7.128. libvirt

Updated libvirt packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Bug Fixes

BZ#908836
The AMD family 15h processors CPU architecture consists of "modules", which are represented both as separate cores and separate threads. Management applications needed to choose between one of the approaches, and libvirt did not provide enough information to do this. Management applications were not able to represent the modules in an AMD family 15h processors core according to their needs. The capabilities XML output now contains more information about the processor topology, so that the management applications can extract the information they need.
BZ#913624
When auto-port and port were not specified, but the tlsPort attribute was set to "-1", the tlsPort parameter specified in the QEMU command line was set to "1" instead of a valid port. Consequently, QEMU failed, because it was unable to bind a socket on the port. This update replaces the current QEMU driver code for managing port reservations with the new virPortAllocator APIs, and QEMU is able to bind a socket on the port.
BZ#915344
Previously, libvirtd was unable to execute an s3/s4 operation for a Microsoft Windows guest which ran the guest agent service. Consequently, this resulted in a "domain s4 fail" error message, due to the domain being destroyed. With this update, the guest is destroyed successfully and the libvirtd service no longer crashes.
BZ#915347
When a VM was saved into a compressed file and decompression of that file failed while libvirt was trying to resume the VM, libvirt removed the VM from the list of running VMs, but did not remove the corresponding QEMU process. With this update, the QEMU process is killed in such cases. Moreover, non-fatal decompression errors are now ignored and a VM can be successfully resumed if such an error occurs.
BZ#915348
Python bindings for libvirt contained incorrect implementation of getDomain() and getConnect() methods in virDomainSnapshot class. Consequently, the Python client terminated unexpectedly with a segmentation fault. Python bindings now provide proper domain() and connect() accessors that fetch Python objects stored internally within virDomainSnapshot instance and crashes no longer occur.
BZ#915349
Previously, libvirt added a cache of storage file backing chains, rather than rediscovering the backing chain details on every operation. This cache was then used to decide which files to label for sVirt, but when libvirt switched over to use the cache, the code only populated when cgroups were in use. On setups that did not use cgroups, due to the lack of backing chain cache information, sVirt was unable to properly label backing chain files, which caused a regression observed by guests being prevented from running. Now, populating the cache was moved earlier, to be independent of cgroups, the cache results in more efficient sVirt operations, and now works whether or not cgroups are in effect.
BZ#915353
Occasionally, when users ran multiple virsh create/destroy loops, a race condition could have occurred and libvirtd terminated unexpectedly with a segmentation fault. False error messages regarding the domain having already been destroyed to the caller also occurred. With this update, the outlined script is run and completes without libvirtd crashing.
BZ#915354
Previously, libvirt followed relative backing chains differently than QEMU. This resulted in missing sVirt permissions when libvirt could not follow the chain. With this update, relative backing files are now treated identically in libvirt and QEMU, and VDSM use of relative backing files functions properly.
BZ#915363
Previously, libvirt reported raw QEMU errors when snapshots failed, and the error message provided was confusing. With this update, libvirt now gives a clear error message when QEMU is not capable of snapshots, which enables more informative handling of the situation.
BZ#917063
Previously, libvirt was not tolerant of missing unpriv_sgio support in running kernel even though it was not necessary. After upgrading the host system to Red Hat Enterprise Linux 6.4, users were unable to start domains using shareable block disk devices unless they rebooted the host into the new kernel. The check for unpriv_sgio support is only performed when it is really needed, and libvirt is now able to start all domains that do not strictly require unpriv_sgio support regardless of host kernel support for it.
BZ#918754
When asked to create a logical volume with zero allocation, libvirt ran lvcreate to create a volume with no extends, which is not permitted. Creation of logical volumes with zero allocation failed and libvirt returned an error message that did not mention the real error. Now, rather than asking for no extends, libvirt tries to create the volume with a minimal number of extends. The code is also fixed to provide the real error message should the volume creation process fail. Logical volumes with zero allocation can now be successfully created using libvirt.
BZ#919504
Previously, when users started the guest with a sharable block CD-Rom, libvirtd failed unexpectedly due to accessing memory that was already freed. This update addresses the aforementioned issue, and libvirtd no longer crashes in the described scenario.
BZ#922095
Various memory leaks in libvirtd were discovered when users ran Coverity and Valgrind leak detection tools. This update addresses these issues, and libvirtd no longer leaks memory in the described scenario.

