[gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/files/, app-emulation/libvirt/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/files/, app-emulation/libvirt/
Date: Sun,  7 Jul 2024 07:39:23 +0000 (UTC)	[thread overview]
Message-ID: <1720337910.be9b86298e8627bd14928f0b61ef0b32148d90a8.sam@gentoo> (raw)

commit:     be9b86298e8627bd14928f0b61ef0b32148d90a8
Author:     Michal Privoznik <michal.privoznik <AT> gmail <DOT> com>
AuthorDate: Sun Jul  7 05:40:13 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul  7 07:38:30 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be9b8629

app-emulation/libvirt: Backport AppArmor fix

When AppArmor is enabled and sys-firmware/edk2-ovmf-bin is
installed then starting a guest under libvirt fails, because
libvirt assumed different paths for UEFI. A fix was merged
upstream so backport it.

Resolves: https://bugs.gentoo.org/911786
Signed-off-by: Michal Privoznik <michal.privoznik <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...per-Allow-RO-access-to-usr-share-edk2-ovm.patch | 33 ++++++++++++++++++++++
 ...t-10.0.0-r2.ebuild => libvirt-10.0.0-r3.ebuild} |  1 +
 ...t-10.1.0-r1.ebuild => libvirt-10.1.0-r2.ebuild} |  1 +
 ...virt-10.2.0.ebuild => libvirt-10.2.0-r1.ebuild} |  1 +
 ...t-10.3.0-r1.ebuild => libvirt-10.3.0-r2.ebuild} |  1 +
 ...irt-9.8.0-r2.ebuild => libvirt-9.8.0-r3.ebuild} |  1 +
 ...irt-9.9.0-r2.ebuild => libvirt-9.9.0-r3.ebuild} |  1 +
 7 files changed, 39 insertions(+)

diff --git a/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch b/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
new file mode 100644
index 000000000000..ed41fccddbe6
--- /dev/null
+++ b/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
@@ -0,0 +1,33 @@
+From 893800be49d2d58f78c96e4f06d9f24188cb8946 Mon Sep 17 00:00:00 2001
+Message-ID: <893800be49d2d58f78c96e4f06d9f24188cb8946.1720330325.git.mprivozn@redhat.com>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 4 Jul 2024 13:07:47 +0200
+Subject: [PATCH] virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf
+
+When binary version of edk2 is distributed, the files reside
+under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild
+[1]. Allow virt-aa-helper to generate paths under that dir.
+
+1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild
+Resolves: https://bugs.gentoo.org/911786
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/security/virt-aa-helper.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
+index 402cbd9602..a3f85d26b0 100644
+--- a/src/security/virt-aa-helper.c
++++ b/src/security/virt-aa-helper.c
+@@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly)
+         "/initrd",
+         "/initrd.img",
+         "/usr/share/edk2/",
++        "/usr/share/edk2-ovmf/",             /* for OVMF images */
+         "/usr/share/OVMF/",                  /* for OVMF images */
+         "/usr/share/ovmf/",                  /* for OVMF images */
+         "/usr/share/AAVMF/",                 /* for AAVMF images */
+-- 
+2.44.2
+

diff --git a/app-emulation/libvirt/libvirt-10.0.0-r2.ebuild b/app-emulation/libvirt/libvirt-10.0.0-r3.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-10.0.0-r2.ebuild
rename to app-emulation/libvirt/libvirt-10.0.0-r3.ebuild
index 6ef0ed221ed8..311baf701f72 100644
--- a/app-emulation/libvirt/libvirt-10.0.0-r2.ebuild
+++ b/app-emulation/libvirt/libvirt-10.0.0-r3.ebuild
@@ -154,6 +154,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch
 	"${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
 	"${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 python_check_deps() {

diff --git a/app-emulation/libvirt/libvirt-10.1.0-r1.ebuild b/app-emulation/libvirt/libvirt-10.1.0-r2.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-10.1.0-r1.ebuild
rename to app-emulation/libvirt/libvirt-10.1.0-r2.ebuild
index f3cc8929a599..01f7155ea228 100644
--- a/app-emulation/libvirt/libvirt-10.1.0-r1.ebuild
+++ b/app-emulation/libvirt/libvirt-10.1.0-r2.ebuild
@@ -153,6 +153,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch
 	"${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch
 	"${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 python_check_deps() {

diff --git a/app-emulation/libvirt/libvirt-10.2.0.ebuild b/app-emulation/libvirt/libvirt-10.2.0-r1.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-10.2.0.ebuild
rename to app-emulation/libvirt/libvirt-10.2.0-r1.ebuild
index b02aa7c5b956..50ade39e29f4 100644
--- a/app-emulation/libvirt/libvirt-10.2.0.ebuild
+++ b/app-emulation/libvirt/libvirt-10.2.0-r1.ebuild
@@ -152,6 +152,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.4.0-fix_paths_in_libvirt-guests_sh.patch
 	"${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch
 	"${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 python_check_deps() {

