diff options
| author |   Matthias Maier <tamiko@gentoo.org> | 2015-07-28 16:54:00 +0000 |
|---|---|---|
| committer | Matthias Maier <tamiko@gentoo.org> | 2015-07-28 16:54:00 +0000 |
| commit | 8444300240b0156b120734ddc7fc9f5114089216 (patch) | |
| tree | 05406f6e1f1f013243115ac13aaa9d65b46df69a /app-emulation | |
| parent | version bump: fix dependencies by Nikoli in bug #551800, should also fix prob... (diff) | |
| download | gentoo-2-8444300240b0156b120734ddc7fc9f5114089216.tar.gz gentoo-2-8444300240b0156b120734ddc7fc9f5114089216.tar.bz2 gentoo-2-8444300240b0156b120734ddc7fc9f5114089216.zip | |
Change default behavior for kvm guest in openrc runscript, bug #555736; fix apparmor configuration, bug #554628; ebuild maintenance
(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key BD3A97A3)
Diffstat (limited to 'app-emulation')
| -rw-r--r-- | app-emulation/libvirt/ChangeLog | 11 | ||||
| -rw-r--r-- | app-emulation/libvirt/files/libvirt-1.2.17-fix_paths_for_apparmor.patch | 161 | ||||
| -rw-r--r-- | app-emulation/libvirt/files/libvirtd.confd-r6 (renamed from app-emulation/libvirt/files/libvirtd.confd-r5) | 10 | ||||
| -rw-r--r-- | app-emulation/libvirt/files/libvirtd.init-r16 (renamed from app-emulation/libvirt/files/libvirtd.init-r15) | 9 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-1.2.17-r2.ebuild (renamed from app-emulation/libvirt/libvirt-1.2.17-r1.ebuild) | 37 | ||||
| -rw-r--r-- | app-emulation/libvirt/libvirt-9999.ebuild | 37 |
6 files changed, 232 insertions, 33 deletions
diff --git a/app-emulation/libvirt/ChangeLog b/app-emulation/libvirt/ChangeLog index 851e7bdb96fa..0e0b14fac303 100644 --- a/app-emulation/libvirt/ChangeLog +++ b/app-emulation/libvirt/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for app-emulation/libvirt # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.438 2015/07/25 22:06:10 tamiko Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/ChangeLog,v 1.439 2015/07/28 16:54:00 tamiko Exp $ + +*libvirt-1.2.17-r2 (28 Jul 2015) + + 28 Jul 2015; Matthias Maier <tamiko@gentoo.org> + +files/libvirt-1.2.17-fix_paths_for_apparmor.patch, +files/libvirtd.confd-r6, + +files/libvirtd.init-r16, +libvirt-1.2.17-r2.ebuild, -files/libvirtd.confd-r5, + -files/libvirtd.init-r15, -libvirt-1.2.17-r1.ebuild, libvirt-9999.ebuild: + Change default behavior for kvm guest in openrc runscript, bug #555736; fix + apparmor configuration, bug #554628; ebuild maintenance 25 Jul 2015; Matthias Maier <tamiko@gentoo.org> libvirt-1.2.17-r1.ebuild, libvirt-9999.ebuild: diff --git a/app-emulation/libvirt/files/libvirt-1.2.17-fix_paths_for_apparmor.patch b/app-emulation/libvirt/files/libvirt-1.2.17-fix_paths_for_apparmor.patch new file mode 100644 index 000000000000..767002d7d4f0 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-1.2.17-fix_paths_for_apparmor.patch @@ -0,0 +1,161 @@ +From bde898de482645f6963b673e8ff0b486a0a6db25 Mon Sep 17 00:00:00 2001 +From: Matthias Maier <tamiko@kyomu.43-1.org> +Date: Tue, 28 Jul 2015 11:10:59 -0500 +Subject: [PATCH] adapt paths for gentoo's fs layout + +https://bugs.gentoo.org/show_bug.cgi?id=554628 +--- + examples/apparmor/Makefile.am | 4 +- + examples/apparmor/usr.lib.libvirt.virt-aa-helper | 48 ------------------------ + examples/apparmor/usr.libexec.virt-aa-helper | 48 ++++++++++++++++++++++++ + examples/apparmor/usr.sbin.libvirtd | 4 +- + 4 files changed, 52 insertions(+), 52 deletions(-) + delete mode 100644 examples/apparmor/usr.lib.libvirt.virt-aa-helper + create mode 100644 examples/apparmor/usr.libexec.virt-aa-helper + +diff --git a/examples/apparmor/Makefile.am b/examples/apparmor/Makefile.am +index 7a20e16..c3c67b6 100644 +--- a/examples/apparmor/Makefile.am ++++ b/examples/apparmor/Makefile.am +@@ -19,13 +19,13 @@ EXTRA_DIST= \ + TEMPLATE.lxc \ + libvirt-qemu \ + libvirt-lxc \ +- usr.lib.libvirt.virt-aa-helper \ ++ usr.libexec.virt-aa-helper \ + usr.sbin.libvirtd + + if WITH_APPARMOR_PROFILES + apparmordir = $(sysconfdir)/apparmor.d/ + apparmor_DATA = \ +- usr.lib.libvirt.virt-aa-helper \ ++ usr.libexec.virt-aa-helper \ + usr.sbin.libvirtd \ + $(NULL) + +diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper +deleted file mode 100644 +index b34fb35..0000000 +--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper ++++ /dev/null +@@ -1,48 +0,0 @@ +-# Last Modified: Mon Apr 5 15:10:27 2010 +-#include <tunables/global> +- +-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { +- #include <abstractions/base> +- +- # needed for searching directories +- capability dac_override, +- capability dac_read_search, +- +- # needed for when disk is on a network filesystem +- network inet, +- +- deny @{PROC}/[0-9]*/mounts r, +- @{PROC}/[0-9]*/net/psched r, +- owner @{PROC}/[0-9]*/status r, +- @{PROC}/filesystems r, +- +- # for hostdev +- /sys/devices/ r, +- /sys/devices/** r, +- +- /usr/{lib,lib64}/libvirt/virt-aa-helper mr, +- /sbin/apparmor_parser Ux, +- +- /etc/apparmor.d/libvirt/* r, +- /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, +- +- # for backingstore -- allow access to non-hidden files in @{HOME} as well +- # as storage pools +- audit deny @{HOME}/.* mrwkl, +- audit deny @{HOME}/.*/ rw, +- audit deny @{HOME}/.*/** mrwkl, +- audit deny @{HOME}/bin/ rw, +- audit deny @{HOME}/bin/** mrwkl, +- @{HOME}/ r, +- @{HOME}/** r, +- /var/lib/libvirt/images/ r, +- /var/lib/libvirt/images/** r, +- /{media,mnt,opt,srv}/** r, +- +- /**.img r, +- /**.qcow{,2} r, +- /**.qed r, +- /**.vmdk r, +- /**.[iI][sS][oO] r, +- /**/disk{,.*} r, +-} +diff --git a/examples/apparmor/usr.libexec.virt-aa-helper b/examples/apparmor/usr.libexec.virt-aa-helper +new file mode 100644 +index 0000000..b34fb35 +--- /dev/null ++++ b/examples/apparmor/usr.libexec.virt-aa-helper +@@ -0,0 +1,48 @@ ++# Last Modified: Mon Apr 5 15:10:27 2010 ++#include <tunables/global> ++ ++profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { ++ #include <abstractions/base> ++ ++ # needed for searching directories ++ capability dac_override, ++ capability dac_read_search, ++ ++ # needed for when disk is on a network filesystem ++ network inet, ++ ++ deny @{PROC}/[0-9]*/mounts r, ++ @{PROC}/[0-9]*/net/psched r, ++ owner @{PROC}/[0-9]*/status r, ++ @{PROC}/filesystems r, ++ ++ # for hostdev ++ /sys/devices/ r, ++ /sys/devices/** r, ++ ++ /usr/{lib,lib64}/libvirt/virt-aa-helper mr, ++ /sbin/apparmor_parser Ux, ++ ++ /etc/apparmor.d/libvirt/* r, ++ /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, ++ ++ # for backingstore -- allow access to non-hidden files in @{HOME} as well ++ # as storage pools ++ audit deny @{HOME}/.