Fix slow storage volume allocation (bz 582356)

Set kernel/initrd in security driver, fixes some URL installs (bz 566425)

.abignore

@@ -1,31 +0,0 @@
-[suppress_function]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_function]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_PRIVATE.*
-soname_regexp = libvirt\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = LIBVIRT_ADMIN_PRIVATE.*
-soname_regexp = libvirt-admin\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_storage_.*\\.so.*
-
-[suppress_function]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*
-
-[suppress_variable]
-symbol_version_regexp = .*
-soname_regexp = libvirt_driver_.*\\.so.*

.cvsignore

@@ -0,0 +1,18 @@
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz
+libvirt-0.6.0.tar.gz
+libvirt-0.6.1.tar.gz
+libvirt-0.6.2.tar.gz
+libvirt-0.6.3.tar.gz
+libvirt-0.6.4.tar.gz
+libvirt-0.6.5.tar.gz
+libvirt-0.7.0.tar.gz
+libvirt-0.7.1.tar.gz
+libvirt-0.7.2.tar.gz
+libvirt-0.7.3.tar.gz
+libvirt-0.7.4.tar.gz
+libvirt-0.7.5.tar.gz
+libvirt-0.7.6.tar.gz

.gitignore

@@ -1,5 +0,0 @@
-.build*.log
-*.rpm
-i686
-x86_64
-libvirt-*.tar.xz

0001-lxc-containter-fix-build-with-glibc-2.36.patch

@@ -1,35 +0,0 @@
-From 9493c9b79dc541ec9e0fd73c6d87bdf8d30aaa90 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Mon, 1 Aug 2022 15:20:38 -0400
-Subject: [PATCH] lxc: containter: fix build with glibc 2.36
-Content-type: text/plain
-
-With glibc 2.36, sys/mount.h and linux/mount.h conflict:
-https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
-
-lxc_container.c imports sys/mount.h and linux/fs.h, which pulls in
-linux/mount.h.
-
-linux/fs.h isn't required here though. glibc sys/mount.h has had
-MS_MOVE since 2.12 in 2010
-
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/lxc/lxc_container.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
-index b5278831da..a5401c2186 100644
---- a/src/lxc/lxc_container.c
-+++ b/src/lxc/lxc_container.c
-@@ -33,9 +33,6 @@
- /* Yes, we want linux private one, for _syscall2() macro */
- #include <linux/unistd.h>
- 
--/* For MS_MOVE */
--#include <linux/fs.h>
--
- #if WITH_CAPNG
- # include <cap-ng.h>
- #endif

