diff options
Diffstat (limited to 'app-emulation/libvirt/files')
17 files changed, 780 insertions, 450 deletions
diff --git a/app-emulation/libvirt/files/README.gentoo-r3 b/app-emulation/libvirt/files/README.gentoo-r3 index 1fec12f0c025..0eab21d3a006 100644 --- a/app-emulation/libvirt/files/README.gentoo-r3 +++ b/app-emulation/libvirt/files/README.gentoo-r3 @@ -5,7 +5,7 @@ host. In order to reenable client handling, edit /etc/conf.d/libvirt-guests and enable the service and start it: $ rc-update add libvirt-guests - $ service libvirt-guests start + $ rc-service libvirt-guests start For the basic networking support (bridged and routed networks) you don't diff --git a/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch b/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch new file mode 100644 index 000000000000..7ef0652faa38 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch @@ -0,0 +1,42 @@ +From 2127032ed8cd49001465dc0dce9f842e13467bc2 Mon Sep 17 00:00:00 2001 +Message-ID: <2127032ed8cd49001465dc0dce9f842e13467bc2.1713033988.git.mprivozn@redhat.com> +From: Martin Kletzander <mkletzan@redhat.com> +Date: Tue, 27 Feb 2024 16:20:12 +0100 +Subject: [PATCH 1/2] Fix off-by-one error in udevListInterfacesByStatus +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Ever since this function was introduced in 2012 it could've tried +filling in an extra interface name. That was made worse in 2019 when +the caller functions started accepting NULL arrays of size 0. + +This is assigned CVE-2024-1441. + +Signed-off-by: Martin Kletzander <mkletzan@redhat.com> +Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> +Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca +Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15 +Reviewed-by: Ján Tomko <jtomko@redhat.com> +(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8) +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/interface/interface_backend_udev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c +index fb6799ed94..4091483060 100644 +--- a/src/interface/interface_backend_udev.c ++++ b/src/interface/interface_backend_udev.c +@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn, + g_autoptr(virInterfaceDef) def = NULL; + + /* Ensure we won't exceed the size of our array */ +- if (count > names_len) ++ if (count >= names_len) + break; + + path = udev_list_entry_get_name(dev_entry); +-- +2.43.2 + diff --git a/app-emulation/libvirt/files/libvirt-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch b/app-emulation/libvirt/files/libvirt-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch new file mode 100644 index 000000000000..3e0426634f42 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch @@ -0,0 +1,222 @@ +From 10fa5f6ba64b354b99b0f7b372e66e45bb4d9379 Mon Sep 17 00:00:00 2001 +Message-ID: <10fa5f6ba64b354b99b0f7b372e66e45bb4d9379.1713033988.git.mprivozn@redhat.com> +In-Reply-To: <2127032ed8cd49001465dc0dce9f842e13467bc2.1713033988.git.mprivozn@redhat.com> +References: <2127032ed8cd49001465dc0dce9f842e13467bc2.1713033988.git.mprivozn@redhat.com> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Fri, 15 Mar 2024 10:47:50 +0000 +Subject: [PATCH 2/2] remote: check for negative array lengths before + allocation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While the C API entry points will validate non-negative lengths +for various parameters, the RPC server de-serialization code +will need to allocate memory for arrays before entering the C +API. These allocations will thus happen before the non-negative +length check is performed. + +Passing a negative length to the g_new0 function will usually +result in a crash due to the negative length being treated as +a huge positive number. + +This was found and diagnosed by ALT Linux Team with AFLplusplus. + +CVE-2024-2494 +Reviewed-by: Michal Privoznik <mprivozn@redhat.com> +Found-by: Alexandr Shashkin <dutyrok@altlinux.org> +Co-developed-by: Alexander Kuznetsov <kuznetsovam@altlinux.org> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit 8a3f8d957507c1f8223fdcf25a3ff885b15557f2) +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/remote/remote_daemon_dispatch.c | 65 +++++++++++++++++++++++++++++ + src/rpc/gendispatch.pl | 5 +++ + 2 files changed, 70 insertions(+) + +diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c +index 7daf503b51..7542caa952 100644 +--- a/src/remote/remote_daemon_dispatch.c ++++ b/src/remote/remote_daemon_dispatch.c +@@ -2291,6 +2291,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServer *server G_GNUC_UNUSED, + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2339,6 +2343,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServer *server G_GNUC_UNUS + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2497,6 +2505,10 @@ remoteDispatchDomainBlockStatsFlags(virNetServer *server G_GNUC_UNUSED, + goto cleanup; + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLOCK_STATS_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -2717,6 +2729,14 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->ncpumaps < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps must be non-negative")); ++ goto cleanup; ++ } ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative")); ++ goto cleanup; ++ } + if (args->ncpumaps > REMOTE_VCPUINFO_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps > REMOTE_VCPUINFO_MAX")); + goto cleanup; +@@ -2811,6 +2831,11 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative")); ++ goto cleanup; ++ } ++ + /* Allocate buffers to take the results */ + if (args->maplen > 0) + cpumaps = g_new0(unsigned char, args->maplen); +@@ -2858,6 +2883,14 @@ remoteDispatchDomainGetVcpus(virNetServer *server G_GNUC_UNUSED, + if (!