diff options
12 files changed, 2 insertions, 929 deletions
diff --git a/recipes-extended/libvirt/libvirt-python.inc b/recipes-extended/libvirt/libvirt-python.inc index 1bf63234..0d3278d2 100644 --- a/recipes-extended/libvirt/libvirt-python.inc +++ b/recipes-extended/libvirt/libvirt-python.inc | |||
| @@ -15,5 +15,3 @@ FILES_${PN}-python-dbg += "${PYTHON_SITEPACKAGES_DIR}/.debug/" | |||
| 15 | FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}" | 15 | FILES_${PN}-python += "${PYTHON_SITEPACKAGES_DIR}" |
| 16 | 16 | ||
| 17 | EXTRA_OECONF += "TARGET_PYTHON=${bindir}/python" | 17 | EXTRA_OECONF += "TARGET_PYTHON=${bindir}/python" |
| 18 | |||
| 19 | SRC_URI += "file://libvirt-allow-location-of-python-on-the-target-to-be.patch" \ No newline at end of file | ||
diff --git a/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch b/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch deleted file mode 100644 index 0affcbef..00000000 --- a/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch +++ /dev/null | |||
| @@ -1,135 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:46 +0100 | ||
| 4 | Message-Id: <1381151211-27111-2-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 1/6] Add virFileIsMountPoint function | ||
| 10 | X-BeenThere: libvir-list@redhat.com | ||
| 11 | X-Mailman-Version: 2.1.12 | ||
| 12 | Precedence: junk | ||
| 13 | List-Id: Development discussions about the libvirt library & tools | ||
| 14 | <libvir-list.redhat.com> | ||
| 15 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 16 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 17 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 18 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 19 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 20 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 21 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 22 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:56 -0000 | ||
| 23 | |||
| 24 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 25 | |||
| 26 | Add a function for efficiently checking if a path is a filesystem | ||
| 27 | mount point. | ||
| 28 | |||
| 29 | NB will not work for bind mounts, only true filesystem mounts. | ||
| 30 | |||
| 31 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 32 | --- | ||
| 33 | src/libvirt_private.syms | 1 + | ||
| 34 | src/util/virfile.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ | ||
| 35 | src/util/virfile.h | 2 ++ | ||
| 36 | 3 files changed, 61 insertions(+) | ||
| 37 | |||
| 38 | diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms | ||
| 39 | index fe40834..31fa604 100644 | ||
| 40 | --- a/src/libvirt_private.syms | ||
| 41 | +++ b/src/libvirt_private.syms | ||
| 42 | @@ -1182,6 +1182,7 @@ virFileIsAbsPath; | ||
| 43 | virFileIsDir; | ||
| 44 | virFileIsExecutable; | ||
| 45 | virFileIsLink; | ||
| 46 | +virFileIsMountPoint; | ||
| 47 | virFileLinkPointsTo; | ||
| 48 | virFileLock; | ||
| 49 | virFileLoopDeviceAssociate; | ||
| 50 | diff --git a/src/util/virfile.c b/src/util/virfile.c | ||
| 51 | index e10de5a..fa21aeb 100644 | ||
| 52 | --- a/src/util/virfile.c | ||
| 53 | +++ b/src/util/virfile.c | ||
| 54 | @@ -1513,6 +1513,64 @@ virFileIsExecutable(const char *file) | ||
| 55 | return false; | ||
| 56 | } | ||
| 57 | |||
| 58 | + | ||
| 59 | +/* | ||
| 60 | + * Check that a file refers to a mount point. Trick is that for | ||
| 61 | + * a mount point, the st_dev field will differ from the parent | ||
| 62 | + * directory. | ||
| 63 | + * | ||
| 64 | + * Note that this will not detect bind mounts of dirs/files, | ||
| 65 | + * only true filesystem mounts. | ||
| 66 | + */ | ||
| 67 | +int virFileIsMountPoint(const char *file) | ||
| 68 | +{ | ||
| 69 | + char *parent = NULL; | ||
| 70 | + char *tmp; | ||
| 71 | + int ret = -1; | ||
| 72 | + struct stat sb1, sb2; | ||
| 73 | + | ||
| 74 | + if (VIR_STRDUP_QUIET(parent, file) < 0) | ||
| 75 | + goto cleanup; | ||
| 76 | + | ||
| 77 | + if (!(tmp = strrchr(parent, '/'))) { | ||
| 78 | + virReportError(VIR_ERR_INTERNAL_ERROR, | ||
| 79 | + _("Could not find '/' in '%s'"), | ||
| 80 | + file); | ||
| 81 | + goto cleanup; | ||
| 82 | + } | ||
| 83 | + | ||
| 84 | + *tmp = '\0'; | ||
| 85 | + | ||
| 86 | + VIR_DEBUG("Comparing '%s' to '%s'", file, parent); | ||
| 87 | + | ||
| 88 | + if (stat(file, &sb1) < 0) { | ||
| 89 | + if (errno == ENOENT) | ||
| 90 | + ret = 0; | ||
| 91 | + else | ||
| 92 | + virReportSystemError(errno, | ||
| 93 | + _("Cannot stat '%s'"), | ||
| 94 | + file); | ||
| 95 | + goto cleanup; | ||
| 96 | + } | ||
| 97 | + | ||
| 98 | + if (stat(parent, &sb2) < 0) { | ||
| 99 | + virReportSystemError(errno, | ||
| 100 | + _("Cannot stat '%s'"), | ||
| 101 | + parent); | ||
| 102 | + goto cleanup; | ||
| 103 | + } | ||
| 104 | + | ||
| 105 | + if (!S_ISDIR(sb1.st_mode)) | ||
| 106 | + return false; | ||
| 107 | + | ||
| 108 | + ret = sb1.st_dev != sb2.st_dev; | ||
