diff options
| author | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-12-04 01:09:50 -0500 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-12-04 01:36:20 -0500 |
| commit | f542bf79d8f6c88f6fd97a905885afc532689029 (patch) | |
| tree | a84760b76eaca551e6fb1007589003d917e311c3 /recipes-extended/libvirt | |
| parent | 851a4ae2ce2a10f20a586d447f22b0e8e4c7ad54 (diff) | |
| download | meta-virtualization-f542bf79d8f6c88f6fd97a905885afc532689029.tar.gz | |
libvirt: uprev to v1.2.0
Upreving libvirt to v1.2.0 released Dec 2, 2013.
As part of this uprev, existing patches that are part of the 1.2 release have
been dropped, and existing functionality checked for regressions.
From the libvirt release notes:
Features:
Add support for gluster pool (Eric Blake),
Separation of python binding (Daniel P. Berrange),
vbox: add support for 4.3 APIs (Ryota Ozaki)
Documentation:
fix typos in libvirt.h.in (Chen Hanxiao),
Link libvirt-sandbox from apps page (Daniel P. Berrange),
Add docs about audit subsystem logging (Daniel P. Berrange),
virsh: fix doc typos (Nehal J Wani),
Fix typos in various docs (Nehal J Wani),
LXC: add securetty related note in Device nodes (Gao feng),
Fix three minor typos (Yuri Chornoivan),
storage: fix typo in previous patch (Eric Blake),
storage: document gluster pool (Eric Blake),
virDomainReboot: Document that migration might be unsafe (Michal Privoznik),
delete extra character (Wangyufei (A)),
maint: fix comment typos. (Eric Blake),
improve job info details (Eric Blake),
fix a typo in formatnwfilter.html.in (Chen Hanxiao),
Improve cgroups docs to cover systemd integration (Daniel P. Berrange),
fix typos in libvirt.h.in (Chen Hanxiao),
fix virDomainRestoreFlags description bug (Wang Yufei),
grammar fixes (Eric Blake),
add SystemTap to apps using libvirt (Jonathan Lebon),
fix a typo in formatnwfilter (Chen Hanxiao),
caps: Fix function docs for virCapabilitiesAddHostNUMACell (Peter Krempa)
Portability:
tests: fix virpcitest with read-only srcdir (Eric Blake),
tests: guarantee abs_srcdir in all C tests (Eric Blake),
look for numad in /usr/sbin (Jim Fehlig),
build: Don't fail on '<' or '>' with old xmllint (Martin Kletzander),
spec: fix libvirt-docs subpackage on RHEL-6 (Michael Chapman),
Don't depend on syslog.service (Guido Günther),
qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus (Michal Privoznik),
build: work around super-old readline.h (Ryota Ozaki),
Fix migration with QEMU 1.6 (Michael Avdienko),
nodeinfo: fix build on non-Linux (Eric Blake)
Bug Fixes:
vbox: handle errors of virDomainHostdevDefAlloc correctly (Ryota Ozaki),
vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc (Ryota Ozaki),
Fix memory leak in virNWFilterDefParseXML() (Nehal J Wani),
Fix memory leak in virDomainDefParseXML() (Nehal J Wani),
LXC: Ensure security context is set when mounting images (Daniel P. Berrange),
network: properly update iptables rules during net-update (Laine Stump),
Fix bug in identifying sub-mounts (Daniel P. Berrange),
storage: skip selinux cleanup when fd not available (Eric Blake),
qemu: preserve netdev MAC address during 'domxml-to-native' (Bing Bu Cao),
storage: don't read storage volumes in nonblock mode (Eric Blake),
LXC: don't unmount mounts for shared root (Gao feng),
LXC: fix the problem that libvirt lxc fail to start on latest kernel (Gao feng),
sasl: Fix authentication when using PLAIN mechanism (Christophe Fergeau),
Fix invalid read in virNetSASLSessionClientStep debug log (Christophe Fergeau),
Tie SASL callbacks lifecycle to virNetSessionSASLContext (Christophe Fergeau),
remote: Don't leak priv->tls object on connection failure (Christophe Fergeau),
spec: Don't save/restore running VMs on libvirt-client update (Jiri Denemark),
virsh domxml-from-native to treat SCSI as the bus type for pseries by default (Shivaprasad G Bhat),
Don't start a nested job in qemuMigrationPrepareAny (Ján Tomko),
spec: Don't save/restore running VMs on libvirt-client update (Cole Robinson),
spec: Restrict virt-login-shell usage (Jiri Denemark),
storage: use valid XML for awkward volume names (Eric Blake),
storage: Returns earlier if source adapter of the scsi pool is a HBA (Osier Yang),
libvirt-guests: Run only after libvirtd (Cole Robinson),
Fix off-by-1 in default SELinux MCS range (Daniel P. Berrange),
vbox: fix segfault on virsh dumpxml with the existence of USB filters (Ryota Ozaki),
Add missing 'return 0;' in stub lxcStartFuse() method impl. (Daniel P. Berrange),
Avoid async signal safety problem in glibc's setxid (Daniel P. Berrange),
Don't release spice port twice when no TLS port is available (Ján Tomko),
Properly unref a connection with a close callback (Ján Tomko),
qemu: Call qemuSetupHostdevCGroup later during hotplug (Jiri Denemark),
qemuMonitorIO: Don't use @mon after it's unrefed (Michal Privoznik),
qemuProcessReconnectHelper: Don't create joinable thread (Michal Privoznik),
virDomainEventCallbackListFree: Don't leak @list->callbacks (Michal Privoznik),
networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile (Michal Privoznik),
Disable nwfilter driver when running unprivileged (Ján Tomko),
libxl: Fix Xen 4.4 libxlVmStart logic (Jason Andryuk),
qemu: Check for presence of device and properities when getting CPUID (Peter Krempa),
Fix busy wait loop in LXC container I/O handling (Daniel P. Berrange),
Don't expose 'none' machine type to capabilities (Daniel P. Berrange),
Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM (Daniel P. Berrange),
virSecurityLabelDefParseXML: Don't parse label on model='none' (Michal Privoznik),
virsh-domain: Mark --live and --config mutually exclusive in vcpucount (Peter Krempa),
qemu: Fix SCSI hotplug on pseries guests (Vitor de Lima),
pci: properly handle out-of-order SRIOV virtual functions (Laine Stump),
util: use -w flag when calling iptables (Serge Hallyn),
storage: Fix a vol-clone bug on ppc64 (Li Zhang),
qemu: Don't access vm->priv on unlocked domain (Michal Privoznik),
qemu: Avoid double free of VM (Michal Privoznik),
Allow root directory in filesystem source dir schema (Ján Tomko),
qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD (Michal Privoznik),
conf: fix incorrect error log in virCPUDefIsEqual (Chen Hanxiao),
qemuMonitorDispose: Reset lastError (Michal Privoznik),
qemu: clean up migration ports when migration cancelled (Zeng Junliang),
network: fix connections count in case of allocate failure (Laine Stump),
