driver, vm, 1);
+ 
+     if ((vm->def->ngraphics == 1) &&
+         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
+         vm->def->graphics[0]->data.vnc.autoport) {
++        DEBUG0("Determining VNC port");
+         int port = qemudNextFreeVNCPort(driver);
+         if (port < 0) {
+             qemuReportError(VIR_ERR_INTERNAL_ERROR,
+@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Creating domain log file");
+     if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)
+         goto cleanup;
+ 
+@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Determing emulator version");
+     if (qemudExtractVersionInfo(emulator,
+                                 NULL,
+                                 &qemuCmdFlags) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Setting up domain cgroup (if required)");
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Preparing host devices");
+     if (qemuPrepareHostDevices(driver, vm->def) < 0)
+         goto cleanup;
+ 
+@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Preparing monitor state");
+     if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)
+         goto cleanup;
+ 
+@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+      * use in hotplug
+      */
+     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
++        DEBUG0("Assigning domain PCI addresses");
+         /* Populate cache with current addresses */
+         if (priv->pciaddrs) {
+             qemuDomainPCIAddressSetFree(priv->pciaddrs);
+@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         priv->persistentAddrs = 0;
+     }
+ 
++    DEBUG0("Building emulator command line");
+     vm->def->id = driver->nextvmid++;
+     if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,
+                               priv->monJSON, qemuCmdFlags, &argv, &progenv,
+@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (ret == -1) /* The VM failed to start */
+         goto cleanup;
+ 
++    DEBUG0("Waiting for monitor to show up");
+     if (qemudWaitForMonitor(driver, vm, pos) < 0)
+         goto abort;
+ 
++    DEBUG0("Detecting VCPU PIDs");
+     if (qemuDetectVcpuPIDs(driver, vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting CPU affinity");
+     if (qemudInitCpuAffinity(vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting any required VM passwords");
+     if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)
+         goto abort;
+ 
+     /* If we have -device, then addresses are assigned explicitly.
+      * If not, then we have to detect dynamic ones here */
+     if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
++        DEBUG0("Determining domain device PCI addresses");
+         if (qemuInitPCIAddresses(driver, vm) < 0)
+             goto abort;
+     }
+ 
++    DEBUG0("Setting initial memory amount");
+     qemuDomainObjEnterMonitorWithDriver(driver, vm);
+     if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {
+         qemuDomainObjExitMonitorWithDriver(driver, vm);
+@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     }
+ 
+     if (migrateFrom == NULL) {
++        DEBUG0("Starting domain CPUs");
+         /* Allow the CPUS to start executing */
+         if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {
+             if (virGetLastError() == NULL)
+@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     qemuDomainObjExitMonitorWithDriver(driver, vm);
+ 
+ 
++    DEBUG0("Writing domain status to disk");
+     if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
+         goto abort;
+ 
+-- 
+1.6.6.1
+
+From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:37:52 -0500
+Subject: [PATCH] qemu: Fix USB by product with security enabled
+
+We need to call PrepareHostdevs to determine the USB device path before
+any security calls. PrepareHostUSBDevices was also incorrectly skipping
+all USB devices.
+---
+ src/qemu/qemu_driver.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 040d645..b17d26d 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ 
+         if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+             continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
++        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
+             continue;
+ 
+         /* Resolve a vendor/product to bus/device */
+@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         return -1;
+     }
+ 
++    /* Must be run before security labelling */
++    DEBUG0("Preparing host devices");
++    if (qemuPrepareHostDevices(driver, vm->def) < 0)
++        goto cleanup;
++
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
+     DEBUG0("Generating domain security label (if required)");
+@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
+-    DEBUG0("Preparing host devices");
+-    if (qemuPrepareHostDevices(driver, vm->def) < 0)
+-        goto cleanup;
+-
+     if (VIR_ALLOC(priv->monConfig) < 0) {
+         virReportOOMError();
+         goto cleanup;
+-- 
+1.6.6.1
+
+From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 22 Mar 2010 10:45:36 -0400
+Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label
+
+This can be triggered by the qemuStartVMDaemon cleanup path if a
+VM references a non-existent USB device (by product) in the XML.
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/security/security_selinux.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 975b315..6680e2d 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
+-    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
++    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||
++        secdef->label == NULL)
+         return 0;
+ 
+     context_t con = context_new(secdef->label);
+-- 
+1.6.6.1
+

libvirt-0.7.7-set-kernel-perms.patch

@@ -0,0 +1,87 @@
+From 3f1aa08af6580c215d973bc6bf57f505dbf8b926 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 13:38:39 -0500
+Subject: [PATCH] security: Set permissions for kernel/initrd
+
+Fixes URL installs when running virt-install as root on Fedora.
+---
+ src/qemu/qemu_security_dac.c    |   21 +++++++++++++++++++++
+ src/security/security_selinux.c |   16 ++++++++++++++++
+ 2 files changed, 37 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
+index 6911f48..1883fbe 100644
+--- a/src/qemu/qemu_security_dac.c
++++ b/src/qemu/qemu_security_dac.c
+@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
+                                                      vm->def->disks[i]) < 0)
+             rc = -1;
+     }
++
++    if (vm->def->os.kernel &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        qemuSecurityDACSetOwnership(vm->def->os.kernel,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACSetOwnership(vm->def->os.initrd,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index b2c8581..975b315 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
+             rc = -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+-- 
+1.6.6.1
+

sources

@@ -1 +1 @@
-583fa13938df63bd404cc1b7cf553874  libvirt-0.3.3.tar.gz
+5f315b0bf20e3964f7657ba1e630cd67  libvirt-0.7.7.tar.gz