--- libvirt-0.7.5.orig/examples/apparmor/libvirt-qemu +++ libvirt-0.7.5/examples/apparmor/libvirt-qemu @@ -56,6 +56,7 @@ /usr/share/openhackware/** r, /usr/share/proll/** r, /usr/share/vgabios/** r, + /usr/share/seabios/** r, # the various binaries /usr/bin/kvm rmix, --- libvirt-0.7.5.orig/debian/libvirt-bin.dirs +++ libvirt-0.7.5/debian/libvirt-bin.dirs @@ -0,0 +1,10 @@ +/etc/apparmor.d/abstractions +/etc/apparmor.d/disable +/etc/apparmor.d/force-complain +/etc/apparmor.d/libvirt +/etc/cron.daily +/usr/share/apport/package-hooks +/var/lib/libvirt/images +/var/lib/libvirt/boot +/var/cache/libvirt +/var/log/libvirt/qemu --- libvirt-0.7.5.orig/debian/libvirt-bin.preinst +++ libvirt-0.7.5/debian/libvirt-bin.preinst @@ -0,0 +1,38 @@ +#!/bin/sh +# preinst script for libvirt-bin +# +# see: dh_installdeb(1) + +set -e + +APP_PROFILE="usr.sbin.libvirtd" +APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE" +APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE" +if [ "$1" = "upgrade" ]; then + mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true + if dpkg --compare-versions $2 lt "0.1.8-0ubuntu2" ; then + # force-complain for pre-apparmor upgrades + ln -sf $APP_CONFFILE $APP_COMPLAIN + elif dpkg --compare-versions $2 lt "0.6.1-0ubuntu6" ; then + if [ -e "$APP_CONFFILE" ]; then + md5sum="`md5sum \"$APP_CONFFILE\" | sed -e \"s/ .*//\"`" + pkg_md5sum="`sed -n -e \"/^Conffiles:/,/^[^ ]/{\\\\' $APP_CONFFILE'{s/.* //;p}}\" /var/lib/dpkg/status`" + if [ "$md5sum" = "$pkg_md5sum" ]; then + # force-complain on upgrade from pre-shipped profile and + # existing profile is same as in conffiles + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + else + # force-complain on upgrade from pre-shipped profile and + # there is no existing profile + ln -sf $APP_CONFFILE $APP_COMPLAIN + fi + fi +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- libvirt-0.7.5.orig/debian/libvirt-bin.init +++ libvirt-0.7.5/debian/libvirt-bin.init @@ -0,0 +1,170 @@ +#! /bin/sh +# +# Init script for libvirtd +# +# (c) 2007 Guido Guenther +# based on the skeletons that comes with dh_make +# +### BEGIN INIT INFO +# Provides: libvirt-bin libvirtd +# Required-Start: $network $local_fs +# Required-Stop: +# Should-Start: hal avahi +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: libvirt management daemon +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/libvirtd +NAME=libvirtd +DESC="libvirt management daemon" + +test -x $DAEMON || exit 0 +. /lib/lsb/init-functions + +PIDFILE=/var/run/$NAME.pid +DODTIME=1 # Time to wait for the server to die, in seconds + +# Include libvirtd defaults if available +if [ -f /etc/default/libvirt-bin ] ; then + . /etc/default/libvirt-bin +fi + +check_start_libvirtd_option() { + if [ ! "$start_libvirtd" = "yes" ]; then + log_warning_msg "Not starting libvirt management daemon libvirtd, disabled via /etc/default/libvirt-bin" + return 1 + else + return 0 + fi +} + +running_pid() +{ + # Check if a given process pid's cmdline matches a given name + pid=$1 + name=$2 + [ -z "$pid" ] && return 1 + [ ! -d /proc/$pid ] && return 1 + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` + # Is this the expected child? + [ "$cmd" != "$name" ] && return 1 + return 0 +} + +running() +{ +# Check if the process is running looking at /proc +# (works for all users) + # No pidfile, probably no daemon present + [ ! -f "$PIDFILE" ] && return 1 + # Obtain the pid and check it against the binary name + pid=`cat $PIDFILE` + running_pid $pid $DAEMON || return 1 + return 0 +} + +force_stop() { +# Forcefully kill the process + [ ! -f "$PIDFILE" ] && return + if running ; then + kill -15 $pid + # Is it really dead? + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + kill -9 $pid + [ -n "$DODTIME" ] && sleep "$DODTIME"s + if running ; then + echo "Cannot kill $LABEL (pid=$pid)!" + exit 1 + fi + fi + fi + rm -f $PIDFILE + return 0 +} + +mkdir -p /var/run/libvirt +case "$1" in + start) + if check_start_libvirtd_option; then + log_daemon_msg "Starting $DESC" "$NAME" + if running ; then + log_progress_msg "already running" + log_end_msg 0 + exit 0 + fi + rm -f /var/run/libvirtd.pid + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- $libvirtd_opts + if running; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + if ! running ; then + log_progress_msg "not running" + log_end_msg 0 + exit 0 + fi + start-stop-daemon --stop --quiet --pidfile $PIDFILE \ + --exec $DAEMON + log_end_msg 0 + ;; + force-stop) + log_daemon_msg "Forcefully stopping $DESC" "$NAME" + force_stop + if ! running; then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + if check_start_libvirtd_option; then + log_daemon_msg "Restarting $DESC" "$DAEMON" + start-stop-daemon --oknodo --stop --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + [ -n "$DODTIME" ] && sleep $DODTIME + start-stop-daemon --start --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $libvirtd_opts + if running; then + log_end_msg 0 + else + log_end_msg 1 + fi + fi + ;; + reload|force-reload) + if running; then + log_daemon_msg "Reloading configuration of $DESC" "$NAME" + start-stop-daemon --stop --signal 1 --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + log_end_msg 0 + else + log_warning_msg "libvirtd not running, doing nothing." + fi + ;; + status) + log_daemon_msg "Checking status of $DESC" "$NAME" + if running ; then + log_progress_msg "running" + log_end_msg 0 + else + log_progress_msg "not running" + log_end_msg 1 + fi + ;; + *) + N=/etc/init.d/libvirt-bin + echo "Usage: $N {start|stop|restart|reload|force-reload|status|force-stop}" >&2 + exit 1 + ;; +esac + +exit 0 --- libvirt-0.7.5.orig/debian/compat +++ libvirt-0.7.5/debian/compat @@ -0,0 +1 @@ +7 --- libvirt-0.7.5.orig/debian/libvirt-bin.examples +++ libvirt-0.7.5/debian/libvirt-bin.examples @@ -0,0 +1,5 @@ +daemon/libvirtd.conf +daemon/libvirtd.policy-0 +daemon/libvirtd.policy-1 +daemon/libvirtd.sasl +debian/libvirt-suspendonreboot --- libvirt-0.7.5.orig/debian/libvirt0.symbols +++ libvirt-0.7.5/debian/libvirt0.symbols @@ -0,0 +1,31 @@ +libvirt.so.0 libvirt0 #MINVER# + *@LIBVIRT_0.0.3 0.0.3 + *@LIBVIRT_0.0.5 0.0.5 + *@LIBVIRT_0.1.0 0.1.0 + *@LIBVIRT_0.1.1 0.1.1 + *@LIBVIRT_0.1.4 0.1.4 + *@LIBVIRT_0.1.5 0.1.5 + *@LIBVIRT_0.1.9 0.1.9 + *@LIBVIRT_0.2.0 0.2.0 + *@LIBVIRT_0.2.1 0.2.1 + *@LIBVIRT_0.2.3 0.2.3 + *@LIBVIRT_0.3.0 0.3.0 + *@LIBVIRT_0.3.2 0.3.2 + *@LIBVIRT_0.3.3 0.3.3 + *@LIBVIRT_0.4.0 0.4.0 + *@LIBVIRT_0.4.1 0.4.1 + *@LIBVIRT_0.4.2 0.4.2 + *@LIBVIRT_0.4.5 0.4.5 + *@LIBVIRT_0.5.0 0.5.0 + *@LIBVIRT_0.6.0 0.6.0 + *@LIBVIRT_0.6.1 0.6.1 + *@LIBVIRT_0.6.3 0.6.3 + *@LIBVIRT_0.6.4 0.6.4 + *@LIBVIRT_0.6.5 0.6.5 + *@LIBVIRT_0.7.0 0.7.0 + *@LIBVIRT_0.7.1 0.7.1 + *@LIBVIRT_0.7.2 0.7.2 + *@LIBVIRT_0.7.3 0.7.3 + *@LIBVIRT_0.7.4 0.7.4 + *@LIBVIRT_0.7.5 0.7.5 + *@LIBVIRT_PRIVATE_0.7.5 0.7.5 --- libvirt-0.7.5.orig/debian/libvirt-bin.manpages +++ libvirt-0.7.5/debian/libvirt-bin.manpages @@ -0,0 +1 @@ +tools/virsh.1 --- libvirt-0.7.5.orig/debian/libvirt-bin.cron.daily +++ libvirt-0.7.5/debian/libvirt-bin.cron.daily @@ -0,0 +1,34 @@ +#!/bin/sh +# +# clean out AppArmor profiles for virtual machines that no longer exist +# +set -e + +PROFILES_DIR="/etc/apparmor.d/libvirt" +AA_PROFILES="/sys/kernel/security/apparmor/profiles" + +uuids="" +remove_if_unused() { + uuid=`basename "$1" | sed 's/libvirt-//' | egrep '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'` || return + + # don't remove a profile for an existing VM + echo "$uuids" | grep -q "$uuid" && return + + # don't remove a loaded profile + if [ -e "$AA_PROFILES" ] && grep -q "$uuid" "$AA_PROFILES" ; then + return + fi + + find $PROFILES_DIR -name "libvirt-${uuid}*" -prune -type f -exec rm -f -- '{}' \; +} + +# read in all existing uuids +for i in `ls -1 /etc/libvirt/qemu/*.xml 2>/dev/null` ; do + uuid=`grep '' "$i" | sed 's#.*\(.*\).*#\1#'` + uuids="$uuids $uuid" +done + +for i in `ls -1 $PROFILES_DIR/libvirt-* 2>/dev/null` ; do + basename "$i" | egrep -q '\.' && continue + remove_if_unused "$i" || true +done --- libvirt-0.7.5.orig/debian/libvirt-doc.doc-base.libvirt-doc +++ libvirt-0.7.5/debian/libvirt-doc.doc-base.libvirt-doc @@ -0,0 +1,8 @@ +Document: libvirt-doc +Title: Libvirt the virtualization API +Abstract: Local copy of the web site of libvirt +Section: System/Administration + +Format: HTML +Index: /usr/share/doc/libvirt-doc/intro.html +Files: /usr/share/doc/libvirt-doc/*.html --- libvirt-0.7.5.orig/debian/libvirt0.install +++ libvirt-0.7.5/debian/libvirt0.install @@ -0,0 +1,2 @@ +usr/lib/libvirt.so.* + --- libvirt-0.7.5.orig/debian/libvirt-bin.libvirtd.logrotate +++ libvirt-0.7.5/debian/libvirt-bin.libvirtd.logrotate @@ -0,0 +1,9 @@ +/var/log/libvirt/qemu/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + copytruncate +} --- libvirt-0.7.5.orig/debian/control +++ libvirt-0.7.5/debian/control @@ -0,0 +1,104 @@ +Source: libvirt +Section: libs +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Libvirt Maintainers +Uploaders: Guido Günther , Laurent Léonard +Build-Depends: cdbs (>= 0.4.43), debhelper (>= 7), libxml2-dev, libncurses5-dev, libreadline-dev, zlib1g-dev, libgnutls-dev, python-dev (>= 2.3.5-11), python-central (>= 0.5.6), quilt, libavahi-client-dev, libsasl2-dev, libxen3-dev [i386 amd64], lvm2, qemu-kvm [amd64 i386 powerpc sparc], open-iscsi-utils, libparted0-dev (>= 2.2), libdevmapper-dev, uuid-dev, + libudev-dev, + libpciaccess-dev, + module-init-tools, + policykit-1, + dpkg-dev (<< 1.15.3) | dpkg-dev (>> 1.15.3), + libxml2-utils, libapparmor-dev, libcap-ng-dev +XS-Python-Version: current +Build-Conflicts: dpkg-dev (= 1.15.3) +XS-Debian-Vcs-Git: git://git.debian.org/git/pkg-libvirt/libvirt.git +XS-Debian-Vcs-Browser: http://git.debian.org/?p=pkg-libvirt/libvirt.git +Homepage: http://libvirt.org +Standards-Version: 3.8.3 +DM-Upload-Allowed: yes + +Package: libvirt-bin +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libvirt0 (= ${binary:Version}), logrotate, + hal, + bridge-utils, netcat-openbsd, dnsmasq-base (>= 2.46-1), iptables +Enhances: qemu, kvm, xen +Section: admin +Recommends: qemu-kvm (>= 0.11.0-0ubuntu6) +Suggests: policykit-1, apparmor (>= 2.3+1289-0ubuntu14) +Description: the programs for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the supporting binaries to use with libvirt + +Package: libvirt0 +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Conflicts: libvirt0-dbg (<< 0.4.2-6ubuntu1) +Replaces: libvirt0-dbg (<< 0.4.2-6ubuntu1) +Recommends: lvm2 +Description: library for interfacing with different virtualization systems + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + +Package: libvirt0-dbg +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libvirt0 (= ${binary:Version}) +Priority: extra +Section: debug +Description: library for interfacing with different virtualization systems + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the debugging symbols. + +Package: libvirt-doc +Architecture: all +Section: doc +Depends: ${misc:Depends} +Suggests: devhelp +Description: documentation for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the documentation. + +Package: libvirt-dev +Architecture: any +Section: libdevel +Depends: ${misc:Depends}, libvirt0 (= ${binary:Version}), libxen3-dev [i386 amd64] +Recommends: pkg-config +Description: development files for the libvirt library + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the header files and static libraries which are + needed for developing the applications with libvirt. + +Package: python-libvirt +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, libvirt0 (>= ${binary:Version}) +Provides: ${python:Provides} +Section: python +XB-Python-Version: ${python:Versions} +Description: libvirt Python bindings + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains Python bindings for the libvirt library + --- libvirt-0.7.5.orig/debian/libvirt-suspendonreboot +++ libvirt-0.7.5/debian/libvirt-suspendonreboot @@ -0,0 +1,48 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: libvirt-suspendonreboot +# Required-Start: libvirt-bin +# Required-Stop: libvirt-bin $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: suspend/resmum vms on reboot +### END INIT INFO +# (c) Andi Barth 2008 +# Distributable under the terms of the GNU GPL version 2. +# +# copy to /etc/init.d/libvirt-suspendonreboot and use +# update-rc.d libvirt-suspendonreboot defaults 29 71 +# to enable + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +suspenddir=/var/lib/libvirt/autosuspend + +case "$1" in + start) + for domain in ${suspenddir}/*dump; do + if [ -f $domain ]; then + domain=$(basename $domain .dump) + echo "resuming $domain ..." + virsh restore ${suspenddir}/${domain}.dump && rm ${suspenddir}/${domain}.dump + fi + done + ;; + stop) + for domain in /etc/libvirt/qemu/*xml; do + domain=$(basename $domain .xml) + state=$(virsh domstate $domain) + if [ "$state" = "running" ]; then + echo "suspending $domain ..." + virsh save ${domain} ${suspenddir}/${domain}.dump + fi + done + ;; + reload|force-reload|restart) + # No action, nothing to reload + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 +esac + --- libvirt-0.7.5.orig/debian/libvirt-bin.apport +++ libvirt-0.7.5/debian/libvirt-bin.apport @@ -0,0 +1,59 @@ +'''apport package hook for libvirt-bin + +(c) 2009 Canonical Ltd. +Author: +Jamie Strandboge + +''' + +from apport.hookutils import * +from os import path +import re + +def recent_kernlog(pattern): + '''Extract recent messages from kern.log or message which match a regex. + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/kern.log'): + file = '/var/log/kern.log' + elif os.path.exists('/var/log/messages'): + file = '/var/log/messages' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def recent_auditlog(pattern): + '''Extract recent messages from kern.log or message which match a regex. + pattern should be a "re" object. ''' + lines = '' + if os.path.exists('/var/log/audit/audit.log'): + file = '/var/log/audit/audit.log' + else: + return lines + + for line in open(file): + if pattern.search(line): + lines += line + return lines + +def add_info(report): + attach_conffiles(report, 'libvirt-bin') + attach_related_packages(report, ['apparmor', 'libapparmor1', + 'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit0']) + + # get apparmor stuff. copied from source_apparmor.py until apport runs + # runs hooks via attach_related_packages + attach_file(report, '/proc/version_signature', 'ProcVersionSignature') + attach_file(report, '/proc/cmdline', 'ProcCmdline') + + sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE) + report['KernLog'] = recent_kernlog(sec_re) + + if os.path.exists("/var/log/audit"): + # this needs to be run as root + report['AuditLog'] = recent_auditlog(sec_re) + --- libvirt-0.7.5.orig/debian/libvirt-bin.default +++ libvirt-0.7.5/debian/libvirt-bin.default @@ -0,0 +1,11 @@ +# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin) +# This is a POSIX shell fragment + +# Start libvirtd to handle qemu/kvm: +start_libvirtd="yes" + +# options passed to libvirtd, add "-l" to listen on tcp +libvirtd_opts="-d" + +# pass in location of kerberos keytab +#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab --- libvirt-0.7.5.orig/debian/libvirt-doc.docs +++ libvirt-0.7.5/debian/libvirt-doc.docs @@ -0,0 +1,9 @@ +docs/*.rng +docs/*.png +docs/*.xml +docs/*.html +docs/*.gif +docs/*.css +docs/html/ +docs/devhelp/ +examples/ --- libvirt-0.7.5.orig/debian/copyright +++ libvirt-0.7.5/debian/copyright @@ -0,0 +1,44 @@ +libvirt was initially debianized by Andrew Mitchell + +It was downloaded from http://libvirt.org/sources/ + +Upstream Author: + + Daniel Veillard or + +Copyright: + + 2005,2006 Red Hat, Inc + +Licenses: + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + + src/hash.c: + + Copyright (C) 2000 Bjorn Reese and Daniel Veillard. + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHORS AND + CONTRIBUTORS ACCEPT NO RESPONSIBILITY IN ANY CONCEIVABLE MANNER. + + +On Debian systems, the complete text of the GNU Lesser General +Public License can be found in `/usr/share/common-licenses/LGPL'. --- libvirt-0.7.5.orig/debian/pycompat +++ libvirt-0.7.5/debian/pycompat @@ -0,0 +1 @@ +2 --- libvirt-0.7.5.orig/debian/libvirt-dev.install +++ libvirt-0.7.5/debian/libvirt-dev.install @@ -0,0 +1,4 @@ +usr/lib/libvirt.so +usr/lib/libvirt.a +usr/include/* +usr/lib/pkgconfig/* --- libvirt-0.7.5.orig/debian/libvirt-bin.install +++ libvirt-0.7.5/debian/libvirt-bin.install @@ -0,0 +1,13 @@ +usr/bin/* +usr/sbin/* +etc/apparmor.d/abstractions/libvirt-qemu +etc/apparmor.d/libvirt/TEMPLATE +etc/apparmor.d/usr.lib.libvirt.virt-aa-helper +etc/apparmor.d/usr.sbin.libvirtd +etc/libvirt/* +etc/sasl2/* +usr/share/polkit-1/* +usr/lib/libvirt/* +usr/share/augeas/* +usr/share/libvirt/* +usr/share/apport/package-hooks/source_libvirt-bin.py --- libvirt-0.7.5.orig/debian/libvirt-bin.postrm +++ libvirt-0.7.5/debian/libvirt-bin.postrm @@ -0,0 +1,47 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + if getent group libvirtd >/dev/null; then + delgroup libvirtd || true + fi + + rm -f /etc/apparmor.d/force-complain/usr.sbin.libvirtd >/dev/null 2>&1 || true + rm -f /etc/apparmor.d/disable/usr.sbin.libvirtd >/dev/null 2>&1 || true + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- libvirt-0.7.5.orig/debian/libvirt-doc.links +++ libvirt-0.7.5/debian/libvirt-doc.links @@ -0,0 +1 @@ +usr/share/doc/libvirt-doc/devhelp/ /usr/share/gtk-doc/html/libvirt --- libvirt-0.7.5.orig/debian/python-libvirt.install +++ libvirt-0.7.5/debian/python-libvirt.install @@ -0,0 +1,2 @@ +usr/lib/python*/*/*.so +usr/lib/python*/*/*.py --- libvirt-0.7.5.orig/debian/changelog +++ libvirt-0.7.5/debian/changelog @@ -0,0 +1,1853 @@ +libvirt (0.7.5-5ubuntu23) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: also allow /opt but deny + access to /dev to suppress confusing, non-fatal profile denials. + + -- Jamie Strandboge Wed, 14 Apr 2010 07:36:13 -0500 + +libvirt (0.7.5-5ubuntu22) lucid; urgency=low + + * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow ro access to files + in /mnt, /media and /srv + + -- Jamie Strandboge Tue, 13 Apr 2010 08:27:46 -0500 + +libvirt (0.7.5-5ubuntu21) lucid; urgency=low + + * debian/libvirt-bin.upstart: simplify pidfile cleanup logic, + per discussion with Jamie Strandboge and Loic Minier in LP: #510658 + + -- Dustin Kirkland Wed, 07 Apr 2010 16:09:05 -0500 + +libvirt (0.7.5-5ubuntu20) lucid; urgency=low + + * debian/libvirt-bin.upstart: + - remove unnecessary pid file existence test, LP: #510658 + - revert virbr0 up/down hack added in 0.7.5-5ubuntu17, LP: #345485 + + -- Dustin Kirkland Wed, 07 Apr 2010 15:39:39 -0500 + +libvirt (0.7.5-5ubuntu19) lucid; urgency=low + + * fix for hostdev devices (LP: #545795). This can be dropped in 0.7.8 + - debian/patches/9021-apparmor-fix-hostdev.patch: adjust virt-aa-helper to + handle pci devices. Update valid_path() to have an override array to + check against, and add "/sys/devices/pci" to it. Then rename + file_iterate_cb() to file_iterate_hostdev_cb() and create + file_iterate_pci_cb() based on it. Update tests suite for this and SDL + - debian/apparmor/libvirt-qemu: adjust for the above + - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to + /sys/devices + + -- Jamie Strandboge Mon, 05 Apr 2010 19:50:15 -0500 + +libvirt (0.7.5-5ubuntu18) lucid; urgency=low + + * handle SDL graphics (LP: #545426). This can be dropped in 0.7.8 + - 9019-apparmor-fix-xauth.patch: adjust virt-aa-helper to handle SDL + graphics, specifically Xauthority. Also remove a couple redundant + checks. + - debian/apparmor/libvirt-qemu: add comment about /dev/fb* + * handle backingstore (LP: #470636). This can be dropped in 0.7.8 + - debian/patches/9020-apparmor-fix-backingstore.patch: adjust + virt-aa-helper to handle disks with backing stores + - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to + user-tmp, non-hidden files in @{HOME} and storage pools + + -- Jamie Strandboge Mon, 05 Apr 2010 16:56:25 -0500 + +libvirt (0.7.5-5ubuntu17) lucid; urgency=low + + * debian/libvirt-bin.upstart: bring virbr0 up/down on upstart start/stop + of libvirt, LP: #345485 + + -- Dustin Kirkland Thu, 01 Apr 2010 23:08:33 -0500 + +libvirt (0.7.5-5ubuntu16) lucid; urgency=low + + * debian/libvirt-bin.upstart: libvirt has a nasty habit of leaving + it's pidfile lying around when/if it crashes; add a pre-start + check that removes the pidfile if it exists but the daemon is + not actually running, LP: #510658 + + -- Dustin Kirkland Thu, 01 Apr 2010 19:47:04 -0500 + +libvirt (0.7.5-5ubuntu15) lucid; urgency=low + + * debian/apparmor/libvirt-qemu, examples/apparmor/libvirt-qemu: + allow seabios in the apparmor profile, LP: #545302 + + -- Dustin Kirkland Tue, 23 Mar 2010 11:28:28 -0700 + +libvirt (0.7.5-5ubuntu14) lucid; urgency=low + + * debian/patches/9018-fix-pty-console.patch: fix issue using + console in virsh. + (LP: #542324) + + -- Scott Moser Fri, 19 Mar 2010 15:58:21 -0400 + +libvirt (0.7.5-5ubuntu13) lucid; urgency=low + + * debian/patches/9017-dont-disable-ipv6.patch: don't disable IPv6 + on the bridge interface. The original intent of disabling IPv6 was + to prevent RAs received from client VMs from accidentally adding + addresses to the bridge interface. However, only accept_ra=0 is + necessary to fix this, without the side-effect of disabling IPv6. + (LP: #528934) + + -- Jeremy Visser Thu, 04 Mar 2010 17:33:11 +1100 + +libvirt (0.7.5-5ubuntu12) lucid; urgency=low + + * Build against parted 2.2. + + -- Colin Watson Tue, 09 Mar 2010 01:18:49 +0000 + +libvirt (0.7.5-5ubuntu11) lucid; urgency=low + + * Make sure cache setting is output by virDomainGetXMLDesc (and, by + extension, "virsh dumpxml"), even if no special driverName is set. + (LP: #531741) + + -- Soren Hansen Thu, 04 Mar 2010 22:19:52 +0100 + +libvirt (0.7.5-5ubuntu10) lucid; urgency=low + + * debian/patches/9015-autodetect-nc-params.patch: autodetect if the + remote nc command supports the -q option. (LP: #517478) + * debian/patches/0006-Terminate-nc-on-EOF.patch: disabled + as the previous patch replaces it. + + -- Marc Deslauriers Thu, 04 Mar 2010 07:58:52 -0500 + +libvirt (0.7.5-5ubuntu9) lucid; urgency=low + + * debian/apparmor/libvirt-qemu: + - explicitly deny setpcap to silence denials. See LP: 522845 for details + - allow read access to /proc/*/status + * debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch: + Don't exit with error if the user unloaded the profile outside of libvirt + (LP: #530400) + + -- Jamie Strandboge Wed, 03 Mar 2010 06:29:39 -0600 + +libvirt (0.7.5-5ubuntu8) lucid; urgency=low + + * Build against parted 2.1. + + -- Colin Watson Fri, 26 Feb 2010 18:11:14 +0000 + +libvirt (0.7.5-5ubuntu7) lucid; urgency=low + + * debian/patches/0010-Use-base-16-for-product-vendor.patch: parse the USB + and PCI product and vendor ids in hexadecimal. This fixes incorrect + USB ids being used in virt-manager. (LP: #514610) + + -- Marc Deslauriers Sun, 07 Feb 2010 11:08:23 -0500 + +libvirt (0.7.5-5ubuntu6) lucid; urgency=low + + * debian/patches/9013-apparmor-dont-clear-caps.patch: Don't clear + capabilities when calling virt-aa-helper. When built with libcap-ng, + clearing caps makes virt-aa-helper lose MAC_ADMIN, which is (obviously) + needed by apparmor_parser. This restores libcap-ng behavior to what it was + when not built with libcap-ng. (LP: #517714) + + -- Jamie Strandboge Fri, 05 Feb 2010 16:48:42 -0600 + +libvirt (0.7.5-5ubuntu5) lucid; urgency=low + + * Build-Depend on libcap-ng. (LP: #488963) + + -- Soren Hansen Thu, 04 Feb 2010 14:50:40 -0800 + +libvirt (0.7.5-5ubuntu4) lucid; urgency=low + + * debian/patches/9011-node_device_driver.patch: Don't free an uninitalized + pointer in update_driver_name() in src/node_device/node_device_driver.c + (LP: #513544) + * debian/patches/9012-dont-crash-on-restart.patch: don't crash on restart + if domain(s) with PCI devices are running + + -- Jamie Strandboge Thu, 28 Jan 2010 08:26:14 -0600 + +libvirt (0.7.5-5ubuntu3) lucid; urgency=low + + * 9008-fix-daemon-conf-ftbfs.patch: fix for FTBFS on Ubuntu buildds by + disabling running libvirtd with a valid config file in the daemon-conf + test. This patch used to be 9008-warn-on-daemon-conf-test-wait.patch + + -- Jamie Strandboge Mon, 25 Jan 2010 21:08:46 -0600 + +libvirt (0.7.5-5ubuntu2) lucid; urgency=low + + * debian/patches/9010-apparmor-ftbfs.patch: updated to match upstream + and give proper attribution + + -- Jamie Strandboge Mon, 25 Jan 2010 17:44:30 -0600 + +libvirt (0.7.5-5ubuntu1) lucid; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: + + Build-Depends on qemu-kvm, not qemu + + Build-Depends on open-iscsi-utils, not open-iscsi + + Build-Depends on libxml2-utils + + Build-Depends on libapparmor-dev and Suggests apparmor (>= + 2.3+1289-0ubuntu14) + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin + + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such + + We call libxen-dev libxen3-dev, so change all references + + temporarily remove Build-Depends on libcap-ng-dev, which isn't + available in Ubuntu main yet + + Rename Vcs-* to XS-Debian-Vcs-* + - debian/libvirt-bin.postinst: + + rename the libvirt group to libvirtd + + add each admin user to the libvirtd group + + reload apparmor profiles + + 0.7.2 moved /usr/bin/virt-aa-helper to /usr/lib/libvirt, so the + profile changed from usr.bin.virt-aa-helper to + usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user + made no changes to the old profile, remove it, otherwise, update the + paths, preserving the shipped usr.lib.libvirt.virt-aa-helper + - debian/libvirt-bin.postrm: + + rename the libvirt group to libvirtd + + remove apparmor symlinks on purge + - debian/libvirt-bin.preinst: added to force complain on certain + upgrades + - debian/README.Debian: add AppArmor section based on the upstream + documentation + - debian/rules: + + update DEB_DH_INSTALLINIT_ARGS for upstart + + add DEB_MAKE_CHECK_TARGET := check + + use --with-apparmor + + copy apparmor and apport hook to debian/tmp + - add debian/libvirt-bin.upstart + - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, + /etc/apparmor.d/disable, /etc/apparmor.d/force-complain, + /etc/apparmor.d/libvirt, /etc/cron.daily and + /usr/share/apport/package-hooks + - add debian/libvirt-bin.cron.daily + - add debian/libvirt-bin.apport + - debian/libvirt-bin.install: install apparmor profiles, abstractions + and apport hook + - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + + 9000-delayed_iff_up_bridge.patch + + 9001-dont_clobber_existing_bridges.patch + + 9002-better_default_uri_virsh.patch + + 9003-increase-logoutput-timeout.patch + + 9004-better-default-arch.patch + + 9005-libvirtd-group-name.patch + + 9006-increase-unix-socket-timeout.patch + + 9007-default-config-test-case.patch + + 9008-warn-on-daemon-conf-test-wait.patch (renamed from 9016) + - Dropped the following patches now including upstream: + + 0005-Fix-SELinux-linking-issues.patch + + 9008-apparmor-caps-mockup.patch + + 9009-apparmor-lp453335.patch + + 9010-apparmor-lp460271.patch + + 9011-apparmor-code-cleanups.patch + + 9012-apparmor-add-virt-aa-helper-test.patch + + 9013-apparmor-examples.patch + + 9014-event-fuzz.patch + + 9015-hal-startup-failure-is-nonfatal.patch + * debian/patches/9009-run-as-root-by-default.patch: run virtual machines + via qemu:///system as root. As of 0.7, upstream libvirt has the ability to + run VMs started via qemu:///system as an unprivileged user. Debian's + libvirt now runs these VMs as libvirt-qemu:kvm. However, the upstream + implementation is contentious among the community and while it does + reduce the privileges of the VMs running under qemu:///system, all VMs + currently run under the same user, so there is no guest isolation. Even if + each user ran under its own user, an attacker could potentially break out + of the VM and have unconfined user access (albeit non-root). In Ubuntu, + Qemu/KVM virtual machines are already fully isolated and confined by the + AppArmor security driver so this feature has been disabled. Once there is + consensus among the community on the implementation and its use, changing + this default in Ubuntu can be considered as an additional protection to + the AppArmor driver. + * debian/README.Debian: add section discussing the security implications of + using qemu:///system + * debian/patches/9010-apparmor-ftbfs.patch: fix missing bracket in + virt-aa-helper.c and automake dependency declaration. This should be + dropped in 0.7.6 or higher. + + -- Jamie Strandboge Mon, 25 Jan 2010 12:48:13 -0600 + +libvirt (0.7.5-5) unstable; urgency=low + + [ Guido Günther ] + * [d8e60e8] Add css to docs + * [f6e41ae] New patch 0008-qemu-Use-log-output-for-pty-assignment-if- + info-chard.patch qemu: Use log output for pty assignment if 'info + chardev' is unavailable - thanks to Matthias Bolte + + [ Laurent Léonard ] + * [0905f82] Fix QEMU driver custom domain status XML extensions. - + thanks to Daniel P. Berrange + + -- Laurent Léonard Tue, 19 Jan 2010 23:16:16 +0100 + +libvirt (0.7.5-4) unstable; urgency=low + + * [18520c0] Same description of supported virt techs in all binary packages + (Closes: #564909) - thanks to Loïc Minier + * [49c357c] Implement path lookup for USB by vendor:product (Closes: + #563502) - thanks to Cole Robinson + + -- Guido Günther Wed, 13 Jan 2010 23:57:26 +0100 + +libvirt (0.7.5-3) unstable; urgency=low + + * [4d41fd7] Also look for dmi information in /sys/class older kernels such + as 2.6.26 have it there. (Closes: #564020) + * [1c0e0b5] Explicitly disable ESX support + * [c3c84f6] Terminate nc on EOF (Closes: #564053) - thanks to Gabor Gombas + for the patch + + -- Guido Günther Fri, 08 Jan 2010 11:07:34 +0100 + +libvirt (0.7.5-2) unstable; urgency=low + + * Upload to unstable + * [d6c5ca5] Add debugging symbols for all packages + + -- Guido Günther Sun, 03 Jan 2010 20:01:12 +0100 + +libvirt (0.7.5-1) experimental; urgency=low + + [ Laurent Léonard ] + * [96f8d94] Imported Upstream version 0.7.5 + * [f8089a1] Redo patches. + * [294ce3d] Update libvirt0 symbols. + * [1c97be7] Allow DM upload and add myself as uploader. + * [5635a32] Clean debian/watch. + + [ Guido Günther ] + * [45f98ae] Drop 0005-udev_device_get_devpath-might-return-NULL.patch + applied upstream. + + -- Guido Günther Sat, 26 Dec 2009 17:45:47 +0100 + +libvirt (0.7.4-2) experimental; urgency=low + + * [65d3755] Disable SELinux to work around #559356 + * [19bd427] Run qemu instances as qemu-libvirt instead of root by default + (Closes: #558197) + * [0a6c03b] Use kvm as primary group for libvirt-qemu user + * [e5ae24b] Fix udev backend startup + * [f610a8e] Use udev instead of hal backend + + -- Guido Günther Mon, 07 Dec 2009 21:20:20 +0100 + +libvirt (0.7.4-1) unstable; urgency=low + + [ Laurent Léonard ] + * [8f2761b] Imported Upstream version 0.7.4 + * [20b6b3d] Drop patches. + * 0005-Fix-SELinux-linking-issues.patch - fixed upstream. + * 0006-Don-t-let-parent-of-daemon-exit-until-basic-initiali.patch - + fixed upstream. + * 0007-Only-remove-masquerade-roles-for-VIR_NETWORK_FORWARD.patch - + applied upstream. + * 0008-Fix-qemu-session.patch - fixed upstream. + * [e41f8c6] Update libvirt0 symbols. + * [f184e28] Revert "switch to new source format 3.0 (quilt)" This reverts + commit 213ca47bbbefe2dc95be58a09db34669e3be5797. + * [65084d2] Enhance handling of examples. + + -- Guido Günther Tue, 01 Dec 2009 18:51:18 +0100 + +libvirt (0.7.2-4ubuntu6) lucid; urgency=low + + * Update libvirt0 description to match the other packages in supported + virtualization technologies. + * Rename Vcs-* to XS-Debian-Vcs-*. + + -- Loïc Minier Tue, 12 Jan 2010 17:22:02 +0100 + +libvirt (0.7.2-4ubuntu5) lucid; urgency=low + + * debian/rules, debian/libvirt-bin.upstart: migrate libvirt to upstart + (LP: #446036) + * debian/control: depend on open-iscsi-utils, rather than open-iscsi, + fixed again, grrr (LP: #414986) + + -- Dustin Kirkland Tue, 05 Jan 2010 23:23:28 -0600 + +libvirt (0.7.2-4ubuntu4) lucid; urgency=low + + * debian/libvirt-bin.postinst: don't sed a non-existent file (LP: #493582) + + -- Jamie Strandboge Mon, 07 Dec 2009 08:55:03 -0600 + +libvirt (0.7.2-4ubuntu3) lucid; urgency=low + + * debian/patches/9016-warn-on-daemon-conf-test-wait.patch: workaround FTBFS + on buildd by not failing when waiting on pid + + -- Jamie Strandboge Wed, 02 Dec 2009 12:12:17 -0600 + +libvirt (0.7.2-4ubuntu2) lucid; urgency=low + + * debian/control: Build-Depends on qemu-kvm, not qemu + * debian/patches/9007-default-config-test-case.patch: revert last change + which caused a different failure on buildd + + -- Jamie Strandboge Wed, 02 Dec 2009 11:14:59 -0600 + +libvirt (0.7.2-4ubuntu1) lucid; urgency=low + + * Merge from debian testing. Remaining changes: + - debian/control: + + Don't build-depend on QEmu + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin + + Recommends qemu-kvm (>= 0.11.0-0ubuntu6) + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such + + We call libxen-dev libxen3-dev, so change all references + + Build-Depends on libxml2-utils + + Build-Depends on open-iscsi-utils instead of open-iscsi due to + LP: #414986 + - debian/postinst: + + rename the libvirt group to libvirtd + + add each admin user to the libvirtd group + - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd + - debian/rules: add DEB_MAKE_CHECK_TARGET := check + - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2 + - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch + - AppArmor integration: + + debian/control: Build-Depends on libapparmor-dev and Suggests + apparmor (>= 2.3+1289-0ubuntu14) + + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions, + /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt, + /etc/cron.daily and /usr/share/apport/package-hooks + + add debian/libvirt-bin.cron.daily (LP: #438165) + + add debian/libvirt-bin.apport + + debian/libvirt-bin.install: install apparmor profiles, abstractions + and apport hook + + debian/postinst: reload apparmor profiles + + debian/libvirt-bin.postrm: remove apparmor symlinks on purge + + debian/libvirt-bin.preinst: added to force complain on certain + upgrades + + debian/README.Debian: add AppArmor section based on the upstream + documentation + + debian/rules: use --with-apparmor and copy apparmor and apport hook to + debian/tmp + - Dropped the following patches now included upstream: + + 0005-Close-logfile-fd-after-spawning-qemu.patch + + 9090-reenable-nonfile-labels.patch + + 9091-apparmor.patch + + 9092-apparmor-autoreconf.patch + * AppArmor integration updates: + - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to + /usr/lib/libvirt/* (LP: #480478) + - debian/apparmor/libvirt-qemu: allow guests access to + /etc/pki/libvirt-vnc/** (LP: #484562) + - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to + /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper + to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user + made no changes to the old profile, remove