virpcitest: Fix variable arguments using in pci_driver_new (Michal Privoznik),
virpci: Don't error on unbinded devices (Michal Privoznik)
Improvements:
Pull lxcContainerGetSubtree out into shared virfile module (Daniel P. Berrange),
Introduce standard methods for sorting strings with qsort (Daniel P. Berrange),
conf: Export virStorageVolType enum helper functions (Peter Krempa),
sasl: Replace 'restep' label with 'continue' (Christophe Fergeau),
storage: probe qcow2 volumes in gluster pool (Eric Blake),
storage: improve handling of symlinks in gluster (Eric Blake),
storage: improve allocation stats reported on gluster files (Eric Blake),
storage: improve directory support in gluster pool (Eric Blake),
storage: add network-dir as new storage volume type (Eric Blake),
storage: implement rudimentary glusterfs pool refresh (Eric Blake),
storage: initial support for linking with libgfapi (Eric Blake),
storage: expose volume meta-type in XML (Eric Blake),
storage: allow interleave in volume XML (Eric Blake),
maint: next release is 1.2.0 (Eric Blake),
vbox: import vbox_CAPI_v4_3.h from SDK (Ryota Ozaki),
vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc (Ryota Ozaki),
vbox: cleanup vboxAttachUSB (Ryota Ozaki),
lxc: don't do duplicate work when getting pagesize (Chen Hanxiao),
maint: update to latest gnulib (Eric Blake),
python: remove virConnectGetCPUModelNames from globals (Doug Goldstein),
python: remove virConnectGetCPUModelNames from globals (Doug Goldstein),
qemu: Auto-generate controller for hotplugged hostdev (Eric Farman),
qemu: Separate calls based on controller bus type (Eric Farman),
qemu: Rename controller hotplug functions to not be PCI-specific (Eric Farman),
qemu: Add support for virt machine type with virtio-mmio devices on armv7 (Clark Laughlin),
maint: enforce comma style usage (Eric Blake),
maint: fix comma style issues: remaining code (Eric Blake),
maint: fix comma style issues: remaining drivers (Eric Blake),
maint: fix comma style issues: vbox (Eric Blake),
maint: fix comma style issues: python (Eric Blake),
maint: fix comma style issues: util (Eric Blake),
maint: fix comma style issues: tests, tools (Eric Blake),
maint: fix comma style issues: qemu (Eric Blake),
maint: fix comma style issues: xen (Eric Blake),
maint: fix comma style issues: conf (Eric Blake),
maint: fix comma style issues: nwfilter (Eric Blake),
Error out on unterminated arrays and objects in JSON parser (Ján Tomko),
Test if JSON parser fails on invalid input (Ján Tomko),
maint: ship .pl scripts as executables (Eric Blake),
Fix virsh net-info output for consistency (Hao Liu),
Add missing break to switch-case block (Doug Goldstein),
qemumonitorjsontest: Introduce GetNonExistingCPUData test (Michal Privoznik),
Macro for testing the version you are compiling with (Doug Goldstein),
Return -1 in virPortAllocatorAcquire if all ports are used (Ján Tomko),
Add a name to virPortAllocator (Ján Tomko),
storage: fix RNG validation of gluster via netfs (Eric Blake),
virsh-secret: Unify list column alignment (Peter Krempa),
virsh-interface: Unify list column alignment (Peter Krempa),
virsh-nwfilter: Unify list command column alignment (Peter Krempa),
virsh-pool: Unify spacing of listing function (Peter Krempa),
qemu: Change return type of qemuMonitorGetGuestCPU() (Peter Krempa),
virsh-volume: Unify strigification of volume type (Peter Krempa),
virsh-volume: Unify alignment of vol-list output columns (Peter Krempa),
conf: Refactor virDomainDiskSourceDefParse (Peter Krempa),
conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear (Peter Krempa),
conf: Split out code to parse the source of a disk definition (Peter Krempa),
qemuDomainObjStart: Warn on corrupted image (Michal Privoznik),
util: use size_t instead of unsigned int for num_virtual_functions (Laine Stump),
qemu: assign PCI address to primary video card (Vitor de Lima),
qemu: process: Validate specific CPUID flags of a guest (Peter Krempa),
qemu: Add support for paravirtual spinlocks in the guest (Peter Krempa),
conf: Refactor storing and usage of feature flags (Peter Krempa),
cpu: x86: Add internal CPUID features support and KVM feature bits (Peter Krempa),
qemu: Add monitor APIs to fetch CPUID data from QEMU (Jiri Denemark),
cpu_x86: Refactor storage of CPUID data to add support for KVM features (Peter Krempa),
tests: Distribute virpcitestdata (Michal Privoznik),
tests: Fix virtpcitest in VPATH (Jiri Denemark),
conf: Refactor virDomainDiskSourcePoolDefParse (Peter Krempa),
storage: always probe type with buffer (Eric Blake),
storage: refactor backing chain division of labor (Eric Blake),
storage: reduce number of stat calls (Eric Blake),
storage: avoid short reads while chasing backing chain (Eric Blake),
storage: use simpler 'char *' (Eric Blake),
test driver: add support for .connectBaselineCPU (Giuseppe Scrivano),
virpcitest: Introduce testVirPCIDeviceReset (Michal Privoznik),
virt-login-shell: also build virAtomic.h (Guido Günther),
storage: recognize gluster as networked file (Eric Blake),
qemu: don't use deprecated -no-kvm-pit-reinjection (Ján Tomko),
Resolve Coverity issue regarding not checking return value (John Ferlan),
Skip any files which are not mounted on the host (Daniel P. Berrange),
Add flag to lxcBasicMounts to control use in user namespaces (Daniel P. Berrange),
Remove duplicate entries in lxcBasicMounts array (Daniel P. Berrange),
Remove pointless 'srcpath' variable in lxcContainerMountBasicFS (Daniel P. Berrange),
Remove unused 'opts' field from LXC basic mounts struct (Daniel P. Berrange),
Add virFileIsMountPoint function (Daniel P. Berrange),
virpcitest: Introduce check for unbinded devices (Michal Privoznik),
virpcitest: Introduce testVirPCIDeviceReattach (Michal Privoznik),
virpcitest: Test virPCIDeviceDetach (Michal Privoznik),
tests: Introduce virpcitest (Michal Privoznik),
cpu: x86: Parse the CPU feature map only once (Peter Krempa),
cpu: Export few x86-specific APIs (Jiri Denemark),
nodeinfo: Remove libnuma include (Peter Krempa),
numa: Add wrapper of numa_node_to_cpus and use it (Peter Krempa),
numa: Replace NUMA_MAX_N_CPUS macro with virNumaGetMaxCPUs() (Peter Krempa),
nodeinfo: Get rid of nodeGetCellMemory (Peter Krempa),
numa: Introduce virNumaGetNodeMemory and use it instead of numa_node_size64 (Peter Krempa),
numa: Introduce virNumaGetMaxNode and use it instead of numa_max_node (Peter Krempa),
