Bug #388422 “create apparmor security plugin for libvirt” : Bugs : libvirt package : Ubuntu

Jamie Strandboge (jdstrand) on 2009-06-17

Changed in libvirt (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
importance:	Undecided → Wishlist
milestone:	none → karmic-alpha-6
status:	New → Triaged

Jamie Strandboge (jdstrand) on 2009-06-17

description:

updated

Jamie Strandboge (jdstrand) on 2009-06-22

Changed in libvirt (Ubuntu):
status:	Triaged → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-08-26:

#1

Download full text (5.0 KiB)

This bug was fixed in the package libvirt - 0.7.0-1ubuntu2

---------------
libvirt (0.7.0-1ubuntu2) karmic; urgency=low

  * Add AppArmor support (LP: #388422):
    - debian/patches/9090-reenable-nonfile-labels.patch: add back in
      virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor
      labels are not stored on disk
    - debian/patches/9091-apparmor.patch: add AppArmor security driver
    - debian/patches/9092-apparmor-autoreconf.patch: after installing libtool
      and the build dependencies, run autoreconf to pull in changes to
      Makefile.am and configure.in in 9091-apparmor.patch
    - debian/rules: use --with-apparmor and copy debian/apparmor/* to
      debian/tmp
    - debian/control: Build-Depends on libapparmor-dev and Suggests apparmor
      >= 2.3+1289-0ubuntu14
    - add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will
      default to complain mode until LP: #401931 is sorted out
    - debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt,
      /etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain
    - debian/libvirt-bin.install: install profiles and abstractions
    - debian/libvirt-bin.preinst: newly added to force complain on certian
      upgrades
    - debian/libvirt-bin.postinst: (re)load profile
    - debian/libvirt-bin.postrm: remove force-complain profile on purge
  * 9006-increase-unix-socket-timeout.patch:
    increase timeout waiting for unix socket in src/qemu_driver.c, set to 30
    seconds, which 10x longer than before, and matches the logoutput timeout
    adjustment in 9003-increase-logoutput-timeout.patch. This is needed with
    the new qemudOpenMonitorUnix() function introduced in 0.7.0.
  * add apport hook:
    - add debian/libvirt-bin.apport
    - debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks
    - debian/libvirt-bin.install: add source_libvirt-bin.py
    - debian/rules: install libvirt-bin.apport

libvirt (0.7.0-1ubuntu1) karmic; urgency=low

  * Merge from debian experimental, remaining changes:
    - debian/control:
      + Don't build-depend on QEmu.
      + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
        to Depends of libvirt-bin.
      + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
        since we used to ship them as such.
      + We call libxen-dev libxen3-dev, so change all references.
      + Build-Depends on open-iscsi-utils instead of open-iscsi due to
        LP: #414986
    - 9000-delayed_iff_up_bridge.patch:
      Don't try to bring up the bridge before at least one interface has been
      added to it.
    - 9001-dont_clobber_existing_bridges.patch:
      Assign the name of the virtual bridge dynamically to avoid interfering
      with existing bridges.
    - 9002-better_default_uri_virsh.patch:
      Default to qemu:///system if the user has write access to the libvirt
      socket, otherwise qemu:///session.
    - 9003-increase-logoutput-timeout.patch:
      increase timeout waiting for log output in src/qemu_driver.c, set to 30
      seconds, which 10x longer than before, and matches the disk-wait in
      mdadm. (LP #344400)
    - 9004-better-default-arch.patch:
      If a d...