(dom = get_nonnull_domain(conn, args->dom))) + goto cleanup; + ++ if (args->maxinfo < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative")); ++ goto cleanup; ++ } ++ if (args->maplen < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative")); ++ goto cleanup; ++ } + if (args->maxinfo > REMOTE_VCPUINFO_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo > REMOTE_VCPUINFO_MAX")); + goto cleanup; +@@ -3096,6 +3129,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3156,6 +3193,10 @@ remoteDispatchDomainGetNumaParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_NUMA_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3216,6 +3257,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLKIO_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3277,6 +3322,10 @@ remoteDispatchNodeGetCPUStats(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_CPU_STATS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3339,6 +3388,10 @@ remoteDispatchNodeGetMemoryStats(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_MEMORY_STATS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -3514,6 +3567,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServer *server G_GNUC_UNUSED, + if (!conn) + goto cleanup; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -5079,6 +5136,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_DOMAIN_INTERFACE_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +@@ -5299,6 +5360,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServer *server G_GNUC_UNUSED, + + flags = args->flags; + ++ if (args->nparams < 0) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative")); ++ goto cleanup; ++ } + if (args->nparams > REMOTE_NODE_MEMORY_PARAMETERS_MAX) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large")); + goto cleanup; +diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl +index fa45d15a92..294e21f8a1 100755 +--- a/src/rpc/gendispatch.pl ++++ b/src/rpc/gendispatch.pl +@@ -1070,6 +1070,11 @@ elsif ($mode eq "server") { + print "\n"; + + if ($single_ret_as_list) { ++ print " if (args->$single_ret_list_max_var < 0) {\n"; ++ print " virReportError(VIR_ERR_RPC,\n"; ++ print " \"%s\", _(\"max$single_ret_list_name must be non-negative\"));\n"; ++ print " goto cleanup;\n"; ++ print " }\n"; + print " if (args->$single_ret_list_max_var > $single_ret_list_max_define) {\n"; + print " virReportError(VIR_ERR_RPC,\n"; + print " \"%s\", _(\"max$single_ret_list_name > $single_ret_list_max_define\"));\n"; +-- +2.43.2 + diff --git a/app-emulation/libvirt/files/libvirt-10.3.0-vsh-Don-t-init-history-in-cmdComplete.patch b/app-emulation/libvirt/files/libvirt-10.3.0-vsh-Don-t-init-history-in-cmdComplete.patch new file mode 100644 index 000000000000..b151e3134e63 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-10.3.0-vsh-Don-t-init-history-in-cmdComplete.patch @@ -0,0 +1,84 @@ +From cab1e71f0161fd24c5d6ff4c379d3a242ea8c2d9 Mon Sep 17 00:00:00 2001 +Message-ID: <cab1e71f0161fd24c5d6ff4c379d3a242ea8c2d9.1714995961.git.mprivozn@redhat.com> +From: Michal Privoznik <mprivozn@redhat.com> +Date: Sat, 4 May 2024 05:12:54 +0200 +Subject: [PATCH] vsh: Don't init history in cmdComplete() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recent rework of virshtest uncovered a subtle bug that was +dormant in now vsh but before that even in monolithic virsh. + +In vsh.c there's this vshReadlineInit() function that's supposed +to initialize readline library, i.e. set those global rl_* +pointers. But it also initializes history library. Then, when +virsh/virt-admin quits, vshReadlineDeinit() is called which +writes history into a file (ensuring the parent directory +exists). So far no problem. + +Problem arises when cmdComplete() is called (from a bash +completer, for instance). It does not guard call to +vshReadlineInit() with check for interactive shell (and it should +not), but it sets ctl->historyfile which signals to +vshReadlineDeinit() the history should be written. + +Now, no real history is written, because nothing was entered on +the stdin, but the parent directory is created nevertheless. With +recent movement in virshtest.c this means some test cases might +create virsh history file which breaks our promise of not +touching user's data in test suite. + +Resolves: https://bugs.gentoo.org/931109 +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +--- + tools/vsh.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tools/vsh.c b/tools/vsh.c +index 58855f63ba..e74045c24e 100644 +--- a/tools/vsh.c ++++ b/tools/vsh.c +@@ -2973,7 +2973,7 @@ vshReadlineInit(vshControl *ctl) + const char *quote_characters = "\"'"; + + /* initialize readline stuff only once */ +- if (ctl->historydir) ++ if (autoCompleteOpaque) + return 0; + + /* Opaque data for autocomplete callbacks. */ +@@ -2989,6 +2989,11 @@ vshReadlineInit(vshControl *ctl) + rl_completer_quote_characters = quote_characters; + rl_char_is_quoted_p = vshReadlineCharIsQuoted; + ++ /* Stuff below is needed only for interactive mode. */ ++ if (!ctl->imode) { ++ return 0; ++ } ++ + histsize_env = g_strdup_printf("%s_HISTSIZE", ctl->env_prefix); + + /* Limit the total size of the history buffer */ +@@ -3149,7 +3154,7 @@ vshInit(vshControl *ctl, const vshCmdGrp *groups) + cmdGroups = groups; + + if (vshInitDebug(ctl) < 0 || +- (ctl->imode && vshReadlineInit(ctl) < 0)) ++ vshReadlineInit(ctl) < 0) + return false; + + return true; +@@ -3168,7 +3173,7 @@ vshInitReload(vshControl *ctl) + + if (ctl->imode) + vshReadlineDeinit(ctl); +- if (ctl->imode && vshReadlineInit(ctl) < 0) ++ if (vshReadlineInit(ctl) < 0) + return false; + + return true; +-- +2.43.2 + diff --git