nodeinfo: Avoid forward declarations of static functions (Peter Krempa),
numa: Introduce virNumaIsAvailable and use it instead of numa_available (Peter Krempa)
Cleanups:
Remove obsolete 'tests' makefile target (Daniel P. Berrange),
Mostly revert "python: remove virConnectGetCPUModelNames from globals" (Daniel P. Berrange),
Remove redundant braces (Ján Tomko),
virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName (Michal Privoznik)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'recipes-extended/libvirt')
12 files changed, 2 insertions, 929 deletions
diff --git a/recipes-extended/libvirt/libvirt-python.inc b/recipes-extended/libvirt/libvirt-python.inc index 1bf63234..0d3278d2 100644 --- a/recipes-extended/libvirt/libvirt-python.inc +++ b/recipes-extended/libvirt/libvirt-python.inc | |||
| @@ -15,5 +15,3 @@ FILES_${PN}-python-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug/" | |||
| 15 | FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}" | 15 | FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}" |
| 16 | 16 | ||
| 17 | EXTRA_OECONF += "TARGET_PYTHON=${bindir}/python" | 17 | EXTRA_OECONF += "TARGET_PYTHON=${bindir}/python" |
| 18 | |||
| 19 | SRC_URI += "file://libvirt-allow-location-of-python-on-the-target-to-be.patch" \ No newline at end of file | ||
diff --git a/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch b/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch deleted file mode 100644 index 0affcbef..00000000 --- a/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch +++ /dev/null | |||
| @@ -1,135 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:46 +0100 | ||
| 4 | Message-Id: <1381151211-27111-2-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 1/6] Add virFileIsMountPoint function | ||
| 10 | X-BeenThere: libvir-list@redhat.com | ||
| 11 | X-Mailman-Version: 2.1.12 | ||
| 12 | Precedence: junk | ||
| 13 | List-Id: Development discussions about the libvirt library & tools | ||
| 14 | <libvir-list.redhat.com> | ||
| 15 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 16 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 17 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 18 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 19 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 20 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 21 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 22 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:56 -0000 | ||
| 23 | |||
| 24 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 25 | |||
| 26 | Add a function for efficiently checking if a path is a filesystem | ||
| 27 | mount point. | ||
| 28 | |||
| 29 | NB will not work for bind mounts, only true filesystem mounts. | ||
| 30 | |||
| 31 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 32 | --- | ||
| 33 | src/libvirt_private.syms | 1 + | ||
| 34 | src/util/virfile.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ | ||
| 35 | src/util/virfile.h | 2 ++ | ||
| 36 | 3 files changed, 61 insertions(+) | ||
| 37 | |||
| 38 | diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms | ||
| 39 | index fe40834..31fa604 100644 | ||
| 40 | --- a/src/libvirt_private.syms | ||
| 41 | +++ b/src/libvirt_private.syms | ||
| 42 | @@ -1182,6 +1182,7 @@ virFileIsAbsPath; | ||
| 43 | virFileIsDir; | ||
| 44 | virFileIsExecutable; | ||
| 45 | virFileIsLink; | ||
| 46 | +virFileIsMountPoint; | ||
| 47 | virFileLinkPointsTo; | ||
| 48 | virFileLock; | ||
| 49 | virFileLoopDeviceAssociate; | ||
| 50 | diff --git a/src/util/virfile.c b/src/util/virfile.c | ||
| 51 | index e10de5a..fa21aeb 100644 | ||
| 52 | --- a/src/util/virfile.c | ||
| 53 | +++ b/src/util/virfile.c | ||
| 54 | @@ -1513,6 +1513,64 @@ virFileIsExecutable(const char *file) | ||
| 55 | return false; | ||
| 56 | } | ||
| 57 | |||
| 58 | + | ||
| 59 | +/* | ||
| 60 | + * Check that a file refers to a mount point. Trick is that for | ||
| 61 | + * a mount point, the st_dev field will differ from the parent | ||
| 62 | + * directory. | ||
| 63 | + * | ||
| 64 | + * Note that this will not detect bind mounts of dirs/files, | ||
| 65 | + * only true filesystem mounts. | ||
| 66 | + */ | ||
| 67 | +int virFileIsMountPoint(const char *file) | ||
| 68 | +{ | ||
| 69 | + char *parent = NULL; | ||
| 70 | + char *tmp; | ||
| 71 | + int ret = -1; | ||
| 72 | + struct stat sb1, sb2; | ||
| 73 | + | ||
| 74 | + if (VIR_STRDUP_QUIET(parent, file) < 0) | ||
| 75 | + goto cleanup; | ||
| 76 | + | ||
| 77 | + if (!(tmp = strrchr(parent, '/'))) { | ||
| 78 | + virReportError(VIR_ERR_INTERNAL_ERROR, | ||
| 79 | + _("Could not find '/' in '%s'"), | ||
| 80 | + file); | ||
| 81 | + goto cleanup; | ||
| 82 | + } | ||
| 83 | + | ||
| 84 | + *tmp = '\0'; | ||
| 85 | + | ||
| 86 | + VIR_DEBUG("Comparing '%s' to '%s'", file, parent); | ||
| 87 | + | ||
| 88 | + if (stat(file, &sb1) < 0) { | ||
| 89 | + if (errno == ENOENT) | ||
| 90 | + ret = 0; | ||
| 91 | + else | ||
| 92 | + virReportSystemError(errno, | ||
| 93 | + _("Cannot stat '%s'"), | ||
| 94 | + file); | ||
| 95 | + goto cleanup; | ||
| 96 | + } | ||
| 97 | + | ||
| 98 | + if (stat(parent, &sb2) < 0) { | ||
| 99 | + virReportSystemError(errno, | ||
| 100 | + _("Cannot stat '%s'"), | ||
| 101 | + parent); | ||
| 102 | + goto cleanup; | ||
| 103 | + } | ||
| 104 | + | ||
| 105 | + if (!S_ISDIR(sb1.st_mode)) | ||
| 106 | + return false; | ||
| 107 | + | ||
| 108 | + ret = sb1.st_dev != sb2.st_dev; | ||
| 109 | + VIR_DEBUG("Is mount %d", ret); | ||
| 110 | + | ||
| 111 | + cleanup: | ||
| 112 | + VIR_FREE(parent); | ||
| 113 | + return ret; | ||
| 114 | +} | ||
| 115 | + | ||
| 116 | #ifndef WIN32 | ||
| 117 | /* Check that a file is accessible under certain | ||
| 118 | * user & gid. | ||
| 119 | diff --git a/src/util/virfile.h b/src/util/virfile.h | ||
| 120 | index 72d35ce..ff84719 100644 | ||
| 121 | --- a/src/util/virfile.h | ||
| 122 | +++ b/src/util/virfile.h | ||
| 123 | @@ -156,6 +156,8 @@ bool virFileIsDir (const char *file) ATTRIBUTE_NONNULL(1); | ||
| 124 | bool virFileExists(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 125 | bool virFileIsExecutable(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 126 | |||
| 127 | +int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 128 | + | ||
| 129 | char *virFileSanitizePath(const char *path); | ||
| 130 | |||
| 131 | enum { | ||
| 132 | -- | ||