0001-tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch

@@ -1,239 +0,0 @@
-From 99b40587e8cd83a136d94e208d32a80be76dc22a Mon Sep 17 00:00:00 2001
-Message-Id: <99b40587e8cd83a136d94e208d32a80be76dc22a.1666875466.git.crobinso@redhat.com>
-From: Cole Robinson <crobinso@redhat.com>
-Date: Thu, 27 Oct 2022 08:51:25 -0400
-Subject: [PATCH] tests: Fix libxlxml2domconfigtest with latest xen
-Content-type: text/plain
-
-shadow_memkb is populated from a libxl API call, and the value can
-change. For example:
-https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=2c992810854a15b41be920519ce83a4a328d5168
-
-Mock libxl_get_required_shadow_memory to give consistent output
-
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- tests/libxlmock.c                                     | 11 +++++++++++
- tests/libxlxml2domconfigdata/basic-hvm.json           |  2 +-
- tests/libxlxml2domconfigdata/basic-pv.json            |  2 +-
- tests/libxlxml2domconfigdata/basic-pvh.json           |  2 +-
- tests/libxlxml2domconfigdata/cpu-shares-hvm.json      |  2 +-
- tests/libxlxml2domconfigdata/fullvirt-acpi-slic.json  |  2 +-
- .../fullvirt-cpuid-legacy-nest.json                   |  2 +-
- tests/libxlxml2domconfigdata/fullvirt-cpuid.json      |  2 +-
- .../libxlxml2domconfigdata/max-eventchannels-hvm.json |  2 +-
- tests/libxlxml2domconfigdata/max-gntframes-hvm.json   |  2 +-
- tests/libxlxml2domconfigdata/moredevs-hvm.json        |  2 +-
- tests/libxlxml2domconfigdata/multiple-ip.json         |  2 +-
- tests/libxlxml2domconfigdata/variable-clock-hvm.json  |  2 +-
- .../libxlxml2domconfigdata/vnuma-hvm-legacy-nest.json |  2 +-
- tests/libxlxml2domconfigdata/vnuma-hvm.json           |  2 +-
- 15 files changed, 25 insertions(+), 14 deletions(-)
-
-diff --git a/tests/libxlmock.c b/tests/libxlmock.c
-index 0e4bf7df52..4754597e5b 100644
---- a/tests/libxlmock.c
-+++ b/tests/libxlmock.c
-@@ -109,6 +109,17 @@ VIR_MOCK_STUB_RET_ARGS(bind,
-                        const struct sockaddr *, addr,
-                        socklen_t, addrlen)
- 
-+VIR_MOCK_IMPL_RET_ARGS(libxl_get_required_shadow_memory,
-+                       unsigned long,
-+                       unsigned long, maxmem_kb,
-+                       unsigned int, smp_cpus)
-+{
-+    /* silence gcc warning about unused function */
-+    if (0)
-+        real_libxl_get_required_shadow_memory(maxmem_kb, smp_cpus);
-+    return 1234;
-+}
-+
- VIR_MOCK_IMPL_RET_ARGS(__xstat, int,
-                        int, ver,
-                        const char *, path,
-diff --git a/tests/libxlxml2domconfigdata/basic-hvm.json b/tests/libxlxml2domconfigdata/basic-hvm.json
-index 87f8cb7d8a..d30875420d 100644
---- a/tests/libxlxml2domconfigdata/basic-hvm.json
-+++ b/tests/libxlxml2domconfigdata/basic-hvm.json
-@@ -15,7 +15,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-         "sched_params": {
-diff --git a/tests/libxlxml2domconfigdata/basic-pv.json b/tests/libxlxml2domconfigdata/basic-pv.json
-index b71c3b0f49..32d188fabd 100644
---- a/tests/libxlxml2domconfigdata/basic-pv.json
-+++ b/tests/libxlxml2domconfigdata/basic-pv.json
-@@ -14,7 +14,7 @@
-         ],
-         "max_memkb": 524288,
-         "target_memkb": 524288,
--        "shadow_memkb": 8192,
-+        "shadow_memkb": 1234,
-         "sched_params": {
- 
-         },
-diff --git a/tests/libxlxml2domconfigdata/basic-pvh.json b/tests/libxlxml2domconfigdata/basic-pvh.json
-index 48365c9026..f51957aa85 100644
---- a/tests/libxlxml2domconfigdata/basic-pvh.json
-+++ b/tests/libxlxml2domconfigdata/basic-pvh.json
-@@ -14,7 +14,7 @@
-         ],
-         "max_memkb": 524288,
-         "target_memkb": 524288,
--        "shadow_memkb": 8192,
-+        "shadow_memkb": 1234,
-         "sched_params": {
- 
-         },
-diff --git a/tests/libxlxml2domconfigdata/cpu-shares-hvm.json b/tests/libxlxml2domconfigdata/cpu-shares-hvm.json
-index 2aa97e88c5..15105c83ad 100644
---- a/tests/libxlxml2domconfigdata/cpu-shares-hvm.json
-+++ b/tests/libxlxml2domconfigdata/cpu-shares-hvm.json
-@@ -15,7 +15,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-         "sched_params": {
-diff --git a/tests/libxlxml2domconfigdata/fullvirt-acpi-slic.json b/tests/libxlxml2domconfigdata/fullvirt-acpi-slic.json
-index a2d46797aa..26f5abefee 100644
---- a/tests/libxlxml2domconfigdata/fullvirt-acpi-slic.json
-+++ b/tests/libxlxml2domconfigdata/fullvirt-acpi-slic.json
-@@ -11,7 +11,7 @@
