Fix USB devices by product with security enabled (bz 574136)

Set kernel/initrd in security driver, fixes some URL installs (bz 566425)

.cvsignore

@@ -5,3 +5,15 @@ x86_64
 libvirt-*.tar.gz
 libvirt-0.6.0.tar.gz
 libvirt-0.6.1.tar.gz
+libvirt-0.6.2.tar.gz
+libvirt-0.6.3.tar.gz
+libvirt-0.6.4.tar.gz
+libvirt-0.6.5.tar.gz
+libvirt-0.7.0.tar.gz
+libvirt-0.7.1.tar.gz
+libvirt-0.7.2.tar.gz
+libvirt-0.7.3.tar.gz
+libvirt-0.7.4.tar.gz
+libvirt-0.7.5.tar.gz
+libvirt-0.7.6.tar.gz
+libvirt-0.7.7.tar.gz

Makefile

@@ -4,7 +4,7 @@ NAME := libvirt
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

libvirt-0.6.1-events-dispatch.patch

@@ -1,46 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:35:21 +0000 (+0000)
-Subject: Fix dispatch of FD events when one or more handles are marked deleted
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=10baf3deb8588f5902b6f2eb362fb408707e3d95
-
-Fix dispatch of FD events when one or more handles are marked deleted
----
-
-diff --git a/qemud/event.c b/qemud/event.c
-index c9ea563..0887008 100644
---- a/qemud/event.c
-+++ b/qemud/event.c
-@@ -409,25 +409,26 @@ static int virEventDispatchTimeouts(void) {
-  * Returns 0 upon success, -1 if an error occurred
-  */
- static int virEventDispatchHandles(int nfds, struct pollfd *fds) {
--    int i;
-+    int i, n;
- 
--    for (i = 0 ; i < nfds ; i++) {
-+    for (i = 0, n = 0 ; i < eventLoop.handlesCount && n < nfds ; i++) {
-         if (eventLoop.handles[i].deleted) {
-             EVENT_DEBUG("Skip deleted %d", eventLoop.handles[i].fd);
-             continue;
-         }
- 
--        if (fds[i].revents) {
-+        if (fds[n].revents) {
-             virEventHandleCallback cb = eventLoop.handles[i].cb;
-             void *opaque = eventLoop.handles[i].opaque;
--            int hEvents = virPollEventToEventHandleType(fds[i].revents);
--            EVENT_DEBUG("Dispatch %d %d %p", fds[i].fd,
--                        fds[i].revents, eventLoop.handles[i].opaque);
-+            int hEvents = virPollEventToEventHandleType(fds[n].revents);
-+            EVENT_DEBUG("Dispatch %d %d %p", fds[n].fd,
-+                        fds[n].revents, eventLoop.handles[i].opaque);
-             virEventUnlock();
-             (cb)(eventLoop.handles[i].watch,
--                 fds[i].fd, hEvents, opaque);
-+                 fds[n].fd, hEvents, opaque);
-             virEventLock();
-         }
-+        n++;
-     }
- 
-     return 0;

libvirt-0.6.1-fd-leaks.patch

@@ -1,78 +0,0 @@
-From: Daniel Veillard <veillard@redhat.com>
-Date: Mon, 16 Mar 2009 10:41:37 +0000 (+0000)
-Subject: Avoid some potential FILE * leaks
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=39429bab2d55807698d9aed0112200ae532799b8
-
-Avoid some potential FILE * leaks
-* qemud/qemud.c src/cgroup.c src/uml_driver.c src/util.c: close
-  some potential FILE * leaks
-Daniel
----
-
-diff --git a/qemud/qemud.c b/qemud/qemud.c
-index fd315fc..4f04355 100644
---- a/qemud/qemud.c
-+++ b/qemud/qemud.c
-@@ -488,7 +488,7 @@ static int qemudWritePidFile(const char *pidFile) {
-     if (fprintf(fh, "%lu\n", (unsigned long)getpid()) < 0) {
-         VIR_ERROR(_("Failed to write to pid file '%s' : %s"),
-                   pidFile, virStrerror(errno, ebuf, sizeof ebuf));
--        close(fd);
-+        fclose(fh);
-         return -1;
-     }
- 
-diff --git a/src/cgroup.c b/src/cgroup.c
-index 5af44bd..d1d44a2 100644
---- a/src/cgroup.c
-+++ b/src/cgroup.c
-@@ -57,7 +57,7 @@ void virCgroupFree(virCgroupPtr *group)
- 
- static virCgroupPtr virCgroupGetMount(const char *controller)
- {
--    FILE *mounts;
-+    FILE *mounts = NULL;
-     struct mntent entry;
-     char buf[CGROUP_MAX_VAL];
-     virCgroupPtr root = NULL;
-@@ -90,6 +90,8 @@ static virCgroupPtr virCgroupGetMount(const char *controller)
- 
-     return root;
- err:
-+    if (mounts != NULL)
-+        fclose(mounts);
-     virCgroupFree(&root);
- 
-     return NULL;
-diff --git a/src/uml_driver.c b/src/uml_driver.c
-index 1dc7ccd..f7400f9 100644
---- a/src/uml_driver.c
-+++ b/src/uml_driver.c
-@@ -547,6 +547,7 @@ reopen:
- 
-     if (fscanf(file, "%d", &vm->pid) != 1) {
-         errno = EINVAL;
-+        fclose(file);
-         goto cleanup;
-     }
- 
-@@ -1040,6 +1041,7 @@ static int umlGetProcessInfo(unsigned long long *cpuTime, int pid) {
- 
-     if (fscanf(pidinfo, "%*d %*s %*c %*d %*d %*d %*d %*d %*u %*u %*u %*u %*u %llu %llu", &usertime, &systime) != 2) {
-         umlDebug("not enough arg");
-+        fclose(pidinfo);
-         return -1;
-     }
- 
-diff --git a/src/util.c b/src/util.c
-index 9b74757..66ad9a4 100644
---- a/src/util.c
-+++ b/src/util.c
-@@ -1058,6 +1058,7 @@ int virFileReadPid(const char *dir,
- 
-     if (fscanf(file, "%d", pid) != 1) {
-         rc = EINVAL;
-+        fclose(file);
-         goto cleanup;
-     }
- 