* mrwkl, ++ audit deny @{HOME}/.*/ rw, ++ audit deny @{HOME}/.*/** mrwkl, ++ audit deny @{HOME}/bin/ rw, ++ audit deny @{HOME}/bin/** mrwkl, ++ @{HOME}/ r, ++ @{HOME}/** r, ++ /var/lib/libvirt/images/ r, ++ /var/lib/libvirt/images/** r, ++ /{media,mnt,opt,srv}/** r, ++ ++ /**.img r, ++ /**.qcow{,2} r, ++ /**.qed r, ++ /**.vmdk r, ++ /**.[iI][sS][oO] r, ++ /**/disk{,.*} r, ++} +diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd +index 5d606e6..ab2f1a9 100644 +--- a/examples/apparmor/usr.sbin.libvirtd ++++ b/examples/apparmor/usr.sbin.libvirtd +@@ -58,8 +58,8 @@ + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + /usr/{lib,lib64}/libvirt/* PUxr, +- /usr/{lib,lib64}/libvirt/libvirt_parthelper ix, +- /usr/{lib,lib64}/libvirt/libvirt_iohelper ix, ++ /usr/libexec/libvirt_parthelper ix, ++ /usr/libexec/libvirt_iohelper ix, + /etc/libvirt/hooks/** rmix, + /etc/xen/scripts/** rmix, + +-- +2.3.6 + diff --git a/app-emulation/libvirt/files/libvirtd.confd-r5 b/app-emulation/libvirt/files/libvirtd.confd-r6 index e9116803b237..664caa15909d 100644 --- a/app-emulation/libvirt/files/libvirtd.confd-r5 +++ b/app-emulation/libvirt/files/libvirtd.confd-r6 @@ -13,7 +13,8 @@ rc_need="net" #LIBVIRTD_OPTS="--listen" # LIBVIRTD_KVM_SHUTDOWN -# controls the behavior for kvm guests on daemon shutdown +# controls the behavior for kvm guests on daemon shutdown. Defaults to +# "shutdown" # # Valid options: # * shutdown @@ -31,7 +32,7 @@ rc_need="net" # - No attempts will be made to stop any VMs. If you are restarting your # machine the qemu-kvm process will be simply killed, which may result # in your VMs having disk corruption. -LIBVIRTD_KVM_SHUTDOWN="managedsave" +LIBVIRTD_KVM_SHUTDOWN="shutdown" # LIBVIRTD_KVM_SHUTDOWN_MAXWAIT # timeout in seconds until stopping libvirtd and "pulling the plug" on @@ -39,7 +40,8 @@ LIBVIRTD_KVM_SHUTDOWN="managedsave" LIBVIRTD_KVM_SHUTDOWN_MAXWAIT="500" # LIBVIRTD_KVM_RESTART -# controls the behavior for kvm guests on daemon restart +# controls the behavior for kvm guests on daemon restart. Defaults to +# "none" # # Valid options: # * <empty> @@ -49,7 +51,7 @@ LIBVIRTD_KVM_SHUTDOWN_MAXWAIT="500" # * managedsave # * none # - as defined for LIBVIRTD_KVM_SHUTDOWN -LIBVIRTD_KVM_RESTART="" +LIBVIRTD_KVM_RESTART="none" # LIBVIRTD_KVM_NET_SHUTDOWN # If libvirtd created networks for you (e.g. NATed networks) then this diff --git a/app-emulation/libvirt/files/libvirtd.init-r15 b/app-emulation/libvirt/files/libvirtd.init-r16 index a87ac331e482..f13845c6a9b0 100644 --- a/app-emulation/libvirt/files/libvirtd.init-r15 +++ b/app-emulation/libvirt/files/libvirtd.init-r16 @@ -86,8 +86,13 @@ stop() { if [ -n "${policy}" ] ; then eerror " !!! Invalid policy \"${policy}\" specified in LIBVIRTD_KVM_SHUTDOWN/RESTART" fi - einfo " Using default policy \"managedsave\" for domains" - policy="managedsave" + if [ "${RC_CMD}" = "restart" ] ; then + einfo " Using default (restart) policy \"none\" for domains" + policy="none" + else + einfo " Using default policy \"shutdown\" for domains" + policy="shutdown" + fi fi if [ -n "${LIBVIRTD_KVM_SHUTDOWN_MAXWAIT}" ] ; then diff --git a/app-emulation/libvirt/libvirt-1.2.17-r1.ebuild b/app-emulation/libvirt/libvirt-1.2.17-r2.ebuild index 0dd0e8bfb86e..a04dd8ff2c40 100644 --- a/app-emulation/libvirt/libvirt-1.2.17-r1.ebuild +++ b/app-emulation/libvirt/libvirt-1.2.17-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-1.2.17-r1.ebuild,v 1.2 2015/07/25 22:06:10 tamiko Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-1.2.17-r2.ebuild,v 1.1 2015/07/28 16:54:00 tamiko Exp $ EAPI=5 @@ -132,16 +132,22 @@ If you are using dnsmasq on your system, you will have to configure interface or except-interface Otherwise you might have issues with your existing DNS server. -The systemd service-file configuration under /etc/sysconfig has been -removed. Please use - /etc/systemd/system/libvirtd.service.d/00gentoo.conf -to control the '--listen' parameter for libvirtd. +For openrc users: -The configuration for the 'libvirt-guests.service' is now found under - /etc/libvirt/libvirt-guests.conf + Please use /etc/conf.d/libvirtd to control the '--listen' parameter for + libvirtd. -The openrc configuration has not been changed. Thus no action is required -for the openrc service manager." + The default configuration will keep kvm guests running upon daemon + restart and will shut down kvm guests if the libvirtd daemon is + stopped. This behavior can be changed under /etc/conf.d/libvirtd + +For systemd users: + + Please use /etc/systemd/system/libvirtd.service.d/00gentoo.conf + to control the '--listen' parameter for libvirtd. + + The configuration for the 'libvirt-guests.service' is found under + /etc/libvirt/libvirt-guests.conf" ! use policykit && DOC_CONTENTS+=" @@ -252,7 +258,8 @@ src_prepare() { epatch \ "${FILESDIR}"/${PN}-1.2.9-do_not_use_sysconf.patch \ - "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch + "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ + "${FILESDIR}"/${P}-fix_paths_for_apparmor.patch [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ @@ -267,7 +274,7 @@ src_prepare() { local iscsi_init= local rbd_init= local firewalld_init= - cp "${FILESDIR}/libvirtd.init-r15" "${S}/libvirtd.init" + cp "${FILESDIR}/libvirtd.init-r16" "${S}/libvirtd.init" use avahi && avahi_init='avahi-daemon' use iscsi && iscsi_init='iscsid' use rbd && rbd_init='ceph' @@ -420,7 +427,7 @@ src_install() { # Remove bogus, empty directories. They are either not used, or # libvirtd is able to create them on demand - rm -rf "${D}"/etc/sysconf + rm -rf "${D}"/etc/sysconfig rm -rf "${D}"/var/cache rm -rf "${D}"/var/run rm -rf "${D}"/var/log @@ -434,7 +441,7 @@ src_install() { systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf newinitd "${S}/libvirtd.init" libvirtd || die - newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd || die + newconfd "${FILESDIR}/libvirtd.confd-r6" libvirtd || die newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die readme.gentoo_create_doc @@ -465,5 +472,9 @@ pkg_postinst() { use libvirtd || return 0 # From here, only libvirtd-related instructions, be warned! + if [[ -n ${REPLACING_VERSIONS} ]] && ! version_is_at_least 1.2.17-r2 ${REPLACING_VERSIONS} ]]; then + FORCE_PRINT_ELOG=true + fi + readme.gentoo_print_elog } diff --git a/app-emulation/libvirt/libvirt-9999.ebuild b/app-emulation/libvirt/libvirt-9999.ebuild index 511fcab8b52f..96405f76920d 100644 --- a/app-emulation/libvirt/libvirt-9999.ebuild +++ b/app-emulation/libvirt/libvirt-9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-9999.ebuild,v 1.81 2015/07/25 22:06:10 tamiko Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-emulation/libvirt/libvirt-9999.ebuild,v 1.82 2015/07/28 16:54:00 tamiko Exp $ EAPI=5 @@ -132,16 +132,22 @@ If you are using dnsmasq on your system, you will have to configure interface or except-interface Otherwise you might have issues with your existing DNS server. -The systemd service-file configuration under /etc/sysconfig has been -removed. Please use - /etc/systemd/system/libvirtd.service.d/00gentoo.conf -to control the '--listen' parameter for libvirtd. +For openrc users: -The configuration for the 'libvirt-guests.service' is now found under - /etc/libvirt/libvirt-guests.conf + Please use /etc/conf.d/libvirtd to control the '--listen' parameter for + libvirtd. -The openrc configuration has not been changed. Thus no action is required -for the openrc service manager." + The default configuration will keep kvm guests running upon daemon + restart and will shut down kvm guests if the libvirtd daemon is + stopped. This behavior can be changed under /etc/conf.d/libvirtd + +For systemd users: + + Please use /etc/systemd/system/libvirtd.service.d/00gentoo.conf + to control the '--listen' parameter for libvirtd. + + The configuration for the 'libvirt-guests.service' is found under + /etc/libvirt/libvirt-guests.conf" ! use policykit && DOC_CONTENTS+=" @@ -252,7 +258,8 @@ src_prepare() { epatch \ "${FILESDIR}"/${PN}-1.2.9-do_not_use_sysconf.patch \ - "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch + "${FILESDIR}"/${PN}-1.2.16-fix_paths_in_libvirt-guests_sh.patch \ + "${FILESDIR}"/${P}-fix_paths_for_apparmor.patch [[ -n ${BACKPORTS} ]] && \ EPATCH_FORCE=yes EPATCH_SUFFIX="patch" \ @@ -267,7 +274,7 @@ src_prepare() { local iscsi_init= local rbd_init= local firewalld_init= - cp "${FILESDIR}/libvirtd.init-r15" "${S}/libvirtd.init" + cp "${FILESDIR}/libvirtd.init-r16" "${S}/libvirtd.init" use avahi && avahi_init='avahi-daemon' use iscsi && iscsi_init='iscsid' use rbd && rbd_init='ceph' @@ -420,7 +427,7 @@ src_install() { # Remove bogus, empty directories. They are either not used, or # libvirtd is able to create them on demand - rm -rf "${D}"/etc/sysconf + rm -rf "${D}"/etc/sysconfig rm -rf "${D}"/var/cache rm -rf "${D}"/var/run rm -rf "${D}"/var/log @@ -434,7 +441,7 @@ src_install() { systemd_newtmpfilesd "${FILESDIR}"/libvirtd.tmpfiles.conf libvirtd.conf newinitd "${S}/libvirtd.init" libvirtd || die - newconfd "${FILESDIR}/libvirtd.confd-r5" libvirtd || die + newconfd "${FILESDIR}/libvirtd.confd-r6" libvirtd || die newinitd "${FILESDIR}/virtlockd.init-r1" virtlockd || die readme.gentoo_create_doc @@ -465,5 +472,9 @@ pkg_postinst() { use libvirtd || return 0 # From here, only libvirtd-related instructions, be warned! + if [[ -n ${REPLACING_VERSIONS} ]] && ! version_is_at_least 1.2.17-r2 ${REPLACING_VERSIONS} ]]; then + FORCE_PRINT_ELOG=true + fi + readme.gentoo_print_elog } |