Enhancement

BZ#915352
This update adds support for ram_size settings to the QXL device. When using multiple heads in one PCI device, the device needed more RAM assigned. Now, the memory of the RAM bar size is set larger than the default size and libvirt can drive multi-head QXL.
Users of libvirt are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the updated packages, libvirtd will be restarted automatically.
Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
The libvirt packages provide the libvirt library which is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Note

The libvirt packages have been upgraded to upstream version 0.10.2, which provides a number of bug fixes and enhancements over the previous version, such as support for Open vSwitch, a new API for detailed CPU statistics, improved support of LXC method including the sVirt technology, improvements of the virsh edit command, improved APIs for listing various objects and support for pinning and tuning emulator threads. (BZ#836934)

Security Fixes

CVE-2012-3411
It was discovered that libvirt made certain invalid assumptions about dnsmasq's command line options when setting up DNS masquerading for virtual machines, resulting in dnsmasq incorrectly processing network packets from network interfaces that were intended to be prohibited. This update includes the changes necessary to call dnsmasq with a new command line option, which was introduced to dnsmasq via RHSA-2013:0277.
In order for libvirt to be able to make use of the new command line option (--bind-dynamic), updated dnsmasq packages need to be installed. Refer to RHSA-2013:0277 for additional information.

Bug Fixes

BZ#794523
The libvirt library was issuing the PAUSED event before the QEMU processor emulator really paused. Consequently, a domain could be reported as paused before it was actually paused, which could confuse a management application using the libvirt library. With this update, the PAUSED event is started after QEMU is stopped on a monitor and the management application is no longer confused by libvirt.
BZ#797279, BZ#808980, BZ#869557
The fixed limit for the maximum size of an RPC message that could be sent between the libvirtd daemon and a client, such as the virsh utility, was 65536 bytes. However, this limit was not always sufficient and messages that were longer than that could be dropped, leaving a client unable to fetch important data. With this update, the buffer for incoming messages has been made dynamic and both sides, a client and libvirtd, now allocate as much memory as is needed for a given message, thus allowing to send much bigger messages.
BZ#807996
Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirtd daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected.
BZ#814664
Previously, multiple libvirt API calls were needed to determine the full list of guests on a host controlled by the libvirt library. Consequently, a race condition could occur when a guest changed its state between two calls that were needed to enumerate started and stopped guests. This behavior caused the guest to disappear from both of the lists, because the time of enumeration was not considered to be a part of the lists. This update adds a new API function allowing to gather the guest list in one call while the driver is locked. This guarantees that no guest changes its state before the list is gathered so that guests no longer disappear in the described scenario.
BZ#818467
Previously, libvirt did not report many useful error messages that were returned by external programs such as QEMU and only reported a command failure. Consequently, certain problems, whose cause or resolution could be trivial to discover by looking at the error output, were difficult to diagnose. With this update, if any external command run by libvirt exits with a failure, its standard error output is added to the system log as a libvirt error. As a result, problems are now easier to diagnose, because better information is available.
BZ#823716
Closing a file descriptor multiple times could, under certain circumstances, lead to a failure to execute the qemu-kvm binary. As a consequence, a guest failed to start. A patch has been applied to address this issue, so that the guest now starts successfully.
BZ#825095
Prior to this update, libvirt used an unsuitable detection procedure to detect NUMA and processor topology of a system. Consequently, topology of some advanced multi-processor systems was detected incorrectly and management applications could not utilize the full potential of the system. Now, the detection has been improved and the topology is properly recognized even on modern systems.
BZ#825820
Previously, the libvirt library had hooks for calling a user-written script when a guest was started or stopped, but had no hook to call a script for each guest when the libvirtd daemon itself was restarted. Consequently, certain custom setups that required extra operations not directly provided by libvirt could fail when libvirtd was restarted. For example, packet forwarding rules installed to redirect incoming connections to a particular guest could be overridden by libvirt's refresh of its own iptables packet forwarding rules, breaking the connection forwarding that had been set up. This update improves libvirt with a new reconnect hook; the QEMU hook script is called with a type of reconnect for every active guest each time libvirtd is restarted. Users can now write scripts to recognize the reconnect event, and for example reload the user-supplied iptables forwarding rules when this event occurs. As a result, incoming connections continue to be forwarded correctly, even when libvirtd is restarted.
BZ#828729
On certain NUMA architectures, libvirt failed to process and expose the NUMA topology, sometimes leading to performance degradation. With this update, libvirt can parse and expose the NUMA topology on such machines and makes the correct CPU placement, thus avoiding performance degradation.
BZ#831877