| 109 | + VIR_DEBUG("Is mount %d", ret); | ||
| 110 | + | ||
| 111 | + cleanup: | ||
| 112 | + VIR_FREE(parent); | ||
| 113 | + return ret; | ||
| 114 | +} | ||
| 115 | + | ||
| 116 | #ifndef WIN32 | ||
| 117 | /* Check that a file is accessible under certain | ||
| 118 | * user & gid. | ||
| 119 | diff --git a/src/util/virfile.h b/src/util/virfile.h | ||
| 120 | index 72d35ce..ff84719 100644 | ||
| 121 | --- a/src/util/virfile.h | ||
| 122 | +++ b/src/util/virfile.h | ||
| 123 | @@ -156,6 +156,8 @@ bool virFileIsDir (const char *file) ATTRIBUTE_NONNULL(1); | ||
| 124 | bool virFileExists(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 125 | bool virFileIsExecutable(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 126 | |||
| 127 | +int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); | ||
| 128 | + | ||
| 129 | char *virFileSanitizePath(const char *path); | ||
| 130 | |||
| 131 | enum { | ||
| 132 | -- | ||
| 133 | 1.8.3.1 | ||
| 134 | |||
| 135 | |||
diff --git a/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch b/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch deleted file mode 100644 index 2a3d3ef4..00000000 --- a/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch +++ /dev/null | |||
| @@ -1,97 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:47 +0100 | ||
| 4 | Message-Id: <1381151211-27111-3-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 2/6] Remove unused 'opts' field from LXC basic | ||
| 10 | mounts struct | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:57 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | The virLXCBasicMountInfo struct contains a 'char *opts' | ||
| 28 | field passed onto the mount() syscall. Every entry in the | ||
| 29 | list sets this to NULL though, so it can be removed to | ||
| 30 | simplify life. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 29 ++++++++++++++--------------- | ||
| 35 | 1 file changed, 14 insertions(+), 15 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index b1f429c..3c89ed7 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -752,7 +752,6 @@ typedef struct { | ||
| 42 | const char *src; | ||
| 43 | const char *dst; | ||
| 44 | const char *type; | ||
| 45 | - const char *opts; | ||
| 46 | int mflags; | ||
| 47 | } virLXCBasicMountInfo; | ||
| 48 | |||
| 49 | @@ -763,16 +762,16 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 50 | * mount point in the main OS becomes readonly too which is not what | ||
| 51 | * we want. Hence some things have two entries here. | ||
| 52 | */ | ||
| 53 | - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 54 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 55 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 56 | - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 59 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 60 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 61 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
| 62 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 63 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 64 | + { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 65 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 66 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 67 | #if WITH_SELINUX | ||
| 68 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 69 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 70 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 71 | + { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 72 | #endif | ||
| 73 | }; | ||
| 74 | |||
| 75 | @@ -882,13 +881,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 76 | goto cleanup; | ||
| 77 | } | ||
| 78 | |||
| 79 | - VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 80 | - srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 81 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 82 | + VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 83 | + srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
| 84 | + if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 85 | virReportSystemError(errno, | ||
| 86 | - _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 87 | + _("Failed to mount %s on %s type %s flags=%x"), | ||
| 88 | srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 89 | - mnt->mflags, NULLSTR(mnt->opts)); | ||
| 90 | + mnt->mflags); | ||
| 91 | goto cleanup; | ||
| 92 | } | ||
| 93 | } | ||
| 94 | -- | ||
| 95 | 1.8.3.1 | ||
| 96 | |||
| 97 | |||
diff --git a/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch b/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch deleted file mode 100644 index 5135fb01..00000000 --- a/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:48 +0100 | ||
| 4 | Message-Id: <1381151211-27111-4-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 3/6] Remove pointless 'srcpath' variable in | ||
| 10 | lxcContainerMountBasicFS | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:59 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | The 'srcpath' variable is initialized from 'mnt->src' and never | ||