| 133 | 1.8.3.1 | ||
| 134 | |||
| 135 | |||
diff --git a/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch b/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch deleted file mode 100644 index 2a3d3ef4..00000000 --- a/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch +++ /dev/null | |||
| @@ -1,97 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:47 +0100 | ||
| 4 | Message-Id: <1381151211-27111-3-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 2/6] Remove unused 'opts' field from LXC basic | ||
| 10 | mounts struct | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:57 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | The virLXCBasicMountInfo struct contains a 'char *opts' | ||
| 28 | field passed onto the mount() syscall. Every entry in the | ||
| 29 | list sets this to NULL though, so it can be removed to | ||
| 30 | simplify life. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 29 ++++++++++++++--------------- | ||
| 35 | 1 file changed, 14 insertions(+), 15 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index b1f429c..3c89ed7 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -752,7 +752,6 @@ typedef struct { | ||
| 42 | const char *src; | ||
| 43 | const char *dst; | ||
| 44 | const char *type; | ||
| 45 | - const char *opts; | ||
| 46 | int mflags; | ||
| 47 | } virLXCBasicMountInfo; | ||
| 48 | |||
| 49 | @@ -763,16 +762,16 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 50 | * mount point in the main OS becomes readonly too which is not what | ||
| 51 | * we want. Hence some things have two entries here. | ||
| 52 | */ | ||
| 53 | - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 54 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 55 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 56 | - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 59 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 60 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 61 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
| 62 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 63 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 64 | + { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 65 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 66 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 67 | #if WITH_SELINUX | ||
| 68 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 69 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 70 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 71 | + { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 72 | #endif | ||
| 73 | }; | ||
| 74 | |||
| 75 | @@ -882,13 +881,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 76 | goto cleanup; | ||
| 77 | } | ||
| 78 | |||
| 79 | - VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 80 | - srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 81 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 82 | + VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 83 | + srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
| 84 | + if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 85 | virReportSystemError(errno, | ||
| 86 | - _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 87 | + _("Failed to mount %s on %s type %s flags=%x"), | ||
| 88 | srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 89 | - mnt->mflags, NULLSTR(mnt->opts)); | ||
| 90 | + mnt->mflags); | ||
| 91 | goto cleanup; | ||
| 92 | } | ||
| 93 | } | ||
| 94 | -- | ||
| 95 | 1.8.3.1 | ||
| 96 | |||
| 97 | |||
diff --git a/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch b/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch deleted file mode 100644 index 5135fb01..00000000 --- a/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:48 +0100 | ||
| 4 | Message-Id: <1381151211-27111-4-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 3/6] Remove pointless 'srcpath' variable in | ||
| 10 | lxcContainerMountBasicFS | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:59 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | The 'srcpath' variable is initialized from 'mnt->src' and never | ||
| 28 | changed thereafter. Some places continue to use 'mnt->src' and | ||
| 29 | others use 'srcpath'. Remove the pointless 'srcpath' variable | ||
| 30 | and use 'mnt->src' everywhere. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 13 +++++-------- | ||
| 35 | 1 file changed, 5 insertions(+), 8 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index 3c89ed7..1b1c93b 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -853,16 +853,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 42 | |||
| 43 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 44 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 45 | - const char *srcpath = NULL; | ||
| 46 | |||
| 47 | VIR_DEBUG("Processing %s -> %s", | ||
| 48 | mnt->src, mnt->dst); | ||
| 49 | |||
| 50 | - srcpath = mnt->src; | ||
| 51 | - | ||
| 52 | /* Skip if mount doesn't exist in source */ | ||
| 53 | - if ((srcpath[0] == '/') && | ||
| 54 | - (access(srcpath, R_OK) < 0)) | ||
| 55 | + if ((mnt->src[0] == '/') && | ||
| 56 | + (access(mnt->src, R_OK) < 0)) | ||
| 57 | continue; | ||
| 58 | |||
| 59 | #if WITH_SELINUX | ||
| 60 | @@ -882,11 +879,11 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 61 | } | ||
| 62 | |||
| 63 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 64 | - srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
| 65 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 66 | + mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
| 67 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 68 | virReportSystemError(errno, | ||
| 69 | _("Failed to mount %s on %s type %s flags=%x"), | ||
| 70 | - srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 71 | + mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
| 72 | mnt->mflags); | ||
| 73 | goto cleanup; | ||
| 74 | } | ||
| 75 | -- | ||
| 76 | 1.8.3.1 | ||
| 77 | |||
| 78 | |||
diff --git a/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch b/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch deleted file mode 100644 index c02295e1..00000000 --- a/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch +++ /dev/null | |||
| @@ -1,117 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:49 +0100 | ||