The virsh undefine command supports deleting volumes associated with a domain. When using this command, the volumes are passed as additional arguments and if the user adds any trailing string after the basic command, the string is interpreted as a volume to be deleted. Previously, the volumes were checked after the guest was deleted, which could lead to user's errors. With this update, the check of the volume arguments is performed before the deleting process so that errors can be reported sensibly. As a result, the command with an incorrect argument fails before it attempts to delete a guest and the host system stays in a sane state.
BZ#832081
Due to several bugs in the implementation of keep-alive messages that are used for the detection of broken connections or non-functional peers, these connections and peers could be incorrectly considered broken or non-functional and thus the keep-alive messages were disabled by default in Red Hat Enterprise Linux 6.3. The implementation of the keep-alive messages has been fixed and this feature is now enabled by default.
BZ#834927
Previously, a reversed condition in a check which is used during registering callbacks prevented multiple callbacks from being registered. This update applies a patch to fix this condition and multiple callbacks can be registered successfully now.
BZ#836135
The SPICE server needs certain time at the end of the migration process to transfer an internal state to a destination guest. Previously, the libvirt library could kill the source QEMU and the SPICE server before the internal state was transmitted. This behavior caused the destination client to be unresponsive. With this update, libvirt waits until the end of SPICE migration. As a result, the SPICE server no longer becomes unresponsive in this situation.
BZ#837659
When using the sanlock daemon for locking resources used by a domain, if such a resource was read-only, the locking attempt failed. Consequently, it was impossible to start a domain with a CD-ROM drive. This bug has been fixed and sanlock can now be properly used with read-only devices.
BZ#839661
Previously, the libvirt library did not support the S4 (Suspend-to-Disk) event on QEMU domains. Consequently, management applications could not register whether a guest was suspended to disk or powered off. With this update, support for S4 event has been added and management applications can now request receiving S4 events.
BZ#842208
Due to an installation of the vdsm daemon, the libvirt library was reconfigured and under certain conditions, libvirt was searching for a non-existing option when used outside of vdsm. Consequently, using the virsh utility on such a machine caused the system to terminate with a segmentation fault. The underlying source code has been modified to fix this bug and users can now use virsh on machines configured by vdsm as expected.
BZ#844266
Previously, a condition in a check, which is used for checking if modification of a domain XML in a saved file was successful or not, was inverted. Consequently, the virsh utility reported that this check failed even if it was successful and vice versa. This update applies a patch to fix this bug and success and failure of this check are reported correctly now.
BZ#844408
Disk hot plug is a two-part action: the qemuMonitorAddDrive() call is followed by the qemuMonitorAddDevice() call. When the first part succeeded but the second one failed, libvirt failed to roll back the first part and the device remained in use even though the disk hot plug failed. With this update, the rollback for the drive addition is properly performed in the described scenario and disk hot plug now works as expected.
BZ#845448
Previously the SIGINT signal was not blocked when the virDomainGetBlockJobInfo() function was performed. Consequently, an attempt to abort a process initialized by a command with the --wait option specified using the CTRL+C shortcut did not work properly. This update applies a patch to block SIGINT during virDomainGetBlockJobInfo() and aborting processes using the CTRL+C shortcut now works as expected.
BZ#845635
Previously, an unspecified error with a meaningless error code was returned when a guest agent became unresponsive. Consequently, management applications could not recognize why the guest agent hung; whether the guest agent was not configured or was unusable. This update introduces a new VIR_ERR_AGENT_UNRESPONSIVE error code and fixes the error message. As a result, management applications now can recognize why the guest agent hangs.
BZ#846639
Due to a bug in the libvirt code, two mutually exclusive cases could occur. In the first case, a guest operating system could fail do detect that it was being suspended because the suspend routine is handled by hypervisor. In the second case, the cooperation of the guest operating system was required, for example during synchronization of the time after the resume routine. Consequently, it was possible to successfully call the suspend routine on a domain with the pmsuspended status and libvirt returned success on operation, which in fact failed. This update adds an additional check to prevent libvirt from suspending a domain with the pmsuspended status.
BZ#851397
Due to recent changes in port allocation, SPICE ports and SPICE TLS ports were the same. Consequently, QEMU domains started with both options configured to use the same port and SPICE TLS ports could not allocate one port twice. With this update, the port allocation has been fixed and the QEMU domains now work as expected in this situation.
BZ#853567
A virtual guest can have a network interface that is connected to an SR-IOV (Single Root I/O Virtualization) device's virtual function (VF) using the macvtap driver in passthrough mode, and from there is connected to an 802.1Qbh-capable switch. Previously, when shutting down the guest, libvirt erroneously set SR-IOV device's physical function (PF) instead of VF and the PF offline rather than setting the VF offline. Here is an example of the type of an interface that could be affected:
   <interface type='direct'>
     <source dev='eth7' mode='passthrough'/>
     <virtualport type='802.1Qbh'>
      <parameters profileid='test'/>
     </virtualport>
   </interface>