it, otherwise, update the + paths, preserving the shipped usr.lib.libvirt.virt-aa-helper + - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in + 0.7.4): + + debian/patches/9008-apparmor-caps-mockup.patch + + debian/patches/9009-apparmor-lp453335.patch + + debian/patches/9010-apparmor-lp460271.patch + + debian/patches/9011-apparmor-code-cleanups.patch + - add virt-aa-helper-test and examples/apparmor that were omitted from the + upstream tarball (can be dropped in 0.7.5): + + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch + + debian/patches/9013-apparmor-examples.patch + + debian/rules: add post-patches target to make virt-aa-helper-test + executable + * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work + when both apparmor and selinux are available. This patch should be + dropped in 0.7.4. + * debian/patches/9007-default-config-test-case.patch: updated to not fail + if building in a deep directory + * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite + so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels. + Can be dropped in 0.7.5. + * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal + driver if hald is not running instead of dying. Can be dropped in + 0.7.4. + * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which + isn't available in Ubuntu main yet + * revert change to new source format 3.0 (quilt) since Launchpad can't + handle it yet (see LP: #293106) + + -- Jamie Strandboge Wed, 02 Dec 2009 09:22:21 -0600 + +libvirt (0.7.2-4) unstable; urgency=low + + * [213ca47] switch to new source format 3.0 (quilt) + * [f5a10e9] Depend on hal (Closes: #556730) + * [7d1422d] Drop build-dep on libpolkit-dbus-dev (Closes: #549500) + * [95ad85c] Depend on libcap-ng-dev for lxc driver. + + -- Guido Günther Wed, 25 Nov 2009 20:39:17 +0100 + +libvirt (0.7.2-3) unstable; urgency=low + + * [2c0aa82] Fix qemu:///session Backported from upsgtream's + 79218cdd9887b132eb0f29fe2048f89e90beae1 (Closes: #554869) + + -- Guido Günther Sat, 07 Nov 2009 12:50:54 +0100 + +libvirt (0.7.2-2) unstable; urgency=low + + [ Laurent Léonard ] + * [a9ea205] Change requirement of libvirt-bin in libvirt- suspendonreboot. + * [a4db804] Update debian/patches/0006-Don-t-let-parent-of-daemon- + exit-until-basic-initiali.patch. Fix use of an uninitialized variable that + was causing a bug on i386 systems. + * [59e1e53] Redo patches. + + [ Guido Günther ] + * upload to unstable + * [43f106a] Only remove masquerade roles for VIR_NETWORK_FORWARD_NAT + (Closes: #549949) - thanks to Rob S. Wolfram for testing + + -- Guido Günther Thu, 05 Nov 2009 20:44:21 +0100 + +libvirt (0.7.2-1) experimental; urgency=low + + [ Laurent Léonard ] + * [51a4814] Imported Upstream version 0.7.2 + * [12268f6] Update patches. + * [175d497] Fix SELinux linking issues. Pulled from upstream + 309acaa0230494b8ec08d03375c10238cb2daf55. + * [5cfdaf8] Update libvirt-doc docs. + * [dc2059f] Update libvirt-bin manpages. + * [a62a4a7] Update libvirt-bin examples. + * [9e38cbc] Update libvirt0 symbols. + * [412b12f] Make init.d script provide itself. + * [35451bf] Update debian/rules to support new example files. + * [43b7dac] Don't let parent of daemon exit until basic initialization is + done. + * [5a37e69] Make init.d provide libvirtd for backward compatibility. + + -- Guido Günther Mon, 26 Oct 2009 20:14:23 +0100 + +libvirt (0.7.1-2) unstable; urgency=low + + * [f5299d3] document changes and release 0.7.1-1 + * [f137c00] Allow for older versions of dpkg-dev to ease backports. + * [74f5832] Use Policykit 1.0 (Closes: #549500) + + -- Guido Günther Fri, 09 Oct 2009 20:32:02 +0200 + +libvirt (0.7.1-1) unstable; urgency=low + + [ Laurent Léonard ] + * [40fb620] Bump Debhelper version to 7. + * [e0e89f2] Bump Standards-Version to 3.8.3. + * [50a862f] Clean debian/rules. + * [e9c9906] Change build dependency on libreadline5-dev to + libreadline-dev. + * [b6cb738] Imported Upstream version 0.7.1 + * [780f6a7] Redo patches. + * [3d66f37] Update libvirt-bin examples. + * [c01ed84] Update libvirt0 symbols. + + -- Guido Günther Sat, 26 Sep 2009 17:15:02 +0200 + +libvirt (0.7.0-1ubuntu15) lucid; urgency=low + + * Run test suite at build time. + * Add libxml2-utils dependency. Needed by the test suite. + * Remove "Connecting to uri: " notice from virsh. It breaks the test + suite, the information is readily available with the "uri" command + inside virsh, and it's a usability delta with upstream, so + constantly causes confusion. + + -- Soren Hansen Fri, 27 Nov 2009 11:21:53 +0100 + +libvirt (0.7.0-1ubuntu14) lucid; urgency=low + + * debian/patches/9093-lp460271.patch: require absolute path for dynamic + added files (LP: #460271) + * debian/patches/9094-lp453335.patch: suppress confusing and misleading + apparmor denied message when kvm/qemu tries to open a libvirt specified + readonly file (such as a cdrom) with write permissions. libvirt uses the + readonly attribute for the security driver only, and has no way of telling + kvm/qemu that the device should be opened readonly. (LP: #453335) + * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to + work (LP: #461528) + * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by + allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) + + -- Jamie Strandboge Mon, 09 Nov 2009 17:11:05 -0600 + +libvirt (0.7.0-1ubuntu13) karmic; urgency=low + + * allow save/restore to work in $HOME. This is a workaround until upstream + https://bugzilla.redhat.com/show_bug.cgi?id=529363 is fixed. (LP: #457716) + * debian/libvirt-bin.cron.daily: don't comlain if no domain XML definitions + or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607) + + -- Jamie Strandboge Fri, 23 Oct 2009 03:52:33 -0500 + +libvirt (0.7.0-1ubuntu12) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: a couple more fixes for pulseaudio + LP: #453329 + + -- Jamie Strandboge Fri, 16 Oct 2009 17:06:15 -0500 + +libvirt (0.7.0-1ubuntu11) karmic; urgency=low + + * debian/patches/9091-apparmor.patch: + - src/virt-aa-helper.c: update to parse XML for guest's architecture and + os.type rather than just trying to make something up. + - tests/virt-aa-helper-test: add some tests for the above and fix another + test + - LP: #448671 + + -- Jamie Strandboge Wed, 14 Oct 2009 14:55:20 -0500 + +libvirt (0.7.0-1ubuntu10) karmic; urgency=low + + * debian/patches/0005-Close-logfile-fd-after-spawning-qemu.patch: fix + egregious file descriptor leak with cherry-pick from upstream git, + LP: #438815 + + -- Dustin Kirkland Tue, 06 Oct 2009 18:57:22 -0500 + +libvirt (0.7.0-1ubuntu9) karmic; urgency=low + + * allow access for sound (LP: #437854) + - abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We + do not use the audio abstraction because the virtual machine runs as root + and therefore DAC cannot be used as a fallback. + - debian/README.Debian: add some text to encourage review of the AppArmor + profiles and abstraction when using in production environments + * debian/libvirt-bin.cron.daily: added to clean out old profiles that are no + longer associated with a virtual machine definition (LP: #438165) + * debian/patches/9091-apparmor.patch: + - quote the pid, monitor and logfile in case any of them have weird + characters (complete fix for LP: #432810) + - support for disks + + -- Jamie Strandboge Mon, 05 Oct 2009 16:31:12 -0500 + +libvirt (0.7.0-1ubuntu8) karmic; urgency=low + + * debian/patches/9091-apparmor.patch: sync with upstream for maintenance, + licensing compliance with upstream and bug fixes: + - handle files with spaces in the name (LP: #432810) + - add serial, console, kernel and initrd support (LP: #432581) + - allow read only access to /boot, /vmlinuz and /initrd.img + - allow access to character devices (eg USB devices) + - have virt-aa-helper accept XML on stdin, which allows for adding + other devices in the future and helps ensure we always have the most + up to date definition + - update profile on attach and detach of devices (LP: #435527) + - add --dryrun option to virt-aa-helper, and greatly improve the + virt-aa-helper-test script + * revert workaround for LP: #431090 now that kernel, initrd, et al is + properly supported + * debian/apparmor/usr.sbin.libvirtd: add various capabilities + recommended by upstream to prevent potential regressions + + -- Jamie Strandboge Tue, 22 Sep 2009 20:04:58 -0500 + +libvirt (0.7.0-1ubuntu7) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: add chown capability (LP: #434417) + + -- Jamie Strandboge Tue, 22 Sep 2009 08:03:21 -0500 + +libvirt (0.7.0-1ubuntu6) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: workaround eucalyptus serial console, + kernel and initrd location. This should be removed after virt-aa-helper is + able to get these from XML. (LP: #431090) + + -- Jamie Strandboge Thu, 17 Sep 2009 11:35:42 -0500 + +libvirt (0.7.0-1ubuntu5) karmic; urgency=low + + * debian/apparmor/usr.sbin.libvirtd: switch to enforcing by default. Please + note that this was only in complain mode temporarily to work around kernel + bugs in the 2.6.31-9 kernel. Confinement of virtual machines (controlled + by /etc/apparmor.d/libvirt/TEMPLATE) was already in enforcing mode. + (LP: #427338) + * debian/README.Debian: update AppArmor section based on the upstream + documentation + + -- Jamie Strandboge Thu, 10 Sep 2009 08:05:45 -0500 + +libvirt (0.7.0-1ubuntu4) karmic; urgency=low + + * debian/libvirt-bin.postinst: add each admin user to libvirtd, + LP: #410226; note that this is only a partial fix, as admin users + added after libvirt's install will need to be individually added + to libvirtd; however, this should fix a huge number of + single-admin-user-in-default-Ubuntu-system annoyances + * debian/control: bump standards version + + -- Dustin Kirkland Tue, 08 Sep 2009 17:56:52 -0500 + +libvirt (0.7.0-1ubuntu3) karmic; urgency=low + + * debian/apparmor/libvirt-qemu: allow access to /dev/kqemu + * debian/apparmor/usr.bin.virt-aa-helper: use @{PROC} instead of /proc + + -- Jamie Strandboge Wed, 26 Aug 2009 12:19:24 -0500 + +libvirt (0.7.0-1ubuntu2) karmic; urgency=low + + * Add AppArmor support (LP: #388422): + - debian/patches/9090-reenable-nonfile-labels.patch: add back in + virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor + labels are not stored on disk + - debian/patches/9091-apparmor.patch: add AppArmor security driver + - debian/patches/9092-apparmor-autoreconf.patch: after installing libtool + and the build dependencies, run autoreconf to pull in changes to + Makefile.am and configure.in in 9091-apparmor.patch + - debian/rules: use --with-apparmor and copy debian/apparmor/* to + debian/tmp + - debian/control: Build-Depends on libapparmor-dev and Suggests apparmor + >= 2.3+1289-0ubuntu14 + - add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will + default to complain mode until LP: #401931 is sorted out + - debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt, + /etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain + - debian/libvirt-bin.install: install profiles and abstractions + - debian/libvirt-bin.preinst: newly added to force complain on certian + upgrades + - debian/libvirt-bin.postinst: (re)load profile + - debian/libvirt-bin.postrm: remove force-complain profile on purge + * 9006-increase-unix-socket-timeout.patch: + increase timeout waiting for unix socket in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the logoutput timeout + adjustment in 9003-increase-logoutput-timeout.patch. This is needed with + the new qemudOpenMonitorUnix() function introduced in 0.7.0. + * add apport hook: + - add debian/libvirt-bin.apport + - debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks + - debian/libvirt-bin.install: add source_libvirt-bin.py + - debian/rules: install libvirt-bin.apport + + -- Jamie Strandboge Tue, 25 Aug 2009 11:51:42 -0500 + +libvirt (0.7.0-1ubuntu1) karmic; urgency=low + + * Merge from debian experimental, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + + We call libxen-dev libxen3-dev, so change all references. + + Build-Depends on open-iscsi-utils instead of open-iscsi due to + LP: #414986 + - 9000-delayed_iff_up_bridge.patch: + Don't try to bring up the bridge before at least one interface has been + added to it. + - 9001-dont_clobber_existing_bridges.patch: + Assign the name of the virtual bridge dynamically to avoid interfering + with existing bridges. + - 9002-better_default_uri_virsh.patch: + Default to qemu:///system if the user has write access to the libvirt + socket, otherwise qemu:///session. + - 9003-increase-logoutput-timeout.patch: + increase timeout waiting for log output in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the disk-wait in + mdadm. (LP #344400) + - 9004-better-default-arch.patch: + If a domain does not specify its architecture, attempt to match the host. + (LP #344913) + - 9005-libvirtd-group-name.patch: + Rename libvirt group to libvirtd. + - rename the libvirt group to libvirtd in postinst/postrm + * Dropped the following patches from debian/patches (they don't apply any + more were not applied in 0.6.4-1ubuntu2): + - dynamic_bridge_names.patch + - event-loop-hang.diff + - more-flexible-emulator-on-x86.patch + - xen-events-handling-fix.diff + + -- Jamie Strandboge Thu, 13 Aug 2009 20:24:24 -0500 + +libvirt (0.7.0-1) experimental; urgency=low + + [ Laurent Léonard ] + * [4fb1a38] Imported Upstream version 0.7.0 + * [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer- + QEMU.patch. Fixed upstream. + * [9a8afd0] Redo patches. + * [937ab63] Update symbols. + * [b4bd1ea] Update section in doc-base control file. + + -- Guido Günther Sun, 09 Aug 2009 13:35:42 +0200 + +libvirt (0.6.5-3) unstable; urgency=low + + * [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316) + * [ae20998] fix Debian Xen path patch to also cover the testsuite + * [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer- + QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with + newer kvm. + + -- Guido Günther Wed, 29 Jul 2009 12:17:52 +0200 + +libvirt (0.6.5-2) unstable; urgency=low + + * [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673) + + -- Guido Günther Sun, 12 Jul 2009 15:03:08 +0200 + +libvirt (0.6.5-1) unstable; urgency=low + + [ Guido Günther ] + * [05e9a39] build-depend on policykit so polkit auth works with virsh + as well + + [ C.J. Adams-Collier ] + * [a161c5f] allow to qemu to emulate arm + + [ Guido Günther ] + * [b1e4c4b] Imported Upstream version 0.6.5 + * [e764583] change private symbols to 0.6.5 + * [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream. + * [7ad7896] bump standards version + * [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses + private symbols + + -- Guido Günther Sun, 05 Jul 2009 13:07:53 +0200 + +libvirt (0.6.4-1ubuntu2) karmic; urgency=low + + * Also rename the libvirt group to libvirtd in postinst/postrm. + (LP: #392696) + + -- Soren Hansen Fri, 26 Jun 2009 22:49:45 +0200 + +libvirt (0.6.4-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - 9000-delayed_iff_up_bridge.patch: + Don't try to bring up the bridge before at least one interface has been + added to it. + - 9001-dont_clobber_existing_bridges.patch + Assign the name of the virtual bridge dynamically to avoid interfering + with existing bridges. + - 9002-better_default_uri_virsh.patch: + Default to qemu:///system if the user has write access to the libvirt + socket, otherwise qemu:///session. + - 9003-increase-logoutput-timeout.patch: + increase timeout waiting for log output in src/qemu_driver.c, set to 30 + seconds, which 10x longer than before, and matches the disk-wait in + mdadm. (LP #344400) + - 9004-better-default-arch.patch: + If a domain does not specify its architecture, attempt to match the host. + (LP #344913) + - 9005-libvirtd-group-name.patch: + Rename libvirt group to libvirtd. + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Mon, 22 Jun 2009 11:14:57 +0200 + +libvirt (0.6.4-1) unstable; urgency=low + + * [dd3adb2] Imported Upstream version 0.6.4 + * [2320162] update symbols file + * [89c9720] remove bashism (Closes: #530122) + * [30d86c1] drop patches fixed upstream: + 0005-don-t-crash-with-def-NULL.patch + 0006-Fix-QEMU-ARGV-detection-with-kvm-85.patch + 0007-Declare-support-for-QEMU-migration-in-capabilities.patch + + -- Guido Günther Thu, 04 Jun 2009 12:50:01 +0200 + +libvirt (0.6.3-4) unstable; urgency=low + + * [3607f2f] Install libvirt_lxc that got list somewhere between our + testbuilds. (Closes: #529578) + * [070ddd5] install augeas lense + * [c9b034d] install schema files + + -- Guido Günther Wed, 20 May 2009 14:33:18 +0200 + +libvirt (0.6.3-3) unstable; urgency=low + + * [4087b7d] disable lxc on ia64 to work around FTBFS until we have + access to a test machine + * [df5f5a0] pull some kvm/qemu related patches from upstream + (Closes: #529324) + + -- Guido Günther Tue, 19 May 2009 19:14:57 +0200 + +libvirt (0.6.3-2) unstable; urgency=low + + * [35898d3] fix crash when libvirt_lxc is called without arguments + * [449ca60] enable lxc support (Closes: #526718) - thanks to Daniel + Pittman for testing this + * [335a4e6] update description with supported virtualization solutions + * [92eba47] delay libvirt-bin start until after avahi + * [8ebd17d] update startup priorities due to changed libvirt-bin + startup priority. Also add an LSB header. (Closes: #526944) + + -- Guido Günther Thu, 07 May 2009 13:28:40 +0200 + +libvirt (0.6.3-1) unstable; urgency=low + + * [0cb2f83] Imported Upstream version 0.6.3 + * virtual box