a/app-emulation/libvirt/files/libvirt-6.7.0-do-not-use-sysconfig.patch b/app-emulation/libvirt/files/libvirt-6.7.0-do-not-use-sysconfig.patch deleted file mode 100644 index f3d2e3c39162..000000000000 --- a/app-emulation/libvirt/files/libvirt-6.7.0-do-not-use-sysconfig.patch +++ /dev/null @@ -1,169 +0,0 @@ ---- a/src/interface/virtinterfaced.service.in -+++ b/src/interface/virtinterfaced.service.in -@@ -13,7 +13,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtinterfaced - ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/libxl/virtxend.service.in -+++ b/src/libxl/virtxend.service.in -@@ -17,7 +17,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtxend - ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/locking/virtlockd.service.in -+++ b/src/locking/virtlockd.service.in -@@ -7,8 +7,7 @@ - Documentation=https://libvirt.org - - [Service] --EnvironmentFile=-@sysconfdir@/sysconfig/virtlockd --ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS -+ExecStart=@sbindir@/virtlockd - ExecReload=/bin/kill -USR1 $MAINPID - # Loosing the locks is a really bad thing that will - # cause the machine to be fenced (rebooted), so make ---- a/src/logging/virtlogd.service.in -+++ b/src/logging/virtlogd.service.in -@@ -7,8 +7,7 @@ - Documentation=https://libvirt.org - - [Service] --EnvironmentFile=-@sysconfdir@/sysconfig/virtlogd --ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS -+ExecStart=@sbindir@/virtlogd - ExecReload=/bin/kill -USR1 $MAINPID - # Loosing the logs is a really bad thing that will - # cause the machine to be fenced (rebooted), so make ---- a/src/lxc/virtlxcd.service.in -+++ b/src/lxc/virtlxcd.service.in -@@ -18,7 +18,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtlxcd - ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - KillMode=process ---- a/src/network/virtnetworkd.service.in -+++ b/src/network/virtnetworkd.service.in -@@ -16,7 +16,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtnetworkd - ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/node_device/virtnodedevd.service.in -+++ b/src/node_device/virtnodedevd.service.in -@@ -13,7 +13,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtnodedevd - ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/nwfilter/virtnwfilterd.service.in -+++ b/src/nwfilter/virtnwfilterd.service.in -@@ -13,7 +13,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtnwfilterd - ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/qemu/virtqemud.service.in -+++ b/src/qemu/virtqemud.service.in -@@ -18,7 +18,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtqemud - ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - KillMode=process ---- a/src/remote/libvirtd.service.in -+++ b/src/remote/libvirtd.service.in -@@ -28,8 +28,7 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/libvirtd --ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS -+ExecStart=@sbindir@/libvirtd - ExecReload=/bin/kill -HUP $MAINPID - KillMode=process - Restart=on-failure ---- a/src/remote/virtproxyd.service.in -+++ b/src/remote/virtproxyd.service.in -@@ -13,7 +13,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtproxyd - ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/secret/virtsecretd.service.in -+++ b/src/secret/virtsecretd.service.in -@@ -13,7 +13,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtsecretd - ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/storage/virtstoraged.service.in -+++ b/src/storage/virtstoraged.service.in -@@ -15,7 +15,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtstoraged - ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/src/vbox/virtvboxd.service.in -+++ b/src/vbox/virtvboxd.service.in -@@ -14,7 +14,6 @@ - - [Service] - Type=notify --EnvironmentFile=-@sysconfdir@/sysconfig/virtvboxd - ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS - ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure ---- a/tools/libvirt-guests.service.in -+++ b/tools/libvirt-guests.service.in -@@ -10,7 +10,7 @@ - Documentation=https://libvirt.org - - [Service] --EnvironmentFile=-@sysconfdir@/sysconfig/libvirt-guests -+EnvironmentFile=-/etc/libvirt/libvirt-guests.conf - # Hack just call traditional service until we factor - # out the code - ExecStart=@libexecdir@/libvirt-guests.sh start ---- a/tools/libvirt-guests.sysconf -+++ b/tools/libvirt-guests.sysconf -@@ -1,3 +1,9 @@ -+# -+# Warning: This configuration file is only sourced by the systemd -+# libvirt-guests.service unit. The coresponding openrc facility is in -+# /etc/init.d/libvirtd and /etc/conf.d/libvirtd -+# -+ - # Customizations for the libvirt-guests.service systemd unit - - # URIs to check for running guests diff --git a/app-emulation/libvirt/files/libvirt-6.7.0-doc-path.patch b/app-emulation/libvirt/files/libvirt-6.7.0-doc-path.patch deleted file mode 100644 index 65eb35f3e346..000000000000 --- a/app-emulation/libvirt/files/libvirt-6.7.0-doc-path.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- a/meson.build 2020-09-26 21:25:08.557345415 +0000 -+++ b/meson.build 2020-09-26 21:25:59.507348156 +0000 -@@ -84,7 +84,7 @@ sbindir = prefix / get_option('sbindir') - sharedstatedir = prefix / get_option('sharedstatedir') - - confdir = sysconfdir / meson.project_name() --docdir = datadir / 'doc' / meson.project_name() -+docdir = datadir / 'doc' / '@0@-@1@'.format(meson.project_name(), meson.project_version()) - pkgdatadir = datadir / meson.project_name() diff --git a/app-emulation/libvirt/files/libvirt-6.7.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-6.7.0-fix-paths-for-apparmor.patch deleted file mode 100644 index 18e7ef2daa0b..000000000000 --- a/app-emulation/libvirt/files/libvirt-6.7.0-fix-paths-for-apparmor.