diff --git a/app-emulation/libvirt/libvirt-10.3.0-r1.ebuild b/app-emulation/libvirt/libvirt-10.3.0-r2.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-10.3.0-r1.ebuild
rename to app-emulation/libvirt/libvirt-10.3.0-r2.ebuild
index d632f3bc2d3e..5ece4b388fa7 100644
--- a/app-emulation/libvirt/libvirt-10.3.0-r1.ebuild
+++ b/app-emulation/libvirt/libvirt-10.3.0-r2.ebuild
@@ -153,6 +153,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch
 	"${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch
 	"${FILESDIR}"/${PN}-10.3.0-vsh-Don-t-init-history-in-cmdComplete.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 python_check_deps() {

diff --git a/app-emulation/libvirt/libvirt-9.8.0-r2.ebuild b/app-emulation/libvirt/libvirt-9.8.0-r3.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-9.8.0-r2.ebuild
rename to app-emulation/libvirt/libvirt-9.8.0-r3.ebuild
index 500ab7f572ad..768b73c23918 100644
--- a/app-emulation/libvirt/libvirt-9.8.0-r2.ebuild
+++ b/app-emulation/libvirt/libvirt-9.8.0-r3.ebuild
@@ -149,6 +149,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch
 	"${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
 	"${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 pkg_setup() {

diff --git a/app-emulation/libvirt/libvirt-9.9.0-r2.ebuild b/app-emulation/libvirt/libvirt-9.9.0-r3.ebuild
similarity index 99%
rename from app-emulation/libvirt/libvirt-9.9.0-r2.ebuild
rename to app-emulation/libvirt/libvirt-9.9.0-r3.ebuild
index 684c0dc7afe2..084fd6e3b72a 100644
--- a/app-emulation/libvirt/libvirt-9.9.0-r2.ebuild
+++ b/app-emulation/libvirt/libvirt-9.9.0-r3.ebuild
@@ -150,6 +150,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch
 	"${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch
 	"${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch
+	"${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch
 )
 
 pkg_setup() {

next             reply	other threads:[~2024-07-07  7:39 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-07  7:39 Sam James [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-09-21 22:28 [gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/files/, app-emulation/libvirt/ John Helmert III
2024-05-10  7:54 Joonas Niilola
2023-11-22 11:38 Sam James
2023-10-04 17:46 Matthias Maier
2023-07-12  9:17 Sam James
2023-06-24  1:42 Sam James
2023-06-21 21:48 Matthias Maier
2023-05-10 19:42 Sam James
2023-03-21 19:19 Sam James
2023-03-21 19:19 Sam James
2022-10-28 19:15 Sam James
2022-04-03  4:36 Sam James
2022-03-08 13:18 Sam James
2022-01-25 12:33 Matthias Maier
2022-01-04 16:43 Matthias Maier
2021-12-08 21:14 Matthias Maier
2021-06-10 14:41 Matthias Maier
2021-04-20 14:10 Matthias Maier
2020-12-08 22:56 Sergei Trofimovich
2020-10-07 15:43 Matthias Maier
2020-10-01 23:47 Matthias Maier
2020-09-05  7:54 Joonas Niilola
2020-07-21 18:11 Marek Szuba
2020-04-11  1:54 Matthias Maier
2020-04-05 17:19 Matthias Maier
2019-08-30 16:09 Matthias Maier
2019-08-01 14:28 Matthias Maier
2019-05-09 19:33 William Hubbs
2019-03-17  7:27 Matthias Maier
2019-01-25 16:28 Matthias Maier
2019-01-13  2:18 Matthias Maier
2018-11-04  5:13 Matthias Maier
2018-03-24  2:25 Matthias Maier
2018-03-23 14:06 Matthias Maier
2018-03-14 18:18 Matthias Maier
2018-02-12 22:48 Matthias Maier
2018-01-30 17:55 Matthias Maier
2018-01-30 17:08 Matthias Maier
2018-01-30 17:08 Matthias Maier
2017-12-07 16:08 Matthias Maier
2017-11-15  0:22 Matthias Maier
2017-11-12 19:36 Matthias Maier
2017-10-25 19:48 Matthias Maier
2017-06-03 15:18 Matthias Maier
2017-03-04 21:39 Matthias Maier
2017-03-04 21:27 Matthias Maier
2017-01-22 18:36 Matthias Maier
2017-01-22 16:28 Matthias Maier
2016-07-09 21:01 Matthias Maier
2016-06-30 21:40 Matthias Maier
2016-06-30 16:18 Matthias Maier
2016-03-14 21:20 Doug Goldstein
2016-02-03  4:15 Matthias Maier
2015-12-26 23:02 Matthias Maier
2015-12-04  6:17 Matthias Maier
2015-10-03 18:16 Matthias Maier

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ed41fccddbe dfblob:6ef0ed221ed dfblob:311baf701f7
dfblob:f3cc8929a59 dfblob:01f7155ea22 dfblob:b02aa7c5b95
dfblob:50ade39e29f dfblob:d632f3bc2d3 dfblob:5ece4b388fa
dfblob:500ab7f572a dfblob:768b73c2391 dfblob:684c0dc7afe
dfblob:084fd6e3b72 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: app-emulation/libvirt/files/, app-emulation/libvirt/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1720337910.be9b86298e8627bd14928f0b61ef0b32148d90a8.sam@gentoo \
    --to=sam@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox