libvirt (3.6.0-1ubuntu4) artful; urgency=medium * d/p/avoid-double-locking.patch: fix a deadlock that could occur when libvirtd interactions raced with dbus causing a deadlock (LP: #1714254). -- Christian Ehrhardt Fri, 01 Sep 2017 10:29:35 +0200 libvirt (3.6.0-1ubuntu3) artful; urgency=medium * No change rebuild for Qemu 2.10 and Xen 4.9 -- Christian Ehrhardt Mon, 21 Aug 2017 10:34:13 +0200 libvirt (3.6.0-1ubuntu2) artful; urgency=medium * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for loader/nvram (LP: #1710960) -- Christian Ehrhardt Thu, 17 Aug 2017 10:00:19 +0200 libvirt (3.6.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.6) This closes several bugs: - aarch64: improved chardev handling (LP: #1697610) - Forbid locking memory without memtune (LP: #1708305) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP 1690140) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova * Dropped Changes (Upstream): - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with default driver entries missing name='qemu'. - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. * Dropped Changes (In Debian): - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) * Added Changes: - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for disk files (LP: #1709818) -- Christian Ehrhardt Thu, 10 Aug 2017 12:44:47 +0200 libvirt (3.6.0-1) unstable; urgency=medium * [ece8d56] New upstream version 3.6.0 (Closes: #870626) * [f807f7e] Move debianization patches to front of pq since these are unlikely to go away * [a06e5a6] Don't build nss on non-linux since it depends on network support which is not available on non-linux. Thanks to Pino Toscano (Closes: #867393) * [6982266] Enable esx support (Closes: #602807) * [2c29499] Bump symbol versions * [f974bd9] d/control: fix typo. Thanks to lintian * [d4f1521] Bump standards version to 4.0.0 -- Guido Günther Fri, 04 Aug 2017 00:05:47 -0300 libvirt (3.5.0-1ubuntu3) artful; urgency=medium * Refresh changes to match they way they were accepted upstream - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit reference now that it is in git. - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the name this is now fixed by relaxing the schema. -- Christian Ehrhardt Wed, 19 Jul 2017 12:48:39 +0200 libvirt (3.5.0-1ubuntu2) artful; urgency=medium * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. -- Christian Ehrhardt Tue, 18 Jul 2017 16:34:57 +0200 libvirt (3.5.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.5) This closes several bugs: - improved handling of host-model since libvirt 3.2 (LP: #1673467) - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + (28 is a new patch, listed in added changes) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova - remaining but updated to match the latest release + d/p/Disable-use-of-namespaces-by-default.patch (Debian change) + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change) + d/p/debian/apparmor_profiles_local_include.patch Include local apparmor profile (Debian change) + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx + d/test/smoke-lxc workaround for debbug 848317/867379 * Dropped Changes (Upstream): - Add missing apparmor rule for debug-threads feature (LP 1615550). - Add new block device types to virt-aa-helpers profile (LP 1641618) - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms for storage dirs like /var/lib/libvirt/images. - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits to support huge systems. - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all in libvirtd.service (-d not allowed to be specified, everything else upstream so drop delta; LP 1574566). - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process spice: don't release used port (LP 1697729). - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus: Always fall back to the old command if domain caps fail (LP 1674298) - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past it was possible to have