| 28 | changed thereafter. Some places continue to use 'mnt->src' and | ||
| 29 | others use 'srcpath'. Remove the pointless 'srcpath' variable | ||
| 30 | and use 'mnt->src' everywhere. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 13 +++++-------- | ||
| 35 | 1 file changed, 5 insertions(+), 8 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index 3c89ed7..1b1c93b 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -853,16 +853,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 42 | |||
| 43 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 44 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 45 | - const char *srcpath = NULL; | ||
| 46 | |||
| 47 | VIR_DEBUG("Processing %s -> %s", | ||
| 48 | mnt->src, mnt->dst); | ||
| 49 | |||
| 50 | - srcpath = mnt->src; | ||
| 51 | - | ||
| 52 | /* Skip if mount doesn't exist in source */ | ||
| 53 | - if ((srcpath[0] == '/') && | ||
| 54 | - (access(srcpath, R_OK) < 0)) | ||
| 55 | + if ((mnt->src[0] == '/') && | ||
| 56 | + (access(mnt->src, R_OK) < 0)) | ||
| 57 | continue; | ||
| 58 | |||
| 59 | #if WITH_SELINUX | ||
| 60 | @@ -882,11 +879,11 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 61 | } | ||
| 62 | |||
| 63 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 64 | - srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
| 65 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 66 | + mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
| 67 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 68 | virReportSystemError(errno, | ||
| 69 | _("Failed to mount %s on %s type %s flags=%x"), | ||
| 70 | - srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 71 | + mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
| 72 | mnt->mflags); | ||
| 73 | goto cleanup; | ||
| 74 | } | ||
| 75 | -- | ||
| 76 | 1.8.3.1 | ||
| 77 | |||
| 78 | |||
diff --git a/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch b/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch deleted file mode 100644 index c02295e1..00000000 --- a/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch +++ /dev/null | |||
| @@ -1,117 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:49 +0100 | ||
| 4 | Message-Id: <1381151211-27111-5-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 4/6] Remove duplicate entries in lxcBasicMounts | ||
| 10 | array | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:00 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Currently the lxcBasicMounts array has separate entries for | ||
| 28 | most mounts, to reflect that we must do a separate mount | ||
| 29 | operation to make mounts read-only. Remove the duplicate | ||
| 30 | entries and instead set the MS_RDONLY flag against the main | ||
| 31 | entry. Then change lxcContainerMountBasicFS to look for the | ||
| 32 | MS_RDONLY flag, mask it out & do a separate bind mount. | ||
| 33 | |||
| 34 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 35 | --- | ||
| 36 | src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- | ||
| 37 | 1 file changed, 27 insertions(+), 17 deletions(-) | ||
| 38 | |||
| 39 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 40 | index 1b1c93b..a7f71ef 100644 | ||
| 41 | --- a/src/lxc/lxc_container.c | ||
| 42 | +++ b/src/lxc/lxc_container.c | ||
| 43 | @@ -756,22 +756,12 @@ typedef struct { | ||
| 44 | } virLXCBasicMountInfo; | ||
| 45 | |||
| 46 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 47 | - /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 48 | - * it is currently necessary to bind it once, and then remount the | ||
| 49 | - * bind with the readonly flag. If this is not done, then the original | ||
| 50 | - * mount point in the main OS becomes readonly too which is not what | ||
| 51 | - * we want. Hence some things have two entries here. | ||
| 52 | - */ | ||
| 53 | { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 54 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
| 55 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 56 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 59 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
| 61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 63 | #if WITH_SELINUX | ||
| 64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 65 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 66 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 67 | #endif | ||
| 68 | }; | ||
| 69 | |||
| 70 | @@ -852,6 +842,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 71 | VIR_DEBUG("Mounting basic filesystems"); | ||
| 72 | |||
| 73 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 74 | + bool bindOverReadonly; | ||
| 75 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 76 | |||
| 77 | VIR_DEBUG("Processing %s -> %s", | ||
| 78 | @@ -878,13 +869,32 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 79 | goto cleanup; | ||