support + * [06fe518] 0001-remove-RHism.diff.patch: use invoke-rc.d + * [ec2fd52] drop patches merged upstream: + * 0003-allow-libvirt-group-to-access-the-socket.patch series + * 0004-fix-Debian-specific-path-to-hvm-loader.patch + * [6977bde] enable vbox support + * [93c4423] add symbols file + + -- Guido Günther Sun, 03 May 2009 23:33:28 +0200 + +libvirt (0.6.2-2) unstable; urgency=low + + * [031b9c1] Don't hardcode buffer size for getgrnam_r. Works around + #520744 and fixes possible problems with implementations having + _SC_GETGR_R_SIZE_MAX != 1024. + * [bbe7743] respect log priority for qemu domain logs (Closes: #524145) + * [a2e4cb0] don't rely on log_end_msg returning 0 this isn't the case + with splashy. (Closes: #523712) + * [ddfafda] move debug package into section debug + + -- Guido Günther Thu, 16 Apr 2009 15:28:31 +0200 + +libvirt (0.6.2-1) unstable; urgency=low + + * [99fd06c] Imported Upstream version 0.6.2 (Closes: #521785) + * [78cd5c8] drop /var/run/libvirt created by init script + * [2a7cb3b] move startup of libvirtd after hal (Closes: #522310) + * [b8707ed] bump standards version 0.8.1 (no changes necessary) + + -- Guido Günther Thu, 09 Apr 2009 22:48:57 +0200 + +libvirt (0.6.1-1) unstable; urgency=low + + * [3be7341] Imported Upstream version 0.6.1 + * [38fde15] rediff Debian specific patches + * [9b59a19] drop patches applied upstream: + * 0004-Don-t-hardcode-ssh-port.patch + * 0005-minimal-workaround-for-qemu-startup-race.patch + * [95d4b7f] drop patches backported from upstream + * 0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch + * [8171d83] build-dep on module-init-tools so configure can figure out + the path to modprobe + + -- Guido Günther Thu, 05 Mar 2009 13:58:41 +0100 + +libvirt (0.6.1-0ubuntu5) jaunty; urgency=low + + * Fix logic error when applying %d bridge name rewriting. (LP: #350780) + + -- Soren Hansen Thu, 16 Apr 2009 20:48:49 +0200 + +libvirt (0.6.1-0ubuntu4) jaunty; urgency=low + + [ Marc Deslauriers ] + * 0008-increase-logoutput-timeout.patch: increase timeout waiting + for log output in src/qemu_driver.c, set to 30 seconds, which 10x + longer than before, and matches the disk-wait in mdadm, LP: #344400 + + -- Dustin Kirkland Fri, 27 Mar 2009 10:57:53 -0500 + +libvirt (0.6.1-0ubuntu3) jaunty; urgency=low + + * Fix "libvirt's defaults are slightly less than sane" (LP: #344913) + - more-flexible-emulator-on-x86.patch (from upstream) + - default-arch.patch + + -- Soren Hansen Thu, 19 Mar 2009 00:23:14 +0100 + +libvirt (0.6.1-0ubuntu2) jaunty; urgency=low + + * Add fix for event loop hang (LP: #344195) + http://article.gmane.org/gmane.comp.emulators.libvirt/12437 + * Add fix for Xen events handling. + http://git.et.redhat.com/?p=libvirt.git;a=commit;h=124cfcbc2bcd1b71b51e720b9bfc7d8e69e8af89 + + -- Soren Hansen Fri, 13 Mar 2009 16:51:33 +0100 + +libvirt (0.6.1-0ubuntu1) jaunty; urgency=low + + * New upstream release. (FFe: LP: #339868) + * Dropped 0004-Don-t-hardcode-ssh-port.patch: Included upstream. + * Rewrote dynamic_bridge_names.patch to work with refactored upstream + bridging code. + + -- Soren Hansen Mon, 09 Mar 2009 11:18:01 +0100 + +libvirt (0.6.0-1ubuntu3) jaunty; urgency=low + + * No change rebuild for python2.6. + + -- Matthias Klose Wed, 25 Feb 2009 12:17:13 +0000 + +libvirt (0.6.0-1ubuntu2) jaunty; urgency=low + + * Accidentally dropped our changes to + 0003-allow-libvirt-group-to-access-the-socket.patch, causing the + group as which libvirtd expected to run to be wrong. Change it back + to "libvirtd" rather than "libvirt". (LP: #328093) + + -- Soren Hansen Wed, 11 Feb 2009 16:10:28 +0100 + +libvirt (0.6.0-1ubuntu1) jaunty; urgency=low + + * Merge with Debian experimental. Remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge + before at least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the + user has write access to the libvirt socket, otherwise + qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + - Included (but did not enable) opennebula patch (since it's not in + main yet). + + -- Soren Hansen Wed, 11 Feb 2009 01:01:42 +0100 + +libvirt (0.6.0-1) experimental; urgency=low + + * [30be86d] Imported Upstream version 0.6.0 + * [179781c] drop patches + * fixed upstream: + 0006-Fix-missing-read-only-access-checks-CVE-2008-5086.patch + * applied upstream: + 0004-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch + 0005-qemu-fix-parallel-serial-mode-tcp-and-unix.patch + 0007-don-t-fail-on-missing-locales.patch + * [d80a176] adjust remaining patches to new upstream version + * [208c924] add minimal workaround for qemu startup race + * [6e8caa0] restart libvirt daemon on upgrades if possible + (Closes: #492694, #499008) + + -- Guido Günther Thu, 05 Feb 2009 18:40:10 +0100 + +libvirt (0.5.1-7) unstable; urgency=low + + * [1238706] Recommend dnsmasq-base instead of dnsmasq this keeps us + out of all the dnsmasq already running troubles. (Closes: #516443) - + thanks to Bin Zhang for the suggestion and the doc update + * [5c9dfd7] don't rotate empty logfiles (Closes: #517040) + * [1c9a023] libvirt_proxy: Fix use of uninitalized memory We currently + don't build this code (CVE-2009-0036). + * [4ea1ea9] fix path to hvmloader (Closes: #517059) + * [879b632] suggest devhelp + * [f22f1ef] add ${misc:Depends} + * [c6f579e] README.Debian: fix typo + + -- Guido Günther Thu, 26 Feb 2009 14:45:32 +0100 + +libvirt (0.5.1-6) unstable; urgency=low + + * upload to unstable + + -- Guido Günther Mon, 16 Feb 2009 21:27:21 +0100 + +libvirt (0.5.1-5) experimental; urgency=low + + * [d4a69d1] don't fail on missing locales (Closes: #512721) + * [cecac4c] don't hardcode ssh port - based on a patch by Adrian + Bridgett. (Closes: #513605) + * [4565a65] drop superflous headers and footers from remaining patches + + -- Guido Günther Fri, 30 Jan 2009 23:06:29 +0100 + +libvirt (0.5.1-4ubuntu1) jaunty; urgency=low + + * Merge with Debian experimental. + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables + to Depends of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, + since we used to ship them as such. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge + before at least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the + user has write access to the libvirt socket, otherwise + qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + * Included (but did not enable) opennebula patch (since it's not in + the archive yet). + + -- Soren Hansen Thu, 08 Jan 2009 23:01:16 +0100 + +libvirt (0.5.1-4) experimental; urgency=low + + * [2fd5224] apply upstream patch for CVE-2008-5086 (Closes: #509106) + + -- Guido Günther Thu, 18 Dec 2008 16:12:00 +0100 + +libvirt (0.5.1-3) experimental; urgency=low + + * [d30438c] create libvirt log directory (Closes: #508129) + * [417a23c] qemu: fix parallel/serial mode "tcp" and "unix" + (Closes: #507608) + + -- Guido Günther Thu, 11 Dec 2008 12:38:01 +0100 + +libvirt (0.5.1-2) experimental; urgency=low + + * [4cd547b] create /var/run/libvirt (Closes: #507578) + * [fe96870] merge back master + * [d46313f] drop patches for issues fixed upstream + - 0007-also-look-for-usr-bin-kvm.patch + - 0008-Increase-initial-qemu-monitor-read-timeout.patch + - 0009-Open-qemu-monitor-log-O_APPEND-instead-of-O_TRUNC.patch + - 0010-raise-error-on-invalid-volume-format.patch + + -- Guido Günther Sat, 06 Dec 2008 10:37:12 +0100 + +libvirt (0.5.1-1) experimental; urgency=low + + * [d76b3a1] Imported Upstream version 0.5.1 (Closes: #507677, #507547) + * [2e550ae] enable hal for device enumeration + * [0d9116a] rotate qemu monitor logs (Closes: #507553) - thanks to + Harald Staub + * [5f85e66] depend on logrotate + * [6e955a3] open qemu monitor O_APPEND instead of O_TRUNC for logrotate + * [7dbea84] drop 0004-xen-prefer-xenstoraged-driver-for- + listDomains.patch - applied upstream + + -- Guido Günther Fri, 05 Dec 2008 09:36:54 +0100 + +libvirt (0.5.0-1) experimental; urgency=low + + * [717ef21] Imported Upstream version 0.5.0 + * [b7a1fbd] enable OpenVZ support (Closes: #504597) - thanks to Pierre + Chifflier for the patch + * [ee3590a] drop patches, fixed upstream: + * 0004-support-virtio-and-scsi-disks-in-qemudDomainBlockSta.patch + * 0005-fix-define-vs.-defined-typos.patch + * [f4f601f] bump shlibs to 0.5.0 + + -- Guido Günther Fri, 28 Nov 2008 16:40:38 +0100 + +libvirt (0.4.6-10) unstable; urgency=low + + * [5878698] cherry-pick patch for CVE-2008-5086 from experimental + + -- Guido Günther Thu, 18 Dec 2008 16:59:45 +0100 + +libvirt (0.4.6-9) unstable; urgency=low + + * [d30438c] create libvirt log directory (Closes: #508129) + + -- Guido Günther Mon, 08 Dec 2008 10:12:28 +0100 + +libvirt (0.4.6-8) unstable; urgency=low + + * [e771da9] drop superflous 0011-Fix-segfault-on-missing-volume- + format.patch - not needed. + + -- Guido Günther Fri, 05 Dec 2008 10:17:01 +0100 + +libvirt (0.4.6-7) unstable; urgency=low + + * [ea12bd9] create /var/run/libvirt fixes /var/run on tmpfs + (Closes: #507578) + * [97e5706] also look for /usr/bin/kvm (Closes: #507547) + * [311b4c1] increase initial qemu monitor read timeout + (Closes: #499720) + * [fbe4e00] open qemu monitor log O_APPEND instead of O_TRUNC + * [f8ce017] raise error on invalid volume format + * [40edcf8] rotate qemu monitor logs (Closes: #507553) - thanks to + Harald Staub + * [46ea43a] fix segfault on missing volume format (Closes: #507677) - + thanks to Daniel Veillard + * [ee377f3] bump shlibs version to 0.4.6 + * [504d55d] depend on logrotate + + -- Guido Günther Thu, 04 Dec 2008 17:50:45 +0100 + +libvirt (0.4.6-6) unstable; urgency=low + + * [ff8e9ae] README.Debian: clarify xen configuration + * [c07c68f] prefer xenstoraged driver for listDomains - avoids seeing "ghost + domains" due to bugs in several versions of the xen HV + + -- Guido Günther Thu, 27 Nov 2008 18:06:48 +0100 + +libvirt (0.4.6-5ubuntu2) jaunty; urgency=low + + * SECURITY UPDATE: fix privilege escalation due to missing read only + connection checks + - debian/patches/0009-CVE-2008-5086.patch: update functions in + src/libvirt.c to check against VIR_CONNECT_RO and return with operation + denied error + - CVE-2008-5086 + + -- Jamie Strandboge Tue, 16 Dec 2008 10:47:09 -0600 + +libvirt (0.4.6-5ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + Don't build-depend on QEmu. + + Add "XS-Debian-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since + we used to ship them as such. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + * Add qemu migration patch (from upstream git (adjusted for 0.4.6)). + * Add dynamic_bridge_names.patch to again support dynamic bridge names. + + -- Soren Hansen Tue, 18 Nov 2008 18:04:40 +0100 + +libvirt (0.4.6-5) unstable; urgency=low + + * [411ada3] add more details about dnsmasq vs. libvirtd (Closes: #504605) + * [2f8f07d] add default image dir virt-manager assumes they exist and + they're used in the SELinux policies too. (Closes: #505577) + * [9eb3a83] fix #define vs. #defined typos - affects non Linux architectures + and fixes the build with gcc 4.4 (Closes: #505607) - thanks to Martin + Michlmayr + * [0e21634] fix uploader + + -- Guido Günther Fri, 14 Nov 2008 14:54:48 +0100 + +libvirt (0.4.6-4) unstable; urgency=low + + * upload to unstable + * [50b27f5] add libvirt-suspendonreboot script (Closes: #501155) - + thanks to Andreas Barth + + -- Guido Günther Sat, 01 Nov 2008 19:33:36 +0100 + +libvirt (0.4.6-3) experimental; urgency=low + + * [8fa5a3c] add a versioned recommends on qemu (Closes: #501692) + * [d1539bc] recommend pkg-config + * [f08bb18] explain libvirt group (Closes: #501824) + + -- Guido Günther Sun, 12 Oct 2008 20:27:25 +0200 + +libvirt (0.4.6-2) experimental; urgency=low + + * [2039095] tighten libvirt dependency + * [06dbe8a] qemu/kvm: fix domain block stats for virtio and scsi devices + + -- Guido Günther Thu, 02 Oct 2008 22:03:05 +0200 + +libvirt (0.4.6-1) experimental; urgency=low + + * [e20d3d4] Imported Upstream version 0.4.6 + * [0c840ab] disable numactl + * [ca2c5cb] cleanup doc installation (Closes: #492075) + * [714ab94] drop 0004-for-kvm-determine-maxVCPUs-at-runtime.patch - applied + upstream + * [e7563a8] drop 0005-fix-crash-when-no-emulator-is-defined-for-kvm- + qemu.patch - fixed upstream + + -- Guido Guenther Thu, 25 Sep 2008 12:31:45 +0200 + +libvirt (0.4.5-2) experimental; urgency=low + + * [17647cd] libvirt-bin.default: add keytab default + * [0ef01e7] fix runtime vcpu detection (0004-for-kvm-determine- + maxVCPUs-at-runtime.patch) (Closes: #495950) + * [b91e1eb] don't crash when no emulator is defined (0005-fix-crash- + when-no-emulator-is-defined-for-kvm-qemu.patch) + + -- Guido Guenther Mon, 22 Sep 2008 20:11:04 +0200 + +libvirt (0.4.5-1) experimental; urgency=low + + * [ab8b4e6] Imported Upstream version 0.4.5 + * [4aaef27] tighten dependency on libvirt + * [fa253be] drop 0002-qemu-path.diff.patch - fixed upstream + * [87fc2db] drop 0005-check-for-the-existence-of-the-migrate- + command.patch applied upstream + * [bc311aa] drop 0006-wrong-open-failure-detection.patch applied + upstream + * [38e615d] rebase the remaining patches + * [9a04bb7] bump shlibs version to 0.4.5 + * [9fadd6f] disable LXC + * [179c869] build-dep on libselinux1-dev for selinux support + + -- Guido Guenther Thu, 18 Sep 2008 19:02:55 +0200 + +libvirt (0.4.4-3ubuntu3) intrepid; urgency=low + + * debian/patches/0008-lp287533.patch: allow 16 VCPUs when using kvm + (LP: #287533) + + -- Jamie Strandboge Wed, 22 Oct 2008 10:13:12 -0500 + +libvirt (0.4.4-3ubuntu2) intrepid; urgency=low + + * Make QEmu a suggested package of libvirt0 rather than a recommended one. + * Make kvm a recommended package of libvirt0. + + -- Soren Hansen Mon, 11 Aug 2008 16:18:03 +0200 + +libvirt (0.4.4-3ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg, since + we used to ship them as such. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - 0005-delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Mon, 11 Aug 2008 15:36:54 +0200 + +libvirt (0.4.4-3) unstable; urgency=low + + * upload to unstable + * [96c6727] add /var/cache/libvirt needed by qemuDriver for temporary + storage + * [794f95c] bump standards version to 3.8.0 + * [05184af] add README.source + + -- Guido Guenther Wed, 23 Jul 2008 11:30:31 -0400 + +libvirt (0.4.4-2) experimental; urgency=low + + * [facb983] README.Debian explain "default" network startup + * [395a510] add /var/lib/libvirt needed for the dnsmasq lease file + * [9c588ac] promote bridge-utils & dnsmasq to Recommends: since + they're needed for the default NAT network + * [9ed2cd4] recommend iptables - needed for the default NAT network + + -- Guido Guenther Wed, 23 Jul 2008 00:23:58 -0400 + +libvirt (0.4.4-1) experimental; urgency=low + + * [0ff1e68] new upstream version + * [2098f96] rebase patches for 0.4.4 + * [abbd15e] enable with-storage-disk now that we have parted1.8 + * [3942b25] start libvirtd by default + + -- Guido Guenther Fri, 27 Jun 2008 10:06:00 +0200 + +libvirt (0.4.4-0ubuntu1) intrepid; urgency=low + + * New upstream release + - Drop nic-model, disk-bus, and ancient_parted.patch. They're all + upstream now (in some form). + - Add new libdevmapper-dev build-dependency. + + -- Soren Hansen Wed, 25 Jun 2008 18:51:21 +0200 + +libvirt (0.4.2-6ubuntu1) UNRELEASED; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + - debian/libvirt-bin.default + + Make libvirtd start by default + - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store + its state info. + - Create /var/run/libvirt in libvirt-bin's init script. + - Rename libvirt group to libvirtd. + - Build iscsi and disk storage support. + - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - nic-model.patch: Add support for NIC configuration. + - disk-bus.patch: Add support for bus='foo' attributes for disk targets. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - ancient_parted.patch: Fix builds against libparted1.7 + - We call libxen-dev libxen3-dev, so change all references. + + -- Soren Hansen Wed, 25 Jun 2008 16:40:46 +0200 + +libvirt (0.4.2-6) unstable; urgency=low + + * reenable open-iscsi support - thanks to to the open-iscsi + maintainers for fixing this up + * build a libvirt0-dbg package + * register documentation with doc-base (Closes: #480294) - thanks to + Tzafrir Cohen for the patch + * control: fix typo + * README.Debian: explain debugging + + -- Guido Guenther Thu, 15 May 2008 18:04:20 +0200 + +libvirt (0.4.2-5ubuntu2) intrepid; urgency=low + + * We call libxen-dev libxen3-dev. + * Make libvirt-dev installable alongside libvirt0-dbg. + + -- Soren Hansen Fri, 02 May 2008 10:59:50 +0200 + +libvirt (0.4.2-5ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/control: + + DebianMaintainerField + + Don't build-depend on QEmu. + + Add "XS-Original-" prefix to Debian's Vcs headers. + + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables to Depends + of libvirt-bin. + + s/interract/interact/g + - Add libvirt0-dbg package + - debian/libvirt-bin.default + + Make libvirtd start by default + - Add /var/lib/libvirt to libvirt-bin package. (dnsmasq needs it to store + its state info. + - Create /var/run/libvirt in libvirt-bin's init script. + - Install PolicyKit and sasl stuff in libvirt-bin. + - Rename libvirt group to libvirtd. + - Build iscsi and disk storage support. + - delayed_iff_up_bridge.patch: Don't try to bring up the bridge before at + least one interface has been added to it. + - dont_clobber_existing_bridges.patch: Assign the name of the virtual + bridge dynamically to avoid interfering with existing bridges. + - nic-model.patch: Add support for NIC configuration. + - disk-bus.patch: Add support for bus='foo' attributes for disk targets. + - better_default_uri_virsh.patch: Default to qemu:///system if the user + has write access to the libvirt socket, otherwise qemu:///session. + - ancient_parted.patch: Fix builds against libparted1.7 + + -- Soren Hansen Fri, 02 May 2008 01:50:32 +0200 + +libvirt (0.4.2-5) unstable; urgency=low + + * no need to depend on python-all-dev we only build an extension for + the current python version + + -- Guido Guenther Tue, 22 Apr 2008 11:26:13 +0200 + +libvirt (0.4.2-4) unstable; urgency=low + + * only build-dep on qemu on architectures that have it + (Closes: #476290) + * the packages containing the daemon should suggest polkit + + -- Guido Guenther Fri, 18 Apr 2008 10:41:38 +0200 + +libvirt (0.4.2-3) unstable; urgency=low + + * drop the {build-,}dependency on open-iscsi too + * suggest policykit + + -- Guido Guenther Mon, 14 Apr 2008 15:27:20 +0200 + +libvirt (0.4.2-2) unstable; urgency=low + + * disable the iscsi storage backend until #423368 is fixed in unstable + * disable polkit authentication by default so the libvirt stays accessible + for members of the libvirt group + + -- Guido Guenther Mon, 14 Apr 2008 14:20:23 +0200 + +libvirt (0.4.2-1) unstable; urgency=low + + * drop no-mac.diff - applied upstream + * no need to explicitly link against libpthread + * always enable debugging + * add Homepage URL + * add Vcs-{Git,Browser} fields + * symlink devhelp docs + * enable policy kit + + -- Guido Guenther Fri, 11 Apr 2008 17:54:06 +0200 + +libvirt (0.4.1-1) experimental; urgency=low + + * new upstream version + * Xen 3.2 fixes + * storage pool support + * partition based storage pools are disabled, since this needs parted 1.8 + which is only in experimental + * update patches for new upstream release + * boot-dev-error.diff - applied upstream + * qemu-parse-error.diff - applied upstream + * qemu-path.diff - adjust to new hypervisor detection code + * rediff the rest + * new patches: + * no-mac.diff: don't set mac address on tun device since it breaks kvm + * bump shlibs version + + -- Guido Guenther Fri, 07 Mar 2008 10:17:21 +0100 + +libvirt (0.4.0-6) unstable; urgency=low + + * depend on libxen-dev (Closes:#467598) + * allow members of the libvirt group to manage virtual machines + + -- Guido Guenther Sun, 02 Mar 2008 16:11:49 +0100 + +libvirt (0.4.0-5) unstable; urgency=low + + * thanks to the xen maintainers Debian now has a working libxen-dev, so + enable xen support in the default build (Closes: #453826) + * recommend netcat-openbsd for unix domain socket support (Closes: #453627) + * README.Debian: document necessary xend options + * fix spelling of Python + + -- Guido Guenther Wed, 20 Feb 2008 11:14:22 +0100 + +libvirt (0.4.0-4) unstable; urgency=low + + * don't segfault on broken boot device configuration (Closes: #463686) + * don't segfault due to missing errorhandling in the XML parsing code + + -- Guido Guenther Tue, 05 Feb 2008 13:12:54 +0100 + +libvirt (0.4.0-3) unstable; urgency=low + + * add and remove the libvirt group for the socket + * be a bit more verbose on libvirtd reload + * depend on adduser since we add the libvirt user + * don't restart libvirtd on upgrades since it kills running qemus + * enable debugging via DEB_BUILD_OPTS + + -- Guido Guenther Sun, 03 Feb 2008 14:21:46 +0100 + +libvirt (0.4.0-2ubuntu8) hardy; urgency=low + + * disk-bus.patch: + - Add bus attribute to disk/target tags. Allows you to create virtio disks. + (LP: #213991) + * nic-model.patch: + - Add support to network interfaces. (LP: #213991) + * graceful_shutdown.patch: + - Rather than pulling the power from virtual machines, send an ACPI power + button event and let the OS handle it. + * better_default_uri_virsh.patch: + - Updated patch: Output connection URI to stderr instead of stdout to avoid + breaking scripts that use virsh. + + -- Soren Hansen Wed, 16 Apr 2008 10:35:03 +0200 + +libvirt (0.4.0-2ubuntu7) hardy; urgency=low + + * better_default_uri_virsh.patch: + - Make virsh connect to qemu:///system by default if the user has write + access to /var/run/libvirt/libvirt-sock and qemu:///session if not. + + -- Soren Hansen Tue, 01 Apr 2008 10:32:59 +0200 + +libvirt (0.4.0-2ubuntu6) hardy; urgency=low + + * *Actually* apply our patches to the -dbg version. + + -- Soren Hansen Tue, 11 Mar 2008 14:49:03 +0100 + +libvirt (0.4.0-2ubuntu5) hardy; urgency=low + + * Create /var/lib/libvirt in libvirt-bin. (LP: #191636) + + -- Soren Hansen Wed, 13 Feb 2008 22:17:33 +0100 + +libvirt (0.4.0-2ubuntu4) hardy; urgency=low + + * dont_clobber_existing_bridges.patch: + - Change bridge name from virbr0 to virbr%d, to ensure we never clobber + existing bridges. + * Add iptables dependency + + -- Soren Hansen Wed, 13 Feb 2008 00:53:20 +0100 + +libvirt (0.4.0-2ubuntu3) hardy; urgency=low + + * Build against libxen3-dev instead of libxen3.2-dev. + * libvirt-bin: + + Replace "Suggests: dnsmasq" with "Depends: dnsmasq-base". + + Add dependency on netcat-openbsd (to enable qemu+ssh:// style remote + management) + + -- Soren Hansen Fri, 08 Feb 2008 17:24:48 +0100 + +libvirt (0.4.0-2ubuntu2) hardy; urgency=low + + * Build against libxen-3.2 instead of 3.1. + * Bump bridge-utils from Suggests: to Depends:. + + -- Soren Hansen Tue, 05 Feb 2008 10:34:31 +0100 + +libvirt (0.4.0-2ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - DebianMaintainerField. + - Add libxen3.1-dev to enable Xen management. + - Add libpolkit-dbus-dev to enable polkit integration. + - Build libvirt0-dbg flavour. + - Start libvirtd by default. + - Install polkit policy. + - Install sasl config. + - Install sample qemu and libvirtd config. + - Create libvirtd group in postinst. + - libvirt-remote-ssh.patch: Fix foo+ssh:// urls. + - delayed_iff_up_bridge.patch: Don't try to IFF_UP the bridge interface + until an interface gets added to it. + * Create /var/run if it doesn't exist (LP: #178106). + + -- Soren Hansen Wed, 30 Jan 2008 16:43:11 +0100 + +libvirt (0.4.0-2) unstable; urgency=low + + * libvirt-bin.init: fix the reload target + * add configuration examples + + -- Guido Guenther Sat, 15 Dec 2007 18:59:11 +0100 + +libvirt (0.4.0-1) unstable; urgency=low + + * new upstream version + * enable sasl support + * leave policykit support disabled since it's not in unstable yet + * bump shlibs version + * remove CVS metadata + * rediff patches + * libvirtd-bin.init: libvirtd supports reload + + -- Guido Guenther Fri, 21 Dec 2007 16:49:13 +0100 + +libvirt (0.4.0-0ubuntu3) hardy; urgency=low + + * Clean up debian/rules (should reenable concurrent builds). + * Don't restart libvirt on upgrades (if there's a good reason, we'll + add it to postinst/prerm with checks for specific versions). + + -- Soren Hansen Fri, 18 Jan 2008 19:07:19 +0100 + +libvirt (0.4.0-0ubuntu2) hardy; urgency=low + + * IFF_UP'ing a bridge interface doesn't work until the first interface has + been added to it. + * Fix remote ssh connections. + + -- Soren Hansen Tue, 15 Jan 2008 10:53:25 +0100 + +libvirt (0.4.0-0ubuntu1) hardy; urgency=low + + * New upstream release. + * Don't change the default URI. It appears that too many applications + still depend on this broken behaviour. + * Change maintainer to ubuntu-core-dev. + + -- Soren Hansen Fri, 21 Dec 2007 11:24:02 +0100 + +libvirt (0.3.3-6ubuntu1) hardy; urgency=low + + * Merge from debian unstable, remaining changes: + - Add libvirt0-dbg package. + - Start libvirtd by default. + - Create libvirtd group, and have libvirtd's sockets have group ownership + "libvirtd". + - Add libxen as a build-dependency to enable libvirt's Xen features. + + -- Soren Hansen Thu, 20 Dec 2007 11:28:00 +0100 + +libvirt (0.3.3-6) unstable; urgency=low + + * don't include precompiled examples in the doc package (Closes: #456825) + * remove RHism from manpage (Closes: #455859) + * bump standards version + + -- Guido Guenther Wed, 19 Dec 2007 13:45:58 +0100 + +libvirt (0.3.3-5.xen0) unstable; urgency=low + + * rebuild with xen support + + -- Guido Guenther Tue, 08 Jan 2008 11:00:24 +0100 + +libvirt (0.3.3-5) unstable; urgency=low + + * make libs match overrides + * move to team maintenance + * suggest dnsmasq and bridge-utils for qemu networking + * remove stale PID files + + -- Guido Guenther Thu, 13 Dec 2007 21:34:16 +0100 + +libvirt (0.3.3-4.xen0) unstable; urgency=low + + * UNRELEASED + * build with xen support + * debian/control: we also support xen + + -- Guido Guenther Thu, 06 Dec 2007 15:43:03 +0100 + +libvirt (0.3.3-4ubuntu5) hardy; urgency=low + + * Made default_uri a configurable. + + -- Soren Hansen Wed, 19 Dec 2007 00:56:31 +0100 + +libvirt (0.3.3-4ubuntu4) hardy; urgency=low + + * Add "Provides: libvirt0" to libvirt0-dbg. + * Make virsh understand that the default URI is not xen:///. + + -- Soren Hansen Wed, 19 Dec 2007 00:13:10 +0100 + +libvirt (0.3.3-4ubuntu3) hardy; urgency=low + + * Change default URI to qemu:///session + * Add libvirt0-dbg package, which is just like libvirt0, but built + with --enable-debug=yes. + + -- Soren Hansen Thu, 13 Dec 2007 21:37:39 +0100 + +libvirt (0.3.3-4ubuntu2) hardy; urgency=low + + * Start libvirtd by default. + * Create libvirtd group, and have libvirtd's sockets have group ownership + "libvirtd". + + -- Soren Hansen Thu, 13 Dec 2007 15:08:29 +0100 + +libvirt (0.3.3-4ubuntu1) hardy; urgency=low + + * Fakesync with Debian. + * Reenable Xen. + + -- Soren Hansen Thu, 06 Dec 2007 13:33:13 +0100 + +libvirt (0.3.3-4) unstable; urgency=low + + * put packages into the proper sections + * fix messed up Standards-Version (Closes: #453900) + + -- Guido Guenther Sun, 02 Dec 2007 14:50:11 +0100 + +libvirt (0.3.3-3.xen0) unstable; urgency=low + + * build with xen support - depend on our hacked up xen-utils for that + + -- Guido Guenther Sat, 01 Dec 2007 16:27:32 +0000 + +libvirt (0.3.3-3) unstable; urgency=low + + * add initscript to start libvirtd + + -- Guido Guenther Wed, 28 Nov 2007 10:30:29 +0100 + +libvirt (0.3.3-2) unstable; urgency=low + + * debian/copyright: + * update FSF address + * update upstream author and copyright information + * install the virsh manpage + * use binary:Version instead of Source-Version + + -- Guido Guenther Fri, 23 Nov 2007 22:31:26 +0100 + +libvirt (0.3.3-1) unstable; urgency=low + + * repackage for Debian (Closes: #384300) + * enable avahi + * build with qemu/kvm support + * disable xen support until #402249 is fixed + * disable qemu autonetwork for now, causes libvirtd to seqfault + * fix path to kvm + * switch off DH_VERBOSE + * thanks to the Ubuntu maintainers for their work! + + -- Guido Guenther Fri, 23 Nov 2007 01:58:56 +0100 + +libvirt (0.3.3-0ubuntu1) hardy; urgency=low + + * New upstream release. + * Update maintainer. + + -- Soren Hansen Wed, 14 Nov 2007 23:09:33 +0100 + +libvirt (0.3.0-0ubuntu2) gutsy; urgency=low + + * Add lingnutls-dev Build-Dep. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 12:10:41 +0200 + +libvirt (0.3.0-0ubuntu1) gutsy; urgency=low + + * Import new upstram release that can actually build on xen-3.1. + + -- Fabio M. Di Nitto Mon, 16 Jul 2007 10:23:04 +0200 + +libvirt (0.2.2-0ubuntu1) gutsy; urgency=low + + * Depends on libxen3.1-dev. + + -- Chuck Short Fri, 13 Jul 2007 11:04:00 -0400 + +libvirt (0.2.2-0ubuntu0) gutsy; urgency=low + + * New upstream version. + * Updated libvirt-bin.install, thanks to Marcelo Boveto Shima. + + -- Chuck Short Sun, 24 Jun 2007 09:54:54 -0400 + +libvirt (0.1.8-0ubuntu2) feisty; urgency=low + + * Rebuild for python2.5 as the default python version. + + -- Matthias Klose Fri, 12 Jan 2007 13:21:55 +0000 + +libvirt (0.1.8-0ubuntu1) feisty; urgency=low + + * Initial release + + -- Andrew Mitchell Mon, 23 Oct 2006 20:00:28 +1300 + --- libvirt-0.7.5.orig/debian/watch +++ libvirt-0.7.5/debian/watch @@ -0,0 +1,3 @@ +version=3 + +http://libvirt.org/sources/libvirt-(.*)\.tar\.gz --- libvirt-0.7.5.orig/debian/libvirt-bin.postinst +++ libvirt-0.7.5/debian/libvirt-bin.postinst @@ -0,0 +1,115 @@ +#!/bin/sh +# postinst script for libvirt-bin +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + if ! getent group libvirtd >/dev/null; then + addgroup --system libvirtd + fi + + # Add each admin user to the libvirtd group + for u in $(grep "^admin:" /etc/group | sed -e "s/^.*://" -e "s/,/ /g"); do + adduser "$u" libvirtd >/dev/null + done + + # user and group libvirt runs qemu/kvm instances with + if ! getent group kvm >/dev/null; then + addgroup --quiet --system kvm + fi + if ! getent passwd libvirt-qemu >/dev/null; then + adduser --quiet \ + --system \ + --ingroup kvm \ + --quiet \ + --disabled-login \ + --disabled-password \ + --home /var/lib/libvirt \ + --no-create-home \ + -gecos "Libvirt Qemu" \ + libvirt-qemu + fi + + # libvirt from 0.6.0 on is safe to restart with running vms: + if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.6.0; then + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d libvirt-bin stop + else + /etc/init.d/libvirt-bin stop + fi + sleep 1 + fi + + if dpkg --compare-versions "$2" lt "0.6.1-2"; then + if [ -e /etc/rc2.d/S20libvirt-bin ] && \ + [ -e /etc/rc3.d/S20libvirt-bin ] && \ + [ -e /etc/rc4.d/S20libvirt-bin ] && \ + [ -e /etc/rc5.d/S20libvirt-bin ] && \ + [ -e /etc/rc0.d/K20libvirt-bin ] && \ + [ -e /etc/rc1.d/K20libvirt-bin ] && \ + [ -e /etc/rc6.d/K20libvirt-bin ]; then + update-rc.d -f libvirt-bin remove >/dev/null + fi + fi + + # 0.7.2 moved virt-aa-helper to /usr/lib/libvirt, so preserve + # the user changes (if any). If the old profile was changed, + # then update it for the new path, then move into place. + old_profile="/etc/apparmor.d/usr.bin.virt-aa-helper" + new_profile="/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" + if dpkg --compare-versions "$2" le-nl "0.7.0-1ubuntu15" && [ -f "$old_profile" ]; then + sed -i "s#/usr/bin/virt-aa-helper#/usr/lib/libvirt/virt-aa-helper#g" "$old_profile" + old_md5sum="$(md5sum $old_profile | sed -e 's/ .*//')" + new_md5sum="$(md5sum $new_profile | sed -e 's/ .*//')" + if [ "$old_md5sum" = "$new_md5sum" ]; then + rm -f "$old_profile" + else + echo "Migrating user changes to $new_profile ..." + mv -f "$new_profile" "$new_profile".dpkg-new + mv -f "$old_profile" "$new_profile" + fi + fi + + profile="/etc/apparmor.d/usr.sbin.libvirtd" + if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then + apparmor_parser -r -W -T "$profile" || true + fi + profile="/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" + if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then + apparmor_parser -r -W -T "$profile" || true + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- libvirt-0.7.5.orig/debian/rules +++ libvirt-0.7.5/debian/rules @@ -0,0 +1,73 @@ +#!/usr/bin/make -f + +DEB_PYTHON_SYSTEM = pycentral + +ifneq (,$(findstring $(DEB_HOST_ARCH), i386 amd64)) + BUILD_XEN = --with-xen + BUILD_VBOX = --with-vbox +else + BUILD_XEN = --without-xen + BUILD_VBOX = --without-vbox +endif + +ifneq (,$(findstring $(DEB_HOST_ARCH), ia64)) + BUILD_LXC = --without-lxc +else + BUILD_LXC = --with-lxc +endif + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/class/python-distutils.mk +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +DEB_CONFIGURE_EXTRA_FLAGS := \ + --disable-rpath \ + --with-qemu \ + --with-qemu-user=libvirt-qemu \ + --with-qemu-group=kvm \ + --with-openvz \ + --with-avahi \ + --with-sasl \ + --with-polkit \ + --with-udev \ + --with-storage-fs \ + --with-storage-lvm \ + --with-storage-iscsi \ + --with-storage-disk \ + --with-init-scripts=none \ + --with-apparmor \ + --without-numactl \ + --without-selinux \ + --without-esx \ + --without-libssh2 \ + --enable-debug \ + $(BUILD_XEN) \ + $(BUILD_VBOX) \ + $(BUILD_LXC) + +DEB_COMPRESS_EXCLUDE = .o event-test hellolibvirt info1 suspend +DEB_PYTHON_SETUP_CMD = /dev/null +DEB_DH_MAKESHLIBS_ARGS_libvirt0 += -V 'libvirt0 (>= 0.5.0)' +DEB_DH_INSTALLINIT_ARGS = --upstart-only +DEB_DH_INSTALLLOGROTATE_ARGS = --name=libvirtd +DEB_MAKE_CHECK_TARGET := check + +EXAMPLES_DIR = $(CURDIR)/debian/libvirt-doc/usr/share/doc/libvirt-doc/examples/ + +binary-install/libvirt-doc:: + find $(EXAMPLES_DIR) -name "*.o" -type f -delete -o -name .libs -type d -exec rm -rf {} \; + rm -f $(EXAMPLES_DIR)domain-events/events-c/event-test + rm -f $(EXAMPLES_DIR)dominfo/info1 + rm -f $(EXAMPLES_DIR)domsuspend/suspend + rm -f $(EXAMPLES_DIR)hellolibvirt/hellolibvirt + +build/libvirt-bin:: + mkdir -p debian/tmp/etc/apparmor.d/abstractions debian/tmp/etc/apparmor.d/libvirt + cp -f debian/apparmor/libvirt-qemu debian/tmp/etc/apparmor.d/abstractions + cp -f debian/apparmor/usr.lib.libvirt.virt-aa-helper debian/tmp/etc/apparmor.d + cp -f debian/apparmor/usr.sbin.libvirtd debian/tmp/etc/apparmor.d + cp -f debian/apparmor/TEMPLATE debian/tmp/etc/apparmor.d/libvirt + mkdir -p debian/tmp/usr/share/apport/package-hooks + cp -f debian/libvirt-bin.apport debian/tmp/usr/share/apport/package-hooks/source_libvirt-bin.py + --- libvirt-0.7.5.orig/debian/libvirt-bin.upstart +++ libvirt-0.7.5/debian/libvirt-bin.upstart @@ -0,0 +1,18 @@ +description "libvirt daemon" +author "Dustin Kirkland " + +start on runlevel [2345] +stop on runlevel [!2345] + +expect daemon +respawn + +pre-start script + mkdir -p /var/run/libvirt + # Clean up a pidfile that might be left around + rm -f /var/run/libvirtd.pid +end script + +# If you used to set $libvirtd_opts in /etc/default/libvirt-bin, +# change the 'exec' line here instead. +exec /usr/sbin/libvirtd -d --- libvirt-0.7.5.orig/debian/README.source +++ libvirt-0.7.5/debian/README.source @@ -0,0 +1,57 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- libvirt-0.7.5.orig/debian/README.Debian +++ libvirt-0.7.5/debian/README.Debian @@ -0,0 +1,145 @@ +Xen +=== +To manage xen domains with libvirt you have to set: + +(xend-unix-server yes) + +in /etc/xen/xend-config.sxp. + +For xend HTTP access (not recommended) you also have to set: + +(xend-http-server yes) +# only allow access from localhost: +(xend-address localhost) + +Note that *every* user on the system has access to xend then. Better use +libvirtd to access xen with unprivileged users and add the users to the +"libvirt" group (see "Access Control" below). + +Debugging +========= +Use LIBVIRT_DEBUG=1 to enable libvirt's debugging output, e.g.: + +LIBVIRT_DEBUG=1 +export LIBVIRT_DEBUG +virt-manager + +The default NAT network +======================= +To ease network configuration libvirt defines a NATed network named "default". +VMs using this network end up in 192.168.122.1/24 and DHCP is provided to them +via dnsmasq. This network is not automatically started. To start it use: + + virsh net-start default + +To make the default network start automatically use: + + virsh net-autostart default + +In order for things to work this way you need to have the recommended packages +dnsmasq-base, bridge-utils and iptables installed. + +You don't need the package dnsmasq. However, if you install it, Debian's +default dnsmasq needs to be adjusted slightly to interoperate with libvirtd: + +cat </etc/dnsmasq.d/00_libvirtd.conf +# only bind to loopback by default +interface=lo +bind-interfaces +EOF + +This makes dnsmasq only bind to the loopback interface by default so libvirtd +can handle the virtual bridges. + +Access Control +============== +Access to the libvirt socket is controlled by membership in the "libvirt" group. +If you want to manage VMs as non root you need to add a user to that group. + + -- Guido Guenther Thu, 15 May 2008 14:13:03 +0100 + + +AppArmor Profile +---------------- +Libvirt now contains AppArmor integration when using KVM or QEMU using +libvirt's sVirt infrastructure. Libvirtd can be configured to launch virtual +machines that are confined by uniquely restrictive AppArmor profiles. This +feature significantly improves virtualization in Ubuntu by providing user-space +host protection as well as guest isolation. + +In the sVirt model, if a profile is loaded for the libvirtd daemon, then each +qemu:///system QEMU virtual machine will have a profile created for it when +the virtual machine is started if one does not already exist. This generated +profile is based on a template file and uses a profile name based on the UUID +of the QEMU virtual machine and contains rules allowing access to only the +files it needs to run, such as its disks, pid file and log files. Just before +the QEMU virtual machine is started, the libvirtd daemon will change into this +unique profile, preventing the QEMU process from accessing any file resources +that are present in another QEMU process or the host machine. + +The AppArmor sVirt implementation is flexible in that it allows a user to +customize the template file in /etc/apparmor.d/libvirt/TEMPLATE for +site-specific access for all newly created QEMU virtual machines. When a +new profile is generated, two files are created: + + /etc/apparmor.d/libvirt/libvirt- + /etc/apparmor.d/libvirt/libvirt-.files + +The former can be fine-tuned by the administrator to allow custom access for +this particular QEMU virtual machine, and the latter will be updated +appropriately when required file access changes, such as when a disk is added. +This flexibility allows for situations such as having one virtual machine in +complain mode with all others in enforce mode. + +Profiles for /usr/sbin/libvirtd, /usr/lib/libvirt/virt-aa-helper (a helper +program which the libvirtd daemon uses instead of manipulating AppArmor +directly), and /etc/apparmor.d/abstractions/libvirt-qemu are used to configure +AppArmor confinement with sVirt. Administrators of libvirt in production +environments are encouraged to review these files (especially 'libvirt-qemu') +to ensure that only the access required is given to the virtual machines. + +If the sVirt security model is active, then the node capabilities XML will +include its details. If a virtual machine is currently protected by the +security model, then the guest XML will include its assigned profile name. If +enabled at compile time, the sVirt security model will be activated if AppArmor +is available on the host OS and a profile for the libvirtd daemon is loaded +when libvirtd is started. To disable sVirt, and revert to the basic level of +AppArmor protection (host protection only), the /etc/libvirt/qemu.conf file can +be used to change the setting to security_driver="none". Users may also +disable AppArmor integration through AppArmor itself by performing: + +$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd +$ sudo ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/usr.sbin.libvirtd + +If your system uses AppArmor, please note that the shipped profile works with +the default installation, and changes in your configuration may require changes +to the installed apparmor profile. Before filing a bug against this software, +please see https://wiki.ubuntu.com/DebuggingApparmor before filing a bug +against this software. + +qemu:///system +-------------- +Adding users to the libvirtd group effectively grants them root access. In +Ubuntu, users in the admin group (who already have 'sudo' access) are added to +this group automatically. + +Virtual machines started from qemu:///system run with root privileges. As +discussed above, in Ubuntu Qemu/KVM virtual machines are fully isolated and +confined by the AppArmor security driver. Users may optionally choose to adjust +/etc/libvirt/qemu.conf so that virtual machines started under qemu:///system +run as a non-privileged user (new in libvirt 0.7). The 'libvirt-qemu' user and +'kvm' group are configured for this purpose. + +While the current non-root implementation does reduce the privileges of virtual +machines running under qemu:///system, all VMs run under the same user and +there is no guest isolation. Additionally, if each VM ran under its own user, +an attacker could potentially break out of the VM and have unconfined user +access to the host machine. + +Considering that the current implementation is new and not as well tested, +libvirt in Ubuntu will by default run virtual machines with root privileges, +but fully confined by AppArmor. Once there is consensus among the community on +the implementation, running VMs as non-root can be considered as an additional +protection to the AppArmor driver. + + -- Jamie Strandboge Thu, 10 Sep 2009 08:29:04 -0500 --- libvirt-0.7.5.orig/debian/apparmor/libvirt-qemu +++ libvirt-0.7.5/debian/apparmor/libvirt-qemu @@ -0,0 +1,120 @@ +# Last Modified: Wed Jul 8 09:57:41 2009 + + #include + #include + #include + + # required for reading disk images + capability dac_override, + capability dac_read_search, + capability chown, + + # this is needed with libcap-ng support, however it breaks a lot of things + # atm, so just silence the denial until libcap-ng works right. LP: #522845 + deny capability setpcap, + + network inet stream, + network inet6 stream, + + /dev/net/tun rw, + /dev/kvm rw, + /dev/ptmx rw, + /dev/kqemu rw, + @{PROC}/*/status r, + + # For hostdev access. The actual devices will be added dynamically + /sys/bus/usb/devices/ r, + /sys/devices/*/*/usb[0-9]*/** r, + + # WARNING: this gives the guest direct access to host hardware and specific + # portions of shared memory. This is required for sound using ALSA with kvm, + # but may constitute a security risk. If your environment does not require + # the use of sound in your VMs, feel free to comment out or prepend 'deny' to + # the rules for files in /dev. + /dev/shm/ r, + /dev/shm/pulse-shm* r, + /dev/shm/pulse-shm* rwk, + /dev/snd/* rw, + capability ipc_lock, + # 'kill' is not required for sound and is a security risk. Do not enable + # unless you absolutely need it. + deny capability kill, + + # Uncomment the following if you need access to /dev/fb* + #/dev/fb* rw, + + /etc/pulse/client.conf r, + @{HOME}/.pulse-cookie rwk, + owner /root/.pulse-cookie rwk, + owner /root/.pulse/ rw, + owner /root/.pulse/* rw, + /usr/share/alsa/** r, + owner /tmp/pulse-*/ rw, + owner /tmp/pulse-*/* rw, + /var/lib/dbus/machine-id r, + + # access to firmware's etc + /usr/share/kvm/** r, + /usr/share/qemu/** r, + /usr/share/bochs/** r, + /usr/share/openbios/** r, + /usr/share/openhackware/** r, + /usr/share/proll/** r, + /usr/share/vgabios/** r, + /usr/share/seabios/** r, + + # access PKI infrastructure + /etc/pki/libvirt-vnc/** r, + + # the various binaries + /usr/bin/kvm rmix, + /usr/bin/qemu rmix, + /usr/bin/qemu-system-arm rmix, + /usr/bin/qemu-system-cris rmix, + /usr/bin/qemu-system-i386 rmix, + /usr/bin/qemu-system-m68k rmix, + /usr/bin/qemu-system-mips rmix, + /usr/bin/qemu-system-mips64 rmix, + /usr/bin/qemu-system-mips64el rmix, + /usr/bin/qemu-system-mipsel rmix, + /usr/bin/qemu-system-ppc rmix, + /usr/bin/qemu-system-ppc64 rmix, + /usr/bin/qemu-system-ppcemb rmix, + /usr/bin/qemu-system-sh4 rmix, + /usr/bin/qemu-system-sh4eb rmix, + /usr/bin/qemu-system-sparc rmix, + /usr/bin/qemu-system-sparc64 rmix, + /usr/bin/qemu-system-x86_64 rmix, + /usr/bin/qemu-alpha rmix, + /usr/bin/qemu-arm rmix, + /usr/bin/qemu-armeb rmix, + /usr/bin/qemu-cris rmix, + /usr/bin/qemu-i386 rmix, + /usr/bin/qemu-m68k rmix, + /usr/bin/qemu-mips rmix, + /usr/bin/qemu-mipsel rmix, + /usr/bin/qemu-ppc rmix, + /usr/bin/qemu-ppc64 rmix, + /usr/bin/qemu-ppc64abi32 rmix, + /usr/bin/qemu-sh4 rmix, + /usr/bin/qemu-sh4eb rmix, + /usr/bin/qemu-sparc rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-sparc32plus rmix, + /usr/bin/qemu-sparc64 rmix, + /usr/bin/qemu-x86_64 rmix, + + # for save and resume + /bin/dash rmix, + /bin/dd rmix, + /bin/cat rmix, + + # workaround https://launchpad.net/bugs/457716. The svirt driver does not + # relabel the state file (https://bugzilla.redhat.com/show_bug.cgi?id=529363) + # resulting in denied messages. The below works around this somewhat by + # allowing users to save state files in their home directories. We use + # 'owner' to make sure we don't overwrite the user's files. This will be + # removed when the upstream bug is fixed. + #include + owner @{HOME}/ r, + owner @{HOME}/** rw, --- libvirt-0.7.5.orig/debian/apparmor/usr.sbin.libvirtd +++ libvirt-0.7.5/debian/apparmor/usr.sbin.libvirtd @@ -0,0 +1,51 @@ +# Last Modified: Mon Jul 6 17:23:58 2009 +#include +@{LIBVIRT}="libvirt" + +/usr/sbin/libvirtd { + #include + + capability kill, + capability net_admin, + capability net_raw, + capability setgid, + capability sys_admin, + capability sys_module, + capability sys_ptrace, + capability sys_nice, + capability sys_chroot, + capability setuid, + capability dac_override, + capability dac_read_search, + capability fowner, + capability chown, + capability setpcap, + capability mknod, + + network inet stream, + network inet dgram, + network inet6 stream, + network inet6 dgram, + + # for now, use a very lenient profile since we want to first focus on + # confining the guests + /** rwmkl, + + /bin/* Ux, + /sbin/* Ux, + /usr/bin/* Ux, + /usr/sbin/* Ux, + + # force the use of virt-aa-helper + audit deny /sbin/apparmor_parser rwxl, + audit deny /etc/apparmor.d/libvirt/** wxl, + audit deny /sys/kernel/security/apparmor/features rwxl, + audit deny /sys/kernel/security/apparmor/matching rwxl, + audit deny /sys/kernel/security/apparmor/.* rwxl, + /sys/kernel/security/apparmor/profiles r, + /usr/lib/libvirt/* PUxr, + + # allow changing to our UUID-based named profiles + change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + +} --- libvirt-0.7.5.orig/debian/apparmor/usr.lib.libvirt.virt-aa-helper +++ libvirt-0.7.5/debian/apparmor/usr.lib.libvirt.virt-aa-helper @@ -0,0 +1,44 @@ +# Last Modified: Mon Jul 06 17:22:37 2009 +#include + +/usr/lib/libvirt/virt-aa-helper { + #include + #include + + # needed for searching directories + capability dac_override, + capability dac_read_search, + + # needed for when disk is on a network filesystem + network inet, + + deny @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, + + # for hostdev + /sys/devices/ r, + /sys/devices/** r, + + /usr/lib/libvirt/virt-aa-helper mr, + /sbin/apparmor_parser Ux, + + /etc/apparmor.d/libvirt/* r, + /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, + + # For backingstore, virt-aa-helper needs to peek inside the disk image, so + # allow access to non-hidden files in @{HOME} as well as storage pools, and + # removable media and filesystems. A virt-aa-helper failure when checking a + # disk for backinsgstore is non-fatal (but obviously the backingstore won't + # be added). + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + audit deny @{HOME}/bin/ rw, + audit deny @{HOME}/bin/** mrwkl, + @{HOME}/ r, + @{HOME}/** r, + /var/lib/libvirt/images/ r, + /var/lib/libvirt/images/** r, + /{media,mnt,opt,srv}/** r, + deny /dev/** mrwkl, +} --- libvirt-0.7.5.orig/debian/apparmor/TEMPLATE +++ libvirt-0.7.5/debian/apparmor/TEMPLATE @@ -0,0 +1,9 @@ +# +# This profile is for the domain whose UUID matches this file. +# + +#include + +profile LIBVIRT_TEMPLATE { + #include +} --- libvirt-0.7.5.orig/debian/patches/9009-run-as-root-by-default.patch +++ libvirt-0.7.5/debian/patches/9009-run-as-root-by-default.patch @@ -0,0 +1,37 @@ +Author: Jamie Strandboge +Description: adjust qemu.conf to run as root, not the new Debian default of + libvirt-qemu:kvm + . + In Ubuntu, Qemu/KVM virtual machines are fully isolated and confined by the + AppArmor security driver. This new default in Debian is not as well-tested, + with the upstream implementation contentious among the KVM and libvirt + communities. + . + While the current implementation does reduce the privileges of the VMs + running under qemu:///system, all VMs currently run under the same user so + there is no guest isolation. Even if each user ran under its own user, an + attacker could potentially break out of the VM and have unconfined user + access (albeit non-root). + . + Once there is consensus among the community on the implementation, changing + this default in Ubuntu can be considered as an additional protection to the + AppArmor driver. + +diff -Nur libvirt-0.7.5/src/qemu/qemu.conf libvirt-0.7.5.new/src/qemu/qemu.conf +--- libvirt-0.7.5/src/qemu/qemu.conf 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu.conf 2010-01-22 17:21:16.189521666 -0600 +@@ -91,10 +91,12 @@ + + + # The user ID for QEMU processes run by the system instance +-#user = "root" ++#user = "libvirt-qemu" ++user = "root" + + # The group ID for QEMU processes run by the system instance +-#group = "root" ++#group = "kvm" ++group = "root" + + + # What cgroup controllers to make use of with QEMU guests --- libvirt-0.7.5.orig/debian/patches/9019-apparmor-fix-xauth.patch +++ libvirt-0.7.5/debian/patches/9019-apparmor-fix-xauth.patch @@ -0,0 +1,45 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle SDL graphics, specifically + Xauthority. Also remove a couple redundant checks. +Bug-Ubuntu: https://launchpad.net/bugs/545426 +Forwarded: Yes + +diff -Nur libvirt-0.7.5/src/security/virt-aa-helper.c libvirt-0.7.5.new/src/security/virt-aa-helper.c +--- libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 16:55:01.827314204 -0500 ++++ libvirt-0.7.5.new/src/security/virt-aa-helper.c 2010-04-05 16:55:08.386044026 -0500 +@@ -766,7 +766,7 @@ + + virBufferVSprintf(buf, " \"%s\" %s,\n", tmp, perms); + if (readonly) { +- virBufferVSprintf(buf, " # don't audit writes to readonly media\n"); ++ virBufferVSprintf(buf, " # don't audit writes to readonly files\n"); + virBufferVSprintf(buf, " deny \"%s\" w,\n", tmp); + } + +@@ -829,11 +829,11 @@ + if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0) + goto clean; + +- if (ctl->def->os.kernel && ctl->def->os.kernel) ++ if (ctl->def->os.kernel) + if (vah_add_file(&buf, ctl->def->os.kernel, "r") != 0) + goto clean; + +- if (ctl->def->os.initrd && ctl->def->os.initrd) ++ if (ctl->def->os.initrd) + if (vah_add_file(&buf, ctl->def->os.initrd, "r") != 0) + goto clean; + +@@ -841,6 +841,12 @@ + if (vah_add_file(&buf, ctl->def->os.loader, "r") != 0) + goto clean; + ++ if (ctl->def->ngraphics == 1 && ++ ctl->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_SDL) ++ if (vah_add_file(&buf, ctl->def->graphics[0]->data.sdl.xauth, ++ "r") != 0) ++ goto clean; ++ + for (i = 0; i < ctl->def->nhostdevs; i++) + if (ctl->def->hostdevs[i]) { + virDomainHostdevDefPtr dev = ctl->def->hostdevs[i]; --- libvirt-0.7.5.orig/debian/patches/9000-delayed_iff_up_bridge.patch +++ libvirt-0.7.5/debian/patches/9000-delayed_iff_up_bridge.patch @@ -0,0 +1,25 @@ +diff -Nur libvirt-0.7.5/src/util/bridge.c libvirt-0.7.5.new/src/util/bridge.c +--- libvirt-0.7.5/src/util/bridge.