libvirt-0.6.1-fd-leaks2.patch

@@ -1,40 +0,0 @@
-Index: src/remote_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/remote_internal.c,v
-retrieving revision 1.141
-diff -u -u -p -r1.141 remote_internal.c
---- src/remote_internal.c	3 Mar 2009 19:33:34 -0000	1.141
-+++ src/remote_internal.c	16 Mar 2009 16:57:17 -0000
-@@ -332,7 +332,7 @@ doRemoteOpen (virConnectPtr conn,
-               virConnectAuthPtr auth ATTRIBUTE_UNUSED,
-               int flags)
- {
--    int wakeupFD[2];
-+    int wakeupFD[2] = { -1, -1 };
-     char *transport_str = NULL;
- 
-     if (conn->uri) {
-@@ -885,6 +885,11 @@ doRemoteOpen (virConnectPtr conn,
- #endif
-     }
- 
-+    if (wakeupFD[0] >= 0) {
-+        close(wakeupFD[0]);
-+	close(wakeupFD[1]);
-+    }
-+
-     VIR_FREE(priv->hostname);
-     goto cleanup;
- }
-@@ -1350,6 +1355,11 @@ doRemoteClose (virConnectPtr conn, struc
-         } while (reap != -1 && reap != priv->pid);
-     }
- #endif
-+    if (priv->wakeupReadFD >= 0) {
-+        close(priv->wakeupReadFD);
-+	close(priv->wakeupSendFD);
-+    }
-+
- 
-     /* Free hostname copy */
-     free (priv->hostname);

libvirt-0.6.1-getvcpus-remote.patch

@@ -1,22 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:33:01 +0000 (+0000)
-Subject: Fix handling of cpumaps arg to virDomainGetVcpus RPC dispatcher
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=2d75d954f52a740470f85ceece4eb995d79968ca
-
-Fix handling of cpumaps arg to virDomainGetVcpus RPC dispatcher
----
-
-diff --git a/qemud/remote.c b/qemud/remote.c
-index 8eaa7d6..44a274a 100644
---- a/qemud/remote.c
-+++ b/qemud/remote.c
-@@ -1475,7 +1475,8 @@ remoteDispatchDomainGetVcpus (struct qemud_server *server ATTRIBUTE_UNUSED,
-     /* Allocate buffers to take the results. */
-     if (VIR_ALLOC_N(info, args->maxinfo) < 0)
-         goto oom;
--    if (VIR_ALLOC_N(cpumaps, args->maxinfo) < 0)
-+    if (args->maplen > 0 &&
-+        VIR_ALLOC_N(cpumaps, args->maxinfo * args->maplen) < 0)
-         goto oom;
- 
-     info_len = virDomainGetVcpus (dom,