| 4 | Message-Id: <1381151211-27111-5-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 4/6] Remove duplicate entries in lxcBasicMounts | ||
| 10 | array | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:00 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Currently the lxcBasicMounts array has separate entries for | ||
| 28 | most mounts, to reflect that we must do a separate mount | ||
| 29 | operation to make mounts read-only. Remove the duplicate | ||
| 30 | entries and instead set the MS_RDONLY flag against the main | ||
| 31 | entry. Then change lxcContainerMountBasicFS to look for the | ||
| 32 | MS_RDONLY flag, mask it out & do a separate bind mount. | ||
| 33 | |||
| 34 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 35 | --- | ||
| 36 | src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- | ||
| 37 | 1 file changed, 27 insertions(+), 17 deletions(-) | ||
| 38 | |||
| 39 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 40 | index 1b1c93b..a7f71ef 100644 | ||
| 41 | --- a/src/lxc/lxc_container.c | ||
| 42 | +++ b/src/lxc/lxc_container.c | ||
| 43 | @@ -756,22 +756,12 @@ typedef struct { | ||
| 44 | } virLXCBasicMountInfo; | ||
| 45 | |||
| 46 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 47 | - /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 48 | - * it is currently necessary to bind it once, and then remount the | ||
| 49 | - * bind with the readonly flag. If this is not done, then the original | ||
| 50 | - * mount point in the main OS becomes readonly too which is not what | ||
| 51 | - * we want. Hence some things have two entries here. | ||
| 52 | - */ | ||
| 53 | { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 54 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
| 55 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 56 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 59 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
| 61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 63 | #if WITH_SELINUX | ||
| 64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 65 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 66 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 67 | #endif | ||
| 68 | }; | ||
| 69 | |||
| 70 | @@ -852,6 +842,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 71 | VIR_DEBUG("Mounting basic filesystems"); | ||
| 72 | |||
| 73 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 74 | + bool bindOverReadonly; | ||
| 75 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 76 | |||
| 77 | VIR_DEBUG("Processing %s -> %s", | ||
| 78 | @@ -878,13 +869,32 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 79 | goto cleanup; | ||
| 80 | } | ||
| 81 | |||
| 82 | + /* | ||
| 83 | + * We can't immediately set the MS_RDONLY flag when mounting filesystems | ||
| 84 | + * because (in at least some kernel versions) this will propagate back | ||
| 85 | + * to the original mount in the host OS, turning it readonly too. This | ||
| 86 | + * We mount the filesystem in read-write mode initially, and then do a | ||
| 87 | + * separate read-only bind mount on top of that. | ||
| 88 | + */ | ||
| 89 | + bindOverReadonly = !!(mnt->mflags & MS_RDONLY); | ||
| 90 | + | ||
| 91 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 92 | - mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
| 93 | - if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 94 | + mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY); | ||
| 95 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY, NULL) < 0) { | ||
| 96 | virReportSystemError(errno, | ||
| 97 | _("Failed to mount %s on %s type %s flags=%x"), | ||
| 98 | mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
| 99 | - mnt->mflags); | ||
| 100 | + mnt->mflags & ~MS_RDONLY); | ||
| 101 | + goto cleanup; | ||
| 102 | + } | ||
| 103 | + | ||
| 104 | + if (bindOverReadonly && | ||
| 105 | + mount(mnt->src, mnt->dst, NULL, | ||
| 106 | + MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { | ||
| 107 | + virReportSystemError(errno, | ||
| 108 | + _("Failed to re-mount %s on %s flags=%x"), | ||
| 109 | + mnt->src, mnt->dst, | ||
| 110 | + MS_BIND|MS_REMOUNT|MS_RDONLY); | ||
| 111 | goto cleanup; | ||
| 112 | } | ||
| 113 | } | ||
| 114 | -- | ||
| 115 | 1.8.3.1 | ||
| 116 | |||
| 117 | |||
diff --git a/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch b/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch deleted file mode 100644 index c9e0afc7..00000000 --- a/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:50 +0100 | ||
| 4 | Message-Id: <1381151211-27111-6-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 5/6] Add flag to lxcBasicMounts to control use in | ||
| 10 | user namespaces | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:02 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Some mounts must be skipped if running inside a user namespace, | ||
| 28 | since the kernel forbids their use. Instead of strcmp'ing the | ||
| 29 | filesystem type in the body of the loop, set an explicit flag | ||
| 30 | in the lxcBasicMounts table. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 17 ++++++++++------- | ||
| 35 | 1 file changed, 10 insertions(+), 7 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index a7f71ef..05190bf 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -753,15 +753,16 @@ typedef struct { | ||
| 42 | const char *dst; | ||
| 43 | const char *type; | ||
| 44 | int mflags; | ||
| 45 | + bool skipUserNS; | ||
| 46 | } virLXCBasicMountInfo; | ||
| 47 | |||
| 48 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 49 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 50 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
| 51 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 52 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 53 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
| 54 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
| 55 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
| 56 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 57 | #if WITH_SELINUX | ||
| 58 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 59 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 60 | #endif | ||
| 61 | }; | ||
| 62 | |||
| 63 | @@ -855,12 +856,14 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 64 | |||
| 65 | #if WITH_SELINUX | ||
| 66 | if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 67 | - (!is_selinux_enabled() || userns_enabled)) | ||
