[ubuntu/artful-proposed] libvirt 3.5.0-1ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Thu Jul 13 09:12:16 UTC 2017
libvirt (3.5.0-1ubuntu1) artful; urgency=medium
* Merged with Debian unstable (3.5)
This closes several bugs:
- improved handling of host-model since libvirt 3.2 (LP: #1673467)
- Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ (28 is a new patch, listed in added changes)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
- remaining but updated to match the latest release
+ d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
+ d/p/debian/apparmor_profiles_local_include.patch Include local
apparmor profile (Debian change)
+ d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
+ d/test/smoke-lxc workaround for debbug 848317/867379
* Dropped Changes (Upstream):
- Add missing apparmor rule for debug-threads feature (LP 1615550).
- Add new block device types to virt-aa-helpers profile (LP 1641618)
- d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
for storage dirs like /var/lib/libvirt/images.
- d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
to support huge systems.
- d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
in libvirtd.service (-d not allowed to be specified, everything else
upstream so drop delta; LP 1574566).
- d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP 1697729).
- d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
Always fall back to the old command if domain caps fail (LP 1674298)
- d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
it was possible to have <script path=''/> which now fails - fix to match
the old behavior (LP 1665698)
- Reworked apparmor Delta and started upstreaming, listing related
changes dropped:
+ Apparmor feature parsing to depend on new apparmor features which
appear in different versions across distributions (no more needed
>=Xenial, allows to now separate changes and upstream more easily).
+ d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
guarantee disk spec is following the defined regex (LP 1665410).
+ d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
virt-aa-helper rule allowing all private channel access.
+ d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
virt-aa-helper to allow access to aarch64 UEFI images.
+ d/rules, apparmor: include and install local apparmor profiles (This
is now done by dh_apparmor automatically)
+ add local apparmor override templates (provided by dh_apparmor now)
+ Fix name resolution calls from virt-aa-helper profile (LP 1546674).
+ virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
+ virt-aa-helper: Generalize test for firmware paths
+ apparmor, virt-aa-helper: Allow aarch64 UEFI.
+ apparmor, libvirt-qemu: Add ppc64el related changes
+ apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
+ apparmor, libvirt-qemu: Allow access to ceph config
+ apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
+ apparmor, virt-aa-helper: Explicit denies for host devices
+ apparmor, virt-aa-helper: Allow access to libnl-3 config files
+ apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
* Dropped Changes (In Debian):
- d/rules: debhelper start virtlogd.socket
- d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
for Debian based systems.
- Additional debian/bug-presubj
- Extended handling of apparmor profiles - reload and remove in maintainer
scripts (dh_apparmor* now generate these snippets)
* Dropped Changes (no SysV anymore):
- Add sysvinit script for virtlockd
- Wait on socket in sysvinit script
- d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
debhelper"
- d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
virtlockd.init for Debian based systems.
* Dropped Changes (other reasons):
- d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
This used group libvirt instead of nobody which makes it worse; Needs
to be fixed upstream (LP: #1690729).
+ d/p/ubuntu/disable-network-test.patch: disable test failing due to
dnsmasq changes.
- Add .gitignore for .pc
- we keep lxc support as Debian does, but stop adding delta. It feels
somewhat less maintained than e.g. libvirt for qemu. Also for secure
and comfortable container management lxd is clearly preferred. The
delta caused more issues than it solved so deliver libvirt-lxc as-is
and drop the related delta.
+ d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
containers by default.
+ d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
for libvirt-lxc.
- The following xen changes are no more required with current versions
+ d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
xen paths (LP 1459603)
+ d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section about compat to the very old qemu-dm name is no more needed.
+ d/p/ubuntu/libxl-fix-test-data.patch and
d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
former one + also updated the maintainer notes to ease updating.
+ d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
device-model
* Added Changes:
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP: #1690140)
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
Date: Thu, 06 Jul 2017 15:43:17 +0200
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvirt/3.5.0-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Jul 2017 15:43:17 +0200
Source: libvirt
Binary: libvirt-bin libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0 libvirt-doc libvirt-dev libvirt-sanlock libnss-libvirt
Architecture: source
Version: 3.5.0-1ubuntu1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
libnss-libvirt - nss plugin providing IP add ress resolution for virtual machines
libvirt-bin - programs for the libvirt library
libvirt-clients - Programs for the libvirt library
libvirt-daemon - Virtualization daemon
libvirt-daemon-system - Libvirt daemon configuration files
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt-sanlock - Sanlock plugin for virtlockd
libvirt0 - library for interfacing with different virtualization systems
Launchpad-Bugs-Fixed: 1673467 1690140 1690209 1690729
Changes:
libvirt (3.5.0-1ubuntu1) artful; urgency=medium
.
* Merged with Debian unstable (3.5)
This closes several bugs:
- improved handling of host-model since libvirt 3.2 (LP: #1673467)
- Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ (28 is a new patch, listed in added changes)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
- remaining but updated to match the latest release
+ d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
+ d/p/debian/apparmor_profiles_local_include.patch Include local
apparmor profile (Debian change)
+ d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
+ d/test/smoke-lxc workaround for debbug 848317/867379
* Dropped Changes (Upstream):
- Add missing apparmor rule for debug-threads feature (LP 1615550).
- Add new block device types to virt-aa-helpers profile (LP 1641618)
- d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
for storage dirs like /var/lib/libvirt/images.
- d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
to support huge systems.
- d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
in libvirtd.service (-d not allowed to be specified, everything else
upstream so drop delta; LP 1574566).
- d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP 1697729).