This bug was fixed in the package libvirt - 0.7.0-1ubuntu2

---------------
libvirt (0.7.0-1ubuntu2) karmic; urgency=low

* Add AppArmor support (LP: #388422):
    - debian/patches/9090-reenable-nonfile-labels.patch: add back in
      virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor
      labels are not stored on disk
    - debian/patches/9091-apparmor.patch: add AppArmor security driver
    - debian/patches/9092-apparmor-autoreconf.patch: after installing libtool
      and the build dependencies, run autoreconf to pull in changes to
      Makefile.am and configure.in in 9091-apparmor.patch
    - debian/rules: use --with-apparmor and copy debian/apparmor/* to
      debian/tmp
    - debian/control: Build-Depends on libapparmor-dev and Suggests apparmor
      >= 2.3+1289-0ubuntu14
    - add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will
      default to complain mode until LP: #401931 is sorted out
    - debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt,
      /etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain
    - debian/libvirt-bin.install: install profiles and abstractions
    - debian/libvirt-bin.preinst: newly added to force complain on certian
      upgrades
    - debian/libvirt-bin.postinst: (re)load profile
    - debian/libvirt-bin.postrm: remove force-complain profile on purge
  * 9006-increase-unix-socket-timeout.patch:
    increase timeout waiting for unix socket in src/qemu_driver.c, set to 30
    seconds, which 10x longer than before, and matches the logoutput timeout
    adjustment in 9003-increase-logoutput-timeout.patch. This is needed with
    the new qemudOpenMonitorUnix() function introduced in 0.7.0.
  * add apport hook:
    - add debian/libvirt-bin.apport
    - debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks
    - debian/libvirt-bin.install: add source_libvirt-bin.py
    - debian/rules: install libvirt-bin.apport

libvirt (0.7.0-1ubuntu1) karmic; urgency=low

* Merge from debian experimental, remaining changes:
    - debian/control:
      + Don't build-depend on QEmu.
      + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
        to Depends of libvirt-bin.
      + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
        since we used to ship them as such.
      + We call libxen-dev libxen3-dev, so change all references.
      + Build-Depends on open-iscsi-utils instead of open-iscsi due to
        LP: #414986
    - 9000-delayed_iff_up_bridge.patch:
      Don't try to bring up the bridge before at least one interface has been
      added to it.
    - 9001-dont_clobber_existing_bridges.patch:
      Assign the name of the virtual bridge dynamically to avoid interfering
      with existing bridges.
    - 9002-better_default_uri_virsh.patch:
      Default to qemu:///system if the user has write access to the libvirt
      socket, otherwise qemu:///session.
    - 9003-increase-logoutput-timeout.patch:
      increase timeout waiting for log output in src/qemu_driver.c, set to 30
      seconds, which 10x longer than before, and matches the disk-wait in
      mdadm. (LP #344400)
    - 9004-better-default-arch.patch:
      If a domain does not specify its architecture, attempt to match the host.
      (LP #344913)
    - 9005-libvirtd-group-name.patch:
      Rename libvirt group to libvirtd.
    - rename the libvirt group to libvirtd in postinst/postrm
  * Dropped the following patches from debian/patches (they don't apply any
    more were not applied in 0.6.4-1ubuntu2):
    - dynamic_bridge_names.patch
    - event-loop-hang.diff
    - more-flexible-emulator-on-x86.patch
    - xen-events-handling-fix.diff

libvirt (0.7.0-1) experimental; urgency=low

[ Laurent Léonard ]
  * [4fb1a38] Imported Upstream version 0.7.0
  * [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer-
    QEMU.patch. Fixed upstream.
  * [9a8afd0] Redo patches.
  * [937ab63] Update symbols.
  * [b4bd1ea] Update section in doc-base control file.

libvirt (0.6.5-3) unstable; urgency=low

* [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316)
  * [ae20998] fix Debian Xen path patch to also cover the testsuite
  * [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer-
    QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with
    newer kvm.

libvirt (0.6.5-2) unstable; urgency=low

* [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673)

libvirt (0.6.5-1) unstable; urgency=low

[ Guido Günther ]
  * [05e9a39] build-depend on policykit so polkit auth works with virsh
    as well

[ C.J. Adams-Collier ]
  * [a161c5f] allow to qemu to emulate arm

[ Guido Günther ]
  * [b1e4c4b] Imported Upstream version 0.6.5
  * [e764583] change private symbols to 0.6.5
  * [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream.
  * [7ad7896] bump standards version
  * [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses
    private symbols

-- Jamie Strandboge <jamie@ubuntu.com>   Tue, 25 Aug 2009 11:51:42 -0500

Changed in libvirt (Ubuntu):
status:	In Progress → Fix Released

Ubuntu
libvirt package

create apparmor security plugin for libvirt

Bug Description

Related branches

Other bug subscribers

Related blueprints

Remote bug watches

Ubuntulibvirt package