| 80 | } | ||
| 81 | |||
| 82 | + /* | ||
| 83 | + * We can't immediately set the MS_RDONLY flag when mounting filesystems | ||
| 84 | + * because (in at least some kernel versions) this will propagate back | ||
| 85 | + * to the original mount in the host OS, turning it readonly too. This | ||
| 86 | + * We mount the filesystem in read-write mode initially, and then do a | ||
| 87 | + * separate read-only bind mount on top of that. | ||
| 88 | + */ | ||
| 89 | + bindOverReadonly = !!(mnt->mflags & MS_RDONLY); | ||
| 90 | + | ||
| 91 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
| 92 | - mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
| 93 | - if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
| 94 | + mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY); | ||
| 95 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY, NULL) < 0) { | ||
| 96 | virReportSystemError(errno, | ||
| 97 | _("Failed to mount %s on %s type %s flags=%x"), | ||
| 98 | mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
| 99 | - mnt->mflags); | ||
| 100 | + mnt->mflags & ~MS_RDONLY); | ||
| 101 | + goto cleanup; | ||
| 102 | + } | ||
| 103 | + | ||
| 104 | + if (bindOverReadonly && | ||
| 105 | + mount(mnt->src, mnt->dst, NULL, | ||
| 106 | + MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { | ||
| 107 | + virReportSystemError(errno, | ||
| 108 | + _("Failed to re-mount %s on %s flags=%x"), | ||
| 109 | + mnt->src, mnt->dst, | ||
| 110 | + MS_BIND|MS_REMOUNT|MS_RDONLY); | ||
| 111 | goto cleanup; | ||
| 112 | } | ||
| 113 | } | ||
| 114 | -- | ||
| 115 | 1.8.3.1 | ||
| 116 | |||
| 117 | |||
diff --git a/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch b/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch deleted file mode 100644 index c9e0afc7..00000000 --- a/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch +++ /dev/null | |||
| @@ -1,83 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:50 +0100 | ||
| 4 | Message-Id: <1381151211-27111-6-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 5/6] Add flag to lxcBasicMounts to control use in | ||
| 10 | user namespaces | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:02 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Some mounts must be skipped if running inside a user namespace, | ||
| 28 | since the kernel forbids their use. Instead of strcmp'ing the | ||
| 29 | filesystem type in the body of the loop, set an explicit flag | ||
| 30 | in the lxcBasicMounts table. | ||
| 31 | |||
| 32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 33 | --- | ||
| 34 | src/lxc/lxc_container.c | 17 ++++++++++------- | ||
| 35 | 1 file changed, 10 insertions(+), 7 deletions(-) | ||
| 36 | |||
| 37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 38 | index a7f71ef..05190bf 100644 | ||
| 39 | --- a/src/lxc/lxc_container.c | ||
| 40 | +++ b/src/lxc/lxc_container.c | ||
| 41 | @@ -753,15 +753,16 @@ typedef struct { | ||
| 42 | const char *dst; | ||
| 43 | const char *type; | ||
| 44 | int mflags; | ||
| 45 | + bool skipUserNS; | ||
| 46 | } virLXCBasicMountInfo; | ||
| 47 | |||
| 48 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 49 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 50 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
| 51 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 52 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 53 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
| 54 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
| 55 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
| 56 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 57 | #if WITH_SELINUX | ||
| 58 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
| 59 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 60 | #endif | ||
| 61 | }; | ||
| 62 | |||
| 63 | @@ -855,12 +856,14 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 64 | |||
| 65 | #if WITH_SELINUX | ||
| 66 | if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 67 | - (!is_selinux_enabled() || userns_enabled)) | ||
| 68 | + !is_selinux_enabled()) | ||
| 69 | continue; | ||
| 70 | #endif | ||
| 71 | |||
| 72 | - if (STREQ(mnt->src, "securityfs") && userns_enabled) | ||
| 73 | + if (mnt->skipUserNS && userns_enabled) { | ||
| 74 | + VIR_DEBUG("Skipping due to user ns enablement"); | ||
| 75 | continue; | ||
| 76 | + } | ||
| 77 | |||
| 78 | if (virFileMakePath(mnt->dst) < 0) { | ||
| 79 | virReportSystemError(errno, | ||
| 80 | -- | ||
| 81 | 1.8.3.1 | ||
| 82 | |||
| 83 | |||
diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch deleted file mode 100644 index a0ac4146..00000000 --- a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch +++ /dev/null | |||
| @@ -1,106 +0,0 @@ | |||
| 1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 2 | To: libvir-list@redhat.com | ||
| 3 | Date: Mon, 7 Oct 2013 14:06:51 +0100 | ||
| 4 | Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com> | ||
