190
|
|
* Merge from Debian Unstable, remaining changes are: - debian/control: * set X-Python-Version to 2.7, as 2.6 is not in oneiric. * set ubuntu maintainer * Build-Depends: - swap open-iscsi to open-iscsi-utils - remove virtualbox-ose - add libapparmor-dev - swap libnl-dev for libnl3-dev * convert Vcs-Git to Xs-Debian-Vcs-Git * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base (>= 2.46-1), and iptables from Recommends to Depends * libvirt-bin Recommends: move qemu to Suggests * libvirt-bin Suggests: add apparmor * libvirt0 Recommends: move lvm2 to Suggests * Install cgroup-lite - keep debian/libvirt-bin.apport - keep debian/libvirt-bin.cron.daily - debian/libvirt-bin.dirs: * add apparmor, cron.daily, and apport dirs - debian/libvirt-bin.examples: * add debian/libvirt-suspendonreboot - debian/libvirt-bin.install: * add /etc/apparmor.d files * add apport hook - debian/libvirt-bin.postinst: * replace libvirt groupname with libvirtd * add each admin user to libvirtd group * call apparmor_parser on usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper * call 'libvirt-migrate-qemu-disks -a' after libvirt-bin has started if migrating from older than 0.8.3-1ubuntu1 - debian/libvirt-bin.postrm: * replace libvirt groupname with libvirtd * remove usr.sbin.libvirtd and usr.lib.libvirt.virt-aa-helper - keep added files under debian/: * libvirt-bin.upstart * libvirt-migrate-qemu-disks * libvirt-migrate-qemu-disks.1 * libvirt-suspendonreboot * apparmor profiles - debian/README.Debian: * add 'Apparmor Profile' section * add 'Disk migration' section - debian/rules: * don't build with vbox since virtualbox-ose is in universe - remove WITH_VBOX, add explicit --without-vbox * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' * remove unneeded clean:: section (they only deal with sysvinit stuff) * comment out binary-install/libvirt-bin:: part dealing with sysvinit * dont ship libvirt-guests init script for now. * add build/libvirt-bin:: section to install - apparmor files - apport hooks - libvirt-migrate-qemu-disks * debian/patches/series: - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only) - don't apply Disable qemu-disable-network.diff.patch * debian/patches(/ubuntu): - Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches - drop patches: * 9000-delayed_iff_up_bridge.patch * 9011-move-ebtables-script.patch * apparmor-allow-tunnelled-migration.patch * apparmor-allow-tunnelled-migration-2.patch * fix-qemu-1.0.patch * conf-dont-drop-console-def-ondomain-restart.patch - keep (and refreshed) patches: * 9002-better_default_uri_virsh.patch * 9003-better-default-arch.patch * 9004-libvirtd-group-name.patch * 9005-increase-unix-socket-timeout.patch * 9006-default-config-test-case.patch * 9020-lp545795.patch * 9021-fix-uint64_t.patch * libnl3.patch * arm-gcc-workaround.patch * disable numa - until the MIR for numa is done - debian/control: remove from dependencies - debian/rules: turn it off * Fix default network autostart symlink disappearing on upgrade (LP: #901298) - debian/libvirt-bin.preinst: note if the symlink exists - debian/libvirt-bin.postinst: if symlink existed, OR if we are upgrading from one of the broken versions, then recreate the symlink. (Continue to create the symlink on new installs.) * enable use of libvirt with kvm-spice (LP: #903962): . src/qemu/qemu_capabilities.c: search for 'kvm-spice' before 'kvm' (debian/patches/ubuntu/enable-kvm-spice.patch) . debian/apparmor/libvirt-qemu: * prepend 'owner' to /run/shm/spice.* rule * add more needed spice perms
|
Chuck Short |
|
12 years ago
|
|
|
174
|
|
|
Serge Hallyn |
|
12 years ago
|
|
|
169
|
|
|
Chuck Short |
|
12 years ago
|
|
|
167
|
|
|
Serge Hallyn |
|
12 years ago
|
|
|
114
|
|
|
Serge Hallyn |
0.8.8-1ubuntu1 |
13 years ago
|
|
|
64
|
|
* Merge from debian unstable. Remaining changes: - debian/control: + Build-Depends on qemu-kvm, not qemu + Build-Depends on open-iscsi-utils, not open-iscsi + Build-Depends on libxml2-utils + Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet + Rename Vcs-* to XS-Debian-Vcs-* - debian/libvirt-bin.postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group + reload apparmor profiles + 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - debian/libvirt-bin.postrm: + rename the libvirt group to libvirtd + remove apparmor symlinks on purge - debian/libvirt-bin.preinst: added to force complain on certain upgrades - debian/README.Debian: add AppArmor section based on the upstream documentation - debian/rules: + update DEB_DH_INSTALLINIT_ARGS for upstart + add DEB_MAKE_CHECK_TARGET := check + use --with-apparmor + copy apparmor and apport hook to debian/tmp - add debian/libvirt-bin.upstart - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks - add debian/libvirt-bin.cron.daily - add debian/libvirt-bin.apport - debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + 9000-delayed_iff_up_bridge.patch + 9001-dont_clobber_existing_bridges.patch + 9002-better_default_uri_virsh.patch + 9003-increase-logoutput-timeout.patch + 9004-better-default-arch.patch + 9005-libvirtd-group-name.patch + 9006-increase-unix-socket-timeout.patch + 9007-default-config-test-case.patch + 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016) - Dropped the following patches now including upstream: + 0005-Fix-SELinux-linking-issues.patch + 9008-apparmor-caps-mockup.patch + 9009-apparmor-lp453335.patch + 9010-apparmor-lp460271.patch + 9011-apparmor-code-cleanups.patch + 9012-apparmor-add-virt-aa-helper-test.patch + 9013-apparmor-examples.patch + 9014-event-fuzz.patch + 9015-hal-startup-failure-is-nonfatal.patch * debian/patches/9009-run-as-root-by-default.patch: run virtual machines via qemu:///system as root. As of 0.7, upstream libvirt has the ability to run VMs started via qemu:///system as an unprivileged user. Debian's libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream implementation is contentious among the community and while the it does reduce the privileges of the VMs running under qemu:///system, all VMs currently run under the same user, so there is no guest isolation. Even if each user ran under its own user, an attacker could potentially break out of the VM and have unconfined user access (albeit non-root). In Ubuntu, Qemu/KVM virtual machines are already fully isolated and confined by the AppArmor security driver so this feature has been disabled. Once there is consensus among the community on the implementation and its use, changing this default in Ubuntu can be considered as an additional protection to the AppArmor driver. * debian/README.Debian: add section discussing the security implications of using qemu:///system * debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in virt-aa-helper.c and automake dependency declaration. This should be dropped in 0.7.6 or higher.
|
Jamie Strandboge |
0.7.5-5ubuntu1 |
14 years ago
|
|
|
58
|
|
* Merge from debian testing. Remaining changes: - debian/control: + Don't build-depend on QEmu + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends of libvirt-bin + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since we used to ship them as such + We call libxen-dev libxen3-dev, so change all references + Build-Depends on libxml2-utils + Build-Depends on open-iscsi-utils instead of open-iscsi due to LP: #414986 - debian/postinst: + rename the libvirt group to libvirtd + add each admin user to the libvirtd group - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd - debian/rules: add DEB_MAKE_CHECK_TARGET := check - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2 - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch - AppArmor integration: + debian/control: Build-Depends on libapparmor-dev and Suggests apparmor (>= 2.3+1289-0ubuntu14) + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, /etc/cron.daily and /usr/share/apport/package-hooks + add debian/libvirt-bin.cron.daily (LP: #438165) + add debian/libvirt-bin.apport + debian/libvirt-bin.install: install apparmor profiles, abstractions and apport hook + debian/postinst: reload apparmor profiles + debian/libvirt-bin.postrm: remove apparmor symlinks on purge + debian/libvirt-bin.preinst: added to force complain on certain upgrades + debian/README.Debian: add AppArmor section based on the upstream documentation + debian/rules: use --with-apparmor and copy apparmor and apport hook to debian/tmp - Dropped the following patches now included upstream: + 0005-Close-logfile-fd-after-spawning-qemu.patch + 9090-reenable-nonfile-labels.patch + 9091-apparmor.patch + 9092-apparmor-autoreconf.patch * AppArmor integration updates: - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to /usr/lib/libvirt/* (LP: #480478) - debian/apparmor/libvirt-qemu: allow guests access to /etc/pki/libvirt-vnc/** (LP: #484562) - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user made no changes to the old profile, remove it, otherwise, update the paths, preserving the shipped usr.lib.libvirt.virt-aa-helper - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in 0.7.4): + debian/patches/9008-apparmor-caps-mockup.patch + debian/patches/9009-apparmor-lp453335.patch + debian/patches/9010-apparmor-lp460271.patch + debian/patches/9011-apparmor-code-cleanups.patch - add virt-aa-helper-test and examples/apparmor that were omitted from the upstream tarball (can be dropped in 0.7.5): + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch + debian/patches/9013-apparmor-examples.patch + debian/rules: add post-patches target to make virt-aa-helper-test executable * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work when both apparmor and selinux are available. This patch should be dropped in 0.7.4. * debian/patches/9007-default-config-test-case.patch: updated to not fail if building in a deep directory * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels. Can be dropped in 0.7.5. * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal driver if hald is not running instead of dying. Can be dropped in 0.7.4. * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which isn't available in Ubuntu main yet * revert change to new source format 3.0 (quilt) since Launchpad can't handle it yet (see LP: #293106)
|
Jamie Strandboge |
0.7.2-4ubuntu1 |
14 years ago
|
|
|