Consequently, if PF was being used by the host for its own network connectivity, the host networking would be adversely affected, possibly completely disabled, whenever the guest was shut down, or when the guest's network device was detached. The underlying source code has been modified to fix this bug and the PF associated with the VF used by the macvtap driver now continues to work in the described scenario.
BZ#856247
Red Hat Enterprise Linux 6.3 implemented the block copy feature before the upstream version of QEMU. Since then, several improvements were made to the upstream version of this feature. Consequently, previous versions of the libvirt library were unable to fully manage the block copy feature in current release of QEMU. With this update, the block copy feature has been updated to upstream versions of QEMU and libvirt. As a result, libvirt is able to manage all versions of the block copy feature.
BZ#856864
Previously, libvirt put the default USB controller into the XML configuration file during the live migration to Red Hat Enterprise Linux 6.1 hosts. These hosts did not support USB controllers in the XML file. Consequently, live migration to these hosts failed. This update prevents libvirt from including the default USB controller in the XML configuration file during live migration and live migration works properly in the described scenario.
BZ#856950
When a QEMU process is being destroyed by libvirt, a clean-up operation frees some internal structures and locks. However, since users can destroy QEMU processes at the same time, libvirt holds the QEMU driver mutex to protect the list of domains and their states, among other things. Previously, a function tried to lock up the QEMU driver mutex when it was already locked, creating a deadlock. The code has been modified to always check if the mutex is free before attempting to lock it up, thus fixing this bug.
BZ#858204
When the host_uuid option was present in the libvirtd.conf file, the augeas libvirt lens was unable to parse the file. This bug has been fixed and the augeas libvirt lens now parses libvirtd.conf as expected in the described scenario.
BZ#862515
Previously, handling of duplicate MAC addresses differed between live attach or detach, and persistent attach or detach of network devices. Consequently, the persistent attach-interface of a device with a MAC address that matches an existing device could fail, even though the live attach-interface of such a device succeed. This behavior was inconsistent, and sometimes led to an incorrect device being detached from the guest. With this update, libvirt has been modified to allow duplicate MAC addresses in all cases and to check a unique PCI address in order to distinguish between multiple devices with the same MAC address.
BZ#863115
Previously, libvirt called the qemu-kvm -help command every time it started a guest to learn what features were available for use in QEMU. On a machine with a number of guests, this behavior caused noticeable delays in starting all of the guests. This update modifies libvirt to store information cache about QEMU until the QEMU time stamp is changed. As a result, libvirt is faster when starting a machine with various guests.
BZ#865670
Previously, the ESX 5.1 server was not fully tested. Consequently, connecting to ESX 5.1 caused a warning to be returned. The ESX 5.1 server has been properly tested and connecting to this server now works as expected.
BZ#866369
Under certain circumstances, the iohelper process failed to write data to disk while saving a domain and kernel did not report an out-of-space error (ENOSPC). With this update, libvirt calls the fdatasync() function in the described scenario to force the data to be written to disk or catch a write error. As a result, if a write error occurs, it is now properly caught and reported.
BZ#866388
Certain operations in libvirt can be done only when a domain is paused to prevent data corruption. However, if a resuming operation failed, the management application was not notified since no event was sent. This update introduces the VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event and management applications can now keep closer track of domain states and act accordingly.
BZ#866999
When libvirt could not find a suitable CPU model for a host CPU, it failed to provide the CPU topology in host capabilities even though the topology was detected correctly. Consequently, applications that work with the host CPU topology but not with the CPU model could not see the topology in host capabilities. With this update, the host capabilities XML description contains the host CPU topology even if the host CPU model is unknown.
BZ#869096
Previously, libvirt supported the emulatorpin option to set the CPU affinity for a QEMU domain process. However, this behavior overrode the CPU affinity set by the vcpu placement="auto" setting when creating a cgroup hierarchy for the domain process. This CPU affinity is set with the advisory nodeset from the numad daemon. With this update, libvirt does not allow emulatorpin option to change the CPU affinity of a domain process if the vcpu placement setting is set to auto. As a result, the numad daemon is supported as expected.
BZ#873792
The libvirt library allows users to cancel an ongoing migration. Previously, if an attempt to cancel the migration was made in the migration preparation phase, QEMU missed the request and the migration was not canceled. With this update, the virDomainAbortJob() function sets a flag when a cancel request is made and this flag is checked before the main phase of the migration starts. As a result, a migration can now be properly canceled even in the preparation phase.
BZ#874050
Certain AMD processors contain modules which are reported by the kernel as both threads and cores. Previously, the libvirt processor topology detection code was not able to detect these modules. Consequently, libvirt reported the actual number of processors twice. This bug has been fixed by reporting a topology that adds up to the total number of processors reported in the system. However, the actual topology has to be checked in the output of the virCapabilities() function. Additionally, documentation for the fallback output has been provided.