| 5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
| 7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
| 8 | X-loop: libvir-list@redhat.com | ||
| 9 | Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the | ||
| 10 | host | ||
| 11 | X-BeenThere: libvir-list@redhat.com | ||
| 12 | X-Mailman-Version: 2.1.12 | ||
| 13 | Precedence: junk | ||
| 14 | List-Id: Development discussions about the libvirt library & tools | ||
| 15 | <libvir-list.redhat.com> | ||
| 16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
| 17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
| 18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
| 19 | List-Post: <mailto:libvir-list@redhat.com> | ||
| 20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
| 21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
| 22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
| 23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000 | ||
| 24 | |||
| 25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 26 | |||
| 27 | Currently the LXC container tries to skip selinux/securityfs | ||
| 28 | mounts if the directory does not exist in the filesystem, | ||
| 29 | or if SELinux is disabled. | ||
| 30 | |||
| 31 | The former check is flawed because the /sys/fs/selinux | ||
| 32 | or /sys/kernel/securityfs directories may exist in sysfs | ||
| 33 | even if the mount type is disabled. Instead of just doing | ||
| 34 | an access() check, use an virFileIsMounted() to see if | ||
| 35 | the FS is actually present in the host OS. This also | ||
| 36 | avoids the need to check is_selinux_enabled(). | ||
| 37 | |||
| 38 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 39 | --- | ||
| 40 | src/lxc/lxc_container.c | 37 +++++++++++++++++++++++-------------- | ||
| 41 | 1 file changed, 23 insertions(+), 14 deletions(-) | ||
| 42 | |||
| 43 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 44 | index 05190bf..4ec7b67 100644 | ||
| 45 | --- a/src/lxc/lxc_container.c | ||
| 46 | +++ b/src/lxc/lxc_container.c | ||
| 47 | @@ -754,15 +754,16 @@ typedef struct { | ||
| 48 | const char *type; | ||
| 49 | int mflags; | ||
| 50 | bool skipUserNS; | ||
| 51 | + bool skipUnmounted; | ||
| 52 | } virLXCBasicMountInfo; | ||
| 53 | |||
| 54 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 55 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
| 56 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
| 57 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
| 58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 59 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, | ||
| 60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, | ||
| 61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, | ||
| 62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
| 63 | #if WITH_SELINUX | ||
| 64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
| 65 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
| 66 | #endif | ||
| 67 | }; | ||
| 68 | |||
| 69 | @@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 70 | VIR_DEBUG("Processing %s -> %s", | ||
| 71 | mnt->src, mnt->dst); | ||
| 72 | |||
| 73 | - /* Skip if mount doesn't exist in source */ | ||
| 74 | - if ((mnt->src[0] == '/') && | ||
| 75 | - (access(mnt->src, R_OK) < 0)) | ||
| 76 | - continue; | ||
| 77 | + if (mnt->skipUnmounted) { | ||
| 78 | + char *hostdir; | ||
| 79 | + int ret; | ||
| 80 | |||
| 81 | -#if WITH_SELINUX | ||
| 82 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 83 | - !is_selinux_enabled()) | ||
| 84 | - continue; | ||
| 85 | -#endif | ||
| 86 | + if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0) | ||
| 87 | + goto cleanup; | ||
| 88 | + | ||
| 89 | + ret = virFileIsMountPoint(hostdir); | ||
| 90 | + VIR_FREE(hostdir); | ||
| 91 | + if (ret < 0) | ||
| 92 | + goto cleanup; | ||
| 93 | + | ||
| 94 | + if (ret == 0) { | ||
| 95 | + VIR_DEBUG("Skipping '%s' which isn't mounted in host", | ||
| 96 | + mnt->dst); | ||
| 97 | + continue; | ||
| 98 | + } | ||
| 99 | + } | ||
| 100 | |||
| 101 | if (mnt->skipUserNS && userns_enabled) { | ||
| 102 | VIR_DEBUG("Skipping due to user ns enablement"); | ||
| 103 | -- | ||
| 104 | 1.8.3.1 | ||
| 105 | |||
| 106 | |||
diff --git a/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch b/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch deleted file mode 100644 index 40f8dd9b..00000000 --- a/recipes-extended/libvirt/libvirt/LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch +++ /dev/null | |||
| @@ -1,52 +0,0 @@ | |||
| 1 | From 1583dfda7c4e5ad71efe0615c06e5676528d8203 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 3 | Date: Thu, 5 Sep 2013 11:50:40 +0100 | ||
| 4 | Subject: [PATCH] LXC: Don't mount securityfs when user namespace enabled | ||
| 5 | |||
| 6 | commit 1583dfda7c4e5ad71efe0615c06e5676528d8203 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Right now, securityfs is disallowed to be mounted in non-initial | ||