libvirt-0.6.1-pool-mode-parse.patch

@@ -1,188 +0,0 @@
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 12 Mar 2009 20:15:32 +0000 (+0000)
-Subject: * src/storage_conf.c: fix storage pool mode parsing, and refactoring
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=bc962f5d7c6e2c2cfc233ea6deea95dba2b7c6eb
-
-* src/storage_conf.c: fix storage pool mode parsing, and refactoring
-  patch by Ryota Ozaki
-Daniel
----
-
-diff --git a/src/storage_conf.c b/src/storage_conf.c
-index 9c13e07..1c9a4e5 100644
---- a/src/storage_conf.c
-+++ b/src/storage_conf.c
-@@ -371,15 +371,33 @@ virStoragePoolDefParseAuthChap(virConnectPtr conn,
- 
- 
- static int
--virStoragePoolDefParsePerms(virConnectPtr conn,
--                            xmlXPathContextPtr ctxt,
--                            virStoragePermsPtr perms) {
-+virStorageDefParsePerms(virConnectPtr conn,
-+                        xmlXPathContextPtr ctxt,
-+                        virStoragePermsPtr perms,
-+                        const char *permxpath,
-+                        int defaultmode) {
-     char *mode;
-     long v;
-+    int ret = -1;
-+    xmlNodePtr relnode;
-+    xmlNodePtr node;
- 
--    mode = virXPathString(conn, "string(/pool/permissions/mode)", ctxt);
-+    node = virXPathNode(conn, permxpath, ctxt);
-+    if (node == NULL) {
-+        /* Set default values if there is not <permissions> element */
-+        perms->mode = defaultmode;
-+        perms->uid = getuid();
-+        perms->gid = getgid();
-+        perms->label = NULL;
-+        return 0;
-+    }
-+
-+    relnode = ctxt->node;
-+    ctxt->node = node;
-+
-+    mode = virXPathString(conn, "string(./mode)", ctxt);
-     if (!mode) {
--        perms->mode = 0700;
-+        perms->mode = defaultmode;
-     } else {
-         char *end = NULL;
-         perms->mode = strtol(mode, &end, 8);
-@@ -387,36 +405,39 @@ virStoragePoolDefParsePerms(virConnectPtr conn,
-         if (*end || perms->mode < 0 || perms->mode > 0777) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed octal mode"));
--            return -1;
-+            goto error;
-         }
-     }
- 
--    if (virXPathNode(conn, "/pool/permissions/owner", ctxt) == NULL) {
-+    if (virXPathNode(conn, "./owner", ctxt) == NULL) {
-         perms->uid = getuid();
-     } else {
--        if (virXPathLong(conn, "number(/pool/permissions/owner)", ctxt, &v) < 0) {
-+        if (virXPathLong(conn, "number(./owner)", ctxt, &v) < 0) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed owner element"));
--            return -1;
-+            goto error;
-         }
-         perms->uid = (int)v;
-     }
- 
--    if (virXPathNode(conn, "/pool/permissions/group", ctxt) == NULL) {
-+    if (virXPathNode(conn, "./group", ctxt) == NULL) {
-         perms->gid = getgid();
-     } else {
--        if (virXPathLong(conn, "number(/pool/permissions/group)", ctxt, &v) < 0) {
-+        if (virXPathLong(conn, "number(./group)", ctxt, &v) < 0) {
-             virStorageReportError(conn, VIR_ERR_XML_ERROR,
-                                   "%s", _("malformed group element"));
--            return -1;
-+            goto error;
-         }
-         perms->gid = (int)v;
-     }
- 
-     /* NB, we're ignoring missing labels here - they'll simply inherit */
--    perms->label = virXPathString(conn, "string(/pool/permissions/label)", ctxt);
-+    perms->label = virXPathString(conn, "string(./label)", ctxt);
- 
--    return 0;
-+    ret = 0;
-+error:
-+    ctxt->node = relnode;
-+    return ret;
- }
- 
- 
-@@ -579,7 +600,8 @@ virStoragePoolDefParseDoc(virConnectPtr conn,
-         goto cleanup;
-     }
- 
--    if (virStoragePoolDefParsePerms(conn, ctxt, &ret->target.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->target.perms,
-+                                "/pool/target/permissions", 0700) < 0)
-         goto cleanup;
- 
-     return ret;
-@@ -801,55 +823,6 @@ virStoragePoolDefFormat(virConnectPtr conn,
- 
- 
- static int
--virStorageVolDefParsePerms(virConnectPtr conn,
--                           xmlXPathContextPtr ctxt,
--                           virStoragePermsPtr perms) {
--    char *mode;
--    long v;
--
--    mode = virXPathString(conn, "string(/volume/permissions/mode)", ctxt);
--    if (!mode) {
--        perms->mode = 0600;
--    } else {
--        char *end = NULL;
--        perms->mode = strtol(mode, &end, 8);
--        VIR_FREE(mode);
--        if (*end || perms->mode < 0 || perms->mode > 0777) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("malformed octal mode"));
--            return -1;
--        }
--    }
--
--    if (virXPathNode(conn, "/volume/permissions/owner", ctxt) == NULL) {
--        perms->uid = getuid();
--    } else {
--        if (virXPathLong(conn, "number(/volume/permissions/owner)", ctxt, &v) < 0) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("missing owner element"));
--            return -1;
--        }
--        perms->uid = (int)v;
--    }
--    if (virXPathNode(conn, "/volume/permissions/group", ctxt) == NULL) {
--        perms->gid = getgid();
--    } else {
--        if (virXPathLong(conn, "number(/volume/permissions/group)", ctxt, &v) < 0) {
--            virStorageReportError(conn, VIR_ERR_XML_ERROR,
--                                  "%s", _("missing group element"));
--            return -1;
--        }
--        perms->gid = (int)v;
--    }
--
--    /* NB, we're ignoring missing labels here - they'll simply inherit */
--    perms->label = virXPathString(conn, "string(/volume/permissions/label)", ctxt);
--
--    return 0;
--}
--
--
--static int
- virStorageSize(virConnectPtr conn,
-                const char *unit,
-                const char *val,
-@@ -997,7 +970,8 @@ virStorageVolDefParseDoc(virConnectPtr conn,
-         VIR_FREE(format);
-     }
- 
--    if (virStorageVolDefParsePerms(conn, ctxt, &ret->target.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->target.perms,
-+                                "/volume/target/permissions", 0600) < 0)
-         goto cleanup;
- 
- 
-@@ -1019,7 +993,8 @@ virStorageVolDefParseDoc(virConnectPtr conn,
-         VIR_FREE(format);
-     }
- 
--    if (virStorageVolDefParsePerms(conn, ctxt, &ret->backingStore.perms) < 0)
-+    if (virStorageDefParsePerms(conn, ctxt, &ret->backingStore.perms,
-+                                "/volume/backingStore/permissions", 0600) < 0)
-         goto cleanup;
- 
-     return ret;