Note

Note that users should be instructed to use the capability output for topology detection purposes due to performance reasons. The NUMA topology has the important impact performance-wise but the physical topology can differ from that.
BZ#879780
Due to changes in the virStorageBackendLogicalCreateVol() function, the setting of the volume type was removed. Consequently, logical volumes were treated as files without any format and libvirt was unable to clone them. This update provides a patch to set the volume type and libvirt clones logical volumes as expected.
BZ#880919
When a saved file could not be opened, the virFileWrapperFdCatchError() function was called with a NULL argument. Consequently, the libvirtd daemon terminated unexpectedly due to a NULL pointer dereference. With this update, the virFileWrapperFdCatchError() function is called only when the file is open and instead of crashing, the daemon now reports an error.
BZ#884650
Whenever the virDomainGetXMLDesc() function was executed on an unresponsive domain, the call also became unresponsive. With this update, QEMU sends the BALLOON_CHANGE event when memory usage on a domain changes so that virDomainGetXMLDesc() no longer has to query an unresponsive domain. As a result, virDomainGetXMLDesc() calls no longer hang in the described scenario.

Enhancements

BZ#638512
This update adds support for external live snapshots of disks and RAM.
BZ#693884
Previously, libvirt could apply packet filters, among others the anti-spoofing filter, to guest network connections using the nwfilter subsystem. However, these filter rules required manually entering the IP address of a guest into the guest configuration. This process was not effective when guests were acquired their IP addresses via the DHCP protocol; the network needed a manually added static host entry for each guest and the guest's network interface definition needed that same IP address to be added to its filters. This enhancement improves libvirt to automatically learn IP and MAC addresses used by a guest network connection by monitoring the connection's DHCP and ARP traffic in order to setup host-based guest-specific packet filtering rules that block traffic with incorrect IP or MAC addresses from the guests. With this new feature, nwfilter packet filters can be written to use automatically detected IP and MAC addresses, which simplifies the process of provisioning a guest.
BZ#724893
When the guest CPU definition is not supported due to the user's special configuration, an error message is returned. This enhancement improves this error message to contain flags that indicate precisely which options of the user's configuration are not supported.
BZ#771424
The Resident Set Size (RSS) limits control how much RAM can a process use. If a process leaks memory, the limits do not let the process influence other processes within the system. With this update, the RSS limits of a QEMU process are set by default according to how much RAM and video RAM is configured for the domain.
BZ#772088
Previously, the libvirt library could create block snapshots, but could not clean them up. For a long-running guest, creating a large number of snapshots led to performance issues as the QEMU process emulator had to traverse longer chains of backing images. This enhancement improves the libvirt library to control the feature of the QEMU process emulator which is responsible for committing the changes in a snapshot image back into the backing file and the backing chain is now kept at a more manageable length.
BZ#772290
Previously, the automatically allocated ports for the SPICE and VNC protocols started on the port number 5900. With this update, the starting port for SPICE and VNC is configurable by users.
BZ#789327
The QEMU guest and the media of CD_ROM or Floppy could be suspended or resumed inside the guest directly instead of using the libvirt API. This enhancement improves the libvirt library to support three new events of the QEMU Monitor Protocol (QMP): the SUSPEND, WAKEUP, and DEVICE_TRAY_MOVED event. These events let a management application know that the guest status or the tray status has been changed:
  • when the SUSPEND event is emitted, the domain status is changed to pmsuspended;
  • when the WAKEUP event is emitted, the domain status is changed to running;
