From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B11C815808B for ; Wed, 2 Mar 2022 17:36:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C3DF9E0822; Wed, 2 Mar 2022 17:36:08 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48928E0822 for ; Wed, 2 Mar 2022 17:36:08 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BF880342C5A for ; Wed, 2 Mar 2022 17:36:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 45E6D2F9 for ; Wed, 2 Mar 2022 17:36:05 +0000 (UTC) From: "Joonas Niilola" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Joonas Niilola" Message-ID: <1646242562.d802ae84726a1051e9358f681c460f037f5a7372.juippis@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/, app-emulation/libvirt/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-emulation/libvirt/Manifest app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch app-emulation/libvirt/libvirt-8.1.0.ebuild X-VCS-Directories: app-emulation/libvirt/files/ app-emulation/libvirt/ X-VCS-Committer: juippis X-VCS-Committer-Name: Joonas Niilola X-VCS-Revision: d802ae84726a1051e9358f681c460f037f5a7372 X-VCS-Branch: master Date: Wed, 2 Mar 2022 17:36:05 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 19e07f48-6932-4199-8253-e51efb19d9fa X-Archives-Hash: 9a040462822ad9021534b86b934f73b9 commit: d802ae84726a1051e9358f681c460f037f5a7372 Author: Michal Privoznik redhat com> AuthorDate: Wed Mar 2 09:21:18 2022 +0000 Commit: Joonas Niilola gentoo org> CommitDate: Wed Mar 2 17:36:02 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d802ae84 app-emulation/libvirt: version bump to 8.1.0 Ideally, this would be way simpler, just introduce new ebuild and append hashes to the Manifest file. Unfortunately, a nasty crasher was found in the freshly released 8.1.0 so we need to backport the fix. And while at it, rebase two patches that don't apply cleanly anymore (libvirt-6.7.0-do-not-use-sysconfig.patch and libvirt-6.7.0-fix-paths-for-apparmor.patch). Closes: https://bugs.gentoo.org/834483 Signed-off-by: Michal Privoznik redhat.com> Closes: https://github.com/gentoo/gentoo/pull/24388 Signed-off-by: Joonas Niilola gentoo.org> app-emulation/libvirt/Manifest | 2 + .../files/libvirt-8.2.0-do-not-use-sysconfig.patch | 211 +++++++++++++ .../libvirt-8.2.0-fix-paths-for-apparmor.patch | 140 +++++++++ ...tation-fault-in-virtqemud-executing-qemuD.patch | 50 +++ app-emulation/libvirt/libvirt-8.1.0.ebuild | 337 +++++++++++++++++++++ 5 files changed, 740 insertions(+) diff --git a/app-emulation/libvirt/Manifest b/app-emulation/libvirt/Manifest index 8507f3b3ece4..98669a94c4d6 100644 --- a/app-emulation/libvirt/Manifest +++ b/app-emulation/libvirt/Manifest @@ -4,3 +4,5 @@ DIST libvirt-7.7.0.tar.xz 8670212 BLAKE2B 93c72117941b0a74484c7510c8437054e66fc3 DIST libvirt-7.7.0.tar.xz.asc 833 BLAKE2B 86a77bf461e353776d79f31f1d0c82fa13e28348bd9c6ae7cb653b98886c7e070d67ed0db55f5e1f3b5e5bd2a3861a5cb08dbf95799b14df1037139f8001b030 SHA512 d5f8cd6accd3bfaebfb7c8761e321aaa9a090c7705256785c5507aa88d985f78a788047dc881f37ea6f64a4634c65c9718d8b1ee0a24744acc3ad5ed6e517bdf DIST libvirt-8.0.0.tar.xz 8860124 BLAKE2B 4669ae8f4de6379c3f94d3b6875ccc8eb435fbbf96aac26642fc593bc1921e9189decd9d366f5ca9e3e0fd8392ce840dce9e50ae048a5a2b72c465fd514eaf73 SHA512 e84cf2753d3c57cfe5aadbb6601fa76e0ba750471c1c24631720fe64376c3599ea252863ec671a50527e4fb380ffe0c2f02f07705b4b87d373ccf3e516ff4b1c