| 10 | user namespace, so we must avoid trying to mount securityfs in | ||
| 11 | a container which has user namespace enabled. | ||
| 12 | |||
| 13 | Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 14 | --- | ||
| 15 | src/lxc/lxc_container.c | 7 +++++-- | ||
| 16 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 19 | index 8abaea0..c41ab40 100644 | ||
| 20 | --- a/src/lxc/lxc_container.c | ||
| 21 | +++ b/src/lxc/lxc_container.c | ||
| 22 | @@ -750,7 +750,7 @@ err: | ||
| 23 | } | ||
| 24 | |||
| 25 | |||
| 26 | -static int lxcContainerMountBasicFS(void) | ||
| 27 | +static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 28 | { | ||
| 29 | const struct { | ||
| 30 | const char *src; | ||
| 31 | @@ -801,6 +801,9 @@ static int lxcContainerMountBasicFS(void) | ||
| 32 | continue; | ||
| 33 | #endif | ||
| 34 | |||
| 35 | + if (STREQ(mnts[i].src, "securityfs") && userns_enabled) | ||
| 36 | + continue; | ||
| 37 | + | ||
| 38 | if (virFileMakePath(mnts[i].dst) < 0) { | ||
| 39 | virReportSystemError(errno, | ||
| 40 | _("Failed to mkdir %s"), | ||
| 41 | @@ -1530,7 +1533,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, | ||
| 42 | goto cleanup; | ||
| 43 | |||
| 44 | /* Mounts the core /proc, /sys, etc filesystems */ | ||
| 45 | - if (lxcContainerMountBasicFS() < 0) | ||
| 46 | + if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap) < 0) | ||
| 47 | goto cleanup; | ||
| 48 | |||
| 49 | /* Mounts /proc/meminfo etc sysinfo */ | ||
| 50 | -- | ||
| 51 | 1.8.1.2 | ||
| 52 | |||
diff --git a/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch b/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch deleted file mode 100644 index f0582931..00000000 --- a/recipes-extended/libvirt/libvirt/LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch +++ /dev/null | |||
| @@ -1,48 +0,0 @@ | |||
| 1 | From 1c7037cff42dde35913dde533b31ee1da8c2d6e0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 3 | Date: Thu, 12 Sep 2013 11:51:31 +0800 | ||
| 4 | Subject: [PATCH] LXC: don't try to mount selinux filesystem when user namespace enabled | ||
| 5 | |||
| 6 | commit 1c7037cff42dde35913dde533b31ee1da8c2d6e0 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Right now we mount selinuxfs even user namespace is enabled and | ||
| 10 | ignore the error. But we shouldn't ignore these errors when user | ||
| 11 | namespace is not enabled. | ||
| 12 | |||
| 13 | This patch skips mounting selinuxfs when user namespace enabled. | ||
| 14 | |||
| 15 | Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> | ||
| 16 | --- | ||
| 17 | src/lxc/lxc_container.c | 8 +------- | ||
| 18 | 1 file changed, 1 insertion(+), 7 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 21 | index ddc6e3d..a979452 100644 | ||
| 22 | --- a/src/lxc/lxc_container.c | ||
| 23 | +++ b/src/lxc/lxc_container.c | ||
| 24 | @@ -868,7 +868,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 25 | |||
| 26 | #if WITH_SELINUX | ||
| 27 | if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 28 | - !is_selinux_enabled()) | ||
| 29 | + (!is_selinux_enabled() || userns_enabled)) | ||
| 30 | continue; | ||
| 31 | #endif | ||
| 32 | |||
| 33 | @@ -885,12 +885,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 34 | VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 35 | srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 36 | if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 37 | -#if WITH_SELINUX | ||
| 38 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 39 | - (errno == EINVAL || errno == EPERM)) | ||
| 40 | - continue; | ||
| 41 | -#endif | ||
| 42 | - | ||
| 43 | virReportSystemError(errno, | ||
| 44 | _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 45 | srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 46 | -- | ||
| 47 | 1.8.1.2 | ||
| 48 | |||
diff --git a/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch b/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch deleted file mode 100644 index 2c7b0eed..00000000 --- a/recipes-extended/libvirt/libvirt/Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch +++ /dev/null | |||
| @@ -1,147 +0,0 @@ | |||
| 1 | From f27f5f7eddf531159d791a2b5ac438ca011b5f26 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
| 3 | Date: Tue, 10 Sep 2013 13:35:12 +0100 | ||
| 4 | Subject: [PATCH] Move array of mounts out of lxcContainerMountBasicFS | ||
| 5 | |||
| 6 | commit f27f5f7eddf531159d791a2b5ac438ca011b5f26 from | ||
| 7 | git://libvirt.org/libvirt.git | ||
| 8 | |||
| 9 | Move the array of basic mounts out of the lxcContainerMountBasicFS | ||
| 10 | function, to a global variable. This is to allow it to be referenced | ||
| 11 | by other methods wanting to know what the basic mount paths are. | ||
| 12 | |||
| 13 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
| 14 | --- | ||
| 15 | src/lxc/lxc_container.c | 79 ++++++++++++++++++++++++++----------------------- | ||