-         ],
-         "max_memkb": 592896,
-         "target_memkb": 403456,
--        "shadow_memkb": 5656,
-+        "shadow_memkb": 1234,
-         "sched_params": {
-         },
-         "apic": "True",
-diff --git a/tests/libxlxml2domconfigdata/fullvirt-cpuid-legacy-nest.json b/tests/libxlxml2domconfigdata/fullvirt-cpuid-legacy-nest.json
-index 6290655c20..740b82d2e6 100644
---- a/tests/libxlxml2domconfigdata/fullvirt-cpuid-legacy-nest.json
-+++ b/tests/libxlxml2domconfigdata/fullvirt-cpuid-legacy-nest.json
-@@ -11,7 +11,7 @@
-         ],
-         "max_memkb": 592896,
-         "target_memkb": 403456,
--        "shadow_memkb": 5656,
-+        "shadow_memkb": 1234,
-         "cpuid": [
-             {
-                 "leaf": 1,
-diff --git a/tests/libxlxml2domconfigdata/fullvirt-cpuid.json b/tests/libxlxml2domconfigdata/fullvirt-cpuid.json
-index 811a4f0ac7..8bf41894a5 100644
---- a/tests/libxlxml2domconfigdata/fullvirt-cpuid.json
-+++ b/tests/libxlxml2domconfigdata/fullvirt-cpuid.json
-@@ -11,7 +11,7 @@
-         ],
-         "max_memkb": 592896,
-         "target_memkb": 403456,
--        "shadow_memkb": 5656,
-+        "shadow_memkb": 1234,
-         "cpuid": [
-             {
-                 "leaf": 1,
-diff --git a/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json b/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json
-index 4a5b0ca65f..6f0daa065f 100644
---- a/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json
-+++ b/tests/libxlxml2domconfigdata/max-eventchannels-hvm.json
-@@ -15,7 +15,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "event_channels": 2047,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-diff --git a/tests/libxlxml2domconfigdata/max-gntframes-hvm.json b/tests/libxlxml2domconfigdata/max-gntframes-hvm.json
-index 2883d057ff..35de588abc 100644
---- a/tests/libxlxml2domconfigdata/max-gntframes-hvm.json
-+++ b/tests/libxlxml2domconfigdata/max-gntframes-hvm.json
-@@ -15,7 +15,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "max_grant_frames": 64,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-diff --git a/tests/libxlxml2domconfigdata/moredevs-hvm.json b/tests/libxlxml2domconfigdata/moredevs-hvm.json
-index 58cf32a8d4..bdc9afc29b 100644
---- a/tests/libxlxml2domconfigdata/moredevs-hvm.json
-+++ b/tests/libxlxml2domconfigdata/moredevs-hvm.json
-@@ -17,7 +17,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-         "sched_params": {
-diff --git a/tests/libxlxml2domconfigdata/multiple-ip.json b/tests/libxlxml2domconfigdata/multiple-ip.json
-index 2db98b82f6..e0b37aa795 100644
---- a/tests/libxlxml2domconfigdata/multiple-ip.json
-+++ b/tests/libxlxml2domconfigdata/multiple-ip.json
-@@ -14,7 +14,7 @@
-         ],
-         "max_memkb": 524288,
-         "target_memkb": 524288,
--        "shadow_memkb": 8192,
-+        "shadow_memkb": 1234,
-         "sched_params": {
- 
-         },
-diff --git a/tests/libxlxml2domconfigdata/variable-clock-hvm.json b/tests/libxlxml2domconfigdata/variable-clock-hvm.json
-index 9a25d51da2..3c131c603c 100644
---- a/tests/libxlxml2domconfigdata/variable-clock-hvm.json
-+++ b/tests/libxlxml2domconfigdata/variable-clock-hvm.json
-@@ -15,7 +15,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 12288,
-+        "shadow_memkb": 1234,
-         "rtc_timeoffset": 3600,
-         "localtime": "True",
-         "device_model_version": "qemu_xen",
-diff --git a/tests/libxlxml2domconfigdata/vnuma-hvm-legacy-nest.json b/tests/libxlxml2domconfigdata/vnuma-hvm-legacy-nest.json
-index 6cda8d0252..6725df9112 100644
---- a/tests/libxlxml2domconfigdata/vnuma-hvm-legacy-nest.json
-+++ b/tests/libxlxml2domconfigdata/vnuma-hvm-legacy-nest.json
-@@ -103,7 +103,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 14336,
-+        "shadow_memkb": 1234,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-         "sched_params": {
-diff --git a/tests/libxlxml2domconfigdata/vnuma-hvm.json b/tests/libxlxml2domconfigdata/vnuma-hvm.json
-index f578ccd3d3..2556c82d5f 100644
---- a/tests/libxlxml2domconfigdata/vnuma-hvm.json
-+++ b/tests/libxlxml2domconfigdata/vnuma-hvm.json
-@@ -103,7 +103,7 @@
-         "max_memkb": 1048576,
-         "target_memkb": 1048576,
-         "video_memkb": 8192,
--        "shadow_memkb": 14336,
-+        "shadow_memkb": 1234,
-         "device_model_version": "qemu_xen",
-         "device_model": "/bin/true",
-         "sched_params": {
--- 
-2.37.3
-

