| Age | Commit message (Collapse) | Author |
|---|
|
Backport a fix for CVE-2021-3667.
The CVE discription: An improper locking issue was found in the
virStoragePoolLookupByTargetPath API of libvirt. It occurs in the
storagePoolLookupByTargetPath function where a locked virStoragePoolObj
object is not properly released on ACL permission failure. Clients
connecting to the read-write socket with limited ACL permissions could
use this flaw to acquire the lock and prevent other users from accessing
storage pool/volume APIs, resulting in a denial of service condition.
The highest threat from this vulnerability is to system availability.
Refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1986094
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
OEcore has recently added a QA check for directories that should
be empty. libvirt (via meson) creates some localsstate directories
for the various components. These trigger the QA check and break
the build.
We still have some non-volatile localstate (/var) scenarios, and
not seeing a distro feature that controls the QA check, and/or to
coordinate the removal of the populated directories, we inhibit
the QA check. In a boot with a volatile /var, the directories
will be overlayed and no harm will come, in a non-volatile
scenario, they'll be visible and no harm will come.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Selinux MCS generate a single category context and may
be accessed by another machine.
link: https://gitlab.com/libvirt/libvirt/-/issues/153
Signed-off-by: Zqiang <qiang.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
* meson build uses these paths:
./src/meson.build: systemd_unit_dir = prefix / 'lib' / 'systemd' / 'system'
./tools/meson.build: install_dir: prefix / 'lib' / 'systemd' / 'system',
with usrmerge it fails with:
sed: can't read TOPDIR/tmp-glibc/work/core2-64-oe-linux/libvirt/7.2.0-r0/image//usr/lib/systemd/system/libvirtd.service: No such file or directory
because systemd_unitdir and systemd_system_unitdir are different
with and without usrmerge in DISTRO_FEATURES:
env.libvirt-without-usrmerge:export systemd_unitdir="/lib/systemd"
env.libvirt-with-usrmerge:export systemd_unitdir="/usr/lib/systemd"
env.libvirt-without-usrmerge:export systemd_system_unitdir="/lib/systemd/system"
env.libvirt-with-usrmerge:export systemd_system_unitdir="/usr/lib/systemd/system"
* set -Dinit_script to none when systemd isn't used instead of
deleting the files in do_install_append
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
This upgrade spans 9 small release. The detailed realese logs could
refer to: https://gitlab.com/libvirt/libvirt/-/blob/master/NEWS.rst
Libvirt's buildsystem has changed to meson, So this upgrade drop some
obsolete patches applied to makefile.
I ran libvirt testcase and ovs testcase for this upgrade, the summary
as follow:
libvirt_test (keyword: ) test results:
*1 Run libvirt_test testing(do_test1) PASS
*2 Check result (virsh_local_capabilities) PASS
*3 Check result (virsh_local_domcapabilities) PASS
*4 Check result (virsh_local_freecell) PASS
*5 Check result (virsh_local_help) PASS
*6 Check result (virsh_local_hostname) PASS
*7 Check result (virsh_local_iface-begin) PASS
*8 Check result (virsh_local_iface-commit) PASS
*9 Check result (virsh_local_iface-list) PASS
*10 Check result (virsh_local_list) PASS
*11 Check result (virsh_local_maxvcpus) PASS
*12 Check result (virsh_local_net-list) PASS
*13 Check result (virsh_local_nodecpumap) PASS
*14 Check result (virsh_local_nodecpustats) PASS
*15 Check result (virsh_local_nodedev-list) PASS
*16 Check result (virsh_local_nodeinfo) PASS
*17 Check result (virsh_local_node-memory-tune) PASS
*18 Check result (virsh_local_nodememstats) PASS
*19 Check result (virsh_local_nwfilter-binding-list) PASS
*20 Check result (virsh_local_nwfilter-list) PASS
*21 Check result (virsh_local_pool-capabilities) PASS
*22 Check result (virsh_local_pool-list) PASS
*23 Check result (virsh_local_pwd) PASS
*24 Check result (virsh_local_secret-list) PASS
*25 Check result (virsh_local_sysinfo) PASS
*26 Check result (virsh_local_uri) PASS
*27 Check result (virsh_local_version) PASS
openvswitch_vm2vm (keyword: qemux86) test results:
*1 openvswitch_vm2vm testing(do_test1) PASS
*2 Check result (ovs_vm2vm_boot_guest1) PASS
*3 Check result (ovs_vm2vm_boot_guest2) PASS
*4 Check result (ovs_vm2vm_netperf_test) PASS
*5 Check result (ovs_vm2vm_destroy_guest1) PASS
*6 Check result (ovs_vm2vm_destroy_guest2) PASS
*7 check testcase call trace(do_check_call_trace) PASS
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
Xu, Yanfei
Bruce Ashfield
Zqiang
Martin Jansa