DIST libvirt-8.0.0.tar.xz.asc 833 BLAKE2B 2571ee10d433630ddd79761b1a50948aed33f61ef11e793a7e563e37c28e48bc856139aa1cc62bf50852b056de14f36bb75fa97155b31bfa97c8af2ef55ba4dc SHA512 ce1252a034723774542ab00e782c24b7ef243b5ca302033e45993f90273c697cdb82e9a126b729557a6c90b5f407f0f06b78c0affb6eefe60c364fa979831f8b +DIST libvirt-8.1.0.tar.xz 8881608 BLAKE2B ddbd684f43a75ab04aca8be0a761ec5890c365e3c802af55e85d0f3b906a3b075f737acd14648d46cdacce90cbd2ccdda12d39784eaa17a05657b13447df1fe7 SHA512 5db227b78f48e35f917030eeb45ce9d0f7e868c5ce75da496ca06fad175ad6b026173b2fb78415c0103a61af24aec78d89bcebdf60b817d8ff6e84dc926faa97 +DIST libvirt-8.1.0.tar.xz.asc 833 BLAKE2B 21ea45127d68313264b9e17c315d75b20e409ef56ce3f6a61899c3c9d9ce1ff51a4743d912f7440d2197230df802d955516cbc8d6f98960cef8a0265a7d0f334 SHA512 9a28b0405c01518f7d6837d02df492d6d97d6e73cd711e718b53cc18d8830a1216aa87366b2065ef5ce65b12d72cbb3d80024529264430de20fe89d8bf595d76 diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch b/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch new file mode 100644 index 000000000000..fae61294584e --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-8.2.0-do-not-use-sysconfig.patch @@ -0,0 +1,211 @@ +From 10d65f10a76c7478c4ec0c65ffeec7f4b18929f9 Mon Sep 17 00:00:00 2001 +Message-Id: <10d65f10a76c7478c4ec0c65ffeec7f4b18929f9.1646212419.git.mprivozn@redhat.com> +From: Michal Privoznik +Date: Wed, 2 Mar 2022 10:01:04 +0100 +Subject: [PATCH] libvirt-8.2.0-do-not-use-sysconfig.patch + +Signed-off-by: Michal Privoznik +--- + src/interface/virtinterfaced.service.in | 1 - + src/libxl/virtxend.service.in | 1 - + src/locking/virtlockd.service.in | 1 - + src/logging/virtlogd.service.in | 3 +-- + src/lxc/virtlxcd.service.in | 1 - + src/network/virtnetworkd.service.in | 1 - + src/node_device/virtnodedevd.service.in | 1 - + src/nwfilter/virtnwfilterd.service.in | 1 - + src/qemu/virtqemud.service.in | 1 - + src/remote/libvirtd.service.in | 1 - + src/remote/virtproxyd.service.in | 1 - + src/secret/virtsecretd.service.in | 1 - + src/storage/virtstoraged.service.in | 1 - + src/vbox/virtvboxd.service.in | 1 - + tools/libvirt-guests.service.in | 2 +- + 15 files changed, 2 insertions(+), 16 deletions(-) + +diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in +index cb860ff1c4..090b198ac7 100644 +--- a/src/interface/virtinterfaced.service.in ++++ b/src/interface/virtinterfaced.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTINTERFACED_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtinterfaced + ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in +index 6b083c414f..597f5d1905 100644 +--- a/src/libxl/virtxend.service.in ++++ b/src/libxl/virtxend.service.in +@@ -19,7 +19,6 @@ ConditionPathExists=/proc/xen/capabilities + [Service] + Type=notify + Environment=VIRTXEND_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtxend + ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in +index 19271d1e7d..87193952cb 100644 +--- a/src/locking/virtlockd.service.in ++++ b/src/locking/virtlockd.service.in +@@ -8,7 +8,6 @@ Documentation=https://libvirt.org + + [Service] + Environment=VIRTLOCKD_ARGS= +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd + ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the locks is a really bad thing that will +diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in +index 8ab5478517..fe5c58b8ed 