0002-virfile-Fix-build-with-glibc-2.36.patch

@@ -1,40 +0,0 @@
-From c0d9adf220dc0d223330a7bac37b174132d330ba Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Mon, 1 Aug 2022 15:24:01 -0400
-Subject: [PATCH] virfile: Fix build with glibc 2.36
-Content-type: text/plain
-
-With glibc 2.36, sys/mount.h and linux/mount.h conflict:
-https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
-
-virfile.c imports sys/mount.h and linux/fs.h, which pulls in
-linux/mount.h.
-
-Manually define the constants we need from linux/fs.h, like was
-done in llvm:
-
-https://reviews.llvm.org/rGb379129c4beb3f26223288627a1291739f33af02
-
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
----
- src/util/virfile.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/virfile.c b/src/util/virfile.c
-index 99da058db3..ce541b8946 100644
---- a/src/util/virfile.c
-+++ b/src/util/virfile.c
-@@ -71,7 +71,11 @@
- # endif
- # include <sys/ioctl.h>
- # include <linux/cdrom.h>
--# include <linux/fs.h>
-+/* These come from linux/fs.h, but that header conflicts with
-+ * sys/mount.h on glibc 2.36+ */
-+# define FS_IOC_GETFLAGS _IOR('f', 1, long)
-+# define FS_IOC_SETFLAGS _IOW('f', 2, long)
-+# define FS_NOCOW_FL 0x00800000
- #endif
- 
- #if WITH_LIBATTR