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu -index 80986ae..d550d8c 100644 ---- a/src/security/apparmor/libvirt-qemu -+++ b/src/security/apparmor/libvirt-qemu -@@ -88,6 +88,7 @@ - /usr/share/sgabios/** r, - /usr/share/slof/** r, - /usr/share/vgabios/** r, -+ /usr/share/seavgabios/** r, - - # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140) - /etc/pki/CA/ r, - ---- a/src/security/apparmor/meson.build 2020-10-06 17:45:18.590000000 +0100 -+++ b/src/security/apparmor/meson.build 2020-10-06 17:45:07.044000000 +0100 -@@ -1,5 +1,5 @@ - apparmor_gen_profiles = [ -- 'usr.lib.libvirt.virt-aa-helper', -+ 'usr.libexec.libvirt.virt-aa-helper', - 'usr.sbin.libvirtd', - ] - -@@ -32,7 +32,7 @@ install_data( - ) - - install_data( -- 'usr.lib.libvirt.virt-aa-helper.local', -+ 'usr.libexec.libvirt.virt-aa-helper.local', - install_dir: apparmor_dir / 'local', -- rename: 'usr.lib.libvirt.virt-aa-helper', -+ rename: 'usr.libexec.libvirt.virt-aa-helper', - ) - -diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in -similarity index 97% -rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in -rename to src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in -index dd18c8a..d06f9cb 100644 ---- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in -+++ b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in -@@ -69,5 +69,5 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { - /**.[iI][sS][oO] r, - /**/disk{,.*} r, - -- #include <local/usr.lib.libvirt.virt-aa-helper> -+ #include <local/usr.libexec.libvirt.virt-aa-helper> - } -diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local -similarity index 100% -rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local -rename to src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local diff --git a/app-emulation/libvirt/files/libvirt-7.0.0-fix_virtproxyd_unit_file.patch b/app-emulation/libvirt/files/libvirt-7.0.0-fix_virtproxyd_unit_file.patch deleted file mode 100644 index a8ee5dcee3fe..000000000000 --- a/app-emulation/libvirt/files/libvirt-7.0.0-fix_virtproxyd_unit_file.patch +++ /dev/null @@ -1,18 +0,0 @@ -https://bugs.gentoo.org/792228 -https://gitlab.com/libvirt/libvirt/-/commit/e3d60f7 - --- -diff --git a/src/remote/meson.build b/src/remote/meson.build -index 9ad2f6ab1c268012a263ab4ede6410fb80e14a12..0a188268b58b7af41645799aac3ef3f156fd48ad 100644 ---- a/src/remote/meson.build -+++ b/src/remote/meson.build -@@ -230,7 +230,7 @@ if conf.has('WITH_REMOTE') - 'name': 'Libvirt proxy', - 'sockprefix': 'libvirt', - 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], -- 'deps': libvirtd_socket_conflicts, -+ 'deps': 'Conflicts=' + libvirtd_socket_conflicts, - } - - openrc_init_files += { - diff --git a/app-emulation/libvirt/files/libvirt-7.3.0-vircgroup-Fix-virCgroupKillRecursive-wrt-nested-cont.patch b/app-emulation/libvirt/files/libvirt-7.3.0-vircgroup-Fix-virCgroupKillRecursive-wrt-nested-cont.patch deleted file mode 100644 index 69572b321cfb..000000000000 --- a/app-emulation/libvirt/files/libvirt-7.3.0-vircgroup-Fix-virCgroupKillRecursive-wrt-nested-cont.patch +++ /dev/null @@ -1,189 +0,0 @@ -From ea7d0ca37cce76e1327945c4864b996d7fd6d2e6 Mon Sep 17 00:00:00 2001 -Message-Id: <ea7d0ca37cce76e1327945c4864b996d7fd6d2e6.1618903455.git.mprivozn@redhat.com> -From: Michal Privoznik <mprivozn@redhat.com> -Date: Fri, 16 Apr 2021 16:39:14 +0200 -Subject: [PATCH] vircgroup: Fix virCgroupKillRecursive() wrt nested - controllers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -I've encountered the following bug, but only on Gentoo with -systemd and CGroupsV2. I've started an LXC container successfully -but destroying it reported the following error: - - error: Failed to destroy domain 'amd64' - error: internal error: failed to get cgroup backend for 'pathOfController' - -Debugging showed, that CGroup hierarchy is full of surprises: - -/sys/fs/cgroup/machine.slice/machine-lxc\x2d861\x2damd64.scope/ -└── libvirt - ├── dev-hugepages.mount - ├── dev-mqueue.mount - ├── init.scope - ├── sys-fs-fuse-connections.mount - ├── sys-kernel-config.mount - ├── sys-kernel-debug.mount - ├── sys-kernel-tracing.mount - ├── system.slice - │ ├── console-getty.service - │ ├── dbus.service - │ ├── system-getty.slice - │ ├── system-modprobe.slice - │ ├── systemd-journald.service - │ ├── systemd-logind.service - │ └── tmp.mount - └── user.slice - -For comparison, here's the same container on recent Rawhide: - -/sys/fs/cgroup/machine.slice/machine-lxc\x2d13550\x2damd64.scope/ -└── libvirt - -Anyway, those nested directories should not be a problem, because -virCgroupKillRecursiveInternal() removes them recursively, right? -Sort of. The function really does remove nested directories, but -it assumes that every directory has the same controller as the -rest. Just take a look at virCgroupV2KillRecursive() - it gets -'Any' controller (the first one it found in ".scope") and then -passes it to virCgroupKillRecursiveInternal(). - -This assumption is not true though. The controllers found in -".scope" are the following: - - cpuset cpu io memory pids - -while "libvirt" has fewer: - - cpuset cpu io memory - -Up until now it's not problem, because of how we order -controllers internally - "cpu" is the first and thus picking -"Any" controller returns just that. But the rest of directories -has no controllers, their "cgroup.controllers" is just empty. - -What fixes the bug is dropping @controller argument from -virCgroupKillRecursiveInternal() and letting each iteration work -pick its own controller. - -Signed-off-by: Michal Privoznik <mprivozn@redhat.com> -Reviewed-by: Pavel Hrdina <phrdina@redhat.com> ---- - src/util/vircgroup.c | 25 +++++++++++++++++++++++-- - src/util/vircgrouppriv.h | 1 - - src/util/vircgroupv1.c | 7 +------ - src/util/vircgroupv2.c | 7 +------ - 4 files changed, 25 insertions(+), 15 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index 96280a0a4e..37dde2a5ed 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -1477,6 +1477,24 @@ virCgroupHasController(virCgroup *cgroup, int controller) - } - - -+static int -+virCgroupGetAnyController(virCgroup *cgroup) -+{ -+ size_t i; -+ -+ for (i = 0; i < VIR_CGROUP_BACKEND_TYPE_LAST; i++) { -+ if (!cgroup->backends[i]) -+ continue; -+ -+ return cgroup->backends[i]->getAnyController(cgroup); -+ } -+ -+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", -+ _("Unable to get any controller")); -+ return -1; -+} -+ -+ - int - virCgroupPathOfController(virCgroup *group, - unsigned int controller, -@@ -2715,11 +2733,11 @@ int - virCgroupKillRecursiveInternal(virCgroup *group, - int signum, - GHashTable *pids, -- int controller, - const char *taskFile, - bool dormdir) - { - int rc; -+ int controller; - bool killedAny = false; - g_autofree char *keypath = NULL; - g_autoptr(DIR) dp = NULL; -@@ -2728,6 +2746,9 @@ virCgroupKillRecursiveInternal(virCgroup *group, - VIR_DEBUG("group=%p signum=%d pids=%p taskFile=%s dormdir=%d", - group, signum, pids, taskFile, dormdir); - -+ if ((controller = virCgroupGetAnyController(group)) < 0) -+ return -1; -+ - if (virCgroupPathOfController(group, controller, "", &keypath) < 0) - return -1; - -@@ -2760,7 +2781,7 @@ virCgroupKillRecursiveInternal(virCgroup *group, - return -1; - - if ((rc = virCgroupKillRecursiveInternal(subgroup, signum, pids, -- controller, taskFile, true)) < 0) -+ taskFile, true)) < 0) - return -1; - if (rc == 1) - killedAny = true; -diff --git a/src/util/vircgrouppriv.h b/src/util/vircgrouppriv.h -index 00193fb101..caf7ed84db 100644 ---- a/src/util/vircgrouppriv.h -+++ b/src/util/vircgrouppriv.h -@@ -135,6 +135,5 @@ int virCgroupRemoveRecursively(char *grppath); - int virCgroupKillRecursiveInternal(virCgroup *group, - int signum, - GHashTable *pids, -- int controller, - const char *taskFile, - bool dormdir); -diff --git a/src/util/vircgroupv1.c b/src/util/vircgroupv1.c -index 2cc7dd386a..8a04bb2e4a 100644 ---- a/src/util/vircgroupv1.c -+++ b/src/util/vircgroupv1.c -@@ -812,12 +812,7 @@ virCgroupV1KillRecursive(virCgroup *group, - int signum, - GHashTable *pids) - { -- int controller = virCgroupV1GetAnyController(group); -- -- if (controller < 0) -- return -1; -- -- return virCgroupKillRecursiveInternal(group, signum, pids, controller, -+ return virCgroupKillRecursiveInternal(group, signum, pids, - "tasks", false); - } - -diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c -index e555217355..8881d3a88a 100644 ---- a/src/util/vircgroupv2.c -+++ b/src/util/vircgroupv2.c -@@ -577,12 +577,7 @@ virCgroupV2KillRecursive(virCgroup *group, - int signum, - GHashTable *pids) - { -- int controller = virCgroupV2GetAnyController(group); -- -- if (controller < 0) -- return -1; -- -- return virCgroupKillRecursiveInternal(group, signum, pids, controller, -+ return virCgroupKillRecursiveInternal(group, signum, pids, - "cgroup.threads", false); - } - --- -2.26.3 - diff --git a/app-emulation/libvirt/files/libvirt-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch b/app-emulation/libvirt/files/libvirt-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch new file mode 100644 index 000000000000..b24236be8751 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch @@ -0,0 +1,36 @@ +From 7a5f232be2269e74943a029c0e8b1b0124674a6c Mon Sep 17 00:00:00 2001 +Message-ID: <7a5f232be2269e74943a029c0e8b1b0124674a6c.1700576185.git.mprivozn@redhat.com> +From: Michal Privoznik <mprivozn@redhat.com> +Date: Mon, 20 Nov 2023 03:18:12 +0100 +Subject: [PATCH] virxml: include <libxml/xmlsave.h> for xmlIndentTreeOutput + declaration +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +After libxml2's commit of v2.12.0~101 we no longer get +xmlIndentTreeOutput declaration by us including just +libxml/xpathInternals.h and libxml2's header files leakage. + +Resolves: https://bugs.gentoo.org/917516 +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +--- + src/util/virxml.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/util/virxml.c b/src/util/virxml.c +index 0c1eae8c3c..4f215a0e59 100644 +--- a/src/util/virxml.c ++++ b/src/util/virxml.c +@@ -24,6 +24,7 @@ + #include <math.h> /* for isnan() */ + #include <sys/stat.h> + ++#include <libxml/xmlsave.h> + #include <libxml/xpathInternals.h> + + #include "virerror.h" +-- +2.41.0 + diff --git a/app-emulation/libvirt/files/libvirt-9.4.0-do-not-use-sysconfig.patch b/app-emulation/libvirt/files/libvirt-9.4.0-do-not-use-sysconfig.patch new file mode 100644 index 000000000000..cfd12efb3de7 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-9.4.0-do-not-use-sysconfig.patch @@ -0,0 +1,209 @@ +From 09e34bcb43b3c0fb3bf139f218ebc75e9e9f9a39 Mon Sep 17 00:00:00 2001 +Message-Id: <09e34bcb43b3c0fb3bf139f218ebc75e9e9f9a39.1683631803.git.mprivozn@redhat.com> +From: Michal Privoznik <mprivozn@redhat.com> +Date: Wed, 2 Mar 2022 10:01:04 +0100 +Subject: [PATCH] libvirt-8.2.0-do-not-use-sysconfig.patch + +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/interface/virtinterfaced.service.in | 1 - + src/libxl/virtxend.service.in | 1 - + src/locking/virtlockd.service.in | 1 - + src/logging/virtlogd.service.in | 1 - + src/lxc/virtlxcd.service.in | 1 - + src/network/virtnetworkd.service.in | 1 - + src/node_device/virtnodedevd.service.in | 1 - + src/nwfilter/virtnwfilterd.service.in | 1 - + src/qemu/virtqemud.service.in | 1 - + src/remote/libvirtd.service.in | 1 - + src/remote/virtproxyd.service.in | 1 - + src/secret/virtsecretd.service.in | 1 - + src/storage/virtstoraged.service.in | 1 - + src/vbox/virtvboxd.service.in | 1 - + tools/libvirt-guests.service.in | 2 +- + 15 files changed, 1 insertion(+), 15 deletions(-) + +diff --git a/src/interface/virtinterfaced.service.in b/src/interface/virtinterfaced.service.in +index 1be3ab32dc..090b198ac7 100644 +--- a/src/interface/virtinterfaced.service.in ++++ b/src/interface/virtinterfaced.