100644 +--- a/src/logging/virtlogd.service.in ++++ b/src/logging/virtlogd.service.in +@@ -7,8 +7,7 @@ Documentation=man:virtlogd(8) + Documentation=https://libvirt.org + + [Service] +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd +-ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS ++ExecStart=@sbindir@/virtlogd + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the logs is a really bad thing that will + # cause the machine to be fenced (rebooted), so make +diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in +index 334c34db44..1b9689017e 100644 +--- a/src/lxc/virtlxcd.service.in ++++ b/src/lxc/virtlxcd.service.in +@@ -19,7 +19,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTLXCD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtlxcd + ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in +index 05ce672b73..ee4cd9bca1 100644 +--- a/src/network/virtnetworkd.service.in ++++ b/src/network/virtnetworkd.service.in +@@ -17,7 +17,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNETWORKD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnetworkd + ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in +index cd9de362fd..7693aa52c4 100644 +--- a/src/node_device/virtnodedevd.service.in ++++ b/src/node_device/virtnodedevd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNODEDEVD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnodedevd + ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in +index ab65419e0c..16d8b377b0 100644 +--- a/src/nwfilter/virtnwfilterd.service.in ++++ b/src/nwfilter/virtnwfilterd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNWFILTERD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtnwfilterd + ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in +index 5ad968ace9..c63147d31f 100644 +--- a/src/qemu/virtqemud.service.in ++++ b/src/qemu/virtqemud.service.in +@@ -21,7 +21,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTQEMUD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtqemud + ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in +index 5d4d412fcc..27cfc34b90 100644 +--- a/src/remote/libvirtd.service.in ++++ b/src/remote/libvirtd.service.in +@@ -29,7 +29,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=LIBVIRTD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd + ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in +index f9bb6b84a9..0eddf5ee93 100644 +--- a/src/remote/virtproxyd.service.in ++++ b/src/remote/virtproxyd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTPROXYD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtproxyd + ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in +index 6d298c5334..92e54f175f 100644 +--- a/src/secret/virtsecretd.service.in ++++ b/src/secret/virtsecretd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTSECRETD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtsecretd + ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in +index eda4d86d37..abe91e3d80 100644 +--- a/src/storage/virtstoraged.service.in ++++ b/src/storage/virtstoraged.service.in +@@ -16,7 +16,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTSTORAGED_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtstoraged + ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in +index 6f447276e9..54fbd0be4a 100644 +--- a/src/vbox/virtvboxd.service.in ++++ b/src/vbox/virtvboxd.service.in +@@ -15,7 +15,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTVBOXD_ARGS="--timeout 120" +-EnvironmentFile=-@sysconfdir@/sysconfig/virtvboxd + ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in +index 3cf6476196..5668009ae4 100644 +--- a/tools/libvirt-guests.service.in ++++ b/tools/libvirt-guests.service.in +@@ -20,7 +20,7 @@ Documentation=man:libvirt-guests(8) + Documentation=https://libvirt.org + + [Service] +-EnvironmentFile=-@sysconfdir@/sysconfig/libvirt-guests ++EnvironmentFile=-/etc/libvirt/libvirt-guests.conf + # Hack just call traditional service until we factor + # out the code + ExecStart=@libexecdir@/libvirt-guests.sh start +-- +2.34.1 + diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch new file mode 100644 index 000000000000..331a49aa4497 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-8.2.0-fix-paths-for-apparmor.patch @@ -0,0 +1,140 @@ +From afcb8e32343d662d74ccb7b6596ddf03104c8e41 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Wed, 2 Mar 2022 10:12:44 +0100 +Subject: [PATCH] libvirt-8.2.0-fix-paths-for-apparmor.patch + +Signed-off-by: Michal Privoznik +--- + src/security/apparmor/libvirt-qemu | 1 + + src/security/apparmor/meson.build | 6 +- + .../usr.lib.libvirt.virt-aa-helper.in | 75 ------------------- + .../usr.lib.libvirt.virt-aa-helper.local | 1 - + 4 files changed, 4 insertions(+), 79 deletions(-) + delete mode 100644 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in + delete mode 100644 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local + +diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu +index 8cd76d48ec..39f8f04c03 100644 +--- a/src/security/apparmor/libvirt-qemu ++++ b/src/security/apparmor/libvirt-qemu +@@ -95,6 +95,7 @@ + /usr/share/sgabios/** r, + /usr/share/slof/** r, + /usr/share/vgabios/** r, ++ /usr/share/seavgabios/** r, + + # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140) + /etc/pki/CA/ r, +diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build +index 990f00b4f3..2a2235c89a 100644 +--- a/src/security/apparmor/meson.build ++++ b/src/security/apparmor/meson.build +@@ -1,5 +1,5 @@ + apparmor_gen_profiles = [ +- 'usr.lib.libvirt.virt-aa-helper', ++ 'usr.libexec.libvirt.virt-aa-helper', + 'usr.sbin.libvirtd', + 'usr.sbin.virtqemud', + 'usr.sbin.virtxend', +@@ -34,7 +34,7 @@ install_data( + ) + + install_data( +- 'usr.lib.libvirt.virt-aa-helper.local', ++ 'usr.libexec.libvirt.virt-aa-helper.local', + install_dir: apparmor_dir / 'local', +- rename: 'usr.lib.libvirt.virt-aa-helper', ++ rename: 'usr.libexec.libvirt.virt-aa-helper', + ) +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in +deleted file mode 100644 +index ff1d46bebe..0000000000 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ /dev/null +@@ -1,75 +0,0 @@ +-#include +- +-profile virt-aa-helper @libexecdir@/virt-aa-helper { +- #include +- #include +- +- # needed for searching directories +- capability dac_override, +- capability dac_read_search, +- +- # needed for when disk is on a network filesystem +- network inet, +- network inet6, +- +- deny @{PROC}/[0-9]*/mounts r, +- @{PROC}/[0-9]*/net/psched r, +- owner @{PROC}/[0-9]*/status r, +- @{PROC}/filesystems r, +- +- # Used when internally running another command (namely apparmor_parser) +- @{PROC}/@{pid}/fd/ r, +- +- # allow reading libnl's classid file +- @sysconfdir@/libnl{,-3}/classid