Makefile

@@ -0,0 +1,21 @@
+# Makefile for source rpm: libvirt
+# $Id$
+NAME := libvirt
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attempt a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)

branch

@@ -0,0 +1 @@
+F-13

libvirt-0.7.7-fix-slow-dsync.patch

@@ -0,0 +1,41 @@
+From e3c36a2575bc88a16d776693dc39ea01c780b406 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Tue, 16 Mar 2010 16:03:59 +0100
+Subject: [PATCH] Use fsync() at the end of file allocation instead of O_DSYNC
+
+Instead of opening storage file with O_DSYNC, make sure data are written
+to a disk only before we claim allocation has finished.
+---
+ src/storage/storage_backend.c |    9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
+index ec9fc43..7294a00 100644
+--- a/src/storage/storage_backend.c
++++ b/src/storage/storage_backend.c
+@@ -331,6 +331,13 @@ static int createRawFileOpHook(int fd, void *data) {
+                 goto cleanup;
+             }
+         }
++
++        if (fsync(fd) < 0) {
++            ret = errno;
++            virReportSystemError(errno, _("cannot sync data to file '%s'"),
++                                 hdata->vol->target.path);
++            goto cleanup;
++        }
+     }
+ 
+ cleanup:
+@@ -359,7 +366,7 @@ virStorageBackendCreateRaw(virConnectPtr conn ATTRIBUTE_UNUSED,
+     gid_t gid = (vol->target.perms.gid == -1) ? getgid() : vol->target.perms.gid;
+ 
+     if ((createstat = virFileOperation(vol->target.path,
+-                                       O_RDWR | O_CREAT | O_EXCL | O_DSYNC,
++                                       O_RDWR | O_CREAT | O_EXCL,
+                                        vol->target.perms.mode, uid, gid,
+                                        createRawFileOpHook, &hdata,
+                                        VIR_FILE_OP_FORCE_PERMS |
+-- 
+1.6.6.1
+