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTINTERFACED_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtinterfaced + ExecStart=@sbindir@/virtinterfaced $VIRTINTERFACED_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/libxl/virtxend.service.in b/src/libxl/virtxend.service.in +index abb1972777..dbbc2ab5b7 100644 +--- a/src/libxl/virtxend.service.in ++++ b/src/libxl/virtxend.service.in +@@ -19,7 +19,6 @@ ConditionPathExists=/proc/xen/capabilities + [Service] + Type=notify + Environment=VIRTXEND_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtxend + ExecStart=@sbindir@/virtxend $VIRTXEND_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in +index 23054369d5..87193952cb 100644 +--- a/src/locking/virtlockd.service.in ++++ b/src/locking/virtlockd.service.in +@@ -8,7 +8,6 @@ Documentation=https://libvirt.org + + [Service] + Environment=VIRTLOCKD_ARGS= +-EnvironmentFile=-@initconfdir@/virtlockd + ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the locks is a really bad thing that will +diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in +index e4aecd46a7..d97a98e856 100644 +--- a/src/logging/virtlogd.service.in ++++ b/src/logging/virtlogd.service.in +@@ -8,7 +8,6 @@ Documentation=https://libvirt.org + + [Service] + Environment=VIRTLOGD_ARGS= +-EnvironmentFile=-@initconfdir@/virtlogd + ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the logs is a really bad thing that will +diff --git a/src/lxc/virtlxcd.service.in b/src/lxc/virtlxcd.service.in +index 2623f7375a..b48ce6958a 100644 +--- a/src/lxc/virtlxcd.service.in ++++ b/src/lxc/virtlxcd.service.in +@@ -18,7 +18,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTLXCD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtlxcd + ExecStart=@sbindir@/virtlxcd $VIRTLXCD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in +index 48423e777d..ee4cd9bca1 100644 +--- a/src/network/virtnetworkd.service.in ++++ b/src/network/virtnetworkd.service.in +@@ -17,7 +17,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNETWORKD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtnetworkd + ExecStart=@sbindir@/virtnetworkd $VIRTNETWORKD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/node_device/virtnodedevd.service.in b/src/node_device/virtnodedevd.service.in +index 3ceed30f29..7693aa52c4 100644 +--- a/src/node_device/virtnodedevd.service.in ++++ b/src/node_device/virtnodedevd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNODEDEVD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtnodedevd + ExecStart=@sbindir@/virtnodedevd $VIRTNODEDEVD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfilterd.service.in +index 37fa54d684..16d8b377b0 100644 +--- a/src/nwfilter/virtnwfilterd.service.in ++++ b/src/nwfilter/virtnwfilterd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTNWFILTERD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtnwfilterd + ExecStart=@sbindir@/virtnwfilterd $VIRTNWFILTERD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/qemu/virtqemud.service.in b/src/qemu/virtqemud.service.in +index 032cbcbbf0..85a1049567 100644 +--- a/src/qemu/virtqemud.service.in ++++ b/src/qemu/virtqemud.service.in +@@ -20,7 +20,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTQEMUD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtqemud + ExecStart=@sbindir@/virtqemud $VIRTQEMUD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in +index 11507207a1..9cda330e0b 100644 +--- a/src/remote/libvirtd.service.in ++++ b/src/remote/libvirtd.service.in +@@ -28,7 +28,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=LIBVIRTD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/libvirtd + ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/remote/virtproxyd.service.in b/src/remote/virtproxyd.service.in +index dd3bdf3429..0eddf5ee93 100644 +--- a/src/remote/virtproxyd.service.in ++++ b/src/remote/virtproxyd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTPROXYD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtproxyd + ExecStart=@sbindir@/virtproxyd $VIRTPROXYD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/secret/virtsecretd.service.in b/src/secret/virtsecretd.service.in +index 774cfc3ecd..92e54f175f 100644 +--- a/src/secret/virtsecretd.service.in ++++ b/src/secret/virtsecretd.service.in +@@ -14,7 +14,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTSECRETD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtsecretd + ExecStart=@sbindir@/virtsecretd $VIRTSECRETD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/storage/virtstoraged.service.in b/src/storage/virtstoraged.service.in +index e1a1ea6820..abe91e3d80 100644 +--- a/src/storage/virtstoraged.service.in ++++ b/src/storage/virtstoraged.service.in +@@ -16,7 +16,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTSTORAGED_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtstoraged + ExecStart=@sbindir@/virtstoraged $VIRTSTORAGED_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/src/vbox/virtvboxd.service.in b/src/vbox/virtvboxd.service.in +index e73206591a..54fbd0be4a 100644 +--- a/src/vbox/virtvboxd.service.in ++++ b/src/vbox/virtvboxd.service.in +@@ -15,7 +15,6 @@ Documentation=https://libvirt.org + [Service] + Type=notify + Environment=VIRTVBOXD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/virtvboxd + ExecStart=@sbindir@/virtvboxd $VIRTVBOXD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in +index c547218f2a..f5a1a60abe 100644 +--- a/tools/libvirt-guests.service.in ++++ b/tools/libvirt-guests.service.in +@@ -14,7 +14,7 @@ Documentation=man:libvirt-guests(8) + Documentation=https://libvirt.org + + [Service] +-EnvironmentFile=-@initconfdir@/libvirt-guests ++EnvironmentFile=-/etc/libvirt/libvirt-guests.conf + # Hack just call traditional service until we factor + # out the code + ExecStart=@libexecdir@/libvirt-guests.sh start +-- +2.39.3 + diff --git a/app-emulation/libvirt/files/libvirt-6.0.0-fix_paths_in_libvirt-guests_sh.patch b/app-emulation/libvirt/files/libvirt-9.4.0-fix_paths_in_libvirt-guests_sh.patch index bf7a328f7759..d40d2f1b63ec 100644 --- a/app-emulation/libvirt/files/libvirt-6.0.0-fix_paths_in_libvirt-guests_sh.patch +++ b/app-emulation/libvirt/files/libvirt-9.4.0-fix_paths_in_libvirt-guests_sh.patch @@ -1,10 +1,7 @@ -From e97700d867ffa949c97f8a635a76b9ce510e806f Mon Sep 17 00:00:00 2001 -Message-Id: <e97700d867ffa949c97f8a635a76b9ce510e806f.1580460243.git.mprivozn@redhat.com> -In-Reply-To: <5965f20fe0275b324c9b84ab7f48dd7db0494495.1580460243.git.mprivozn@redhat.com> -References: <5965f20fe0275b324c9b84ab7f48dd7db0494495.1580460243.git.mprivozn@redhat.com> +From 7f22569453720994ba49ca1d3c64c010ed7cc5d0 Mon Sep 17 00:00:00 2001 From: Michal Privoznik <mprivozn@redhat.com> Date: Fri, 31 Jan 2020 09:42:14 +0100 -Subject: [PATCH 2/3] Fix paths in libvirt-guests.sh.in +Subject: [PATCH] Fix paths in libvirt-guests.sh.in Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- @@ -12,15 +9,15 @@ Signed-off-by: Michal Privoznik <mprivozn@redhat.com> 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in -index a881f6266e..79d38b3e9a 100644 +index 016014215f..24dd706d6f 100644 --- a/tools/libvirt-guests.sh.in +++ b/tools/libvirt-guests.sh.in -@@ -39,11 +39,11 @@ START_DELAY=0 +@@ -40,11 +40,11 @@ START_DELAY=0 BYPASS_CACHE=0 SYNC_TIME=0 --test -f "$sysconfdir"/sysconfig/libvirt-guests && -- . "$sysconfdir"/sysconfig/libvirt-guests +-test -f "$initconfdir"/libvirt-guests && +- . "$initconfdir"/libvirt-guests +test -f "$sysconfdir"/libvirt/libvirt-guests.conf && + . "$sysconfdir"/libvirt/libvirt-guests.conf @@ -31,5 +28,5 @@ index a881f6266e..79d38b3e9a 100644 RETVAL=0 -- -2.24.1 +2.39.3 diff --git a/app-emulation/libvirt/files/libvirt-9.6.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-9.6.0-fix-paths-for-apparmor.patch new file mode 100644 index 000000000000..2ffe279e74b0 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-9.6.0-fix-paths-for-apparmor.patch @@ -0,0 +1,97 @@ +From 4927c28a30fe469b512b49346f321661ca865769 Mon Sep 17 00:00:00 2001 +Message-ID: <4927c28a30fe469b512b49346f321661ca865769.1689058931.git.mprivozn@redhat.com> +From: Michal Privoznik <mprivozn@redhat.com> +Date: Tue, 15 Mar 2022 05:23:29 +0100 +Subject: [PATCH] libvirt-9.5.0-fix-paths-for-apparmor.patch + +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/security/apparmor/libvirt-qemu.in | 1 + + src/security/apparmor/meson.build | 6 +++--- + src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local | 1 - + ...t-aa-helper.in => usr.libexec.libvirt.virt-aa-helper.in} | 6 +++--- + .../apparmor/usr.libexec.libvirt.virt-aa-helper.local | 1 + + 5 files changed, 8 insertions(+), 7 deletions(-) + delete mode 100644 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local + rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper.in => usr.libexec.libvirt.virt-aa-helper.in} (92%) + create mode 100644 src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local + +diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in +index 53f45c3a28..7882e811fc 100644 +--- a/src/security/apparmor/libvirt-qemu.in ++++ b/src/security/apparmor/libvirt-qemu.in +@@ -96,6 +96,7 @@ + /usr/share/sgabios/** r, + /usr/share/slof/** r, + /usr/share/vgabios/** r, ++ /usr/share/seavgabios/** r, + + # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140) + /etc/pki/CA/ r, +diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build +index b9257c816d..c1b79fef27 100644 +--- a/src/security/apparmor/meson.build ++++ b/src/security/apparmor/meson.build +@@ -1,5 +1,5 @@ + apparmor_gen_profiles = [ +- 'usr.lib.libvirt.virt-aa-helper', ++ 'usr.libexec.libvirt.virt-aa-helper', + 'usr.sbin.libvirtd', + 'usr.sbin.virtqemud', + 'usr.sbin.virtxend', +@@ -82,8 +82,8 @@ if not conf.has('WITH_APPARMOR_3') + # AppArmor 3.x, upstream's preference is to avoid creating these + # files in order to limit the amount of filesystem clutter. + install_data( +- 'usr.lib.libvirt.virt-aa-helper.local', ++ 'usr.libexec.libvirt.virt-aa-helper.local', + install_dir: apparmor_dir / 'local', +- rename: 'usr.lib.libvirt.virt-aa-helper', ++ rename: 'usr.libexec.libvirt.virt-aa-helper', + ) + endif +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local +deleted file mode 100644 +index c0990e51d0..0000000000 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.local ++++ /dev/null +@@ -1 +0,0 @@ +-# Site-specific additions and overrides for 'usr.lib.libvirt.virt-aa-helper' +diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in +similarity index 92% +rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in +rename to src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in +index 26ee20a17d..38fd3bfb88 100644 +--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in ++++ b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.in +@@ -41,7 +41,7 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { + deny /dev/mapper/* r, + + @libexecdir@/virt-aa-helper mr, +- /{usr/,}sbin/apparmor_parser Ux, ++ /{usr/,}{s,}bin/apparmor_parser Ux, + + @sysconfdir@/apparmor.d/libvirt/* r, + @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, +@@ -72,9 +72,9 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { + /**/disk{,.