From d00b5087e0a2323c0b5dfdaaa61deadda9205e41 Mon Sep 17 00:00:00 2001 From: Daniel P. Berrange Date: Oct 01 2013 15:34:35 +0000 Subject: Fix boot with Linux 3.11 kernel Signed-off-by: Daniel P. Berrange --- diff --git a/.gitignore b/.gitignore index f727ee0..578ba21 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ x86_64/ *.src.rpm .build*.log +*~ diff --git a/0001-Always-set-earlyprintk-kernel-arg.patch b/0001-Always-set-earlyprintk-kernel-arg.patch new file mode 100644 index 0000000..90fb2b5 --- /dev/null +++ b/0001-Always-set-earlyprintk-kernel-arg.patch @@ -0,0 +1,32 @@ +From 3f8e0892b012f6f94296d99ed5ac3340d53c7e4b Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Mon, 30 Sep 2013 15:13:06 +0100 +Subject: [PATCH] Always set earlyprintk kernel arg + +If the initrd fails and prints to stderr, this goes to /dev/null +unless earlyprintk is enabled. We always want to see initrd +errors, so we should always have earlyprintk set. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit b14ce17bb357d5b7f99562c91dafb521f6985b40) +--- + libvirt-sandbox/libvirt-sandbox-builder-machine.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c +index 6b9b506..fd945c7 100644 +--- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c ++++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c +@@ -204,10 +204,10 @@ static gchar *gvir_sandbox_builder_machine_cmdline(GVirSandboxConfig *config G_G + gchar *tmp; + + /* Now kernel args */ +- g_string_append(str, " console=ttyS0"); ++ g_string_append(str, " console=ttyS0 earlyprintk=ttyS0"); + if (getenv("LIBVIRT_SANDBOX_DEBUG") && + g_str_equal(getenv("LIBVIRT_SANDBOX_DEBUG"), "2")) +- g_string_append(str, " debug loglevel=10 earlyprintk=ttyS0"); ++ g_string_append(str, " debug loglevel=10"); + else + g_string_append(str, " quiet loglevel=0"); + diff --git a/0002-Don-t-overmount-root-in-QEMU-sandboxes.patch b/0002-Don-t-overmount-root-in-QEMU-sandboxes.patch new file mode 100644 index 0000000..be9ff8b --- /dev/null +++ b/0002-Don-t-overmount-root-in-QEMU-sandboxes.patch @@ -0,0 +1,27 @@ +From 03f5a7eca1dd77a00cf51c9675ebfb6d5d2a1164 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 1 Oct 2013 13:51:34 +0100 +Subject: [PATCH] Don't overmount '/root' in QEMU sandboxes + +If the user wants to replace '/root' they can do that +explicitly. Don't overmount it ourselves. This fixes +an inconsistency between LXC & QEMU setups. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 6ae67143e69f435b564164bfa67a174be7bc9702) +--- + libvirt-sandbox/libvirt-sandbox-init-qemu.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +index f09c6d9..079f83f 100644 +--- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c ++++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +@@ -284,7 +284,6 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) + /* Main special filesystems */ + mount_other("/dev", "tmpfs", 0755); + mount_other_opts("/dev/pts", "devpts", "gid=5,mode=620,ptmxmode=000", 0755); +- mount_other("/root", "tmpfs", 0755); + mount_other("/sys", "sysfs", 0755); + mount_other("/proc", "proc", 0755); + //mount_other("/selinux", "selinuxfs", 0755); diff --git a/0003-Fix-inverted-strcmp-test-in-mount-options-for-QEMU.patch b/0003-Fix-inverted-strcmp-test-in-mount-options-for-QEMU.patch new file mode 100644 index 0000000..4858976 --- /dev/null +++ b/0003-Fix-inverted-strcmp-test-in-mount-options-for-QEMU.patch @@ -0,0 +1,28 @@ +From 031ffd3124ece5e14e210bde5b437032f5bf2913 Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 1 Oct 2013 13:52:36 +0100 +Subject: [PATCH] Fix inverted strcmp test in mount options for QEMU + +The QEMU init binary intended to set nosuid & nodev on any +tmpfs filesystem. Due to a backwards strcmp test, it set +those flaws on everything except tmpfs. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 8234b949106190f7df4c5b500c1520611eb8a603) +--- + libvirt-sandbox/libvirt-sandbox-init-qemu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +index 079f83f..b7e4c6f 100644 +--- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c ++++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +@@ -382,7 +382,7 @@ main(int argc ATTR_UNUSED, char **argv ATTR_UNUSED) + else + mount_mkfile(target, 644); + } else { +- if (strcmp(type, "tmpfs")) ++ if (strcmp(type, "tmpfs") == 0) + flags |= MS_NOSUID | MS_NODEV; + + mount_mkdir(target, 0755); diff --git a/0004-Force-9p-version-to-version-9p2000.u.patch b/0004-Force-9p-version-to-version-9p2000.u.patch new file mode 100644 index 0000000..41a3455 --- /dev/null +++ b/0004-Force-9p-version-to-version-9p2000.u.patch @@ -0,0 +1,48 @@ +From b20c8945af5a5ce248c2acd895be2812965fd6bd Mon Sep 17 00:00:00 2001 +From: "Daniel P. Berrange" +Date: Tue, 1 Oct 2013 13:54:10 +0100 +Subject: [PATCH] Force 9p version to version=9p2000.u + +With 9p version=9p2000.L, we tickle two bugs in QEMU's code. + +One breaks most calls with ENODEV on FS_IOC_GETVERSION ioctls. + +The other breaks xattr checks due to inverted errno. + +In addition with 9p2000.L we see extra permission checks +on dirs, which prevents the guest from over-mounting dirs +like /root that are restricted on the user running QEMU. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit f4087aa0e993f59772d3bda53038888af7f43b5e) +--- + libvirt-sandbox/libvirt-sandbox-builder-machine.c | 2 +- + libvirt-sandbox/libvirt-sandbox-init-qemu.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c +index fd945c7..db5ceaa 100644 +--- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c ++++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c +@@ -274,7 +274,7 @@ static gboolean gvir_sandbox_builder_machine_write_mount_cfg(GVirSandboxConfig * + if (GVIR_SANDBOX_IS_CONFIG_MOUNT_HOST_BIND(mconfig)) { + source = g_strdup_printf("sandbox:mount%zu", nHostBind++); + fstype = "9p"; +- options = g_strdup("trans=virtio"); ++ options = g_strdup("trans=virtio,version=9p2000.u"); + } else if (GVIR_SANDBOX_IS_CONFIG_MOUNT_HOST_IMAGE(mconfig)) { + source = g_strdup_printf("vd%c", (char)('a' + nHostImage++)); + fstype = "ext3"; +diff --git a/libvirt-sandbox/libvirt-sandbox-init-qemu.c b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +index b7e4c6f..f72148a 100644 +--- a/libvirt-sandbox/libvirt-sandbox-init-qemu.c ++++ b/libvirt-sandbox/libvirt-sandbox-init-qemu.c +@@ -165,7 +165,7 @@ mount_9pfs(const char *src, const char *dst, int mode, int readonly) + if (readonly) + flags |= MS_RDONLY; + +- if (mount(src, dst, "9p", flags, "trans=virtio") < 0) { ++ if (mount(src, dst, "9p", flags, "trans=virtio,version=9p2000.u") < 0) { + fprintf(stderr, "libvirt-sandbox-init-qemu: %s: cannot mount %s on %s (9p): %s\n", + __func__, src, dst, strerror(errno)); + exit_poweroff(); diff --git a/0005-S-is-not-supported-by-virt-sandbox.patch b/0005-S-is-not-supported-by-virt-sandbox.patch new file mode 100644 index 0000000..b6c46b2 --- /dev/null +++ b/0005-S-is-not-supported-by-virt-sandbox.patch @@ -0,0 +1,25 @@ +From 2844b51b153cd326246a1ba155be1df743034f2d Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Thu, 15 Aug 2013 07:56:46 -0400 +Subject: [PATCH] -S is not supported by virt-sandbox + +-S option has been removed from virt-sandbox, should be removed from man page. + +(cherry picked from commit 43f348a9a8d96dfa145a7883bed9fc6b1deca683) +--- + bin/virt-sandbox.