- d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
Always fall back to the old command if domain caps fail (LP 1674298)
- d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
it was possible to have <script path=''/> which now fails - fix to match
the old behavior (LP 1665698)
- Reworked apparmor Delta and started upstreaming, listing related
changes dropped:
+ Apparmor feature parsing to depend on new apparmor features which
appear in different versions across distributions (no more needed
>=Xenial, allows to now separate changes and upstream more easily).
+ d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
guarantee disk spec is following the defined regex (LP 1665410).
+ d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
virt-aa-helper rule allowing all private channel access.
+ d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
virt-aa-helper to allow access to aarch64 UEFI images.
+ d/rules, apparmor: include and install local apparmor profiles (This
is now done by dh_apparmor automatically)
+ add local apparmor override templates (provided by dh_apparmor now)
+ Fix name resolution calls from virt-aa-helper profile (LP 1546674).
+ virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
+ virt-aa-helper: Generalize test for firmware paths
+ apparmor, virt-aa-helper: Allow aarch64 UEFI.
+ apparmor, libvirt-qemu: Add ppc64el related changes
+ apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
+ apparmor, libvirt-qemu: Allow access to ceph config
+ apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
+ apparmor, virt-aa-helper: Explicit denies for host devices
+ apparmor, virt-aa-helper: Allow access to libnl-3 config files
+ apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
* Dropped Changes (In Debian):
- d/rules: debhelper start virtlogd.socket
- d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
for Debian based systems.
- Additional debian/bug-presubj
- Extended handling of apparmor profiles - reload and remove in maintainer
scripts (dh_apparmor* now generate these snippets)
* Dropped Changes (no SysV anymore):
- Add sysvinit script for virtlockd
- Wait on socket in sysvinit script
- d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
debhelper"
- d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
virtlockd.init for Debian based systems.
* Dropped Changes (other reasons):
- d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
This used group libvirt instead of nobody which makes it worse; Needs
to be fixed upstream (LP: #1690729).
+ d/p/ubuntu/disable-network-test.patch: disable test failing due to
dnsmasq changes.
- Add .gitignore for .pc
- we keep lxc support as Debian does, but stop adding delta. It feels
somewhat less maintained than e.g. libvirt for qemu. Also for secure
and comfortable container management lxd is clearly preferred. The
delta caused more issues than it solved so deliver libvirt-lxc as-is
and drop the related delta.
+ d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
containers by default.
+ d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
for libvirt-lxc.
- The following xen changes are no more required with current versions
+ d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
xen paths (LP 1459603)
+ d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section about compat to the very old qemu-dm name is no more needed.
+ d/p/ubuntu/libxl-fix-test-data.patch and
d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
former one + also updated the maintainer notes to ease updating.
+ d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
device-model
* Added Changes:
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP: #1690140)
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
Checksums-Sha1:
fe90c57982578c77bdb24bb165c0d794511d38b9 4131 libvirt_3.5.0-1ubuntu1.dsc
cd3f42caa83465af0f943a3f9c47c119e2598f14 38583807 libvirt_3.5.0.orig.tar.gz
6a23e990063c7015a61563178895afb42fe05b52 122304 libvirt_3.5.0-1ubuntu1.debian.tar.xz
Checksums-Sha256:
b74f036d58a22b1c331b57f2239c4680a67acc9b23b823f9e2754c1924b23128 4131 libvirt_3.5.0-1ubuntu1.dsc
6d355c2645ba116d6d78416b08c0c2526c95ec5855849a810c1cb766bc456fbd 38583807 libvirt_3.5.0.orig.tar.gz
e413b46f764017e7792bc17534c4cfa9c5454b6c1e52abeebf1807e9034d5185 122304 libvirt_3.5.0-1ubuntu1.debian.tar.xz
Files:
b1c7eb03854d31a14f28a4750ebab116 4131 libs optional libvirt_3.5.0-1ubuntu1.dsc
54e87405f5333d290261d35ba5e1becf 38583807 libs optional libvirt_3.5.0.orig.tar.gz
d3f2c355ab55b58c4c172f69fe87505d 122304 libs optional libvirt_3.5.0-1ubuntu1.debian.tar.xz
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZZyxbAAoJELo+KTOCgLJCqAQQAKUE5hd13xro5kIQKMBxM+Qx
7xOiOoK4WgTbOMvxjUrrRj2yQJjh19vhfofX50NVixj1vyDm+PTesEjolvYtgwyi
tRmq/6UrP1SG3yZ9zALB9J5z9/1DmKIcB60ys5B/MTX5bCckE3QopWanRu0wTZ05
1813/HMUJ8TqvyYr7JOpOls2gE18X/eUDv/wo0Nj0aGefC8aEMu0Mkq1LfUZU7jw
PTE522L6nniaGIqGuzr5upJTlFYjRGv187YLJmSUxKWe3M5Qcg4fCyeb0A5VrqoU
SEjZX2zQz0RGEcHBb26g59+oVezj8Q9963hPRzbWKosys5T+1rjoyUGlMoVsVXtp
ZzhGTEXT8lYIYp0w0I9aTWxrkI7GZ73+pd/4DEv9Wqgsnlnvpfx3vdtHG5M7ehiM
4j823ZzOQFMAnCY1fe9dEEJrceDFzZI4nMvOVq5I7fG049oxXHSz0oXMOWztkCEB
BHy0E05rqkDkBnaMPEmRBEPgGnGe5WTe5TnYLBe9AfWrC7FXA3/kVfzQbALVTnvt
WfNI9b1R4e9xi8EYrFNYClxYJfmQpMFQCNkmuNZIpm1juu1blCUqJkYiphKm/CCm
Gw0FC9BzTHJ3CPdnRGsngz0ZXmkuRe1oBv/MEfIHDmq66hREOq04ikm4k7bPd9BB
KhRRR8NAWJk4o5yNl56H
=uHUq
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list