1 files changed, 0 insertions, 111 deletions
diff --git a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch b/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch
deleted file mode 100644
index e8e14c0ab747..000000000000
--- a/sys-cluster/nova/files/CVE-2013-4497-grizzly-1.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From df2ea2e3acdede21b40d47b7adbeac04213d031b Mon Sep 17 00:00:00 2001
-From: John Garbutt <john.garbutt@rackspace.com>
-Date: Thu, 12 Sep 2013 18:11:49 +0100
-Subject: [PATCH] xenapi: enforce filters after live-migration
-
-Currently and network filters, including security groups, are
-lost after a server has been live-migrated.
-
-This partially fixes the issue by ensuring that security groups are
-re-applied to the VM once it reached the destination, and been started.
-
-This leaves a small amount of time during the live-migrate where the VM
-is not protected. There is a further bug raised to close the rest of
-this whole, but this helps keep the VM protected for the majority of the
-time.
-
-Fixes bug 1202266
-
-(Cherry picked from commit: 5cced7a6dd32d231c606e25dbf762d199bf9cca7)
-
-Change-Id: I66bc7af1c6da74e18dce47180af0cb6020ba2c1a
----
- nova/tests/test_xenapi.py  | 22 +++++++++++++++++++++-
- nova/virt/xenapi/driver.py |  4 ++--
- nova/virt/xenapi/vmops.py  | 18 ++++++++++++++++++
- 3 files changed, 41 insertions(+), 3 deletions(-)
-
-diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py
-index f7fb81d..d4c19a4 100644
---- a/nova/tests/test_xenapi.py
-+++ b/nova/tests/test_xenapi.py
-@@ -2723,7 +2723,27 @@ def test_post_live_migration_at_destination(self):
-         # ensure method is present
-         stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests)
-         self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
--        self.conn.post_live_migration_at_destination(None, None, None, None)
-+
-+        fake_instance = "instance"
-+        fake_network_info = "network_info"
-+
-+        def fake_fw(instance, network_info):
-+            self.assertEquals(instance, fake_instance)
-+            self.assertEquals(network_info, fake_network_info)
-+            fake_fw.called += 1
-+
-+        fake_fw.called = 0
-+        _vmops = self.conn._vmops
-+        self.stubs.Set(_vmops.firewall_driver,
-+                       'setup_basic_filtering', fake_fw)
-+        self.stubs.Set(_vmops.firewall_driver,
-+                       'prepare_instance_filter', fake_fw)
-+        self.stubs.Set(_vmops.firewall_driver,
-+                       'apply_instance_filter', fake_fw)
-+
-+        self.conn.post_live_migration_at_destination(None, fake_instance,
-+                                                     fake_network_info, None)
-+        self.assertEqual(fake_fw.called, 3)
- 
-     def test_check_can_live_migrate_destination_with_block_migration(self):
-         stubs.stubout_session(self.stubs, stubs.FakeSessionForVMTests)
-diff --git a/nova/virt/xenapi/driver.py b/nova/virt/xenapi/driver.py
-index 128f67f..564c587 100755
---- a/nova/virt/xenapi/driver.py
-+++ b/nova/virt/xenapi/driver.py
-@@ -1,4 +1,3 @@
--# vim: tabstop=4 shiftwidth=4 softtabstop=4
- 
- # Copyright (c) 2010 Citrix Systems, Inc.
- # Copyright 2010 OpenStack Foundation
-@@ -514,7 +513,8 @@ def post_live_migration_at_destination(self, ctxt, instance_ref,
-         :params : block_migration: if true, post operation of block_migraiton.
-         """
-         # TODO(JohnGarbutt) look at moving/downloading ramdisk and kernel
--        pass
-+        self._vmops.post_live_migration_at_destination(ctxt, instance_ref,
-+                network_info, block_device_info, block_device_info)
- 
-     def unfilter_instance(self, instance_ref, network_info):
-         """Removes security groups configured for an instance."""
-diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
-index eccf3e0..ae5c697 100644
---- a/nova/virt/xenapi/vmops.py
-+++ b/nova/virt/xenapi/vmops.py
-@@ -1737,6 +1737,24 @@ def live_migrate(self, context, instance, destination_hostname,
-                 recover_method(context, instance, destination_hostname,
-                                block_migration)
- 
-+    def post_live_migration_at_destination(self, context, instance,
-+                                           network_info, block_migration,
-+                                           block_device_info):
-+        # FIXME(johngarbutt): we should block all traffic until we have
-+        # applied security groups, however this requires changes to XenServer
-+        try:
-+            self.firewall_driver.setup_basic_filtering(
-+                    instance, network_info)
-+        except NotImplementedError:
-+            # NOTE(salvatore-orlando): setup_basic_filtering might be
-+            # empty or not implemented at all, as basic filter could
-+            # be implemented with VIF rules created by xapi plugin
-+            pass
-+
-+        self.firewall_driver.prepare_instance_filter(instance,
-+                                                     network_info)
-+        self.firewall_driver.apply_instance_filter(instance, network_info)
-+
-     def get_per_instance_usage(self):
-         """Get usage info about each active instance."""
-         usage = {}
--- 
-1.8.4
-