libvirt-0.6.1-storage-free.patch

@@ -1,20 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 10:31:38 +0000 (+0000)
-Subject: Don't free storage volume in cleanup path, since it may still be referenced
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=d8f08ca049b6d3bc7a5124a3957e967539ad080d
-
-Don't free storage volume in cleanup path, since it may still be referenced
----
-
-diff --git a/src/storage_driver.c b/src/storage_driver.c
-index f1320c5..b261843 100644
---- a/src/storage_driver.c
-+++ b/src/storage_driver.c
-@@ -1296,7 +1296,6 @@ storageVolumeDelete(virStorageVolPtr obj,
-     ret = 0;
- 
- cleanup:
--    virStorageVolDefFree(vol);
-     if (pool)
-         virStoragePoolObjUnlock(pool);
-     return ret;

libvirt-0.6.1-vcpu-deadlock.patch

@@ -1,36 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Mon, 16 Mar 2009 11:44:46 +0000 (+0000)
-Subject: Avoid deadlock setting vcpus in QEMU driver
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=4d7ecd146ce4de847256ae0887963719f214f62f
-
-Avoid deadlock setting vcpus in QEMU driver
----
-
-diff --git a/src/qemu_driver.c b/src/qemu_driver.c
-index dad7098..51442d6 100644
---- a/src/qemu_driver.c
-+++ b/src/qemu_driver.c
-@@ -2725,6 +2725,7 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
-     virDomainObjPtr vm;
-     int max;
-     int ret = -1;
-+    const char *type;
- 
-     qemuDriverLock(driver);
-     vm = virDomainFindByUUID(&driver->domains, dom->uuid);
-@@ -2745,7 +2746,14 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
-         goto cleanup;
-     }
- 
--    if ((max = qemudDomainGetMaxVcpus(dom)) < 0) {
-+    if (!(type = virDomainVirtTypeToString(vm->def->virtType))) {
-+        qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
-+                         _("unknown virt type in domain definition '%d'"),
-+                         vm->def->virtType);
-+        goto cleanup;
-+    }
-+
-+    if ((max = qemudGetMaxVCPUs(dom->conn, type)) < 0) {
-         qemudReportError(dom->conn, dom, NULL, VIR_ERR_INTERNAL_ERROR, "%s",
-                          _("could not determine max vcpus for the domain"));
-         goto cleanup;

