packages/libvirt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!136 [sync] PR-135: [sync] PR-134: update patch with openeuler !59

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @kevinzhu1 
Signed-off-by: @kevinzhu1
This commit is contained in:
openeuler-ci-bot 2022-04-06 02:13:08 +00:00 committed by Gitee
commit bddd51893e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
apparmor-Permit-new-capabilities-required-by-libvirt.patch Normal file
View File

@ -0,0 +1,38 @@
From 9abebfb36b2380829be4a901d7c9785a7a8f5f6a Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Mon, 7 Jun 2021 16:21:28 -0600
Subject: [PATCH] apparmor: Permit new capabilities required by libvirtd
The audit log contains the following denials from libvirtd
apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="daemon-init" capability=17 capname="sys_rawio"
apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=39 capname="bpf"
apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=38 capname="perfmon"
Squelch the denials and allow the capabilities in the libvirtd
apparmor profile.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/security/apparmor/usr.sbin.libvirtd.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 1e137039e9..49266743f5 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -25,6 +25,9 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
capability fsetid,
capability audit_write,
capability ipc_lock,
+ capability sys_rawio,
+ capability bpf,
+ capability perfmon,
# Needed for vfio
capability sys_resource,
--
2.27.0

6
libvirt.spec
View File

@ -101,7 +101,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 6.2.0 Version: 6.2.0
Release: 35 Release: 36
License: LGPLv2+ License: LGPLv2+
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -245,6 +245,7 @@ Patch0132: qemu-monitor-Don-t-add-props-wrapper-if-qemu-has-QEM.patch
Patch0133: qemu-command-Use-JSON-for-QAPIfied-object-directly.patch Patch0133: qemu-command-Use-JSON-for-QAPIfied-object-directly.patch
Patch0134: tests-qemuxml2argv-Validate-generation-of-JSON-props.patch Patch0134: tests-qemuxml2argv-Validate-generation-of-JSON-props.patch
Patch0135: qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch Patch0135: qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch
Patch0136: apparmor-Permit-new-capabilities-required-by-libvirt.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -1979,6 +1980,9 @@ exit 0
%changelog %changelog
* Thu Mar 24 2022 yezengruan <yezengruan@huawei.com>
- apparmor: Permit new capabilities required by libvirtd
* Thu Mar 24 2022 yezengruan <yezengruan@huawei.com> * Thu Mar 24 2022 yezengruan <yezengruan@huawei.com>
- qemuMonitorJSONSetMigrationParams: Take double pointer for @params - qemuMonitorJSONSetMigrationParams: Take double pointer for @params
- qemuMonitorJSONAddObject: Take double pointer for @props - qemuMonitorJSONAddObject: Take double pointer for @props