r, +- +- # for gl enabled graphics +- /dev/dri/{,*} r, +- +- # for hostdev +- /sys/devices/ r, +- /sys/devices/** r, +- /sys/bus/usb/devices/ r, +- deny /dev/sd* r, +- deny /dev/vd* r, +- deny /dev/dm-* r, +- deny /dev/drbd[0-9]* r, +- deny /dev/dasd* r, +- deny /dev/nvme* r, +- deny /dev/zd[0-9]* r, +- deny /dev/mapper/ r, +- deny /dev/mapper/* r, +- +- @libexecdir@/virt-aa-helper mr, +- /{usr/,}sbin/apparmor_parser Ux, +- +- @sysconfdir@/apparmor.d/libvirt/* r, +- @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, +- +- # for backingstore -- allow access to non-hidden files in @{HOME} as well +- # as storage pools +- audit deny @{HOME}/.* mrwkl, +- audit deny @{HOME}/.*/ rw, +- audit deny @{HOME}/.*/** mrwkl, +- audit deny @{HOME}/bin/ rw, +- audit deny @{HOME}/bin/** mrwkl, +- @{HOME}/ r, +- @{HOME}/** r, +- /var/lib/libvirt/images/ r, +- /var/lib/libvirt/images/** r, +- /var/lib/nova/instances/_base/* r, +- /{media,mnt,opt,srv}/** r, +- # For virt-sandbox +- /{,var/}run/libvirt/**/[sv]d[a-z] r, +- +- /**.img r, +- /**.raw r, +- /**.qcow{,2} r, +- /**.qed r, +- /**.vmdk r, +- /**.vhd r, +- /**.[iI][sS][oO] r, +- /**/disk{,.*} r, +- +- #include +-} +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local +deleted file mode 100644 +index c0990e51d0..0000000000 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local ++++ /dev/null +@@ -1 +0,0 @@ +-# Site-specific additions and overrides for 'usr.lib.libvirt.virt-aa-helper' +-- +2.34.1 + diff --git a/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch b/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch new file mode 100644 index 000000000000..f37ec7065afd --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch @@ -0,0 +1,50 @@ +From 823a62ec8aac4fb75e6e281164f3eb56ae47597c Mon Sep 17 00:00:00 2001 +Message-Id: <823a62ec8aac4fb75e6e281164f3eb56ae47597c.1646211032.git.mprivozn@redhat.com> +From: Boris Fiuczynski +Date: Tue, 1 Mar 2022 18:47:59 +0100 +Subject: [PATCH] qemu: segmentation fault in virtqemud executing + qemuDomainUndefineFlags + +Commit 5adfb3472342741c443ac91dee0abb18b5a3d038 causes a segmentation fault. + +Stack trace of thread 664419: + #0 0x000003ff62ec553c in qemuDomainUndefineFlags (dom=0x3ff6c002810, flags=) at ../src/qemu/qemu_driver.c:6618 + #1 0x000003ff876a7e5c in virDomainUndefineFlags (domain=domain@entry=0x3ff6c002810, flags=) at ../src/libvirt-domain.c:6519 + #2 0x000002aa2b64a808 in remoteDispatchDomainUndefineFlags (server=0x2aa2c3d7880, msg=0x2aa2c3d2770, args=, rerr=0x3ff8287b950, client=) + at src/remote/remote_daemon_dispatch_stubs.h:13080 + #3 remoteDispatchDomainUndefineFlagsHelper (server=0x2aa2c3d7880, client=, msg=0x2aa2c3d2770, rerr=0x3ff8287b950, args=, ret=0x0) + at src/remote/remote_daemon_dispatch_stubs.h:13059 + #4 0x000003ff8758bbf4 in virNetServerProgramDispatchCall (msg=0x2aa2c3d2770, client=0x2aa2c3e3050, server=0x2aa2c3d7880, prog=0x2aa2c3d8010) + at ../src/rpc/virnetserverprogram.c:428 + #5 virNetServerProgramDispatch (prog=0x2aa2c3d8010, server=server@entry=0x2aa2c3d7880, client=0x2aa2c3e3050, msg=0x2aa2c3d2770) at ../src/rpc/virnetserverprogram.c:302 + #6 0x000003ff8758c260 in virNetServerProcessMsg (msg=, prog=, client=, srv=0x2aa2c3d7880) at ../src/rpc/virnetserver.c:140 + #7 virNetServerHandleJob (jobOpaque=0x2aa2c3e2d30, opaque=0x2aa2c3d7880) at ../src/rpc/virnetserver.c:160 + #8 