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/bin/virt-sandbox.c b/bin/virt-sandbox.c +index b51465d..f6c011b 100644 +--- a/bin/virt-sandbox.c ++++ b/bin/virt-sandbox.c +@@ -263,8 +263,6 @@ virt-sandbox - Run cmd under a virtual machine sandbox + + virt-sandbox [OPTIONS...] COMMAND [CMDARG1 [CMDARG2 [...]]] + +-virt-sandbox [OPTIONS...] -S +- + =head1 DESCRIPTION + + Run the C application within a tightly confined virtual machine. The diff --git a/libvirt-sandbox.spec b/libvirt-sandbox.spec index 3817488..5e4c26a 100644 --- a/libvirt-sandbox.spec +++ b/libvirt-sandbox.spec @@ -15,12 +15,17 @@ Name: libvirt-sandbox Version: 0.5.0 -Release: 1%{?dist}%{?extra_release} +Release: 2%{?dist}%{?extra_release} Summary: libvirt application sandbox framework Group: Development/Tools License: LGPLv2+ URL: http://libvirt.org/ Source0: ftp://libvirt.org/libvirt/sandbox/%{name}-%{version}.tar.gz +Patch1: 0001-Always-set-earlyprintk-kernel-arg.patch +Patch2: 0002-Don-t-overmount-root-in-QEMU-sandboxes.patch +Patch3: 0003-Fix-inverted-strcmp-test-in-mount-options-for-QEMU.patch +Patch4: 0004-Force-9p-version-to-version-9p2000.u.patch +Patch5: 0005-S-is-not-supported-by-virt-sandbox.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libvirt-gobject-devel >= 0.1.7 BuildRequires: gobject-introspection-devel @@ -68,6 +73,11 @@ the libvirt sandbox %prep %setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build @@ -130,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/gtk-doc/html/Libvirt-sandbox %changelog +* Tue Oct 1 2013 Daniel P. Berrange - 0.5.0-2 +- Fix boot with Linux 3.11 kernel + * Thu Aug 1 2013 Daniel P. Berrange - 0.5.0-1 - Update to 0.5.0 release diff --git a/update-patches.pl b/update-patches.pl new file mode 100755 index 0000000..d758c2c --- /dev/null +++ b/update-patches.pl @@ -0,0 +1,110 @@ +#!/usr/bin/perl +# +# Update the local patches and RPM spec with patches from +# an upstream tree with matching branch name. +# +# For example +# +# - Checkout upstream GIT repo for libvirt-sandbox +# - Create a branch name matching current RHEL (eg rhel-6.4) +# - Populate the branch by cherry-picking patches from master +# +# This script will then +# +# - Setup the upstream GIT repo as a remote named 'upstream' +# - Extract version number from RPM spec +# - Look for a tag 'v$VERSION' in upstream GIT +# - Run 'git format-patches v$VERSION..upstream/rhel-6.4' +# - Re-write the RPM spec to update all PatchNNN and %patchNNN lines +# +# The only manual step required is to fill in the changelog +# + + +use strict; +use warnings; + +my $gitupstream = "git://libvirt.org/libvirt-sandbox.git"; +my $rpmspec = "libvirt-sandbox.spec"; + +open SPEC, "$rpmspec" or die "cannot read $rpmspec: $!"; +my @spec = ; +close SPEC; + +my $version; + +foreach my $line (@spec) { + if ($line =~ /^Version:\s*(\S+)\s*$/) { + $version = $1; + } +} + +die "cannot find Version: line in RPM spec" + unless $version; + +my $gittag = "v" . $version; +my $gitbranch = $gittag . "-maint"; + +my $haveupstream; + +open GIT, "-|", "git", "remote" or die "cannot run git remote: $!"; +while () { + if (/upstream/) { + $haveupstream = 1; + } +} + +close GIT; + +unless ($haveupstream) { + `git remote add upstream $gitupstream`; +} + +`git fetch upstream`; + + +$haveupstream = 0; + +open GIT, "-|", "git", "branch", "-a" or die "cannot find git branch -a: $!"; +while () { + if (m,upstream/$gitbranch,) { + $haveupstream = 1; + } +} +close GIT; + +die "cannot find upstream/$gitbranch" unless $haveupstream; + +`git format-patch --no-signature -N $gittag..upstream/$gitbranch`; + +opendir DH, "." or die "cannot read current directory: $!"; + +my @patches + = grep { + /^\d\d\d.*\.patch/ + } readdir(DH); + +closedir DH; + +@patches = sort @patches; + +open SPEC, ">$rpmspec" or die "cannot update $rpmspec: $!"; + +foreach my $line (@spec) { + print SPEC $line unless $line =~ /(Patch|%patch)/; + + my $i; + if ($line =~ /Source0/) { + for ($i = 0 ; $i <= $#patches ; $i++) { + printf SPEC "Patch%d: %s\n", $i+1, $patches[$i]; + } + } elsif ($line =~ /%setup/) { + for ($i = 0 ; $i <= $#patches ; $i++) { + printf SPEC "%%patch%d -p1\n", $i+1; + } + } +} + +close SPEC or die "cannot save $rpmspec: $!"; + +`git add *.patch $rpmspec`;