[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/experimental] refresh d/p/* for v6.0.0
Guido Günther
gitlab at salsa.debian.org
Mon Jan 13 14:12:03 GMT 2020
Guido Günther pushed to branch debian/experimental at Libvirt Packaging Team / libvirt
Commits:
cc6b955f by Christian Ehrhardt at 2020-01-13T14:33:06+01:00
refresh d/p/* for v6.0.0
Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
- - - - -
8 changed files:
- debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
- debian/patches/debian/Debianize-libvirt-guests.patch
- debian/patches/debian/Debianize-systemd-service-files.patch
- debian/patches/debian/Debianize-virtlockd.patch
- debian/patches/debian/Debianize-virtlogd.patch
- debian/patches/series
- − debian/patches/virt-aa-helper-Actually-fix-AppArmor-profile.patch
- − debian/patches/virt-aa-helper-Fix-AppArmor-profile.patch
Changes:
=====================================
debian/patches/Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
=====================================
@@ -12,16 +12,14 @@ require the 'TERM' environment variable to be set to the terminal type.
src/rpc/virnetsocket.c | 2 ++
1 file changed, 2 insertions(+)
-diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
-index 3282bc0..f448001 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
-@@ -876,6 +876,8 @@ int virNetSocketNewConnectSSH(const char *nodename,
- virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
- virCommandAddEnvPassBlockSUID(cmd, "SSH_AUTH_SOCK", NULL);
- virCommandAddEnvPassBlockSUID(cmd, "SSH_ASKPASS", NULL);
-+ virCommandAddEnvPassBlockSUID(cmd, "GPG_TTY", NULL);
-+ virCommandAddEnvPassBlockSUID(cmd, "TERM", NULL);
- virCommandAddEnvPassBlockSUID(cmd, "DISPLAY", NULL);
- virCommandAddEnvPassBlockSUID(cmd, "XAUTHORITY", NULL);
+@@ -863,6 +863,8 @@ int virNetSocketNewConnectSSH(const char
+ virCommandAddEnvPass(cmd, "KRB5CCNAME");
+ virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
+ virCommandAddEnvPass(cmd, "SSH_ASKPASS");
++ virCommandAddEnvPass(cmd, "GPG_TTY", NULL);
++ virCommandAddEnvPass(cmd, "TERM", NULL);
+ virCommandAddEnvPass(cmd, "DISPLAY");
+ virCommandAddEnvPass(cmd, "XAUTHORITY");
virCommandClearCaps(cmd);
=====================================
debian/patches/debian/Debianize-libvirt-guests.patch
=====================================
@@ -8,8 +8,6 @@ Origin: vendor
tools/libvirt-guests.sysconf | 4 ++--
2 files changed, 30 insertions(+), 19 deletions(-)
-diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in
-index 4bc6e86..f94f1b3 100644
--- a/tools/libvirt-guests.sh.in
+++ b/tools/libvirt-guests.sh.in
@@ -1,5 +1,17 @@
@@ -31,7 +29,7 @@ index 4bc6e86..f94f1b3 100644
# Copyright (C) 2011-2014 Red Hat, Inc.
#
# This library is free software; you can redistribute it and/or
-@@ -16,23 +28,23 @@
+@@ -16,34 +28,34 @@
# License along with this library. If not, see
# <http://www.gnu.org/licenses/>.
@@ -66,8 +64,7 @@ index 4bc6e86..f94f1b3 100644
SHUTDOWN_TIMEOUT=300
PARALLEL_SHUTDOWN=0
START_DELAY=0
-@@ -41,11 +53,11 @@ CONNECT_RETRIES=10
- RETRIES_SLEEP=1
+ BYPASS_CACHE=0
SYNC_TIME=0
-test -f "$sysconfdir"/sysconfig/libvirt-guests &&
@@ -81,7 +78,7 @@ index 4bc6e86..f94f1b3 100644
RETVAL=0
-@@ -552,8 +564,7 @@ gueststatus() {
+@@ -543,8 +555,7 @@ gueststatus() {
# rh_status
# Display current status: whether saved state exists, and whether start
@@ -91,8 +88,6 @@ index 4bc6e86..f94f1b3 100644
rh_status() {
if [ -f "$LISTFILE" ]; then
gettext "stopped, with saved guests"; echo
-diff --git a/tools/libvirt-guests.sysconf b/tools/libvirt-guests.sysconf
-index 669b046..1c4b450 100644
--- a/tools/libvirt-guests.sysconf
+++ b/tools/libvirt-guests.sysconf
@@ -8,7 +8,7 @@
=====================================
debian/patches/debian/Debianize-systemd-service-files.patch
=====================================
@@ -7,35 +7,27 @@ Subject: Debianize systemd service files
tools/libvirt-guests.service.in | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
-diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
-index 3ddf0e2..143dd7f 100644
--- a/src/remote/libvirtd.service.in
+++ b/src/remote/libvirtd.service.in
-@@ -20,12 +20,12 @@ Documentation=https://libvirt.org
+@@ -25,8 +25,8 @@ Documentation=https://libvirt.org
[Service]
Type=notify
--EnvironmentFile=-/etc/sysconfig/libvirtd
-+EnvironmentFile=-/etc/default/libvirtd
- # libvirtd.service is set to run on boot so that autostart of
- # VMs can be performed. We don't want it to stick around if
- # unused though, so we set a timeout. The socket activation
- # then ensures it gets started again if anything needs it
--ExecStart=@sbindir@/libvirtd --timeout 120 $LIBVIRTD_ARGS
-+ExecStart=@sbindir@/libvirtd --timeout 120 $libvirtd_opts
+-EnvironmentFile=- at sysconfdir@/sysconfig/libvirtd
+-ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS
++EnvironmentFile=- at sysconfdir@/default/libvirtd
++ExecStart=@sbindir@/libvirtd $libvirtd_opts
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
-diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in
-index 491ca62..c2f36cf 100644
--- a/tools/libvirt-guests.service.in
+++ b/tools/libvirt-guests.service.in
@@ -10,7 +10,7 @@ Documentation=man:libvirtd(8)
Documentation=https://libvirt.org
[Service]
--EnvironmentFile=-/etc/sysconfig/libvirt-guests
-+EnvironmentFile=-/etc/default/libvirt-guests
+-EnvironmentFile=- at sysconfdir@/sysconfig/libvirt-guests
++EnvironmentFile=- at sysconfdir@/default/libvirt-guests
# Hack just call traditional service until we factor
# out the code
ExecStart=@libexecdir@/libvirt-guests.sh start
=====================================
debian/patches/debian/Debianize-virtlockd.patch
=====================================
@@ -6,16 +6,14 @@ Subject: Debianize virtlockd
src/locking/virtlockd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in
-index 3c9d587..7304a90 100644
--- a/src/locking/virtlockd.service.in
+++ b/src/locking/virtlockd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlockd(8)
Documentation=https://libvirt.org
[Service]
--EnvironmentFile=-/etc/sysconfig/virtlockd
-+EnvironmentFile=-/etc/default/virtlockd
+-EnvironmentFile=- at sysconfdir@/sysconfig/virtlockd
++EnvironmentFile=- at sysconfdir@/default/virtlockd
ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS
ExecReload=/bin/kill -USR1 $MAINPID
# Loosing the locks is a really bad thing that will
=====================================
debian/patches/debian/Debianize-virtlogd.patch
=====================================
@@ -6,16 +6,14 @@ Subject: Debianize virtlogd
src/logging/virtlogd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in
-index 3d9ae36..fe99d53 100644
--- a/src/logging/virtlogd.service.in
+++ b/src/logging/virtlogd.service.in
@@ -7,7 +7,7 @@ Documentation=man:virtlogd(8)
Documentation=https://libvirt.org
[Service]
--EnvironmentFile=-/etc/sysconfig/virtlogd
-+EnvironmentFile=-/etc/default/virtlogd
+-EnvironmentFile=- at sysconfdir@/sysconfig/virtlogd
++EnvironmentFile=- at sysconfdir@/default/virtlogd
ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS
ExecReload=/bin/kill -USR1 $MAINPID
# Loosing the logs is a really bad thing that will
=====================================
debian/patches/series
=====================================
@@ -15,6 +15,4 @@ Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
apparmor-Allow-virt-aa-helper-to-access-the-name-service-.patch
debian/Prefer-sbin-over-usr-sbin.patch
Include-etc-pki-qemu-in-apparmor.patch
-virt-aa-helper-Fix-AppArmor-profile.patch
-virt-aa-helper-Actually-fix-AppArmor-profile.patch
apparmor-Allow-run-pygrub.patch
=====================================
debian/patches/virt-aa-helper-Actually-fix-AppArmor-profile.patch deleted
=====================================
@@ -1,41 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Tue, 20 Aug 2019 09:54:12 +0200
-Subject: virt-aa-helper: Actually fix AppArmor profile
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Tried previously in
-
- commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823
- Author: Andrea Bolognani <abologna at redhat.com>
- Date: Mon Aug 19 10:23:42 2019 +0200
-
- virt-aa-helper: Fix AppArmor profile
-
- v5.6.0-243-gb1eb8b3e8f
-
-with somewhat disappointing results.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit 9c2446ed4a81450f6482f259f9a0cf720cb0e423)
----
- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index 8a9a1f3..85ed370 100644
---- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -19,8 +19,8 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
- @{PROC}/filesystems r,
-
- # Used when internally running another command (namely apparmor_parser)
-- @{PROC}/self/fd r,
-- @{PROC}/@{pid}/fd r,
-+ @{PROC}/self/fd/ r,
-+ @{PROC}/@{pid}/fd/ r,
-
- /etc/libnl-3/classid r,
-
=====================================
debian/patches/virt-aa-helper-Fix-AppArmor-profile.patch deleted
=====================================
@@ -1,65 +0,0 @@
-From: Andrea Bolognani <abologna at redhat.com>
-Date: Mon, 19 Aug 2019 10:23:42 +0200
-Subject: virt-aa-helper: Fix AppArmor profile
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Since
-
- commit 432faf259b696043ee5d7e8f657d855419a9a3fa
- Author: Michal Privoznik <mprivozn at redhat.com>
- Date: Tue Jul 2 19:49:51 2019 +0200
-
- virCommand: use procfs to learn opened FDs
-
- When spawning a child process, between fork() and exec() we close
- all file descriptors and keep only those the caller wants us to
- pass onto the child. The problem is how we do that. Currently, we
- get the limit of opened files and then iterate through each one
- of them and either close() it or make it survive exec(). This
- approach is suboptimal (although, not that much in default
- configurations where the limit is pretty low - 1024). We have
- /proc where we can learn what FDs we hold open and thus we can
- selectively close only those.
-
- Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
- Reviewed-by: Ján Tomko <jtomko at redhat.com>
-
- v5.5.0-173-g432faf259b
-
-programs using the virCommand APIs on Linux need read access to
-/proc/self/fd, or they will fail like
-
- error : virCommandWait:2796 : internal error: Child process
- (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -c
- -u libvirt-b20e9a8e-091a-45e0-8823-537119e98bc6) unexpected exit
- status 1: libvirt: error : cannot open directory '/proc/self/fd':
- Permission denied
- virt-aa-helper: error: apparmor_parser exited with error
-
-Update the AppArmor profile for virt-aa-helper so that read access
-to the relevant path is granted.
-
-Signed-off-by: Andrea Bolognani <abologna at redhat.com>
-Reviewed-by: Ján Tomko <jtomko at redhat.com>
-(cherry picked from commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823)
----
- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-index ee02744..8a9a1f3 100644
---- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
-@@ -18,6 +18,10 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
- owner @{PROC}/[0-9]*/status r,
- @{PROC}/filesystems r,
-
-+ # Used when internally running another command (namely apparmor_parser)
-+ @{PROC}/self/fd r,
-+ @{PROC}/@{pid}/fd r,
-+
- /etc/libnl-3/classid r,
-
- # for gl enabled graphics
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/cc6b955fe06b03bbd8e74813848680d24434a530
--
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/cc6b955fe06b03bbd8e74813848680d24434a530
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20200113/38e2dfd6/attachment-0001.html>
More information about the Pkg-libvirt-commits
mailing list