  • when the DEVICE_TRAY_MOVED event is emitted for a disk device, the current tray status for the disk is reflected to the libvirt XML file, so that management applications do not start the guest with the medium inserted while the medium has been previously ejected inside the guest.
BZ#804749
The QEMU process emulator now supports TSC-Deadline timer mode for guests that are running on the Intel 64 architecture. This enhancement improves the libvirt library with this feature's flag to stay synchronized with QEMU.
BZ#805071
Previously, it was impossible to move a guest's network connection to a different network without stopping the guest. In order to change the connection, the network needed to be completely detached from the guest and then re-attached after changing the configuration to specify the new connection. With this update, it is now possible to change a guest's interface definition to specify a different type of interface, and to change the network or bridge name or both, all without stopping or pausing the guest or detaching its network device. From the point of view of the guest, the network remains available during the entire transition; if the move requires a new IP address, that can be handled by changing the configuration on the guest, or by requesting that it renews its DHCP lease.
BZ#805243
When connecting to the libvirt library, certain form of authentication could be required and if so, interactive prompts were presented to the user. However, in certain cases, the interactive prompts cannot be used, for example when automating background processes. This enhancement improves libvirt to use the auth.conf file located in the $HOME/.libvirt/ directory to supply authentication credentials for connections. As a result, these credentials are pre-populated, thus avoiding the interactive prompts.
BZ#805654
This enhancement improves libvirt to support connection of virtual guest network devices to Open vSwitch bridges, which provides a more fully-featured replacement for the standard Linux Host Bridge. Among other features, Open vSwitch bridges allow setting more connections to a single bridge, transparent VLAN tagging, and better management using the Open Flow standard. As a result, libvirt is now able to use an already existing Open vSwitch bridge, either directly in the interface definition of a guest, or as a bridge in a libvirt network. Management of the bridge must be handled outside the scope of libvirt, but guest network devices can be attached and detached, and VLAN tags and interface IDs can be assigned on a per-port basis.
BZ#818996
Certain users prefer to run minimal configurations for server systems and do not need graphical or USB support. This enhancement provides a new feature that allows users to disable USB and graphic controllers in guest machines.
BZ#820808, BZ#826325
With this enhancement, the virsh dump command is now supported for domains with passthrough devices. As a result, these domains can be dumped with an additional --memory-only option.
BZ#822064
The libvirt library has already supported pinning and limiting QEMU threads associated with virtual CPUs, but other threads, such as the I/O thread, could not be pinned and limited separately. This enhancement improves libvirt to support pinning and limiting of both CPU threads and other emulator threads separately.
BZ#822589
This enhancement improves the libvirt library to be able to configure Discretionary Access Control (DAC) for each domain, so that certain domains can access different resources.
BZ#822601
Previously, only the system instance of the libvirtd daemon, that is the one that is running as the root user, could set up a guest network connection using a tap device and host bridge. A session instance, that is the one that is running as a non-root user, was only able to use QEMU's limited user mode networking. User mode network connection have several limitations; for example, they do not allow incoming connections, or ping in either direction, and are slower than a tap-device based network connection. With this enhancement, libvirt has been updated to support QEMU's new SUID network helper, so that non-privileged libvirt users are able to create guest network connections using tap devices and host bridges. Users who require this behavior need to set the interface type to bridge in the virtual machine's configuration, libvirtd then automatically notices that it is running as a non-privileged user, and notifies QEMU to set up the network connection using its network helper.

