[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/0.7.6-1-3-gce225c4

Guido Günther agx at sigxcpu.org
Thu Feb 11 18:12:39 UTC 2010 

The following commit has been merged in the master branch:
commit ce225c46f1ee937c77fd4cebb692bbec5d693f24
Author: Guido Günther <agx at sigxcpu.org>
Date:   Thu Feb 11 18:24:44 2010 +0100

    New patch 0006-Don-t-drop-caps-when-exec-ing-qemu.patch
    
    Don't drop caps when exec'ing qemu.
    
    Instead of disabling libcap-ng better exclude this one exec so we get
    the additional security for the rest of the calls.
    
    Closes: #565767

diff --git a/debian/control b/debian/control
index 6fbc2db..f747f55 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,8 @@ Build-Depends: cdbs (>= 0.4.43), debhelper (>= 7), libxml2-dev, libncurses5-dev,
  libpciaccess-dev,
  module-init-tools,
  policykit-1,
- dpkg-dev (<< 1.15.3) | dpkg-dev (>> 1.15.3)
+ dpkg-dev (<< 1.15.3) | dpkg-dev (>> 1.15.3),
+ libcap-ng-dev
 XS-Python-Version: current
 Build-Conflicts: dpkg-dev (= 1.15.3)
 Vcs-Git: git://git.debian.org/git/pkg-libvirt/libvirt.git
diff --git a/debian/patches/0006-Don-t-drop-caps-when-exec-ing-qemu.patch b/debian/patches/0006-Don-t-drop-caps-when-exec-ing-qemu.patch
new file mode 100644
index 0000000..c9f7819
--- /dev/null
+++ b/debian/patches/0006-Don-t-drop-caps-when-exec-ing-qemu.patch
@@ -0,0 +1,23 @@
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Thu, 11 Feb 2010 19:02:32 +0100
+Subject: [PATCH] Don't drop caps when exec'ing qemu
+
+Closes: #565767
+---
+ src/qemu/qemu_driver.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 1e796ef..99fdeb3 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2697,7 +2697,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     ret = virExecDaemonize(conn, argv, progenv, &keepfd, &child,
+                            stdin_fd, &logfile, &logfile,
+-                           VIR_EXEC_NONBLOCK | VIR_EXEC_CLEAR_CAPS,
++                           VIR_EXEC_NONBLOCK /* | VIR_EXEC_CLEAR_CAPS */,
+                            qemudSecurityHook, &hookData,
+                            pidfile);
+     VIR_FREE(pidfile);
+-- 
diff --git a/debian/patches/series b/debian/patches/series
index 15965e7..5b4033f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 0003-allow-libvirt-group-to-access-the-socket.patch
 0004-fix-Debian-specific-path-to-hvm-loader.patch
 0005-Terminate-nc-on-EOF.patch
+0006-Don-t-drop-caps-when-exec-ing-qemu.patch
diff --git a/debian/rules b/debian/rules
index 3f5be32..50dcb56 100755
--- a/debian/rules
+++ b/debian/rules
@@ -40,7 +40,7 @@ DEB_CONFIGURE_EXTRA_FLAGS :=     \
 	--without-selinux        \
 	--without-esx		 \
 	--without-libssh2	 \
-	--without-capng	 	 \
+	--with-capng		 \
 	--enable-debug		 \
 	$(BUILD_XEN)		 \
 	$(BUILD_VBOX)		 \

-- 
Libvirt Debian packaging

More information about the Pkg-libvirt-commits mailing list