| 16 | 1 file changed, 42 insertions(+), 37 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
| 19 | index 661ac52..6f241d3 100644 | ||
| 20 | --- a/src/lxc/lxc_container.c | ||
| 21 | +++ b/src/lxc/lxc_container.c | ||
| 22 | @@ -750,45 +750,50 @@ err: | ||
| 23 | } | ||
| 24 | |||
| 25 | |||
| 26 | -static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 27 | -{ | ||
| 28 | - const struct { | ||
| 29 | - const char *src; | ||
| 30 | - const char *dst; | ||
| 31 | - const char *type; | ||
| 32 | - const char *opts; | ||
| 33 | - int mflags; | ||
| 34 | - } mnts[] = { | ||
| 35 | - /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 36 | - * it is currently necessary to bind it once, and then remount the | ||
| 37 | - * bind with the readonly flag. If this is not done, then the original | ||
| 38 | - * mount point in the main OS becomes readonly too which is not what | ||
| 39 | - * we want. Hence some things have two entries here. | ||
| 40 | - */ | ||
| 41 | - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 42 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 43 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 44 | - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 45 | - { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 46 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 47 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 48 | +typedef struct { | ||
| 49 | + const char *src; | ||
| 50 | + const char *dst; | ||
| 51 | + const char *type; | ||
| 52 | + const char *opts; | ||
| 53 | + int mflags; | ||
| 54 | +} virLXCBasicMountInfo; | ||
| 55 | + | ||
| 56 | +static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
| 57 | + /* When we want to make a bind mount readonly, for unknown reasons, | ||
| 58 | + * it is currently necessary to bind it once, and then remount the | ||
| 59 | + * bind with the readonly flag. If this is not done, then the original | ||
| 60 | + * mount point in the main OS becomes readonly too which is not what | ||
| 61 | + * we want. Hence some things have two entries here. | ||
| 62 | + */ | ||
| 63 | + { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 64 | + { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
| 65 | + { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 66 | + { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 67 | + { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 68 | + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 69 | + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 70 | #if WITH_SELINUX | ||
| 71 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 72 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 73 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
| 74 | + { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
| 75 | #endif | ||
| 76 | - }; | ||
| 77 | +}; | ||
| 78 | + | ||
| 79 | + | ||
| 80 | +static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 81 | +{ | ||
| 82 | size_t i; | ||
| 83 | int rc = -1; | ||
| 84 | |||
| 85 | VIR_DEBUG("Mounting basic filesystems"); | ||
| 86 | |||
| 87 | - for (i = 0; i < ARRAY_CARDINALITY(mnts); i++) { | ||
| 88 | + for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
| 89 | + virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
| 90 | const char *srcpath = NULL; | ||
| 91 | |||
| 92 | VIR_DEBUG("Processing %s -> %s", | ||
| 93 | - mnts[i].src, mnts[i].dst); | ||
| 94 | + mnt->src, mnt->dst); | ||
| 95 | |||
| 96 | - srcpath = mnts[i].src; | ||
| 97 | + srcpath = mnt->src; | ||
| 98 | |||
| 99 | /* Skip if mount doesn't exist in source */ | ||
| 100 | if ((srcpath[0] == '/') && | ||
| 101 | @@ -796,34 +801,34 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
| 102 | continue; | ||
| 103 | |||
| 104 | #if WITH_SELINUX | ||
| 105 | - if (STREQ(mnts[i].src, SELINUX_MOUNT) && | ||
| 106 | + if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 107 | !is_selinux_enabled()) | ||
| 108 | continue; | ||
| 109 | #endif | ||
| 110 | |||
| 111 | - if (STREQ(mnts[i].src, "securityfs") && userns_enabled) | ||
| 112 | + if (STREQ(mnt->src, "securityfs") && userns_enabled) | ||
| 113 | continue; | ||
| 114 | |||
| 115 | - if (virFileMakePath(mnts[i].dst) < 0) { | ||
| 116 | + if (virFileMakePath(mnt->dst) < 0) { | ||
| 117 | virReportSystemError(errno, | ||
| 118 | _("Failed to mkdir %s"), | ||
| 119 | - mnts[i].src); | ||
| 120 | + mnt->src); | ||
| 121 | goto cleanup; | ||
| 122 | } | ||
| 123 | |||
| 124 | VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
| 125 | - srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts); | ||
| 126 | - if (mount(srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts) < 0) { | ||
| 127 | + srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
| 128 | + if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
| 129 | #if WITH_SELINUX | ||
| 130 | - if (STREQ(mnts[i].src, SELINUX_MOUNT) && | ||
| 131 | + if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