libvirt-0.6.1-vnc-sasl-auth.patch

@@ -1,277 +0,0 @@
-diff -r 961d4b1ca1d3 qemud/libvirtd_qemu.aug
---- a/qemud/libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
-+++ b/qemud/libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
-@@ -27,6 +27,8 @@ module Libvirtd_qemu =
-                  | str_entry "vnc_tls_x509_cert_dir"
-                  | bool_entry "vnc_tls_x509_verify"
-                  | str_entry "vnc_password"
-+                 | bool_entry "vnc_sasl"
-+                 | str_entry "vnc_sasl_dir"
- 
-    (* Each enty in the config is one of the following three ... *)
-    let entry = vnc_entry
-diff -r 961d4b1ca1d3 qemud/test_libvirtd_qemu.aug
---- a/qemud/test_libvirtd_qemu.aug	Wed Mar 04 13:17:44 2009 +0000
-+++ b/qemud/test_libvirtd_qemu.aug	Thu Mar 05 14:22:50 2009 +0000
-@@ -60,6 +60,25 @@ vnc_tls_x509_verify = 1
- # example here before you set this
- #
- vnc_password = \"XYZ12345\"
-+
-+
-+# Enable use of SASL encryption on the VNC server. This requires
-+# a VNC client which supports the SASL protocol extension.
-+# Examples include vinagre, virt-viewer and virt-manager
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is necessary to configure /etc/sasl2/qemu.conf to choose
-+# the desired SASL plugin (eg, GSSPI for Kerberos)
-+#
-+vnc_sasl = 1
-+
-+
-+# The default SASL configuration file is located in /etc/sasl2/
-+# When running libvirtd unprivileged, it may be desirable to
-+# override the configs in this location. Set this parameter to
-+# point to the directory, and create a qemu.conf in that location
-+#
-+vnc_sasl_dir = \"/some/directory/sasl2\"
- "
- 
-    test Libvirtd_qemu.lns get conf =
-@@ -123,3 +142,22 @@ vnc_password = \"XYZ12345\"
- { "#comment" = "example here before you set this" }
- { "#comment" = "" }
- { "vnc_password" = "XYZ12345" }
-+{ "#empty" }
-+{ "#empty" }
-+{ "#comment" = "Enable use of SASL encryption on the VNC server. This requires" }
-+{ "#comment" = "a VNC client which supports the SASL protocol extension." }
-+{ "#comment" = "Examples include vinagre, virt-viewer and virt-manager" }
-+{ "#comment" = "itself. UltraVNC, RealVNC, TightVNC do not support this" }
-+{ "#comment" = "" }
-+{ "#comment" = "It is necessary to configure /etc/sasl2/qemu.conf to choose" }
-+{ "#comment" = "the desired SASL plugin (eg, GSSPI for Kerberos)" }
-+{ "#comment" = "" }
-+{ "vnc_sasl" = "1" }
-+{ "#empty" }
-+{ "#empty" }
-+{ "#comment" = "The default SASL configuration file is located in /etc/sasl2/" }
-+{ "#comment" = "When running libvirtd unprivileged, it may be desirable to" }
-+{ "#comment" = "override the configs in this location. Set this parameter to" }
-+{ "#comment" = "point to the directory, and create a qemu.conf in that location" }
-+{ "#comment" = "" }
-+{ "vnc_sasl_dir" = "/some/directory/sasl2" }
-diff -r 961d4b1ca1d3 src/qemu.conf
---- a/src/qemu.conf	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu.conf	Thu Mar 05 14:22:50 2009 +0000
-@@ -60,6 +60,27 @@
- # vnc_password = "XYZ12345"
- 
- 
-+# Enable use of SASL encryption on the VNC server. This requires
-+# a VNC client which supports the SASL protocol extension.
-+# Examples include vinagre, virt-viewer and virt-manager
-+# itself. UltraVNC, RealVNC, TightVNC do not support this
-+#
-+# It is necessary to configure /etc/sasl2/qemu.conf to choose
-+# the desired SASL plugin (eg, GSSPI for Kerberos)
-+#
-+# vnc_sasl = 1
-+
-+
-+# The default SASL configuration file is located in /etc/sasl2/
-+# When running libvirtd unprivileged, it may be desirable to
-+# override the configs in this location. Set this parameter to
-+# point to the directory, and create a qemu.conf in that location
-+#
-+# vnc_sasl_dir = "/some/directory/sasl2"
-+
-+
-+
-+
- # The default security driver is SELinux. If SELinux is disabled
- # on the host, then the security driver will automatically disable
- # itself. If you wish to disable QEMU SELinux security driver while
-diff -r 961d4b1ca1d3 src/qemu_conf.c
---- a/src/qemu_conf.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_conf.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -161,6 +161,21 @@ int qemudLoadDriverConfig(struct qemud_d
-         }
-     }
- 
-+    p = virConfGetValue (conf, "vnc_sasl");
-+    CHECK_TYPE ("vnc_sasl", VIR_CONF_LONG);
-+    if (p) driver->vncSASL = p->l;
-+
-+    p = virConfGetValue (conf, "vnc_sasl_dir");
-+    CHECK_TYPE ("vnc_sasl_dir", VIR_CONF_STRING);
-+    if (p && p->str) {
-+        VIR_FREE(driver->vncSASLdir);
-+        if (!(driver->vncSASLdir = strdup(p->str))) {
-+            virReportOOMError(NULL);
-+            virConfFree(conf);
-+            return -1;
-+        }
-+    }
-+
-     virConfFree (conf);
-     return 0;
- }
-@@ -838,15 +853,20 @@ int qemudBuildCommandLine(virConnectPtr 
-             goto no_memory;                                             \
-     } while (0)
- 
-+#define ADD_ENV_PAIR(envname, val)                                      \
-+    do {                                                                \
-+        char *envval;                                                   \
-+        ADD_ENV_SPACE;                                                  \
-+        if (virAsprintf(&envval, "%s=%s", envname, val) < 0)            \
-+            goto no_memory;                                             \
-+        qenv[qenvc++] = envval;                                         \
-+    } while (0)
-+
- #define ADD_ENV_COPY(envname)                                           \