*} r, + + @BEGIN_APPARMOR_3@ +- include if exists <local/usr.lib.libvirt.virt-aa-helper> ++ include if exists <local/usr.libexec.libvirt.virt-aa-helper> + @END_APPARMOR_3@ + @BEGIN_APPARMOR_2@ +- #include <local/usr.lib.libvirt.virt-aa-helper> ++ #include <local/usr.libexec.libvirt.virt-aa-helper> + @END_APPARMOR_2@ + } +diff --git a/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local +new file mode 100644 +index 0000000000..974653d797 +--- /dev/null ++++ b/src/security/apparmor/usr.libexec.libvirt.virt-aa-helper.local +@@ -0,0 +1 @@ ++# Site-specific additions and overrides for 'usr.libexec.libvirt.virt-aa-helper' +-- +2.41.0 + diff --git a/app-emulation/libvirt/files/libvirt-9.9.0-do-not-use-sysconfig.patch b/app-emulation/libvirt/files/libvirt-9.9.0-do-not-use-sysconfig.patch new file mode 100644 index 000000000000..debca8c80146 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-9.9.0-do-not-use-sysconfig.patch @@ -0,0 +1,79 @@ +From bdc0f6b9c91615c601ea3a625220097f5cb0eeb0 Mon Sep 17 00:00:00 2001 +Message-ID: <bdc0f6b9c91615c601ea3a625220097f5cb0eeb0.1696413637.git.mprivozn@redhat.com> +From: Michal Privoznik <mprivozn@redhat.com> +Date: Wed, 2 Mar 2022 10:01:04 +0100 +Subject: [PATCH] libvirt-9.9.0-do-not-use-sysconfig.patch + +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/locking/virtlockd.service.in | 1 - + src/logging/virtlogd.service.in | 1 - + src/remote/libvirtd.service.in | 1 - + src/virtd.service.in | 1 - + tools/libvirt-guests.service.in | 2 +- + 5 files changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/locking/virtlockd.service.in b/src/locking/virtlockd.service.in +index ce00b6def9..9dee9189db 100644 +--- a/src/locking/virtlockd.service.in ++++ b/src/locking/virtlockd.service.in +@@ -10,7 +10,6 @@ After=virtlockd-admin.socket + [Service] + Type=notify + Environment=VIRTLOCKD_ARGS= +-EnvironmentFile=-@initconfdir@/virtlockd + ExecStart=@sbindir@/virtlockd $VIRTLOCKD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the locks is a really bad thing that will +diff --git a/src/logging/virtlogd.service.in b/src/logging/virtlogd.service.in +index 52c9e5bb9e..90c63f0483 100644 +--- a/src/logging/virtlogd.service.in ++++ b/src/logging/virtlogd.service.in +@@ -10,7 +10,6 @@ After=virtlogd-admin.socket + [Service] + Type=notify + Environment=VIRTLOGD_ARGS= +-EnvironmentFile=-@initconfdir@/virtlogd + ExecStart=@sbindir@/virtlogd $VIRTLOGD_ARGS + ExecReload=/bin/kill -USR1 $MAINPID + # Losing the logs is a really bad thing that will +diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in +index 24a6712b75..e4b4a189e1 100644 +--- a/src/remote/libvirtd.service.in ++++ b/src/remote/libvirtd.service.in +@@ -28,7 +28,6 @@ Conflicts=xendomains.service + [Service] + Type=notify + Environment=LIBVIRTD_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/libvirtd + ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS + ExecReload=/bin/kill -HUP $MAINPID + KillMode=process +diff --git a/src/virtd.service.in b/src/virtd.service.in +index 651a8d82d7..b87c7e0553 100644 +--- a/src/virtd.service.in ++++ b/src/virtd.service.in +@@ -17,7 +17,6 @@ After=apparmor.service + [Service] + Type=notify + Environment=@SERVICE@_ARGS="--timeout 120" +-EnvironmentFile=-@initconfdir@/@service@ + ExecStart=@sbindir@/@service@ $@SERVICE@_ARGS + ExecReload=/bin/kill -HUP $MAINPID + Restart=on-failure +diff --git a/tools/libvirt-guests.service.in b/tools/libvirt-guests.service.in +index c547218f2a..f5a1a60abe 100644 +--- a/tools/libvirt-guests.service.in ++++ b/tools/libvirt-guests.service.in +@@ -14,7 +14,7 @@ Documentation=man:libvirt-guests(8) + Documentation=https://libvirt.org + + [Service] +-EnvironmentFile=-@initconfdir@/libvirt-guests ++EnvironmentFile=-/etc/libvirt/libvirt-guests.conf + # Hack just call traditional service until we factor + # out the code + ExecStart=@libexecdir@/libvirt-guests.sh start +-- +2.41.0 + diff --git a/app-emulation/libvirt/files/libvirtd.init-r19 b/app-emulation/libvirt/files/libvirtd.init-r19 index 60dad6a791dc..12bd1d34fa2b 100644 --- a/app-emulation/libvirt/files/libvirtd.init-r19 +++ b/app-emulation/libvirt/files/libvirtd.init-r19 @@ -16,7 +16,7 @@ retry="${LIBVIRTD_TERMTIMEOUT}" depend() { need virtlogd use ceph dbus iscsid virtlockd - after cgconfig corosync ebtables iptables ip6tables nfs nfsmount ntp-client ntpdportmap rpc.statd sanlock xenconsoled + after cgconfig corosync ebtables iptables ip6tables shorewall nfs ntp-client ntpdportmap rpc.statd sanlock xenconsoled USE_FLAG_FIREWALLD } diff --git a/app-emulation/libvirt/files/virtlockd.init-r2 b/app-emulation/libvirt/files/virtlockd.init-r2 index 385dc1e62319..0445b9d02261 100644 --- a/app-emulation/libvirt/files/virtlockd.init-r2 +++ b/app-emulation/libvirt/files/virtlockd.init-r2 @@ -12,7 +12,7 @@ description_reload="re-exec the daemon, while maintaining locks and clients" depend() { - after ntp-client ntpd nfs nfsmount corosync + after ntp-client ntpd nfs corosync } reload() { diff --git a/app-emulation/libvirt/files/virtlogd.init-r2 b/app-emulation/libvirt/files/virtlogd.init-r2 index 442dcb8de48c..abc293e13ae5 100644 --- a/app-emulation/libvirt/files/virtlogd.init-r2 +++ b/app-emulation/libvirt/files/virtlogd.init-r2 @@ -12,7 +12,7 @@ description_reload="re-exec the daemon, while maintaining open connections" depend() { - after ntp-client ntpd nfs nfsmount corosync + after ntp-client ntpd nfs corosync } reload() { |