| 132 | (errno == EINVAL || errno == EPERM)) | ||
| 133 | continue; | ||
| 134 | #endif | ||
| 135 | |||
| 136 | virReportSystemError(errno, | ||
| 137 | _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
| 138 | - srcpath, mnts[i].dst, NULLSTR(mnts[i].type), | ||
| 139 | - mnts[i].mflags, NULLSTR(mnts[i].opts)); | ||
| 140 | + srcpath, mnt->dst, NULLSTR(mnt->type), | ||
| 141 | + mnt->mflags, NULLSTR(mnt->opts)); | ||
| 142 | goto cleanup; | ||
| 143 | } | ||
| 144 | } | ||
| 145 | -- | ||
| 146 | 1.8.1.2 | ||
| 147 | |||
diff --git a/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch b/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch deleted file mode 100644 index 6fff8ea0..00000000 --- a/recipes-extended/libvirt/libvirt/libvirt-allow-location-of-python-on-the-target-to-be.patch +++ /dev/null | |||
| @@ -1,53 +0,0 @@ | |||
| 1 | From 44e1046619457c709a0bb4efaa4ad983d9b81cbc Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mark Asselstine <mark.asselstine@windriver.com> | ||
| 3 | Date: Mon, 12 Aug 2013 16:22:56 -0400 | ||
| 4 | Subject: [PATCH] libvirt: allow location of python on the target to be | ||
| 5 | specified | ||
| 6 | |||
| 7 | Allow TARGET_PYTHON to be passed to configure. TARGET_PYTHON will be | ||
| 8 | passed to generator.py where it is used to create the sh.bang line at | ||
| 9 | the top of various generated scripts. This allows separation between | ||
| 10 | what is used to build vs. install. The default behavior is to leave | ||
| 11 | TARGET_PYTHON == PYTHON unless TARGET_PYTHON is passed to configure. | ||
| 12 | |||
| 13 | Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> | ||
| 14 | --- | ||
| 15 | configure.ac | 8 ++++++++ | ||
| 16 | python/Makefile.am | 2 +- | ||
| 17 | 2 files changed, 9 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/configure.ac b/configure.ac | ||
| 20 | index 35a5d76..c1a27f8 100644 | ||
| 21 | --- a/configure.ac | ||
| 22 | +++ b/configure.ac | ||
| 23 | @@ -1965,6 +1965,14 @@ AM_CONDITIONAL([WITH_PYTHON], [test "$with_python" = "yes"]) | ||
| 24 | AC_SUBST([PYTHON_VERSION]) | ||
| 25 | AC_SUBST([PYTHON_INCLUDES]) | ||
| 26 | |||
| 27 | +if test "$TARGET_PYTHON"; then | ||
| 28 | + TARGET_PYTHON=$TARGET_PYTHON | ||
| 29 | +else | ||
| 30 | + TARGET_PYTHON=$PYTHON | ||
| 31 | +fi | ||
| 32 | +AC_SUBST(TARGET_PYTHON) | ||
| 33 | + | ||
| 34 | + | ||
| 35 | dnl Allow perl overrides | ||
| 36 | AC_PATH_PROG([PERL], [perl]) | ||
| 37 | |||
| 38 | diff --git a/python/Makefile.am b/python/Makefile.am | ||
| 39 | index 7eb42c6..8b9b480 100644 | ||
| 40 | --- a/python/Makefile.am | ||
| 41 | +++ b/python/Makefile.am | ||
| 42 | @@ -131,7 +131,7 @@ $(GENERATE).stamp: $(srcdir)/$(GENERATE) \ | ||
| 43 | $(QEMU_API_DESC) \ | ||
| 44 | $(LXC_API_DESC) \ | ||
| 45 | $(CLASSES_EXTRA) | ||
| 46 | - $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(PYTHON) && \ | ||
| 47 | + $(AM_V_GEN)$(PYTHON) $(srcdir)/$(GENERATE) $(TARGET_PYTHON) && \ | ||
| 48 | touch $@ | ||
| 49 | |||
| 50 | $(GENERATED) $(QEMU_GENERATED) $(LXC_GENERATED): $(GENERATE).stamp | ||
| 51 | -- | ||
| 52 | 1.8.1.2 | ||
| 53 | |||
diff --git a/recipes-extended/libvirt/libvirt_1.1.2.bb b/recipes-extended/libvirt/libvirt_1.2.0.bb index 598d7ef2..80f06a23 100644 --- a/recipes-extended/libvirt/libvirt_1.1.2.bb +++ b/recipes-extended/libvirt/libvirt_1.2.0.bb | |||
| @@ -21,20 +21,11 @@ RCONFLICTS_${PN}_libvirtd = "connman" | |||
| 21 | 21 | ||
| 22 | SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \ | 22 | SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \ |
| 23 | file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \ | 23 | file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \ |
| 24 | file://LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch \ | ||
| 25 | file://Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch \ | ||
| 26 | file://LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch \ | ||
| 27 | file://0001-Add-virFileIsMountPoint-function.patch \ | ||
| 28 | file://0002-Remove-unused-opts-field-from-LXC-basic.patch \ | ||
| 29 | file://0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch \ | ||
| 30 | file://0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch \ | ||
| 31 | file://0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch \ | ||
| 32 | file://0006-Skip-any-files-which-are-not-mounted-on-the-host.patch \ | ||
| 33 | file://libvirtd.sh \ | 24 | file://libvirtd.sh \ |
| 34 | file://libvirtd.conf" | 25 | file://libvirtd.conf" |
| 35 | 26 | ||
| 36 | SRC_URI[md5sum] = "1835bbfa492099bce12e2934870e5611" | 27 | SRC_URI[md5sum] = "f74f78059def4e68d69b975ad6e6c3e2" |
| 37 | SRC_URI[sha256sum] = "16648af54d3e162f5cc5445d970ec29a0bd55b1dbcb568a05533c4c2f25965e3" | 28 | SRC_URI[sha256sum] = "a8e578ae7861db2ac5f454073293d2ef3229fd3f6c4f9029101763244db22ddd" |
| 38 | 29 | ||
| 39 | inherit autotools gettext update-rc.d | 30 | inherit autotools gettext update-rc.d |
| 40 | 31 | ||