libvirt-0.7.7-fix-usb-product.patch

@@ -0,0 +1,233 @@
+From 3a441522017aa9c1b8b54d2ce4569d0f0d96fa72 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:36:56 -0500
+Subject: [PATCH] qemu: Add some debugging at domain startup
+
+---
+ src/qemu/qemu_driver.c |   24 +++++++++++++++++++++++-
+ 1 files changed, 23 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index f8ab545..040d645 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2695,6 +2695,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     FD_ZERO(&keepfd);
+ 
++    DEBUG0("Beginning VM startup process");
++
+     if (virDomainObjIsActive(vm)) {
+         qemuReportError(VIR_ERR_OPERATION_INVALID,
+                         "%s", _("VM is already active"));
+@@ -2703,22 +2705,27 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
++    DEBUG0("Generating domain security label (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainGenSecurityLabel &&
+         driver->securityDriver->domainGenSecurityLabel(vm) < 0)
+         return -1;
+ 
++    DEBUG0("Generating setting domain security labels (if required)");
+     if (driver->securityDriver &&
+         driver->securityDriver->domainSetSecurityAllLabel &&
+         driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
+         goto cleanup;
+ 
+-    /* Ensure no historical cgroup for this VM is lieing around bogus settings */
++    /* Ensure no historical cgroup for this VM is lying around bogus
++     * settings */
++    DEBUG0("Ensuring no historical cgroup is lying around");
+     qemuRemoveCgroup(driver, vm, 1);
+ 
+     if ((vm->def->ngraphics == 1) &&
+         vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
+         vm->def->graphics[0]->data.vnc.autoport) {
++        DEBUG0("Determining VNC port");
+         int port = qemudNextFreeVNCPort(driver);
+         if (port < 0) {
+             qemuReportError(VIR_ERR_INTERNAL_ERROR,
+@@ -2735,6 +2742,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Creating domain log file");
+     if ((logfile = qemudLogFD(driver, vm->def->name)) < 0)
+         goto cleanup;
+ 
+@@ -2751,14 +2759,17 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Determing emulator version");
+     if (qemudExtractVersionInfo(emulator,
+                                 NULL,
+                                 &qemuCmdFlags) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Setting up domain cgroup (if required)");
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
++    DEBUG0("Preparing host devices");
+     if (qemuPrepareHostDevices(driver, vm->def) < 0)
+         goto cleanup;
+ 
+@@ -2767,6 +2778,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
++    DEBUG0("Preparing monitor state");
+     if (qemuPrepareMonitorChr(driver, priv->monConfig, vm->def->name) < 0)
+         goto cleanup;
+ 
+@@ -2798,6 +2810,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+      * use in hotplug
+      */
+     if (qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE) {
++        DEBUG0("Assigning domain PCI addresses");
+         /* Populate cache with current addresses */
+         if (priv->pciaddrs) {
+             qemuDomainPCIAddressSetFree(priv->pciaddrs);
+@@ -2816,6 +2829,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         priv->persistentAddrs = 0;
+     }
+ 
++    DEBUG0("Building emulator command line");
+     vm->def->id = driver->nextvmid++;
+     if (qemudBuildCommandLine(conn, driver, vm->def, priv->monConfig,
+                               priv->monJSON, qemuCmdFlags, &argv, &progenv,
+@@ -2899,25 +2913,31 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (ret == -1) /* The VM failed to start */
+         goto cleanup;
+ 
++    DEBUG0("Waiting for monitor to show up");
+     if (qemudWaitForMonitor(driver, vm, pos) < 0)
+         goto abort;
+ 
++    DEBUG0("Detecting VCPU PIDs");
+     if (qemuDetectVcpuPIDs(driver, vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting CPU affinity");
+     if (qemudInitCpuAffinity(vm) < 0)
+         goto abort;
+ 
++    DEBUG0("Setting any required VM passwords");
+     if (qemuInitPasswords(conn, driver, vm, qemuCmdFlags) < 0)
+         goto abort;
+ 
+     /* If we have -device, then addresses are assigned explicitly.
+      * If not, then we have to detect dynamic ones here */
+     if (!(qemuCmdFlags & QEMUD_CMD_FLAG_DEVICE)) {
++        DEBUG0("Determining domain device PCI addresses");
+         if (qemuInitPCIAddresses(driver, vm) < 0)
+             goto abort;
+     }
+ 
++    DEBUG0("Setting initial memory amount");
+     qemuDomainObjEnterMonitorWithDriver(driver, vm);
+     if (qemuMonitorSetBalloon(priv->mon, vm->def->memory) < 0) {
+         qemuDomainObjExitMonitorWithDriver(driver, vm);
+@@ -2925,6 +2945,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     }
+ 
+     if (migrateFrom == NULL) {
++        DEBUG0("Starting domain CPUs");
+         /* Allow the CPUS to start executing */
+         if (qemuMonitorStartCPUs(priv->mon, conn) < 0) {
+             if (virGetLastError() == NULL)
+@@ -2937,6 +2958,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     qemuDomainObjExitMonitorWithDriver(driver, vm);
+ 
+ 
++    DEBUG0("Writing domain status to disk");
+     if (virDomainSaveStatus(driver->caps, driver->stateDir, vm) < 0)
+         goto abort;
+ 
+-- 
+1.6.6.1
+
+From 6d5c8a8f51db8ce97ab35ab6022dd5c94ab016b4 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 12:37:52 -0500
+Subject: [PATCH] qemu: Fix USB by product with security enabled
+
+We need to call PrepareHostdevs to determine the USB device path before
+any security calls. PrepareHostUSBDevices was also incorrectly skipping
+all USB devices.
+---
+ src/qemu/qemu_driver.c |   11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 040d645..b17d26d 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2360,7 +2360,7 @@ qemuPrepareHostUSBDevices(struct qemud_driver *driver ATTRIBUTE_UNUSED,
+ 
+         if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+             continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
++        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB)
+             continue;
+ 
+         /* Resolve a vendor/product to bus/device */
+@@ -2703,6 +2703,11 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+         return -1;
+     }
+ 
++    /* Must be run before security labelling */
++    DEBUG0("Preparing host devices");
++    if (qemuPrepareHostDevices(driver, vm->def) < 0)
++        goto cleanup;
++
+     /* If you are using a SecurityDriver with dynamic labelling,
+        then generate a security label for isolation */
+     DEBUG0("Generating domain security label (if required)");
+@@ -2769,10 +2774,6 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+     if (qemuSetupCgroup(driver, vm) < 0)
+         goto cleanup;
+ 
+-    DEBUG0("Preparing host devices");
+-    if (qemuPrepareHostDevices(driver, vm->def) < 0)
+-        goto cleanup;
+-
+     if (VIR_ALLOC(priv->monConfig) < 0) {
+         virReportOOMError();
+         goto cleanup;
+-- 
+1.6.6.1
+
+From 65e97240e6e4606820dd1c42ac172319e0af4d8d Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Mon, 22 Mar 2010 10:45:36 -0400
+Subject: [PATCH] security: selinux: Fix crash when releasing non-existent label
+
+This can be triggered by the qemuStartVMDaemon cleanup path if a
+VM references a non-existent USB device (by product) in the XML.
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/security/security_selinux.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 975b315..6680e2d 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -632,7 +632,8 @@ SELinuxReleaseSecurityLabel(virDomainObjPtr vm)
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
+-    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC)
++    if (secdef->type == VIR_DOMAIN_SECLABEL_STATIC ||
++        secdef->label == NULL)
+         return 0;
+ 
+     context_t con = context_new(secdef->label);
+-- 
+1.6.6.1
+