-     do {                                                                \
-         char *val = getenv(envname);                                    \
--        char *envval;                                                   \
--        ADD_ENV_SPACE;                                                  \
-         if (val != NULL) {                                              \
--            if (virAsprintf(&envval, "%s=%s", envname, val) < 0)        \
--                goto no_memory;                                         \
--            qenv[qenvc++] = envval;                                     \
-+            ADD_ENV_PAIR(envname, val);                                 \
-         }                                                               \
-     } while (0)
- 
-@@ -1295,6 +1315,15 @@ int qemudBuildCommandLine(virConnectPtr 
-                                       driver->vncTLSx509certdir);
-                 }
-             }
-+
-+            if (driver->vncSASL) {
-+                virBufferAddLit(&opt, ",sasl");
-+
-+                if (driver->vncSASLdir)
-+                    ADD_ENV_PAIR("SASL_CONF_DIR", driver->vncSASLdir);
-+
-+                /* TODO: Support ACLs later */
-+            }
-         } else {
-             virBufferVSprintf(&opt, "%d",
-                               vm->def->graphics->data.vnc.port - 5900);
-diff -r 961d4b1ca1d3 src/qemu_conf.h
---- a/src/qemu_conf.h	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_conf.h	Thu Mar 05 14:22:50 2009 +0000
-@@ -73,9 +73,11 @@ struct qemud_driver {
-     char *stateDir;
-     unsigned int vncTLS : 1;
-     unsigned int vncTLSx509verify : 1;
-+    unsigned int vncSASL : 1;
-     char *vncTLSx509certdir;
-     char *vncListen;
-     char *vncPassword;
-+    char *vncSASLdir;
- 
-     virCapsPtr caps;
- 
-diff -r 961d4b1ca1d3 src/qemu_driver.c
---- a/src/qemu_driver.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/src/qemu_driver.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -620,6 +620,7 @@ qemudShutdown(void) {
-     VIR_FREE(qemu_driver->vncTLSx509certdir);
-     VIR_FREE(qemu_driver->vncListen);
-     VIR_FREE(qemu_driver->vncPassword);
-+    VIR_FREE(qemu_driver->vncSASLdir);
- 
-     /* Free domain callback list */
-     virDomainEventCallbackListFree(qemu_driver->domainEventCallbacks);
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,1 @@
-+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,sasl
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,24 @@
-+<domain type='qemu'>
-+  <name>QEMUGuest1</name>
-+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
-+  <memory>219200</memory>
-+  <currentMemory>219200</currentMemory>
-+  <vcpu>1</vcpu>
-+  <os>
-+    <type arch='i686' machine='pc'>hvm</type>
-+    <boot dev='hd'/>
-+  </os>
-+  <clock offset='utc'/>
-+  <on_poweroff>destroy</on_poweroff>
-+  <on_reboot>restart</on_reboot>
-+  <on_crash>destroy</on_crash>
-+  <devices>
-+    <emulator>/usr/bin/qemu</emulator>
-+    <disk type='block' device='disk'>
-+      <source dev='/dev/HostVG/QEMUGuest1'/>
-+      <target dev='hda' bus='ide'/>
-+    </disk>
-+    <input type='mouse' bus='ps2'/>
-+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
-+  </devices>
-+</domain>
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,1 @@
-+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test SASL_CONF_DIR=/root/.sasl2 /usr/bin/qemu -S -M pc -m 214 -smp 1 -monitor pty -pidfile /nowhere/QEMUGuest1.pid -no-acpi -boot c -hda /dev/HostVG/QEMUGuest1 -net none -serial none -parallel none -usb -vnc 127.0.0.1:3,tls,x509verify=/etc/pki/tls/qemu,sasl
-diff -r 961d4b1ca1d3 tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml
---- /dev/null	Thu Jan 01 00:00:00 1970 +0000
-+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml	Thu Mar 05 14:22:50 2009 +0000
-@@ -0,0 +1,24 @@
-+<domain type='qemu'>
-+  <name>QEMUGuest1</name>
-+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
-+  <memory>219200</memory>
-+  <currentMemory>219200</currentMemory>
-+  <vcpu>1</vcpu>
-+  <os>
-+    <type arch='i686' machine='pc'>hvm</type>
-+    <boot dev='hd'/>
-+  </os>
-+  <clock offset='utc'/>
-+  <on_poweroff>destroy</on_poweroff>
-+  <on_reboot>restart</on_reboot>
-+  <on_crash>destroy</on_crash>
-+  <devices>
-+    <emulator>/usr/bin/qemu</emulator>
-+    <disk type='block' device='disk'>
-+      <source dev='/dev/HostVG/QEMUGuest1'/>
-+      <target dev='hda' bus='ide'/>
-+    </disk>
-+    <input type='mouse' bus='ps2'/>
-+    <graphics type='vnc' port='5903' autoport='no' listen='127.0.0.1'/>
-+  </devices>
-+</domain>
-diff -r 961d4b1ca1d3 tests/qemuxml2argvtest.c
---- a/tests/qemuxml2argvtest.c	Wed Mar 04 13:17:44 2009 +0000
-+++ b/tests/qemuxml2argvtest.c	Thu Mar 05 14:22:50 2009 +0000
-@@ -213,6 +213,19 @@ mymain(int argc, char **argv)
-             QEMUD_CMD_FLAG_DRIVE_CACHE_V2);
-     DO_TEST("disk-usb", 0);
-     DO_TEST("graphics-vnc", 0);
-+
-+    driver.vncSASL = 1;
-+    driver.vncSASLdir = strdup("/root/.sasl2");
-+    DO_TEST("graphics-vnc-sasl", 0);
-+    driver.vncTLS = 1;
-+    driver.vncTLSx509verify = 1;
-+    driver.vncTLSx509certdir = strdup("/etc/pki/tls/qemu");
-+    DO_TEST("graphics-vnc-tls", 0);
-+    driver.vncSASL = driver.vncTLSx509verify = driver.vncTLS = 0;
-+    free(driver.vncSASLdir);
-+    free(driver.vncTLSx509certdir);
-+    driver.vncSASLdir = driver.vncTLSx509certdir = NULL;
-+
-     DO_TEST("graphics-sdl", 0);
-     DO_TEST("graphics-sdl-fullscreen", 0);
-     DO_TEST("input-usbmouse", 0);