Note

This feature is only supported when the interface type is bridge, and does not work with the network interface type even if the specified network uses a bridge device.
BZ#822641
Previously, core dumps for domains with a large amount of memory were unnecessarily huge. With this update, a new dumpCore option has been added to control whether guest's memory should be included in a core dump. When this option is set to off, core dumps are reduced by the size of the guest's memory.
BZ#831099
This enhancement allows the libvirt library to set the World Wide Name (WWN), which provides stable device paths, for IDE and SCSI disks.
BZ#836462
This enhancement adds the possibility to control the advertising of S3 (Suspend-to-RAM) and S4 (Suspend-to-Disk) domain states to a guest. As a result, supported versions of QEMU can be configured to not advertise its S3 or S4 capability to a guest.
BZ#838127
With this update, support for the AMD Opteron G5 processor model has been added to the libvirt library. This change allows the user to utilize the full potential of new features, such as 16c, fma, and tbm.
BZ#843087
This enhancement adds support for the next generation Intel Core and Intel Xeon processors to the libvirt library. The next generation supports the following features: fma, pcid, movbe, fsgsbase, bmi1, hle, avx2, smep, bmi2, erms, invpcid, and rtm, compared to the previous Intel Xeon Processor E5-XXXX and Intel Xeon Processor E5-XXXX V2 family of processors.
BZ#844404
When changing the configuration of a libvirt virtual network, it was necessary to restart the network for these changes to take effect. This enhancement adds a new virsh net-update command that allows certain parts of a network configuration to be modified, and the changes to be applied immediately without requiring a restart of the network and disconnecting of guests. As a result, it is now possible to add static host entries to and remove them from a network's dhcp section; change the range of IP addresses dynamically assigned by the DHCP server; modify, add, and remove portgroup elements; and add and remove interfaces from a forward element's pool of interfaces, all without restarting the network. Refer to the virsh(1) man page for more details about the virsh net-update command.
BZ#860570
With this enhancement, the virsh program supports the --help option for all its commands and displays appropriate documentation.
BZ#864606
With this enhancement, the libvirt library can now control the hv_relaxed feature. This feature makes a Windows guest more tolerant to long periods of inactivity.
BZ#874171
Current release of the libvirt library added several capabilities related to snapshots. Among these was the ability to create an external snapshot, whether the domain was running or was offline. Consequently, it was also necessary to improve the user interface to support those features in the virsh program. With this update, these snapshot-related improvements were added to virsh to provide full support of these features.
BZ#878578
For security reasons, certain SCSI commands were blocked in a virtual machine. This behavior was related to applications where logical unit numbers (LUNs) of SCSI disks were passed to trusted guests. This enhancement improves libvirt to support a new sgio attribute. Setting this attribute to unfiltered allows trusted guests to invoke all supported SCSI commands.
All users of libvirt are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the libvirtd daemon must be restarted using the service libvirtd restart command for this update to take effect.
Updated libvirt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Security Fixes

CVE-2013-4311
libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges.
CVE-2013-4296
Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue.
An invalid free flaw was found in libvirtd's remoteDispatchDomainMemoryStats function. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd.
The CVE-2013-4296 issue was discovered by Daniel P. Berrange of Red Hat.

Bug Fixes

BZ#984556
Prior to this update, the libvirtd daemon leaked memory in the virCgroupMoveTask() function. A fix has been provided which prevents libvirtd from incorrect management of memory allocations.
BZ#984561
Previously, the libvirtd daemon was accessing one byte before the array in the virCgroupGetValueStr() function. This bug has been fixed and libvirtd now stays within the array bounds.
BZ#984578
When migrating, libvirtd leaked the migration URI (Uniform Resource Identifier) on destination. A patch has been provided to fix this bug and the migration URI is now freed correctly.
BZ#1003934
Updating a network interface using virDomainUpdateDeviceFlags API failed when a boot order was set for that interface. The update failed even if the boot order was set in the provided device XML. The virDomainUpdateDeviceFlags API has been fixed to correctly parse the boot order specification from the provided device XML and updating network interfaces with boot orders now works as expected.
Users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically.