* Wed May 6 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.2-5.fc11

- Fix handling of <hostdev managed='yes'> (bug #499386)

libvirt-0.6.2-shared-readonly-label.patch

@@ -0,0 +1,76 @@
+diff -rup libvirt-0.6.2/src/security_selinux.c libvirt-0.6.2.new/src/security_selinux.c
+--- libvirt-0.6.2/src/security_selinux.c	2009-04-03 15:36:56.000000000 +0100
++++ libvirt-0.6.2.new/src/security_selinux.c	2009-05-05 13:39:42.000000000 +0100
+@@ -24,11 +24,12 @@
+ #include "virterror_internal.h"
+ #include "util.h"
+ #include "memory.h"
+-
++#include "logging.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_SECURITY
+ 
+ static char default_domain_context[1024];
++static char default_content_context[1024];
+ static char default_image_context[1024];
+ #define SECURITY_SELINUX_VOID_DOI       "0"
+ #define SECURITY_SELINUX_NAME "selinux"
+@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn)
+     close(fd);
+ 
+     ptr = strchrnul(default_image_context, '\n');
+-    *ptr = '\0';
+-
++    if (*ptr == '\n') {
++        *ptr = '\0';
++        strcpy(default_content_context, ptr+1);
++        ptr = strchrnul(default_content_context, '\n');
++        if (*ptr == '\n')
++            *ptr = '\0';
++    }
+     return 0;
+ }
+ 
+@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, co
+ {
+     char ebuf[1024];
+ 
++    VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
++
+     if(setfilecon(path, tcon) < 0) {
+         virSecurityReportError(conn, VIR_ERR_ERROR,
+                                _("%s: unable to set security context "
+@@ -299,6 +307,8 @@ SELinuxRestoreSecurityImageLabel(virConn
+     char *newpath = NULL;
+     const char *path = disk->src;
+ 
++    /* Don't restore labels on readoly/shared disks, because
++     * other VMs may still be accessing these */
+     if (disk->readonly || disk->shared)
+         return 0;
+ 
+@@ -328,8 +338,13 @@ SELinuxSetSecurityImageLabel(virConnectP
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
+-    if (secdef->imagelabel)
++    if (disk->shared) {
++        return SELinuxSetFilecon(conn, disk->src, default_image_context);
++    } else if (disk->readonly) {
++        return SELinuxSetFilecon(conn, disk->src, default_content_context);
++    } else if (secdef->imagelabel) {
+         return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
++    }
+ 
+     return 0;
+ }
+@@ -403,9 +418,6 @@ SELinuxSetSecurityLabel(virConnectPtr co
+ 
+     if (secdef->imagelabel) {
+         for (i = 0 ; i < vm->def->ndisks ; i++) {
+-            if (vm->def->disks[i]->readonly ||
+-                vm->def->disks[i]->shared) continue;
+-
+             if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+                 return -1;
+         }

libvirt-0.6.3-hostdev-managed.patch

@@ -0,0 +1,45 @@
+From 3d7771e0570e09096ad9391a857dad48b150bc0c Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Wed, 6 May 2009 16:33:28 +0100
+Subject: [PATCH] Fix qemu driver's interpretation of <hostdev managed='yes'/>
+
+This change:
+
+  Tue Mar  3 08:55:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
+
+       Don't try to detach & reset PCI devices while running test
+       suite for XML-> ARGV conversion.
+       * src/qemu_driver.c: Add qemuPrepareHostDevices() helper to
+       detach and reset PCI devices.
+       * src/qemu_conf.c: Don't detach & reset PCI devices while
+       building the command line argv
+
+accidentally did this:
+
+-            if (hostdev->managed) {
++        if (!hostdev->managed) {
+
+Which results in managed='yes' not causing the device to be
+detached when the guest is starting.
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+---
+ src/qemu_driver.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 5898026..59312c0 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1215,7 +1215,7 @@ static int qemuPrepareHostDevices(virConnectPtr conn,
+         if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+             continue;
+ 
+-        if (!hostdev->managed) {
++        if (hostdev->managed) {
+             pciDevice *dev = pciGetDevice(conn,
+                                           hostdev->source.subsys.u.pci.domain,
+                                           hostdev->source.subsys.u.pci.bus,
+-- 
+1.6.0.6
+

libvirt.spec

@@ -66,13 +66,17 @@
 Summary: Library providing a simple API virtualization
 Name: libvirt
 Version: 0.6.2
-Release: 3%{?dist}%{?extra_release}
+Release: 5%{?dist}%{?extra_release}
 License: LGPLv2+
 Group: Development/Libraries
 Source: libvirt-%{version}.tar.gz
 
 # Patches cherry-picked from upstream
 Patch0: libvirt-0.6.2-qemu-drive-format.patch
+# Fix shared/readonly disk labelling
+Patch1: libvirt-0.6.2-shared-readonly-label.patch
+# Fix <hostdev managed='yes'>
+Patch2: libvirt-0.6.3-hostdev-managed.patch
 
 # Not for upstream. Temporary hack till PulseAudio autostart
 # problems are sorted out when SELinux enforcing
@@ -228,6 +232,8 @@ of recent versions of Linux (and other OSes).
 %setup -q
 
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %patch200 -p0
 
@@ -551,6 +557,12 @@ fi
 %endif
 
 %changelog
+* Wed May  6 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.2-5.fc11
+- Fix handling of <hostdev managed='yes'> (bug #499386)
+
+* Tue May  5 2009 Daniel P. Berrange <berrange@redhat.com> - 0.6.2-4.fc11
+- Fix labelling of shared/readonly disks (rhbz #493692)
+
 * Tue Apr 28 2009 Daniel Veillard <veillard@redhat.com> - 0.6.2-3.fc11
 - Fix missing directories in spec (#496945 and gtk-doc)