1 files changed, 0 insertions, 106 deletions
diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch
deleted file mode 100644
index a0ac4146..00000000
--- a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: "Daniel P. Berrange" <berrange@redhat.com>
-To: libvir-list@redhat.com
-Date: Mon,  7 Oct 2013 14:06:51 +0100
-Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com>
-In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com>
-References: <1381151211-27111-1-git-send-email-berrange@redhat.com>
-X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
-X-loop: libvir-list@redhat.com
-Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the
-        host
-X-BeenThere: libvir-list@redhat.com
-X-Mailman-Version: 2.1.12
-Precedence: junk
-List-Id: Development discussions about the libvirt library & tools
-        <libvir-list.redhat.com>
-List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
-        <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
-List-Archive: <https://www.redhat.com/archives/libvir-list>
-List-Post: <mailto:libvir-list@redhat.com>
-List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
-List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
-        <mailto:libvir-list-request@redhat.com?subject=subscribe>
-X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000
-From: "Daniel P. Berrange" <berrange@redhat.com>
-Currently the LXC container tries to skip selinux/securityfs
-mounts if the directory does not exist in the filesystem,
-or if SELinux is disabled.
-The former check is flawed because the /sys/fs/selinux
-or /sys/kernel/securityfs directories may exist in sysfs
-even if the mount type is disabled. Instead of just doing
-an access() check, use an virFileIsMounted() to see if
-the FS is actually present in the host OS. This also
-avoids the need to check is_selinux_enabled().
-Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
- src/lxc/lxc_container.c | 37 +++++++++++++++++++++++--------------
- 1 file changed, 23 insertions(+), 14 deletions(-)
-diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
-index 05190bf..4ec7b67 100644
--- a/src/lxc/lxc_container.c
-+++ b/src/lxc/lxc_container.c
-@@ -754,15 +754,16 @@ typedef struct {
-     const char *type;
-     int mflags;
-     bool skipUserNS;
-+    bool skipUnmounted;
- } virLXCBasicMountInfo;
- 
- static const virLXCBasicMountInfo lxcBasicMounts[] = {
-    { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
-    { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false },
-    { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false },
-    { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true },
-+    { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false },
-+    { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false },
-+    { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false },
-+    { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
- #if WITH_SELINUX
-    { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true },
-+    { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true },
- #endif
- };
- 
-@@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
-         VIR_DEBUG("Processing %s -> %s",
-                   mnt->src, mnt->dst);
- 
-        /* Skip if mount doesn't exist in source */
-        if ((mnt->src[0] == '/') &&
-            (access(mnt->src, R_OK) < 0))
-            continue;
-+        if (mnt->skipUnmounted) {
-+            char *hostdir;
-+            int ret;
- 
-#if WITH_SELINUX
-        if (STREQ(mnt->src, SELINUX_MOUNT) &&
-            !is_selinux_enabled())
-            continue;
-#endif
-+            if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0)
-+                goto cleanup;
-+
-+            ret = virFileIsMountPoint(hostdir);
-+            VIR_FREE(hostdir);
-+            if (ret < 0)
-+                goto cleanup;
-+
-+            if (ret == 0) {
-+                VIR_DEBUG("Skipping '%s' which isn't mounted in host",
-+                          mnt->dst);
-+                continue;
-+            }
-+        }
- 
-         if (mnt->skipUserNS && userns_enabled) {
-             VIR_DEBUG("Skipping due to user ns enablement");
-- 
-1.8.3.1

diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch deleted file mode 100644 index a0ac4146..00000000 --- a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch +++ /dev/null
@@ -1,106 +0,0 @@
1	From: "Daniel P. Berrange" <berrange@redhat.com>
2	To: libvir-list@redhat.com
3	Date: Mon, 7 Oct 2013 14:06:51 +0100
4	Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com>
5	In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com>
6	References: <1381151211-27111-1-git-send-email-berrange@redhat.com>
7	X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25
8	X-loop: libvir-list@redhat.com
9	Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the
10	host
11	X-BeenThere: libvir-list@redhat.com
12	X-Mailman-Version: 2.1.12
13	Precedence: junk
14	List-Id: Development discussions about the libvirt library & tools
15	<libvir-list.redhat.com>
16	List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
17	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
18	List-Archive: <https://www.redhat.com/archives/libvir-list>
19	List-Post: <mailto:libvir-list@redhat.com>
20	List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
21	List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
22	<mailto:libvir-list-request@redhat.com?subject=subscribe>
23	X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000
24
25	From: "Daniel P. Berrange" <berrange@redhat.com>
26
27	Currently the LXC container tries to skip selinux/securityfs
28	mounts if the directory does not exist in the filesystem,
29	or if SELinux is disabled.