| 68 | + !is_selinux_enabled()) | ||
| 69 | continue; | ||
| 70 | #endif | ||
| 71 | |||
| 72 | - if (STREQ(mnt->src, "securityfs") && userns_enabled) | ||
| 73 | + if (mnt->skipUserNS && userns_enabled) { | ||
| 74 | + VIR_DEBUG("Skipping due to user ns enablement"); | ||
| 75 | continue; | ||
| 76 | + } | ||
| 77 | |||
| 78 | if (virFileMakePath(mnt->dst) < 0) { | ||
| 79 | virReportSystemError(errno, | ||
| 80 | -- | ||
| 81 | 1.8.3.1 | ||
| 82 | |||
| 83 | |||
diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch deleted file mode 100644 index a0ac4146..00000000 --- a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch +++ /dev/null | |||
| @@ -1,106 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:51 +0100 | ||
| 4 | Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the | ||
| 10 | host | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Currently the LXC container tries to skip selinux/securityfs | ||
| 28 | mounts if the directory does not exist in the filesystem, | ||
| 29 | or if SELinux is disabled. | ||
| 30 | |||
| 31 | The former check is flawed because the /sys/fs/selinux | ||
| 32 | or /sys/kernel/securityfs directories may exist in sysfs | ||
| 33 | even if the mount type is disabled. Instead of just doing | ||
| 34 | an access() check, use an virFileIsMounted() to see if | ||
| 35 | the FS is actually present in the host OS. This also | ||
| 36 | avoids the need to check is_selinux_enabled(). | ||
| 37 | |||
| 38 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 39 | --- | ||
| 40 | src/lxc/lxc_container.c | 37 +++++++++++++++++++++++-------------- | ||
| 41 | 1 file changed, 23 insertions(+), 14 deletions(-) | ||
| 42 | |||
| 43 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 44 | index 05190bf..4ec7b67 100644 | ||
| 45 | --- a/src/lxc/lxc_container.c | ||
| 46 | +++ b/src/lxc/lxc_container.c | ||
| 47 | @@ -754,15 +754,16 @@ typedef struct { | ||
| 48 | const char *type; | ||
| 49 | int mflags; | ||
| 50 | bool skipUserNS; | ||
| 51 | + bool skipUnmounted; | ||
| 52 | } virLXCBasicMountInfo; | ||
| 53 | |||
| 54 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 55 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
| 56 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 59 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, | ||
| 60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, | ||
| 61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, | ||
| 62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
| 63 | #if WITH_SELINUX | ||
| 64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 65 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
| 66 | #endif | ||
| 67 | }; | ||
| 68 | |||
| 69 | @@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 70 | VIR_DEBUG("Processing %s -> %s", | ||
| 71 | mnt->src, mnt->dst); | ||
| 72 | |||
| 73 | - /* Skip if mount doesn't exist in source */ | ||
| 74 | - if ((mnt->src[0] == '/') && | ||
| 75 | - (access(mnt->src, R_OK) < 0)) | ||
| 76 | - continue; | ||
| 77 | + if (mnt->skipUnmounted) { | ||
| 78 | + char *hostdir; | ||
| 79 | + int ret; | ||
| 80 | |||
| 81 | -#if WITH_SELINUX | ||
| 82 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 83 | - !is_selinux_enabled()) | ||
| 84 | - continue; | ||
| 85 | -#endif | ||
| 86 | + if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0) | ||
| 87 | + goto cleanup; | ||
| 88 | + | ||
| 89 | + ret = virFileIsMountPoint(hostdir); | ||
| 90 | + VIR_FREE(hostdir); | ||
| 91 | + if (ret < 0) | ||
| 92 | + goto cleanup; | ||
| 93 | + | ||
| 94 | + if (ret == 0) { | ||
| 95 | + VIR_DEBUG("Skipping '%s' which isn't mounted in host", | ||
| 96 | + mnt->dst); | ||
| 97 | + continue; | ||
| 98 | + } | ||
| 99 | + } | ||
| 100 | |||
| 101 | if (mnt->skipUserNS && userns_enabled) { | ||
| 102 | VIR_DEBUG("Skipping due to user ns enablement"); | ||
| 103 | -- | ||
| 104 | 1.8.3.1 | ||
| 105 | |||
| 106 | |||
diff --git a/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch b/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch deleted file mode 100644 index 40f8dd9b..00000000 --- a/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch +++ /dev/null | |||
| @@ -1,52 +0,0 @@ | |||
| 1 | From 1583dfda7c4e5ad71efe0615c06e5676528d8203 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 3 | Date: Thu, 5 Sep 2013 11:50:40 +0100 | ||
| 4 | Subject: [PATCH] LXC: Don't mount securityfs when user namespace enabled | ||
| 5 | |||
| 6 | commit 1583dfda7c4e5ad71efe0615c06e5676528d8203 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Right now, securityfs is disallowed to be mounted in non-initial | ||
| 10 | user namespace, so we must avoid trying to mount securityfs in | ||
| 11 | a container which has user namespace enabled. | ||
| 12 | |||
| 13 | Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 14 | --- | ||
| 15 | src/lxc/lxc_container.c | 7 +++++-- | ||
| 16 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 19 | index 8abaea0..c41ab40 100644 | ||
| 20 | --- a/src/lxc/lxc_container.c | ||
| 21 | +++ b/src/lxc/lxc_container.c | ||
| 22 | @@ -750,7 +750,7 @@ err: | ||
| 23 | } | ||
| 24 | |||
| 25 | |||
| 26 | -static int lxcContainerMountBasicFS(void) | ||
| 27 | +static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 28 | { | ||
| 29 | const struct { | ||
| 30 | const char *src; | ||
| 31 | @@ -801,6 +801,9 @@ static int lxcContainerMountBasicFS(void) | ||
| 32 | continue; | ||
| 33 | #endif | ||
| 34 | |||
| 35 | + if (STREQ(mnts[i].src, "securityfs") && userns_enabled) | ||
| 36 | + continue; | ||
| 37 | + | ||
| 38 | if (virFileMakePath(mnts[i].dst) < 0) { | ||
| 39 | virReportSystemError(errno, | ||
| 40 | _("Failed to mkdir %s"), | ||
| 41 | @@ -1530,7 +1533,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, | ||
| 42 | goto cleanup; | ||
| 43 | |||
| 44 | /* Mounts the core /proc, /sys, etc filesystems */ | ||
| 45 | - if (lxcContainerMountBasicFS() < 0) | ||
| 46 | + if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap) < 0) | ||
| 47 | goto cleanup; | ||
| 48 | |||
| 49 | /* Mounts /proc/meminfo etc sysinfo */ | ||
| 50 | -- | ||
| 51 | 1.8.1.2 | ||
| 52 | |||
diff --git a/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch b/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch deleted file mode 100644 index f0582931..00000000 --- a/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | From 1c7037cff42dde35913dde533b31ee1da8c2d6e0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 3 | Date: Thu, 12 Sep 2013 11:51:31 +0800 | ||