libvirt-0.6.1-xen-events.patch

@@ -1,29 +0,0 @@
-Index: src/xs_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/xs_internal.c,v
-retrieving revision 1.88
-diff -u -u -r1.88 xs_internal.c
---- src/xs_internal.c	5 Feb 2009 18:14:00 -0000	1.88
-+++ src/xs_internal.c	11 Mar 2009 13:23:17 -0000
-@@ -1215,7 +1215,7 @@
- static void
- xenStoreWatchEvent(int watch ATTRIBUTE_UNUSED,
-                    int fd ATTRIBUTE_UNUSED,
--                   int events ATTRIBUTE_UNUSED,
-+                   int events,
-                    void *data)
- {
-     char		 **event;
-@@ -1226,8 +1226,12 @@
- 
-     virConnectPtr        conn = data;
-     xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) conn->privateData;
-+
-     if(!priv) return;
- 
-+    /* only set a watch on read and write events */
-+    if (events & (VIR_EVENT_HANDLE_ERROR | VIR_EVENT_HANDLE_HANGUP)) return;
-+
-     xenUnifiedLock(priv);
- 
-     if(!priv->xshandle)

libvirt-0.6.1-xenblock-detach.patch

@@ -1,26 +0,0 @@
-From: Daniel P. Berrange <berrange@redhat.com>
-Date: Tue, 10 Mar 2009 10:32:24 +0000 (+0000)
-Subject: Fix Xen block detach with newer Xend (Cole RobinSon / Tomohiro Takahashi)
-X-Git-Url: http://git.et.redhat.com/?p=libvirt.git;a=commitdiff_plain;h=33813a932d58c17441203d0e581eba91369a71e0
-
-Fix Xen block detach with newer Xend (Cole RobinSon / Tomohiro Takahashi)
----
-
-diff --git a/src/xend_internal.c b/src/xend_internal.c
-index f9f2cb3..772f3f4 100644
---- a/src/xend_internal.c
-+++ b/src/xend_internal.c
-@@ -5566,7 +5566,12 @@ virDomainXMLDevID(virDomainPtr domain,
-     char *xref;
- 
-     if (dev->type == VIR_DOMAIN_DEVICE_DISK) {
--        strcpy(class, "vbd");
-+        if (dev->data.disk->driverName &&
-+            STREQ(dev->data.disk->driverName, "tap"))
-+            strcpy(class, "tap");
-+        else
-+            strcpy(class, "vbd");
-+
-         if (dev->data.disk->dst == NULL)
-             return -1;
-         xenUnifiedLock(priv);

libvirt-0.6.1-xend-lookup.patch

@@ -1,24 +0,0 @@
-Index: src/xend_internal.c
-===================================================================
-RCS file: /data/cvs/libxen/src/xend_internal.c,v
-retrieving revision 1.251
-diff -u -r1.251 xend_internal.c
---- src/xend_internal.c	13 Feb 2009 18:23:23 -0000	1.251
-+++ src/xend_internal.c	10 Mar 2009 10:00:28 -0000
-@@ -904,7 +904,15 @@
-         count++;
-     }
- 
--    if (VIR_ALLOC_N(ptr, count + 1 + extra) < 0)
-+    /*
-+     * We can'tuse the normal allocation routines as we are mixing
-+     * an array of char * at the beginning followed by an array of char
-+     * ret points to the NULL terminated array of char *
-+     * ptr points to the current string after that array but in the same
-+     * allocated block
-+     */
-+    if (virAlloc((void *)&ptr,
-+                 (count + 1) * sizeof(char *) + extra * sizeof(char)) < 0)
-         goto error;
- 
-     ret = (char **) ptr;