30
31	The former check is flawed because the /sys/fs/selinux
32	or /sys/kernel/securityfs directories may exist in sysfs
33	even if the mount type is disabled. Instead of just doing
34	an access() check, use an virFileIsMounted() to see if
35	the FS is actually present in the host OS. This also
36	avoids the need to check is_selinux_enabled().
37
38	Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
39	---
40	src/lxc/lxc_container.c \| 37 +++++++++++++++++++++++--------------
41	1 file changed, 23 insertions(+), 14 deletions(-)
42
43	diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
44	index 05190bf..4ec7b67 100644
45	--- a/src/lxc/lxc_container.c
46	+++ b/src/lxc/lxc_container.c
47	@@ -754,15 +754,16 @@ typedef struct {
48	const char *type;
49	int mflags;
50	bool skipUserNS;
51	+ bool skipUnmounted;
52	} virLXCBasicMountInfo;
53
54	static const virLXCBasicMountInfo lxcBasicMounts[] = {
55	- { "proc", "/proc", "proc", MS_NOSUID\|MS_NOEXEC\|MS_NODEV, false },
56	- { "/proc/sys", "/proc/sys", NULL, MS_BIND\|MS_RDONLY, false },
57	- { "sysfs", "/sys", "sysfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, false },
58	- { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, true },
59	+ { "proc", "/proc", "proc", MS_NOSUID\|MS_NOEXEC\|MS_NODEV, false, false },
60	+ { "/proc/sys", "/proc/sys", NULL, MS_BIND\|MS_RDONLY, false, false },
61	+ { "sysfs", "/sys", "sysfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, false, false },
62	+ { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, true, true },
63	#if WITH_SELINUX
64	- { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, true },
65	+ { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID\|MS_NOEXEC\|MS_NODEV\|MS_RDONLY, true, true },
66	#endif
67	};
68
69	@@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
70	VIR_DEBUG("Processing %s -> %s",
71	mnt->src, mnt->dst);
72
73	- /* Skip if mount doesn't exist in source */
74	- if ((mnt->src[0] == '/') &&
75	- (access(mnt->src, R_OK) < 0))
76	- continue;
77	+ if (mnt->skipUnmounted) {
78	+ char *hostdir;
79	+ int ret;
80
81	-#if WITH_SELINUX
82	- if (STREQ(mnt->src, SELINUX_MOUNT) &&
83	- !is_selinux_enabled())
84	- continue;
85	-#endif
86	+ if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0)
87	+ goto cleanup;
88	+
89	+ ret = virFileIsMountPoint(hostdir);
90	+ VIR_FREE(hostdir);
91	+ if (ret < 0)
92	+ goto cleanup;
93	+
94	+ if (ret == 0) {
95	+ VIR_DEBUG("Skipping '%s' which isn't mounted in host",
96	+ mnt->dst);
97	+ continue;
98	+ }
99	+ }
100
101	if (mnt->skipUserNS && userns_enabled) {
102	VIR_DEBUG("Skipping due to user ns enablement");
103	--
104	1.8.3.1
105
106