| 4 | Subject: [PATCH] LXC: don't try to mount selinux filesystem when user namespace enabled | ||
| 5 | |||
| 6 | commit 1c7037cff42dde35913dde533b31ee1da8c2d6e0 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Right now we mount selinuxfs even user namespace is enabled and | ||
| 10 | ignore the error. But we shouldn't ignore these errors when user | ||
| 11 | namespace is not enabled. | ||
| 12 | |||
| 13 | This patch skips mounting selinuxfs when user namespace enabled. | ||
| 14 | |||
| 15 | Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 16 | --- | ||
| 17 | src/lxc/lxc_container.c | 8 +------- | ||
| 18 | 1 file changed, 1 insertion(+), 7 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 21 | index ddc6e3d..a979452 100644 | ||
| 22 | --- a/src/lxc/lxc_container.c | ||
| 23 | +++ b/src/lxc/lxc_container.c | ||
| 24 | @@ -868,7 +868,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 25 | |||
| 26 | #if WITH_SELINUX | ||
| 27 | if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 28 | - !is_selinux_enabled()) | ||
| 29 | + (!is_selinux_enabled() || userns_enabled)) | ||
| 30 | continue; | ||
| 31 | #endif | ||
| 32 | |||
| 33 | @@ -885,12 +885,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 34 | VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 35 | srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 36 | if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 37 | -#if WITH_SELINUX | ||
| 38 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 39 | - (errno == EINVAL || errno == EPERM)) | ||
| 40 | - continue; | ||
| 41 | -#endif | ||
| 42 | - | ||
| 43 | virReportSystemError(errno, | ||
| 44 | _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 45 | srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 46 | -- | ||
| 47 | 1.8.1.2 | ||
| 48 | |||
diff --git a/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch b/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch deleted file mode 100644 index 2c7b0eed..00000000 --- a/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch +++ /dev/null | |||
| @@ -1,147 +0,0 @@ | |||
| 1 | From f27f5f7eddf531159d791a2b5ac438ca011b5f26 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 3 | Date: Tue, 10 Sep 2013 13:35:12 +0100 | ||
| 4 | Subject: [PATCH] Move array of mounts out of lxcContainerMountBasicFS | ||
| 5 | |||
| 6 | commit f27f5f7eddf531159d791a2b5ac438ca011b5f26 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Move the array of basic mounts out of the lxcContainerMountBasicFS | ||
| 10 | function, to a global variable. This is to allow it to be referenced | ||
| 11 | by other methods wanting to know what the basic mount paths are. | ||
| 12 | |||
| 13 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 14 | --- | ||
| 15 | src/lxc/lxc_container.c | 79 ++++++++++++++++++++++++++----------------------- | ||
| 16 | 1 file changed, 42 insertions(+), 37 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 19 | index 661ac52..6f241d3 100644 | ||
| 20 | --- a/src/lxc/lxc_container.c | ||
| 21 | +++ b/src/lxc/lxc_container.c | ||
| 22 | @@ -750,45 +750,50 @@ err: | ||
| 23 | } | ||
| 24 | |||
| 25 | |||
| 26 | -static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 27 | -{ | ||
| 28 | - const struct { | ||
| 29 | - const char *src; | ||
| 30 | - const char *dst; | ||
| 31 | - const char *type; | ||
| 32 | - const char *opts; | ||
| 33 | - int mflags; | ||
| 34 | - } mnts[] = { | ||
| 35 | - /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 36 | - * it is currently necessary to bind it once, and then remount the | ||
| 37 | - * bind with the readonly flag. If this is not done, then the original | ||
| 38 | - * mount point in the main OS becomes readonly too which is not what | ||
| 39 | - * we want. Hence some things have two entries here. | ||
| 40 | - */ | ||
| 41 | - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 42 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 43 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 44 | - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 45 | - { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 46 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 47 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 48 | +typedef struct { | ||
| 49 | + const char *src; | ||
| 50 | + const char *dst; | ||
| 51 | + const char *type; | ||
| 52 | + const char *opts; | ||
| 53 | + int mflags; | ||
| 54 | +} virLXCBasicMountInfo; | ||
| 55 | + | ||
| 56 | +static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 57 | + /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 58 | + * it is currently necessary to bind it once, and then remount the | ||
| 59 | + * bind with the readonly flag. If this is not done, then the original | ||
| 60 | + * mount point in the main OS becomes readonly too which is not what | ||
| 61 | + * we want. Hence some things have two entries here. | ||
| 62 | + */ | ||
| 63 | + { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 64 | + { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 65 | + { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 66 | + { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 67 | + { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 68 | + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 69 | + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 70 | #if WITH_SELINUX | ||
| 71 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 72 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 73 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 74 | + { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 75 | #endif | ||
| 76 | - }; | ||
| 77 | +}; | ||
| 78 | + | ||
| 79 | + | ||
| 80 | +static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 81 | +{ | ||
| 82 | size_t i; | ||
| 83 | int rc = -1; | ||
| 84 | |||
| 85 | VIR_DEBUG("Mounting basic filesystems"); | ||
| 86 | |||
| 87 | - for (i = 0; i < ARRAY_CARDINALITY(mnts); i++) { | ||
| 88 | + for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 89 | + virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 90 | const char *srcpath = NULL; | ||
| 91 | |||
| 92 | VIR_DEBUG("Processing %s -> %s", | ||
| 93 | - mnts[i].src, mnts[i].dst); | ||
| 94 | + mnt->src, mnt->dst); | ||
| 95 | |||
| 96 | - srcpath = mnts[i].src; | ||
| 97 | + srcpath = mnt->src; | ||
| 98 | |||
| 99 | /* Skip if mount doesn't exist in source */ | ||
| 100 | if ((srcpath[0] == '/') && | ||
| 101 | @@ -796,34 +801,34 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 102 | continue; | ||
| 103 | |||
| 104 | #if WITH_SELINUX | ||
| 105 | - if (STREQ(mnts[i].src, SELINUX_MOUNT) && | ||
| 106 | + if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 107 | !is_selinux_enabled()) | ||
| 108 | continue; | ||
| 109 | #endif | ||
| 110 | |||
| 111 | - if (STREQ(mnts[i].src, "securityfs") && userns_enabled) | ||
| 112 | + if (STREQ(mnt->src, "securityfs") && userns_enabled) | ||
| 113 | continue; | ||
| 114 | |||
| 115 | - if (virFileMakePath(mnts[i].dst) < 0) { | ||
| 116 | + if (virFileMakePath(mnt->dst) < 0) { | ||
| 117 | virReportSystemError(errno, | ||
| 118 | _("Failed to mkdir %s"), | ||
| 119 | - mnts[i].src); | ||
| 120 | + mnt->src); | ||
| 121 | goto cleanup; | ||
| 122 | } | ||
| 123 | |||
| 124 | VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 125 | - srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts); | ||
| 126 | - if (mount(srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts) < 0) { | ||
| 127 | + srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 128 | + if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 129 | #if WITH_SELINUX | ||
| 130 | - if (STREQ(mnts[i].src, SELINUX_MOUNT) && | ||
| 131 | + if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 132 | (errno == EINVAL || errno == EPERM)) | ||
| 133 | continue; | ||
| 134 | #endif | ||
| 135 | |||
| 136 | virReportSystemError(errno, | ||
| 137 | _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 138 | - srcpath, mnts[i].dst, NULLSTR(mnts[i].type), | ||
| 139 | - mnts[i].mflags, NULLSTR(mnts[i].opts)); | ||
| 140 | + srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 141 | + mnt->mflags, NULLSTR(mnt->opts)); | ||
| 142 | goto cleanup; | ||
| 143 | } | ||
| 144 | } | ||
| 145 | -- | ||
| 146 | 1.8.1.2 | ||
| 147 | |||
diff --git a/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch b/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch deleted file mode 100644 index 6fff8ea0..00000000 --- a/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | From 44e1046619457c709a0bb4efaa4ad983d9b81cbc Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
| 3 | Date: Mon, 12 Aug 2013 16:22:56 -0400 | ||
| 4 | Subject: [PATCH] libvirt: allow location of python on the target to be | ||
| 5 | specified | ||
| 6 | |||
| 7 | Allow TARGET_PYTHON to be passed to configure. TARGET_PYTHON will be | ||
| 8 | passed to generator.py where it is used to create the sh.bang line at | ||
| 9 | the top of various generated scripts. This allows separation between | ||
| 10 | what is used to build vs. install. The default behavior is to leave | ||
| 11 | TARGET_PYTHON == PYTHON unless TARGET_PYTHON is passed to configure. | ||
| 12 | |||
| 13 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
| 14 | --- | ||
| 15 | configure.ac | 8 ++++++++ | ||
| 16 | python/Makefile.am | 2 +- | ||
| 17 | 2 files changed, 9 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/configure.ac b/configure.ac | ||
| 20 | index 35a5d76..c1a27f8 100644 | ||
| 21 | --- a/configure.ac | ||
| 22 | +++ b/configure.ac | ||
| 23 | @@ -1965,6 +1965,14 @@ AM_CONDITIONAL([WITH_PYTHON], [test "$with_python" = "yes"]) | ||
| 24 | AC_SUBST([PYTHON_VERSION]) | ||
| 25 | AC_SUBST([PYTHON_INCLUDES]) | ||
| 26 | |||
| 27 | +if test "$TARGET_PYTHON"; then | ||
| 28 | + TARGET_PYTHON=$TARGET_PYTHON | ||
| 29 | +else | ||
| 30 | + TARGET_PYTHON=$PYTHON | ||
| 31 | +fi | ||
| 32 | +AC_SUBST(TARGET_PYTHON) | ||
| 33 | + | ||
| 34 | + | ||
| 35 | dnl Allow perl overrides | ||
| 36 | AC_PATH_PROG([PERL], [perl]) | ||
| 37 | |||
| 38 | diff --git a/python/Makefile.am b/python/Makefile.am | ||
| 39 | index 7eb42c6..8b9b480 100644 | ||
| 40 | --- a/python/Makefile.am | ||
| 41 | +++ b/python/Makefile.am | ||
| 42 | @@ -131,7 +131,7 @@ $(GENERATE).stamp: $(srcdir)/$(GENERATE) \ | ||
| 43 | $(QEMU_API_DESC) \ | ||
| 44 | $(LXC_API_DESC) \ | ||
| 45 | $(CLASSES_EXTRA) | ||
| 46 | - $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(PYTHON) && \ | ||
| 47 | + $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(TARGET_PYTHON) && \ | ||
| 48 | touch $@ | ||
| 49 | |||
| 50 | $(GENERATED) $(QEMU_GENERATED) $(LXC_GENERATED): $(GENERATE).stamp | ||
| 51 | -- | ||
| 52 | 1.8.1.2 | ||
| 53 | |||
diff --git a/recipes-extended/libvirt/libvirt_1.1.2.bb b/recipes-extended/libvirt/libvirt_1.2.0.bb index 598d7ef2..80f06a23 100644 --- a/recipes-extended/libvirt/libvirt_1.1.2.bb +++ b/recipes-extended/libvirt/libvirt_1.2.0.bb | |||
| @@ -21,20 +21,11 @@ RCONFLICTS_${PN}_libvirtd = "connman" | |||
| 21 | 21 | ||
| 22 | SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \ | 22 | SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \ |
| 23 | file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \ | 23 | file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \ |
| 24 | file://LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch \ | ||
| 25 | file://Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch \ | ||
| 26 | file://LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch \ | ||
| 27 | file://0001-Add-virFileIsMountPoint-function.patch \ | ||
| 28 | file://0002-Remove-unused-opts-field-from-LXC-basic.patch \ | ||
| 29 | file://0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch \ | ||
| 30 | file://0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch \ | ||
| 31 | file://0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch \ | ||
| 32 | file://0006-Skip-any-files-which-are-not-mounted-on-the-host.patch \ | ||
| 33 | file://libvirtd.sh \ | 24 | file://libvirtd.sh \ |
| 34 | file://libvirtd.conf" | 25 | file://libvirtd.conf" |
| 35 | 26 | ||
| 36 | SRC_URI[md5sum] = "1835bbfa492099bce12e2934870e5611" | 27 | SRC_URI[md5sum] = "f74f78059def4e68d69b975ad6e6c3e2" |
| 37 | SRC_URI[sha256sum] = "16648af54d3e162f5cc5445d970ec29a0bd55b1dbcb568a05533c4c2f25965e3" | 28 | SRC_URI[sha256sum] = "a8e578ae7861db2ac5f454073293d2ef3229fd3f6c4f9029101763244db22ddd" |
| 38 | 29 | ||
| 39 | inherit autotools gettext update-rc.d | 30 | inherit autotools gettext update-rc.d |
| 40 | 31 | ||