libvirt-0.7.7-fix-usb-product.patch

@@ -0,0 +1,233 @@
+From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:36:56 -0500
+Subject: [PATCH] qemu: Add some debugging at domain startup
+
+---
+ src/qemu/qemu_driver.c |   24 +++++++++++++++++++++++-
+ 1 files changed, 23 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index f8ab545..040d645 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     FD_ZERO(&keepfd);
+ 
++    DEBUG0("Beginning VM startup process");
++
+     if (virDomainObjIsActive(vm)) {
+         qemuReportError(VIR_ERR_OPERATION_INVALID,
+                         "%s", _("VM is already active"));
+@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
++    DEBUG0("Generating domain security label (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainGenSecurityLabel &&
+         driver->securityDriver->domainGenSecurityLabel(vm) < 0)
+         return -1;
+ 
++    DEBUG0("Generating setting domain security labels (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainSetSecurityAllLabel &&
+         driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
+         goto cleanup;
+ 
+-    /* Ensure no historical cgroup for this VM is lieing around bogus settings */
++    /* Ensure no historical cgroup for this VM is lying around bogus
++     * settings */
++    DEBUG0("Ensuring no historical cgroup is lying around");
+     qemuRemoveCgroup(driver, vm, 1);
+ 
+     if ((vm->def->ngraphics == 1) &&
+         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
+         vm->def->graphics[0]->data.vnc.autoport) {
++        DEBUG0("Determining VNC port");
+         int port = qemudNextFreeVNCPort(driver);
+         if (port < 0) {
+             qemuReportError(VIR_ERR_INTERNAL_ERROR,
+@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Creating domain log file");
+     if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)
+         goto cleanup;
+ 
+@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Determing emulator version");
+     if (qemudExtractVersionInfo(emulator,
+                                 NULL,
+                                 &qemuCmdFlags) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Setting up domain cgroup (if required)");
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Preparing host devices");
+     if (qemuPrepareHostDevices(driver, vm->def) < 0)
+         goto cleanup;
+ 
+@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Preparing monitor state");
+     if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)
+         goto cleanup;
+ 
+@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+      * use in hotplug
+      */
+     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
++        DEBUG0("Assigning domain PCI addresses");
+         /* Populate cache with current addresses */
+         if (priv->pciaddrs) {
+             qemuDomainPCIAddressSetFree(priv->pciaddrs);
+@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         priv->persistentAddrs = 0;
+     }
+ 
++    DEBUG0("Building emulator command line");
+     vm->def->id = driver->nextvmid++;
+     if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,
+                               priv->monJSON, qemuCmdFlags, &argv, &progenv,
+@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (ret == -1) /* The VM failed to start */
+         goto cleanup;
+ 
++    DEBUG0("Waiting for monitor to show up");
+     if (qemudWaitForMonitor(driver, vm, pos) < 0)
+         goto abort;
+ 
++    DEBUG0("Detecting VCPU PIDs");
+     if (qemuDetectVcpuPIDs(driver, vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting CPU affinity");
+     if (qemudInitCpuAffinity(vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting any required VM passwords");
+     if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)
+         goto abort;
+ 
+     /* If we have -device, then addresses are assigned explicitly.
+      * If not, then we have to detect dynamic ones here */
+     if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
++        DEBUG0("Determining domain device PCI addresses");
+         if (qemuInitPCIAddresses(driver, vm) < 0)
+             goto abort;
+     }
+ 
++    DEBUG0("Setting initial memory amount");
+     qemuDomainObjEnterMonitorWithDriver(driver, vm);
+     if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {
+         qemuDomainObjExitMonitorWithDriver(driver, vm);
+@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     }
+ 
+     if (migrateFrom == NULL) {
++        DEBUG0("Starting domain CPUs");
+         /* Allow the CPUS to start executing */
+         if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {
+             if (virGetLastError() == NULL)
+@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     qemuDomainObjExitMonitorWithDriver(driver, vm);
+ 
+ 
++    DEBUG0("Writing domain status to disk");
+     if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
+         goto abort;
+ 
+-- 
+1.6.6.1
+
+From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:37:52 -0500
+Subject: [PATCH] qemu: Fix USB by product with security enabled
+
+We need to call PrepareHostdevs to determine the USB device path before
+any security calls. PrepareHostUSBDevices was also incorrectly skipping
+all USB devices.
+---
+ src/qemu/qemu_driver.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 040d645..b17d26d 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ 
+         if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+             continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
++        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
+             continue;
+ 
+         /* Resolve a vendor/product to bus/device */
+@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         return -1;
+     }
+ 
++    /* Must be run before security labelling */
++    DEBUG0("Preparing host devices");
++    if (qemuPrepareHostDevices(driver, vm->def) < 0)
++        goto cleanup;
++
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
+     DEBUG0("Generating domain security label (if required)");
+@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
+-    DEBUG0("Preparing host devices");
+-    if (qemuPrepareHostDevices(driver, vm->def) < 0)
+-        goto cleanup;
+-
+     if (VIR_ALLOC(priv->monConfig) < 0) {
+         virReportOOMError();
+         goto cleanup;
+-- 
+1.6.6.1
+
+From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 22 Mar 2010 10:45:36 -0400
+Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label
+
+This can be triggered by the qemuStartVMDaemon cleanup path if a
+VM references a non-existent USB device (by product) in the XML.
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/security/security_selinux.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 975b315..6680e2d 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
+-    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
++    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||
++        secdef->label == NULL)
+         return 0;
+ 
+     context_t con = context_new(secdef->label);
+-- 
+1.6.6.1
+

libvirt-0.7.7-set-kernel-perms.patch

@@ -0,0 +1,87 @@
+From 3f1aa08af6580c215d973bc6bf57f505dbf8b926 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 13:38:39 -0500
+Subject: [PATCH] security: Set permissions for kernel/initrd
+
+Fixes URL installs when running virt-install as root on Fedora.
+---
+ src/qemu/qemu_security_dac.c    |   21 +++++++++++++++++++++
+ src/security/security_selinux.c |   16 ++++++++++++++++
+ 2 files changed, 37 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
+index 6911f48..1883fbe 100644
+--- a/src/qemu/qemu_security_dac.c
++++ b/src/qemu/qemu_security_dac.c
+@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
+                                                      vm->def->disks[i]) < 0)
+             rc = -1;
+     }
++
++    if (vm->def->os.kernel &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        qemuSecurityDACSetOwnership(vm->def->os.kernel,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACSetOwnership(vm->def->os.initrd,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index b2c8581..975b315 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
+             rc = -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+-- 
+1.6.6.1
+

sources

@@ -1 +1 @@
-3154ea9d4a0778497dfdf58cb98127c0  libvirt-0.6.1.tar.gz
+5f315b0bf20e3964f7657ba1e630cd67  libvirt-0.7.7.tar.gz