B.45.3. RHBA-2011:0446 — libvirt bug fix update

When a root-squashing export of a domain was owned by a group to which the qemu user belonged, but was not owned by the qemu user, libvirt could not create a file to save the domain's state. This was because the save operation was invoked by the user who did not have the needed group permissions. With this update, libvirt first acquires all the needed group permissions and only then attempts to perform the aforementioned save operation.

Members of the qemu group did not have read/write permissions for the "[localstatedir]/[cache/lib]/libvirt/qemu/" directory in which XML files which define sockets are placed. Permissions are now updated to allow the qemu group read/write permissions.

A race condition where an application could query block information on a virtual guest that had just been migrated away could occur when migrating a guest. As a result, the libvirt service crashed. The libvirt application now verifies that a guest exists before attempting to start any monitoring operations.

Live migration of a guest could take an exceptionally long time to converge to the switchover point if the guest was very busy. By allowing to increase the downtime setting of a guest, migration is more likely to complete. However, libvirt was sending an incorrectly formatted request to increase the downtime setting of a guest. With this update, libvirt correctly sends the downtime setting request.

The "addrToString" methods did not work properly with UNIX domain sockets which did not have a normal "host:port" address. As a result SASL (Simple Authentication and Security Layer) could not be used over UNIX domain sockets. With this update, the "addrToString" methods are fixed and SASL is no longer restricted to TCP connections.

Prior to this update, libvirt was not able to recognize whether a domain crashed or was properly shut down. With this update, a SHUTDOWN event sent by qemu is recognized by libvirt when a domain is properly shut down. If the SHUTDOWN event is not received, the domain is declared to have crashed.

A deadlock occurred in the libvirt service when running concurrent bidirectional migration because certain calls did not release their local driver lock before issuing an RPC (Remote Procedure Call) call on a remote libvirt daemon. A deadlock no longer occurs between two communicating libvirt daemons.

A specification file bug caused permissions on the /var/lib/libvirt directory to change when upgrading a system. With this update, correct permissions are assigned to the aforementioned directory.

An off-by-one error in a clock variable caused a virtual guest to show incorrect date and time information. This update addresses this error. Date and time information is now correctly displayed.

The %post script (part of the libvirt-client package) started the libvirt-guests service even when the service was explicitly turned off. With this update, the libvirt-guests service is no longer started when explicitly turned off.

Starting and shutting down a domain led to a memory leak due to the memory buffer not being freed properly. With this update, starting and shutting down a domain no longer leads to a memory leak.

Starting and shutting down a domain led to a memory leak due to the use of a thread-unfriendly "matchpathcon" (which gets the default security context for the specified path) SELinux API. With this update, libvirt uses improved SELinux APIs and a memory leak no longer occurs.