[xen] Change udev tap rule to avoid problems in openvpn, avoid a setuid in xend if it isn't needed
myoung
myoung at fedoraproject.org
Sun Apr 15 17:08:36 UTC 2012
commit 02851a12eaeb6380431b4d09a8be8b2075f179e1
Author: Michael Young <m.a.young at durham.ac.uk>
Date: Sun Apr 15 18:05:46 2012 +0100
Change udev tap rule to avoid problems in openvpn, avoid a setuid in xend if it isn't needed
xen-backend.rules.patch | 8 ++++++++
xen.spec | 10 +++++++++-
xend.selinux.setuid.patch | 12 ++++++++++++
3 files changed, 29 insertions(+), 1 deletions(-)
---
diff --git a/xen-backend.rules.patch b/xen-backend.rules.patch
new file mode 100644
index 0000000..76a36b1
--- /dev/null
+++ b/xen-backend.rules.patch
@@ -0,0 +1,8 @@
+--- xen-4.1.2/tools/hotplug/Linux/xen-backend.rules.orig 2011-10-20 18:05:42.000000000 +0100
++++ xen-4.1.2/tools/hotplug/Linux/xen-backend.rules 2012-04-15 17:08:24.774955932 +0100
+@@ -13,4 +13,4 @@
+ KERNEL=="gntdev", NAME="xen/%k", MODE="0600"
+ KERNEL=="pci_iomul", NAME="xen/%k", MODE="0600"
+ KERNEL=="tapdev[a-z]*", NAME="xen/blktap-2/tapdev%m", MODE="0600"
+-SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
++SUBSYSTEM=="net", KERNEL=="tap[0-9]*.[0-9]*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
diff --git a/xen.spec b/xen.spec
index 3baaf4a..cd8f819 100644
--- a/xen.spec
+++ b/xen.spec
@@ -20,7 +20,7 @@
Summary: Xen is a virtual machine monitor
Name: xen
Version: 4.1.2
-Release: 14%{?dist}
+Release: 15%{?dist}
Group: Development/Libraries
License: GPLv2+ and LGPLv2+ and BSD
URL: http://xen.org/
@@ -72,6 +72,8 @@ Patch34: xend.catchbt.patch
Patch35: xend-pci-loop.patch
Patch36: localgcc47fix.patch
Patch37: qemu-xen-4.1-testing.git-3cf61880403b4e484539596a95937cc066243388.patch
+Patch38: xen-backend.rules.patch
+Patch39: xend.selinux.setuid.patch
Patch50: upstream-23936:cdb34816a40a-rework
Patch51: upstream-23937:5173834e8476
@@ -235,6 +237,8 @@ manage Xen virtual machines.
%patch35 -p1
%patch36 -p1
%patch37 -p1
+%patch38 -p1
+%patch39 -p1
%patch50 -p1
%patch51 -p1
@@ -697,6 +701,10 @@ rm -rf %{buildroot}
%endif
%changelog
+* Sun Apr 15 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.2-15
+- Make the udev tap rule more specific as it breaks openvpn (#812421)
+- don't try setuid in xend if we don't need to so selinux is happier
+
* Sat Mar 31 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.2-14
- /var/lib/xenstored mount has wrong selinux permissions in latest Fedora
- load xen-acpi-processor module (kernel 3.4 onwards) if present
diff --git a/xend.selinux.setuid.patch b/xend.selinux.setuid.patch
new file mode 100644
index 0000000..902b960
--- /dev/null
+++ b/xend.selinux.setuid.patch
@@ -0,0 +1,12 @@
+--- xen-4.1.2/tools/python/xen/xend/server/SrvDaemon.py.orig 2012-04-15 17:17:50.167887550 +0100
++++ xen-4.1.2/tools/python/xen/xend/server/SrvDaemon.py 2012-04-15 17:31:13.648842655 +0100
+@@ -325,7 +325,8 @@
+ def set_user(self):
+ # Set the UID.
+ try:
+- os.setuid(pwd.getpwnam(XEND_USER)[2])
++ if XEND_USER != "root":
++ os.setuid(pwd.getpwnam(XEND_USER)[2])
+ return 0
+ except KeyError:
+ print >>sys.stderr, "Error: no such user '%s'" % XEND_USER
More information about the scm-commits
mailing list