libvirt-0.7.7-set-kernel-perms.patch

@@ -0,0 +1,87 @@
+From 3f1aa08af6580c215d973bc6bf57f505dbf8b926 Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Fri, 12 Mar 2010 13:38:39 -0500
+Subject: [PATCH] security: Set permissions for kernel/initrd
+
+Fixes URL installs when running virt-install as root on Fedora.
+---
+ src/qemu/qemu_security_dac.c    |   21 +++++++++++++++++++++
+ src/security/security_selinux.c |   16 ++++++++++++++++
+ 2 files changed, 37 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu/qemu_security_dac.c b/src/qemu/qemu_security_dac.c
+index 6911f48..1883fbe 100644
+--- a/src/qemu/qemu_security_dac.c
++++ b/src/qemu/qemu_security_dac.c
+@@ -332,6 +332,15 @@ qemuSecurityDACRestoreSecurityAllLabel(virDomainObjPtr vm)
+                                                      vm->def->disks[i]) < 0)
+             rc = -1;
+     }
++
++    if (vm->def->os.kernel &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -356,6 +365,18 @@ qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        qemuSecurityDACSetOwnership(vm->def->os.kernel,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        qemuSecurityDACSetOwnership(vm->def->os.initrd,
++                                    driver->user,
++                                    driver->group) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index b2c8581..975b315 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -616,6 +616,14 @@ SELinuxRestoreSecurityAllLabel(virDomainObjPtr vm)
+             rc = -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.kernel) < 0)
++        rc = -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxRestoreSecurityFileLabel(vm->def->os.initrd) < 0)
++        rc = -1;
++
+     return rc;
+ }
+ 
+@@ -736,6 +744,14 @@ SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+             return -1;
+     }
+ 
++    if (vm->def->os.kernel &&
++        SELinuxSetFilecon(vm->def->os.kernel, default_content_context) < 0)
++        return -1;
++
++    if (vm->def->os.initrd &&
++        SELinuxSetFilecon(vm->def->os.initrd, default_content_context) < 0)
++        return -1;
++
+     return 0;
+ }
+ 
+-- 
+1.6.6.1
+

sources

@@ -1 +1 @@
-SHA512 (libvirt-8.6.0.tar.xz) = 6198ac33ea718045bfd12a2740d5a7fa70c754b1ecda7c0cad5791fbdf7311091587056254fde88ebe3c2f927a8fb56909fe4c3a115595854b18d3a704db73de
+5f315b0bf20e3964f7657ba1e630cd67  libvirt-0.7.7.tar.gz