0x000003ff874c49aa in virThreadPoolWorker (opaque=) at ../src/util/virthreadpool.c:164 + #9 0x000003ff874c3f62 in virThreadHelper (data=) at ../src/util/virthread.c:256 + #10 0x000003ff86c1cf8c in start_thread () from /lib64/libc.so.6 + #11 0x000003ff86c9650e in thread_start () from /lib64/libc.so.6 + +Signed-off-by: Boris Fiuczynski +Reviewed-by: Jim Fehlig +Reviewed-by: Michal Privoznik +Signed-off-by: Michal Privoznik +--- + src/qemu/qemu_driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index bcd9bdb436..8337eed510 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -6615,7 +6615,7 @@ qemuDomainUndefineFlags(virDomainPtr dom, + } + } + +- if (vm->def->os.loader->nvram) { ++ if (vm->def->os.loader && vm->def->os.loader->nvram) { + nvram_path = g_strdup(vm->def->os.loader->nvram); + } else if (vm->def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { + qemuDomainNVRAMPathFormat(cfg, vm->def, &nvram_path); +-- +2.34.1 + diff --git a/app-emulation/libvirt/libvirt-8.1.0.ebuild b/app-emulation/libvirt/libvirt-8.1.0.ebuild new file mode 100644 index 000000000000..fb02517f617a --- /dev/null +++ b/app-emulation/libvirt/libvirt-8.1.0.ebuild @@ -0,0 +1,337 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) + +inherit meson bash-completion-r1 linux-info python-any-r1 readme.gentoo-r1 tmpfiles verify-sig + +if [[ ${PV} = *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://gitlab.com/libvirt/libvirt.git" + EGIT_BRANCH="master" + SRC_URI="" + SLOT="0" +else + SRC_URI="https://libvirt.org/sources/${P}.tar.xz + verify-sig? ( https://libvirt.org/sources/${P}.tar.xz.asc )" + KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" + SLOT="0/${PV}" +fi + +DESCRIPTION="C toolkit to manipulate virtual machines" +HOMEPAGE="https://www.libvirt.org/ https://gitlab.com/libvirt/libvirt/" +LICENSE="LGPL-2.1" +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libvirt.org.asc +IUSE=" + apparmor audit bash-completion +caps dtrace firewalld fuse glusterfs + iscsi iscsi-direct +libvirtd lvm libssh lxc nfs nls numa openvz + parted pcap policykit +qemu rbd sasl selinux +udev + virtualbox +virt-network wireshark-plugins xen zfs +" + +REQUIRED_USE=" + firewalld? ( virt-network ) + libvirtd? ( || ( lxc openvz qemu virtualbox xen ) ) + lxc? ( caps libvirtd ) + openvz? ( libvirtd ) + qemu? ( libvirtd ) + virt-network? ( libvirtd ) + virtualbox? ( libvirtd ) + xen? ( libvirtd )" + +BDEPEND=" + app-text/xhtml1 + dev-lang/perl + dev-libs/libxslt + dev-perl/XML-XPath + dev-python/docutils + virtual/pkgconfig + bash-completion? ( >=app-shells/bash-completion-2.0 ) + verify-sig? ( sec-keys/openpgp-keys-libvirt )" + +# gettext.sh command is used by the libvirt command wrappers, and it's +# non-optional, so put it into RDEPEND. +# We can use both libnl:1.1 and libnl:3, but if you have both installed, the +# package will use 3 by default. Since we don't have slot pinning in an API, +# we must go with the most recent +RDEPEND=" + acct-user/qemu + app-misc/scrub + >=dev-libs/glib-2.48.0 + dev-libs/libgcrypt:0 + dev-libs/libnl:3 + >=dev-libs/libxml2-2.7.6 + >=net-analyzer/openbsd-netcat-1.105-r1 + >=net-libs/gnutls-1.0.25:0= + net-libs/libssh2 + net-libs/libtirpc + net-libs/rpcsvc-proto + >=net-misc/curl-7.18.0 + sys-apps/dbus + sys-apps/dmidecode + sys-devel/gettext + sys-libs/ncurses:0= + sys-libs/readline:= + virtual/acl + apparmor? ( sys-libs/libapparmor ) + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap-ng ) + dtrace? ( dev-util/systemtap ) + firewalld? ( >=net-firewall/firewalld-0.6.3 ) + fuse? ( sys-fs/fuse:0= ) + glusterfs? ( >=sys-cluster/glusterfs-3.4.1 ) + iscsi? ( sys-block/open-iscsi ) + iscsi-direct? ( >=net-libs/libiscsi-1.18.0 ) + libssh? ( net-libs/libssh ) + lvm? ( >=sys-fs/lvm2-2.02.48-r2[-device-mapper-only(-)] ) + lxc? ( !sys-apps/systemd[cgroup-hybrid(-)] ) + nfs? ( net-fs/nfs-utils ) + numa? ( + >sys-process/numactl-2.0.2 + sys-process/numad + ) + parted? ( + >=sys-block/parted-1.8[device-mapper] + sys-fs/lvm2[-device-mapper-only(-)] + ) + pcap? ( >=net-libs/libpcap-1.0.0 ) + policykit? ( + acct-group/libvirt + >=sys-auth/polkit-0.9 + ) + qemu? ( + >=app-emulation/qemu-2.11 + dev-libs/yajl + ) + rbd? ( sys-cluster/ceph ) + sasl? ( dev-libs/cyrus-sasl ) + selinux? ( >=sys-libs/libselinux-2.0.85 ) + virt-network? ( + net-dns/dnsmasq[dhcp,ipv6(+),script] + net-firewall/ebtables + >=net-firewall/iptables-1.4.10[ipv6(+)] + net-misc/radvd + sys-apps/iproute2[-minimal] + ) + wireshark-plugins? ( net-analyzer/wireshark:= ) + xen? ( + >=app-emulation/xen-4.9.0 + app-emulation/xen-tools:= + ) + udev? ( + virtual/libudev + >=x11-libs/libpciaccess-0.10.9 + ) + zfs? ( sys-fs/zfs )" + +DEPEND="${BDEPEND} + ${RDEPEND} + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}"/${PN}-6.0.0-fix_paths_in_libvirt-guests_sh.patch + "${FILESDIR}"/${PN}-8.2.0-do-not-use-sysconfig.patch + "${FILESDIR}"/${PN}-8.2.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-8.2.0-qemu-segmentation-fault-in-virtqemud-executing-qemuD.patch +) + +pkg_setup() { + # Check kernel configuration: + CONFIG_CHECK="" + use fuse && CONFIG_CHECK+=" + ~FUSE_FS" + + use lvm && CONFIG_CHECK+=" + ~BLK_DEV_DM + ~DM_MULTIPATH + ~DM_SNAPSHOT" + + use lxc && CONFIG_CHECK+=" + ~BLK_CGROUP + ~CGROUP_CPUACCT + ~CGROUP_DEVICE + ~CGROUP_FREEZER + ~CGROUP_NET_PRIO + ~CGROUP_PERF + ~CGROUPS + ~CGROUP_SCHED + ~CPUSETS + ~IPC_NS + ~MACVLAN + ~NAMESPACES + ~NET_CLS_CGROUP + ~NET_NS + ~PID_NS + ~POSIX_MQUEUE + ~SECURITYFS + ~USER_NS + ~UTS_NS + ~VETH + ~!GRKERNSEC_CHROOT_MOUNT + ~!GRKERNSEC_CHROOT_DOUBLE + ~!GRKERNSEC_CHROOT_PIVOT + ~!GRKERNSEC_CHROOT_CHMOD + ~!GRKERNSEC_CHROOT_CAPS" + + kernel_is lt 4 7 && use lxc && CONFIG_CHECK+=" + ~DEVPTS_MULTIPLE_INSTANCES" + + use virt-network && CONFIG_CHECK+=" + ~BRIDGE_EBT_MARK_T + ~BRIDGE_NF_EBTABLES + ~NETFILTER_ADVANCED + ~NETFILTER_XT_CONNMARK + ~NETFILTER_XT_MARK + ~NETFILTER_XT_TARGET_CHECKSUM + ~IP_NF_FILTER + ~IP_NF_MANGLE + ~IP_NF_NAT + ~IP_NF_TARGET_MASQUERADE + ~IP6_NF_FILTER + ~IP6_NF_MANGLE + ~IP6_NF_NAT" + # Bandwidth Limiting Support + use virt-network && CONFIG_CHECK+=" + ~BRIDGE_EBT_T_NAT + ~IP_NF_TARGET_REJECT + ~NET_ACT_POLICE + ~NET_CLS_FW + ~NET_CLS_U32 + ~NET_SCH_HTB + ~NET_SCH_INGRESS + ~NET_SCH_SFQ" + + ERROR_USER_NS="Optional depending on LXC configuration." + + if [[ -n ${CONFIG_CHECK} ]]; then + linux-info_pkg_setup + fi + + python-any-r1_pkg_setup +} + +src_prepare() { + touch "${S}/.mailmap" || die + + default + python_fix_shebang . + + # Skip fragile tests which relies on pristine environment + # (Breaks because of sandbox environment variables) + # bug #802876 + sed -i -e "/commandtest/d" tests/meson.build || die + + # Tweak the init script: + cp "${FILESDIR}/libvirtd.init-r19" "${S}/libvirtd.init" || die + sed -e "s/USE_FLAG_FIREWALLD/$(usex firewalld 'need firewalld' '')/" \ + -i "${S}/libvirtd.init" || die "sed failed" +} + +src_configure() { + local emesonargs=( + $(meson_feature apparmor) + $(meson_feature apparmor apparmor_profiles) + $(meson_feature audit) + $(meson_feature caps capng) + $(meson_feature dtrace) + $(meson_feature firewalld) + $(meson_feature fuse) + $(meson_feature glusterfs) + $(meson_feature glusterfs storage_gluster) + $(meson_feature iscsi storage_iscsi) + $(meson_feature iscsi-direct storage_iscsi_direct) + $(meson_feature libvirtd driver_libvirtd) + $(meson_feature libssh) + $(meson_feature lvm storage_lvm) + $(meson_feature lvm storage_mpath) + $(meson_feature lxc driver_lxc) + $(meson_feature nls) + $(meson_feature numa numactl) + $(meson_feature numa numad) + $(meson_feature openvz driver_openvz) + $(meson_feature parted storage_disk) + $(meson_feature pcap libpcap) + $(meson_feature policykit polkit) + $(meson_feature qemu driver_qemu) + $(meson_feature qemu yajl) + $(meson_feature rbd storage_rbd) + $(meson_feature sasl) + $(meson_feature selinux) + $(meson_feature udev) + $(meson_feature virt-network driver_network) + $(meson_feature virtualbox driver_vbox) + $(meson_feature wireshark-plugins wireshark_dissector) + $(meson_feature xen driver_libxl) + $(meson_feature zfs storage_zfs) + + -Dnetcf=disabled + -Dsanlock=disabled + + -Ddriver_esx=enabled + -Dinit_script=systemd + -Dqemu_user=$(usex caps qemu root) + -Dqemu_group=$(usex caps qemu root) + -Ddriver_remote=enabled + -Dstorage_fs=enabled + -Ddriver_vmware=enabled + + --localstatedir="${EPREFIX}/var" + -Drunstatedir="${EPREFIX}/run" + -Ddocdir="${EPREFIX}/usr/share/doc/${PF}" + ) + + meson_src_configure +} + +src_test() { + export VIR_TEST_DEBUG=1 + # Don't run the syntax check tests, they're fragile and not relevant + # to us downstream anyway. + # We also crank up the timeout (as Fedora does) just to preempt failures + # on slower arches. + meson_src_test --no-suite syntax-check --timeout-multiplier 10 +} + +src_install() { + meson_src_install + + # Depending on configuration option, libvirt will create some bogus + # directoreis. They are either not used, or libvirtd is able to create + # them on demand, so let's remove them. + # + # Note, we are using -f here so that rm does not fail or warn if the + # directory is nonexistent. + rm -rf "${D}"/etc/sysconfig + rm -rf "${D}"/var + rm -rf "${D}"/run + + use libvirtd || return 0 + # From here, only libvirtd-related instructions, be warned! + + newtmpfiles "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf + + newinitd "${S}/libvirtd.init" libvirtd + newinitd "${FILESDIR}/libvirt-guests.init-r4" libvirt-guests + newinitd "${FILESDIR}/virtlockd.init-r2" virtlockd + newinitd "${FILESDIR}/virtlogd.init-r2" virtlogd + + newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd + newconfd "${FILESDIR}/libvirt-guests.confd" libvirt-guests + + DOC_CONTENTS=$(<"${FILESDIR}/README.gentoo-r3") + DISABLE_AUTOFORMATTING=true + readme.gentoo_create_doc +} + +pkg_postinst() { + if [[ -e "${ROOT}"/etc/libvirt/qemu/networks/default.xml ]]; then + touch "${ROOT}"/etc/libvirt/qemu/networks/default.xml || die + fi + + use libvirtd || return 0 + # From here, only libvirtd-related instructions, be warned! + tmpfiles_process libvirtd.conf + readme.gentoo_print_elog +}