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/util/bridge.c 2010-01-22 14:43:32.899529653 -0600 +@@ -244,7 +244,10 @@ + const char *bridge, + const char *iface) + { +- return brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface); ++ int ret; ++ if (ret = brAddDelInterface(ctl, SIOCBRADDIF, bridge, iface)) ++ return ret; ++ return brSetInterfaceUp(ctl, bridge, 1); + } + #else + int +@@ -571,7 +574,8 @@ + ifr.ifr_flags = flags; + + if (ioctl(ctl->fd, SIOCSIFFLAGS, &ifr) < 0) +- return errno; ++ /* Just smile and wave, boys... */ ++ return 0; + } + + return 0; --- libvirt-0.7.5.orig/debian/patches/9017-dont-disable-ipv6.patch +++ libvirt-0.7.5/debian/patches/9017-dont-disable-ipv6.patch @@ -0,0 +1,43 @@ +--- libvirt-0.7.5.orig/src/network/bridge_driver.c.orig 2010-02-26 10:37:27.264674533 +1100 ++++ libvirt-0.7.5/src/network/bridge_driver.c 2010-02-26 10:38:28.414672138 +1100 +@@ -837,30 +837,12 @@ networkEnableIpForwarding(void) + + #define SYSCTL_PATH "/proc/sys" + +-static int networkDisableIPV6(virConnectPtr conn, ++static int networkSetupIPv6(virConnectPtr conn, + virNetworkObjPtr network) + { + char *field = NULL; + int ret = -1; + +- if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/disable_ipv6", network->def->bridge) < 0) { +- virReportOOMError(conn); +- goto cleanup; +- } +- +- if (access(field, W_OK) < 0 && errno == ENOENT) { +- VIR_DEBUG("ipv6 appears to already be disabled on %s", network->def->bridge); +- ret = 0; +- goto cleanup; +- } +- +- if (virFileWriteStr(field, "1") < 0) { +- virReportSystemError(conn, errno, +- _("cannot enable %s"), field); +- goto cleanup; +- } +- VIR_FREE(field); +- + if (virAsprintf(&field, SYSCTL_PATH "/net/ipv6/conf/%s/accept_ra", network->def->bridge) < 0) { + virReportOOMError(conn); + goto cleanup; +@@ -908,7 +890,7 @@ static int networkStartNetworkDaemon(vir + return -1; + } + +- if (networkDisableIPV6(conn, network) < 0) ++ if (networkSetupIPv6(conn, network) < 0) + goto err_delbr; + + if (brSetForwardDelay(driver->brctl, network->def->bridge, network->def->delay) < 0) --- libvirt-0.7.5.orig/debian/patches/0010-Use-base-16-for-product-vendor.patch +++ libvirt-0.7.5/debian/patches/0010-Use-base-16-for-product-vendor.patch @@ -0,0 +1,48 @@ +From 3238081efd6212babb45e42bc3fd918d3df939fe Mon Sep 17 00:00:00 2001 +From: Cole Robinson +Date: Tue, 12 Jan 2010 13:39:46 -0500 +Subject: [PATCH] node_device: udev: Use base 16 for product/vendor + +udev doesn't prefix USB product/vendor info with '0x', so the +strtol conversions were wrong for the product field (vendor already +set the correct base). Make the change for PCI product/vendor as +well to be safe. + +This fixes USB device assignment via virt-manager. +--- + src/node_device/node_device_udev.c | 6 +++--- + 1 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c +index 7a9c1e5..55cfee2 100644 +--- a/src/node_device/node_device_udev.c ++++ b/src/node_device/node_device_udev.c +@@ -457,14 +457,14 @@ static int udevProcessPCI(struct udev_device *device, + if (udevGetUintSysfsAttr(device, + "vendor", + &data->pci_dev.vendor, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + + if (udevGetUintSysfsAttr(device, + "device", + &data->pci_dev.product, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + +@@ -522,7 +522,7 @@ static int udevProcessUSBDevice(struct udev_device *device, + if (udevGetUintProperty(device, + "ID_MODEL_ID", + &data->usb_dev.product, +- 0) == PROPERTY_ERROR) { ++ 16) == PROPERTY_ERROR) { + goto out; + } + +-- +1.6.3.3 + --- libvirt-0.7.5.orig/debian/patches/9006-increase-unix-socket-timeout.patch +++ libvirt-0.7.5/debian/patches/9006-increase-unix-socket-timeout.patch @@ -0,0 +1,17 @@ +# +# Description: increase timeout for waiting on a Unix socket to avoid +# 'monitor socket did not show up.: No such file or directory' +# errors +# +diff -Nur libvirt-0.7.5/src/qemu/qemu_monitor.c libvirt-0.7.5.new/src/qemu/qemu_monitor.c +--- libvirt-0.7.5/src/qemu/qemu_monitor.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_monitor.c 2010-01-22 14:52:38.249530490 -0600 +@@ -228,7 +228,7 @@ + { + struct sockaddr_un addr; + int monfd; +- int timeout = 3; /* In seconds */ ++ int timeout = 30; /* In seconds */ + int ret, i = 0; + + if ((monfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { --- libvirt-0.7.5.orig/debian/patches/0003-allow-libvirt-group-to-access-the-socket.patch +++ libvirt-0.7.5/debian/patches/0003-allow-libvirt-group-to-access-the-socket.patch @@ -0,0 +1,49 @@ +From: Guido Guenther +Date: Thu, 26 Jun 2008 20:01:38 +0200 +Subject: [PATCH] allow libvirt group to access the socket + +--- + daemon/libvirtd.conf | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf +index 49de466..cc5f056 100644 +--- a/daemon/libvirtd.conf ++++ b/daemon/libvirtd.conf +@@ -78,7 +78,7 @@ + # without becoming root. + # + # This is restricted to 'root' by default. +-#unix_sock_group = "libvirt" ++unix_sock_group = "libvirt" + + # Set the UNIX socket permissions for the R/O socket. This is used + # for monitoring VM status only +@@ -95,7 +95,7 @@ + # + # If not using PolicyKit and setting group ownership for access + # control then you may want to relax this to: +-#unix_sock_rw_perms = "0770" ++unix_sock_rw_perms = "0770" + + # Set the name of the directory in which sockets will be found/created. + #unix_sock_dir = "/var/run/libvirt" +@@ -126,7 +126,7 @@ + # + # To restrict monitoring of domains you may wish to enable + # an authentication mechanism here +-#auth_unix_ro = "none" ++auth_unix_ro = "none" + + # Set an authentication scheme for UNIX read-write sockets + # By default socket permissions only allow root. If PolicyKit +@@ -135,7 +135,7 @@ + # + # If the unix_sock_rw_perms are changed you may wish to enable + # an authentication mechanism here +-#auth_unix_rw = "none" ++auth_unix_rw = "none" + + # Change the authentication scheme for TCP sockets. + # +-- --- libvirt-0.7.5.orig/debian/patches/9004-better-default-arch.patch +++ libvirt-0.7.5/debian/patches/9004-better-default-arch.patch @@ -0,0 +1,17 @@ +diff -Nur libvirt-0.7.5/src/conf/capabilities.c libvirt-0.7.5.new/src/conf/capabilities.c +--- libvirt-0.7.5/src/conf/capabilities.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/conf/capabilities.c 2010-01-22 14:47:15.049530708 -0600 +@@ -504,6 +504,13 @@ + const char *ostype) + { + int i; ++ /* Let's first see if we can match the host arch */ ++ for (i = 0 ; i < caps->nguests ; i++) { ++ if (STREQ(caps->guests[i]->ostype, ostype) ++ && STREQ(caps->guests[i]->arch.name, caps->host.arch)) ++ return caps->guests[i]->arch.name; ++ } ++ /* If we couldn't we just grab the first match */ + for (i = 0 ; i < caps->nguests ; i++) { + if (STREQ(caps->guests[i]->ostype, ostype)) + return 1; --- libvirt-0.7.5.orig/debian/patches/9016-disk-cache-setting-xml.patch +++ libvirt-0.7.5/debian/patches/9016-disk-cache-setting-xml.patch @@ -0,0 +1,17 @@ +Index: libvirt-0.7.5/src/conf/domain_conf.c +=================================================================== +--- libvirt-0.7.5.orig/src/conf/domain_conf.c 2010-03-04 22:14:05.254932520 +0100 ++++ libvirt-0.7.5/src/conf/domain_conf.c 2010-03-04 22:15:35.104926861 +0100 +@@ -3902,8 +3902,10 @@ + " \n", + type, device); + +- if (def->driverName) { +- virBufferVSprintf(buf, " driverName); ++ if (def->driverName || def->driverType || def->cachemode) { ++ virBufferVSprintf(buf, " driverName) ++ virBufferVSprintf(buf, " name='%s'", def->driverName); + if (def->driverType) + virBufferVSprintf(buf, " type='%s'", def->driverType); + if (def->cachemode) --- libvirt-0.7.5.orig/debian/patches/9008-fix-daemon-conf-ftbfs.patch +++ libvirt-0.7.5/debian/patches/9008-fix-daemon-conf-ftbfs.patch @@ -0,0 +1,48 @@ +Author: Jamie Strandboge +Description: don't FTBFS on Ubuntu's buildd + Disable running libvirtd with a valid config file, which has multiple + problems on the Ubuntu buildd. Also, don't fail on waiting for the pid, but + instead warn that it failed and show the log. In 0.7.2 this was all that was + needed but with 0.7.5 need to disable starting libvirtd entirely. + . + The problem is sometimes the path to the unix socket is too long and + libvirtd fails to start. Upstream was alerted to this and a fix will hopefully + appear soon. + . + Another problem exists because the dbus message bus is not available in the + Ubuntu buildd. This causes the following errors: + 19:04:36.834: error : halDeviceMonitorStartup:722 : dbus_bus_get failed + 19:04:36.834: error : halDeviceMonitorStartup:780 : org.freedesktop.DBus.Error.FileNotFound: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory + 19:04:36.856: error : main:3089 : Driver state initialization failed + . + This portion of the test needs to stay disabled until these issues are fully + resolved. + +Index: libvirt-0.7.5/tests/daemon-conf +=================================================================== +--- libvirt-0.7.5.orig/tests/daemon-conf 2010-01-25 21:13:46.000000000 -0600 ++++ libvirt-0.7.5/tests/daemon-conf 2010-01-25 21:15:31.000000000 -0600 +@@ -76,13 +76,18 @@ + || fail=1 + mv k tmp.conf || fail=1 + +-printf "running libvirtd with a valid config file ($sleep_secs seconds)\n" 1>&2 +-$abs_top_builddir/daemon/libvirtd --pid-file=pid-file --config=tmp.conf > log 2>&1 & pid=$! +-sleep $sleep_secs +-kill $pid ++printf "Skipping test (due to Ubuntu buildd FTBFS): running libvirtd with a valid config file ($sleep_secs seconds)\n" 1>&2 ++#$abs_top_builddir/daemon/libvirtd --pid-file=pid-file --config=tmp.conf > log 2>&1 & pid=$! ++#sleep $sleep_secs ++#kill $pid + + # Expect an orderly shut-down and successful exit. +-wait $pid || fail=1 ++#wait $pid || fail=1 ++# warn, but do not fail since Ubuntu buildds do not work too well with this test ++wait $pid || { ++ printf "WARNING: wait failed (TODO: update test suite). Reason:\n" 1>&2 ++ cat log 1>&2 ++} + + # "cat log" would print this for non-root: + # Cannot set group when not running as root --- libvirt-0.7.5.orig/debian/patches/0004-fix-Debian-specific-path-to-hvm-loader.patch +++ libvirt-0.7.5/debian/patches/0004-fix-Debian-specific-path-to-hvm-loader.patch @@ -0,0 +1,88 @@ +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Thu, 26 Feb 2009 14:29:58 +0100 +Subject: [PATCH] fix Debian specific path to hvm loader + +Closes: #517059 +--- + src/xen/xen_hypervisor.c | 2 +- + tests/xencapsdata/xen-i686-pae-hvm.xml | 2 +- + tests/xencapsdata/xen-ia64-be-hvm.xml | 2 +- + tests/xencapsdata/xen-ia64-hvm.xml | 2 +- + tests/xencapsdata/xen-x86_64-hvm.xml | 4 ++-- + 5 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/xen/xen_hypervisor.c b/src/xen/xen_hypervisor.c +index 8279a74..5001d91 100644 +--- a/src/xen/xen_hypervisor.c ++++ b/src/xen/xen_hypervisor.c +@@ -2230,7 +2230,7 @@ xenHypervisorBuildCapabilities(virConnectPtr conn, + "/usr/lib64/xen/bin/qemu-dm" : + "/usr/lib/xen/bin/qemu-dm"), + (guest_archs[i].hvm ? +- "/usr/lib/xen/boot/hvmloader" : ++ "/usr/lib/xen-default/boot/hvmloader" : + NULL), + 1, + machines)) == NULL) { +diff --git a/tests/xencapsdata/xen-i686-pae-hvm.xml b/tests/xencapsdata/xen-i686-pae-hvm.xml +index 42b099c..2886c09 100644 +--- a/tests/xencapsdata/xen-i686-pae-hvm.xml ++++ b/tests/xencapsdata/xen-i686-pae-hvm.xml +@@ -34,7 +34,7 @@ + + 32 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-ia64-be-hvm.xml b/tests/xencapsdata/xen-ia64-be-hvm.xml +index 732b693..cf3dfc1 100644 +--- a/tests/xencapsdata/xen-ia64-be-hvm.xml ++++ b/tests/xencapsdata/xen-ia64-be-hvm.xml +@@ -31,7 +31,7 @@ + + 64 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-ia64-hvm.xml b/tests/xencapsdata/xen-ia64-hvm.xml +index ef48a95..871cd65 100644 +--- a/tests/xencapsdata/xen-ia64-hvm.xml ++++ b/tests/xencapsdata/xen-ia64-hvm.xml +@@ -28,7 +28,7 @@ + + 64 + /usr/lib/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +diff --git a/tests/xencapsdata/xen-x86_64-hvm.xml b/tests/xencapsdata/xen-x86_64-hvm.xml +index 52c12c6..83dac3e 100644 +--- a/tests/xencapsdata/xen-x86_64-hvm.xml ++++ b/tests/xencapsdata/xen-x86_64-hvm.xml +@@ -31,7 +31,7 @@ + + 32 + /usr/lib64/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +@@ -49,7 +49,7 @@ + + 64 + /usr/lib64/xen/bin/qemu-dm +- /usr/lib/xen/boot/hvmloader ++ /usr/lib/xen-default/boot/hvmloader + xenfv + + +-- --- libvirt-0.7.5.orig/debian/patches/0005-Also-look-for-dmi-information-in-sys-class.patch +++ libvirt-0.7.5/debian/patches/0005-Also-look-for-dmi-information-in-sys-class.patch @@ -0,0 +1,41 @@ +From: =?UTF-8?q?Guido=20G=C3=BCnther?= +Date: Thu, 7 Jan 2010 10:13:51 +0100 +Subject: [PATCH] Also look for dmi information in /sys/class + +older kernels such as 2.6.26 have it there. +--- + src/node_device/node_device_udev.c | 7 ++++++- + src/node_device/node_device_udev.h | 1 + + 2 files changed, 7 insertions(+), 1 deletions(-) + +diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c +index 22c5f2b..7a9c1e5 100644 +--- a/src/node_device/node_device_udev.c ++++ b/src/node_device/node_device_udev.c +@@ -1407,7 +1407,12 @@ static int udevSetupSystemDev(void) + device = udev_device_new_from_syspath(udev, DMI_DEVPATH); + if (device == NULL) { + VIR_ERROR("Failed to get udev device for syspath '%s'\n", DMI_DEVPATH); +- goto out; ++ ++ device = udev_device_new_from_syspath(udev, DMI_DEVPATH_FALLBACK); ++ if (device == NULL) { ++ VIR_ERROR("Failed to get udev device for syspath '%s'\n", DMI_DEVPATH_FALLBACK); ++ goto out; ++ } + } + + data = &def->caps->data; +diff --git a/src/node_device/node_device_udev.h b/src/node_device/node_device_udev.h +index 0fd39ae..6c83412 100644 +--- a/src/node_device/node_device_udev.h ++++ b/src/node_device/node_device_udev.h +@@ -26,6 +26,7 @@ + #define SYSFS_DATA_SIZE 4096 + #define DRV_STATE_UDEV_MONITOR(ds) ((struct udev_monitor *)((ds)->privateData)) + #define DMI_DEVPATH "/sys/devices/virtual/dmi/id" ++#define DMI_DEVPATH_FALLBACK "/sys/class/dmi/id" + #define PROPERTY_FOUND 0 + #define PROPERTY_MISSING 1 + #define PROPERTY_ERROR -1 +-- --- libvirt-0.7.5.orig/debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch +++ libvirt-0.7.5/debian/patches/9014-apparmor-remove-unloaded-profile-is-not-fatal.patch @@ -0,0 +1,39 @@ +Description: Don't exit with error if the user unloaded the profile outside of + libvirt +Author: Jamie Strandboge +Bug-Ubuntu: https://launchpad.net/ubuntu/bugs/530400 + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-03-03 09:14:40.000000000 -0600 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-03-03 09:14:44.000000000 -0600 +@@ -182,6 +182,8 @@ + { + char flag[3]; + char profile[PATH_MAX]; ++ int status; ++ int ret; + + if (strchr("arR", cmd) == NULL) { + vah_error(NULL, 0, "invalid flag"); +@@ -203,9 +205,17 @@ + const char * const argv[] = { + "/sbin/apparmor_parser", flag, profile, NULL + }; +- if (virRun(NULL, argv, NULL) != 0) { +- vah_error(NULL, 0, "failed to run apparmor_parser"); +- return -1; ++ if ((ret = virRun(NULL, argv, &status)) != 0 || ++ (WIFEXITED(status) && WEXITSTATUS(status) != 0)) { ++ if (ret != 0) { ++ vah_error(NULL, 0, "failed to run apparmor_parser"); ++ return -1; ++ } else if (cmd == 'R' && WIFEXITED(status) && WEXITSTATUS(status) == 234) { ++ vah_warning("unable to unload already unloaded profile (non-fatal)"); ++ } else { ++ vah_error(NULL, 0, "apparmor_parser exited with error"); ++ return -1; ++ } + } + } + --- libvirt-0.7.5.orig/debian/patches/0007-Implement-path-lookup-for-USB-by-vendor-product.patch +++ libvirt-0.7.5/debian/patches/0007-Implement-path-lookup-for-USB-by-vendor-product.patch @@ -0,0 +1,307 @@ +From: Cole Robinson +Date: Wed, 13 Jan 2010 15:50:05 -0500 +Subject: [PATCH] Implement path lookup for USB by vendor:product + +Based off how QEMU does it, look through /sys/bus/usb/devices/* for +matching vendor:product info, and if found, use info from the surrounding +files to build the device's /dev/bus/usb path. + +This fixes USB device assignment by vendor:product when running qemu +as non-root (well, it should, but for some reason I couldn't reproduce +the failure people are seeing in [1], but it appears to work properly) + +[1] https://bugzilla.redhat.com/show_bug.cgi?id=542450 + +v2: + Drop 'bus.addr only' checks in security drivers + Use various util helpers + +Signed-off-by: Cole Robinson +--- + po/POTFILES.in | 1 + + src/qemu/qemu_driver.c | 9 +-- + src/security/security_selinux.c | 25 ++++----- + src/security/virt-aa-helper.c | 32 +++++------ + src/util/hostusb.c | 110 +++++++++++++++++++++++++++++++++++++- + src/util/hostusb.h | 4 +- + 6 files changed, 141 insertions(+), 40 deletions(-) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 1ab0859..22e9c3c 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -54,6 +54,7 @@ src/uml/uml_conf.c + src/uml/uml_driver.c + src/util/bridge.c + src/util/conf.c ++src/util/hostusb.c + src/util/json.c + src/util/logging.c + src/util/pci.c +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a6a1a5a..7dfa78f 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -2099,14 +2099,11 @@ static int qemuDomainSetHostdevUSBOwnership(virConnectPtr conn, + struct qemuFileOwner owner = { uid, gid }; + int ret = -1; + +- /* XXX what todo for USB devs assigned based on product/vendor ? Doom :-( */ +- if (!def->source.subsys.u.usb.bus || +- !def->source.subsys.u.usb.device) +- return 0; +- + usbDevice *dev = usbGetDevice(conn, + def->source.subsys.u.usb.bus, +- def->source.subsys.u.usb.device); ++ def->source.subsys.u.usb.device, ++ def->source.subsys.u.usb.vendor, ++ def->source.subsys.u.usb.product); + + if (!dev) + goto cleanup; +diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c +index 000bc8a..cb585ed 100644 +--- a/src/security/security_selinux.c ++++ b/src/security/security_selinux.c +@@ -481,20 +481,17 @@ SELinuxSetSecurityHostdevLabel(virConnectPtr conn, + + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { +- if (dev->source.subsys.u.usb.bus && dev->source.subsys.u.usb.device) { +- usbDevice *usb = usbGetDevice(conn, +- dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); ++ usbDevice *usb = usbGetDevice(conn, ++ dev->source.subsys.u.usb.bus, ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); + +- if (!usb) +- goto done; ++ if (!usb) ++ goto done; + +- ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm); +- usbFreeDevice(conn, usb); +- } else { +- /* XXX deal with product/vendor better */ +- ret = 0; +- } ++ ret = usbDeviceFileIterate(conn, usb, SELinuxSetSecurityUSBLabel, vm); ++ usbFreeDevice(conn, usb); + break; + } + +@@ -556,7 +553,9 @@ SELinuxRestoreSecurityHostdevLabel(virConnectPtr conn, + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { + usbDevice *usb = usbGetDevice(conn, + dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); + + if (!usb) + goto done; +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 35b29ad..3c8b49a 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -836,24 +836,22 @@ get_files(vahControl * ctl) + virDomainHostdevDefPtr dev = ctl->def->hostdevs[i]; + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { +- if (dev->source.subsys.u.usb.bus && +- dev->source.subsys.u.usb.device) { +- usbDevice *usb = usbGetDevice(NULL, +- dev->source.subsys.u.usb.bus, +- dev->source.subsys.u.usb.device); +- if (usb == NULL) +- continue; +- rc = usbDeviceFileIterate(NULL, usb, +- file_iterate_cb, &buf); +- usbFreeDevice(NULL, usb); +- if (rc != 0) +- goto clean; +- else { +- /* TODO: deal with product/vendor better */ +- rc = 0; +- } +- } ++ usbDevice *usb = usbGetDevice(NULL, ++ dev->source.subsys.u.usb.bus, ++ dev->source.subsys.u.usb.device, ++ dev->source.subsys.u.usb.vendor, ++ dev->source.subsys.u.usb.product); ++ ++ if (usb == NULL) ++ continue; ++ ++ rc = usbDeviceFileIterate(NULL, usb, ++ file_iterate_cb, &buf); ++ usbFreeDevice(NULL, usb); ++ if (rc != 0) ++ goto clean; + break; ++ } + } + /* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { +diff --git a/src/util/hostusb.c b/src/util/hostusb.c +index 07e10b1..8fbb486 100644 +--- a/src/util/hostusb.c ++++ b/src/util/hostusb.c +@@ -37,9 +37,10 @@ + #include "util.h" + #include "virterror_internal.h" + ++#define USB_SYSFS "/sys/bus/usb" + #define USB_DEVFS "/dev/bus/usb/" +-#define USB_ID_LEN 10 /* "XXXX XXXX" */ +-#define USB_ADDR_LEN 8 /* "XXX:XXX" */ ++#define USB_ID_LEN 10 /* "1234 5678" */ ++#define USB_ADDR_LEN 8 /* "123:456" */ + + struct _usbDevice { + unsigned bus; +@@ -57,11 +58,108 @@ struct _usbDevice { + virReportErrorHelper(conn, VIR_FROM_NONE, code, __FILE__, \ + __FUNCTION__, __LINE__, fmt) + ++static int usbSysReadFile(virConnectPtr conn, ++ const char *f_name, const char *d_name, ++ int base, unsigned *value) ++{ ++ int ret = -1, tmp; ++ char *buf = NULL; ++ char *filename = NULL; ++ char *ignore = NULL; ++ ++ tmp = virAsprintf(&filename, USB_SYSFS "/devices/%s/%s", d_name, f_name); ++ if (tmp < 0) { ++ virReportOOMError(conn); ++ goto error; ++ } ++ ++ if (virFileReadAll(filename, 1024, &buf) < 0) ++ goto error; ++ ++ if (virStrToLong_ui(buf, &ignore, base, value) < 0) { ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Could not parse usb file %s"), filename); ++ goto error; ++ } ++ ++ ret = 0; ++error: ++ VIR_FREE(filename); ++ VIR_FREE(buf); ++ return ret; ++} ++ ++static int usbFindBusByVendor(virConnectPtr conn, ++ unsigned vendor, unsigned product, ++ unsigned *bus, unsigned *devno) ++{ ++ DIR *dir = NULL; ++ int ret = -1, found = 0; ++ char *ignore = NULL; ++ struct dirent *de; ++ ++ dir = opendir(USB_SYSFS "/devices"); ++ if (!dir) { ++ virReportSystemError(conn, errno, ++ _("Could not open directory %s"), ++ USB_SYSFS "/devices"); ++ goto error; ++ } ++ ++ while ((de = readdir(dir))) { ++ unsigned found_prod, found_vend; ++ if (de->d_name[0] == '.' || strchr(de->d_name, ':')) ++ continue; ++ ++ if (usbSysReadFile(conn, "idVendor", de->d_name, ++ 16, &found_vend) < 0) ++ goto error; ++ if (usbSysReadFile(conn, "idProduct", de->d_name, ++ 16, &found_prod) < 0) ++ goto error; ++ ++ if (found_prod == product && found_vend == vendor) { ++ /* Lookup bus.addr info */ ++ char *tmpstr = de->d_name; ++ unsigned found_bus, found_addr; ++ ++ if (STREQ(de->d_name, "usb")) ++ tmpstr += 3; ++ ++ if (virStrToLong_ui(tmpstr, &ignore, 10, &found_bus) < 0) { ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Failed to parse dir name '%s'"), ++ de->d_name); ++ goto error; ++ } ++ ++ if (usbSysReadFile(conn, "devnum", de->d_name, ++ 10, &found_addr) < 0) ++ goto error; ++ ++ *bus = found_bus; ++ *devno = found_addr; ++ found = 1; ++ break; ++ } ++ } ++ ++ if (!found) ++ usbReportError(conn, VIR_ERR_INTERNAL_ERROR, ++ _("Did not find USB device %x:%x"), vendor, product); ++ else ++ ret = 0; ++ ++error: ++ return ret; ++} + + usbDevice * + usbGetDevice(virConnectPtr conn, + unsigned bus, +- unsigned devno) ++ unsigned devno, ++ unsigned vendor, ++ unsigned product) + { + usbDevice *dev; + +@@ -70,6 +168,12 @@ usbGetDevice(virConnectPtr conn, + return NULL; + } + ++ if (vendor) { ++ /* Look up bus.dev by vendor:product */ ++ if (usbFindBusByVendor(conn, vendor, product, &bus, &devno) < 0) ++ return NULL; ++ } ++ + dev->bus = bus; + dev->dev = devno; + +diff --git a/src/util/hostusb.h b/src/util/hostusb.h +index 7f75c8b..739a4aa 100644 +--- a/src/util/hostusb.h ++++ b/src/util/hostusb.h +@@ -28,7 +28,9 @@ typedef struct _usbDevice usbDevice; + + usbDevice *usbGetDevice (virConnectPtr conn, + unsigned bus, +- unsigned devno); ++ unsigned devno, ++ unsigned vendor, ++ unsigned product); + void usbFreeDevice (virConnectPtr conn, + usbDevice *dev); + +-- --- libvirt-0.7.5.orig/debian/patches/9015-autodetect-nc-params.patch +++ libvirt-0.7.5/debian/patches/9015-autodetect-nc-params.patch @@ -0,0 +1,63 @@ +Description: autodetect if the remote nc command supports the -q option +Author: Marc Deslauriers +Origin: other, based on http://hg.fedorahosted.org/hg/virt-manager/rev/1f781890ea4a +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478 +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=562176 + +diff -Nur libvirt-0.7.5/src/remote/remote_driver.c libvirt-0.7.5.new/src/remote/remote_driver.c +--- libvirt-0.7.5/src/remote/remote_driver.c 2009-12-22 11:45:39.000000000 -0500 ++++ libvirt-0.7.5.new/src/remote/remote_driver.c 2010-03-03 19:25:48.000000000 -0500 +@@ -730,7 +730,8 @@ + } + + case trans_ssh: { +- int j, nr_args = 6; ++ int j, nr_args = 4; ++ virBuffer cmd_netcat = VIR_BUFFER_INITIALIZER; + + if (username) nr_args += 2; /* For -l username */ + if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */ +@@ -763,12 +764,37 @@ + cmd_argv[j++] = strdup ("none"); + } + cmd_argv[j++] = strdup (priv->hostname); +- cmd_argv[j++] = strdup (netcat ? netcat : "nc"); +- cmd_argv[j++] = strdup ("-U"); +- cmd_argv[j++] = strdup (sockname ? sockname : +- (flags & VIR_CONNECT_RO +- ? LIBVIRTD_PRIV_UNIX_SOCKET_RO +- : LIBVIRTD_PRIV_UNIX_SOCKET)); ++ ++ /* ++ * This ugly thing is a shell script to detect availability of ++ * the -q option for 'nc': debian and suse based distros need this ++ * flag to ensure the remote nc will exit on EOF, so it will go away ++ * when we close the VNC tunnel. If it doesn't go away, subsequent ++ * VNC connection attempts will hang. ++ * ++ * Fedora's 'nc' doesn't have this option, and apparently defaults ++ * to the desired behavior. ++ */ ++ ++ virBufferVSprintf(&cmd_netcat, "%s -q 2>&1 | grep -q 'requires an argument';" ++ "if [ $? -eq 0 ] ; then" ++ " CMD='-q 0';" ++ "else" ++ " CMD='';" ++ "fi;%s $CMD -U %s", ++ netcat ? netcat : "nc", ++ netcat ? netcat : "nc", ++ sockname ? sockname : ++ (flags & VIR_CONNECT_RO ++ ? LIBVIRTD_PRIV_UNIX_SOCKET_RO ++ : LIBVIRTD_PRIV_UNIX_SOCKET)); ++ ++ if (virBufferError(&cmd_netcat)) { ++ virBufferFreeAndReset(&cmd_netcat); ++ goto out_of_memory; ++ } ++ ++ cmd_argv[j++] = virBufferContentAndReset(&cmd_netcat); + cmd_argv[j++] = 0; + assert (j == nr_args); + for (j = 0; j < (nr_args-1); j++) --- libvirt-0.7.5.orig/debian/patches/9021-apparmor-fix-hostdev.patch +++ libvirt-0.7.5/debian/patches/9021-apparmor-fix-hostdev.patch @@ -0,0 +1,132 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle pci devices. Update valid_path() + to have an override array to check against, and add "/sys/devices/pci" to it. + Then rename file_iterate_cb() to file_iterate_hostdev_cb() and create + file_iterate_pci_cb() based on it. +Bug-Ubuntu: https://launchpad.net/bugs/545795 +Forwarded: Yes + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-04-05 19:53:35.000000000 -0500 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 19:53:35.000000000 -0500 +@@ -490,7 +490,7 @@ + valid_path(const char *path, const bool readonly) + { + struct stat sb; +- int npaths; ++ int npaths, opaths; + const char * const restricted[] = { + "/bin/", + "/etc/", +@@ -516,6 +516,10 @@ + "/initrd", + "/initrd.img" + }; ++ /* override the above with these */ ++ const char * const override[] = { ++ "/sys/devices/pci" /* for hostdev pci devices */ ++ }; + + if (path == NULL || strlen(path) > PATH_MAX - 1) { + vah_error(NULL, 0, "bad pathname"); +@@ -553,9 +557,12 @@ + } + } + ++ opaths = sizeof(override)/sizeof *(override); ++ + npaths = sizeof(restricted)/sizeof *(restricted); +- if (array_starts_with(path, restricted, npaths) == 0) +- return 1; ++ if (array_starts_with(path, restricted, npaths) == 0 && ++ array_starts_with(path, override, opaths) != 0) ++ return 1; + + npaths = sizeof(restricted_rw)/sizeof *(restricted_rw); + if (!readonly) { +@@ -778,9 +785,18 @@ + } + + static int +-file_iterate_cb(virConnectPtr conn ATTRIBUTE_UNUSED, +- usbDevice *dev ATTRIBUTE_UNUSED, +- const char *file, void *opaque) ++file_iterate_hostdev_cb(virConnectPtr conn ATTRIBUTE_UNUSED, ++ usbDevice *dev ATTRIBUTE_UNUSED, ++ const char *file, void *opaque) ++{ ++ virBufferPtr buf = opaque; ++ return vah_add_file(buf, file, "rw"); ++} ++ ++static int ++file_iterate_pci_cb(virConnectPtr conn ATTRIBUTE_UNUSED, ++ usbDevice *dev ATTRIBUTE_UNUSED, ++ const char *file, void *opaque) + { + virBufferPtr buf = opaque; + return vah_add_file(buf, file, "rw"); +@@ -825,7 +841,7 @@ + path = NULL; + + if (ret < 0) { +- vah_warning("skipping backingStore check (open failed)"); ++ vah_warning("could not open path, skipping"); + continue; + } + +@@ -890,13 +906,12 @@ + continue; + + rc = usbDeviceFileIterate(NULL, usb, +- file_iterate_cb, &buf); ++ file_iterate_hostdev_cb, &buf); + usbFreeDevice(NULL, usb); + if (rc != 0) + goto clean; + break; + } +-/* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { + pciDevice *pci = pciGetDevice(NULL, + dev->source.subsys.u.pci.domain, +@@ -907,12 +922,12 @@ + if (pci == NULL) + continue; + +- rc = pciDeviceFileIterate(NULL, pci, file_iterate_cb, &buf); ++ rc = pciDeviceFileIterate(NULL, pci, file_iterate_pci_cb, &buf); + pciFreeDevice(NULL, pci); + + break; + } +-*/ ++ + default: + rc = 0; + break; +Index: libvirt-0.7.5/tests/virt-aa-helper-test +=================================================================== +--- libvirt-0.7.5.orig/tests/virt-aa-helper-test 2010-04-05 19:54:36.000000000 -0500 ++++ libvirt-0.7.5/tests/virt-aa-helper-test 2010-04-05 19:54:57.000000000 -0500 +@@ -204,7 +204,8 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" + testme "0" "create hostdev (USB)" "-c -u $valid_uuid" "$test_xml" + +- cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" ++ cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,
,g" > "$test_xml" ++ + testme "0" "create hostdev (PCI)" "-c -u $valid_uuid" "$test_xml" + fi + +@@ -265,6 +266,9 @@ + cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,/initrd.img,g" > "$test_xml" + testme "0" "initrd is /initrd.img" "-r -u $valid_uuid" "$test_xml" + ++cat "$template_xml" | sed "s,###UUID###,$uuid,g" | sed "s,###DISK###,$disk1,g" | sed "s,,g" > "$test_xml" ++testme "0" "sdl Xauthority" "-r -u $valid_uuid" "$test_xml" ++ + testme "0" "help" "-h" + + echo "" >$output --- libvirt-0.7.5.orig/debian/patches/9001-dont_clobber_existing_bridges.patch +++ libvirt-0.7.5/debian/patches/9001-dont_clobber_existing_bridges.patch @@ -0,0 +1,11 @@ +diff -Nur libvirt-0.7.5/src/network/default.xml libvirt-0.7.5.new/src/network/default.xml +--- libvirt-0.7.5/src/network/default.xml 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/network/default.xml 2010-01-22 14:44:06.549525060 -0600 +@@ -1,6 +1,6 @@ + + default +- ++ + + + --- libvirt-0.7.5.orig/debian/patches/9002-better_default_uri_virsh.patch +++ libvirt-0.7.5/debian/patches/9002-better_default_uri_virsh.patch @@ -0,0 +1,53 @@ +diff -Nur libvirt-0.7.5/tools/Makefile.am libvirt-0.7.5.new/tools/Makefile.am +--- libvirt-0.7.5/tools/Makefile.am 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tools/Makefile.am 2010-01-22 14:44:25.889976145 -0600 +@@ -45,9 +45,11 @@ + -I$(top_srcdir)/gnulib/lib -I../gnulib/lib \ + -I../include -I$(top_srcdir)/include \ + -I$(top_srcdir)/src \ ++ -I$(top_srcdir)/src/remote \ + -I$(top_srcdir)/src/util \ + -DGETTEXT_PACKAGE=\"$(PACKAGE)\" \ + -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ ++ -DLOCAL_STATE_DIR=\""$(localstatedir)"\" \ + $(COVERAGE_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(READLINE_CFLAGS) +diff -Nur libvirt-0.7.5/tools/Makefile.in libvirt-0.7.5.new/tools/Makefile.in +--- libvirt-0.7.5/tools/Makefile.in 2009-12-23 09:17:44.000000000 -0600 ++++ libvirt-0.7.5.new/tools/Makefile.in 2010-01-22 14:44:25.900780145 -0600 +@@ -969,9 +969,11 @@ + -I$(top_srcdir)/gnulib/lib -I../gnulib/lib \ + -I../include -I$(top_srcdir)/include \ + -I$(top_srcdir)/src \ ++ -I$(top_srcdir)/src/remote \ + -I$(top_srcdir)/src/util \ + -DGETTEXT_PACKAGE=\"$(PACKAGE)\" \ + -DLOCALEBASEDIR=\""$(datadir)/locale"\" \ ++ -DLOCAL_STATE_DIR=\""$(localstatedir)"\" \ + $(COVERAGE_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(READLINE_CFLAGS) +diff -Nur libvirt-0.7.5/tools/virsh.c libvirt-0.7.5.new/tools/virsh.c +--- libvirt-0.7.5/tools/virsh.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tools/virsh.c 2010-01-22 14:44:25.889976145 -0600 +@@ -58,6 +58,8 @@ + #define VSH_PROMPT_RW "virsh # " + #define VSH_PROMPT_RO "virsh > " + ++#include "remote_driver.h" ++ + #define GETTIMEOFDAY(T) gettimeofday(T, NULL) + #define DIFF_MSEC(T, U) \ + ((((int) ((T)->tv_sec - (U)->tv_sec)) * 1000000.0 + \ +@@ -8945,6 +8947,10 @@ + + if ((defaultConn = getenv("VIRSH_DEFAULT_CONNECT_URI"))) { + ctl->name = strdup(defaultConn); ++ } else if (!access(LIBVIRTD_PRIV_UNIX_SOCKET, W_OK)) { ++ ctl->name = strdup("qemu:///system"); ++ } else { ++ ctl->name = strdup("qemu:///session"); + } + + if (!vshParseArgv(ctl, argc, argv)) { --- libvirt-0.7.5.orig/debian/patches/9020-apparmor-fix-backingstore.patch +++ libvirt-0.7.5/debian/patches/9020-apparmor-fix-backingstore.patch @@ -0,0 +1,49 @@ +Author: Jamie Strandboge +Description: adjust virt-aa-helper to handle backing store +Bug-Ubuntu: https://launchpad.net/bugs/470636 +Forwarded: Yes +diff -Nur libvirt-0.7.5/src/security/virt-aa-helper.c libvirt-0.7.5.new/src/security/virt-aa-helper.c +--- libvirt-0.7.5/src/security/virt-aa-helper.c 2010-04-05 17:17:04.866040612 -0500 ++++ libvirt-0.7.5.new/src/security/virt-aa-helper.c 2010-04-05 17:21:44.691615033 -0500 +@@ -36,6 +36,7 @@ + #include "uuid.h" + #include "hostusb.h" + #include "pci.h" ++#include "storage_file.h" + + static char *progname; + +@@ -809,6 +810,33 @@ + for (i = 0; i < ctl->def->ndisks; i++) + if (ctl->def->disks[i] && ctl->def->disks[i]->src) { + int ret; ++ const char *path; ++ ++ path = ctl->def->disks[i]->src; ++ do { ++ virStorageFileMetadata meta; ++ ++ memset(&meta, 0, sizeof(meta)); ++ ++ ret = virStorageFileGetMetadata(NULL, path, &meta); ++ ++ if (path != ctl->def->disks[i]->src) ++ VIR_FREE(path); ++ path = NULL; ++ ++ if (ret < 0) { ++ vah_warning("skipping backingStore check (open failed)"); ++ continue; ++ } ++ ++ if (meta.backingStore != NULL && ++ (ret = vah_add_file(&buf, meta.backingStore, "rw")) != 0) { ++ VIR_FREE(meta.backingStore); ++ goto clean; ++ } ++ ++ path = meta.backingStore; ++ } while (path != NULL); + + if (ctl->def->disks[i]->readonly) + ret = vah_add_file(&buf, ctl->def->disks[i]->src, "r"); --- libvirt-0.7.5.orig/debian/patches/9018-fix-pty-console.patch +++ libvirt-0.7.5/debian/patches/9018-fix-pty-console.patch @@ -0,0 +1,80 @@ +author Matthew Booth + Wed, 6 Jan 2010 16:09:04 +0000 (17:09 +0100) +committer Daniel Veillard + Wed, 6 Jan 2010 16:09:04 +0000 (17:09 +0100) +commit c0a9b6a5338e54b64a4a28415ffbdb6bcc2b38c5 +tree fe4c2e1e53239b4adb0643f7d475ebc8a649d670 +parent aee70b7482b4eb7c69f5cacfeb364000294300aa + +Fix parsing of 'info chardev' line endings + +This change makes the 'info chardev' parser ignore any trailing +whitespace on a line. This fixes a specific problem handling a '\r\n' +line ending. + +* src/qemu/qemu_monitor_text.c: Ignore trailing whitespace in + 'info chardev' output. + +X-Git-Url: http://libvirt.org/git/?p=libvirt.git;a=blobdiff_plain;f=src%2Fqemu%2Fqemu_monitor_text.c;h=5b9ced21402fe1712f0e4db89bdf9f1d695159ff;hp=ab361c6f2b528592d1f96bb1846483fdf80536b1;hb=c0a9b6a5338e54b64a4a28415ffbdb6bcc2b38c5;hpb=aee70b7482b4eb7c69f5cacfeb364000294300aa + +diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c +index ab361c6..5b9ced2 100644 +--- a/src/qemu/qemu_monitor_text.c ++++ b/src/qemu/qemu_monitor_text.c +@@ -1705,15 +1705,26 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + goto cleanup; + } + +- char *pos = reply; /* The current start of searching */ +- char *end = pos + strlen(reply); /* The end of the reply string */ ++ char *pos; /* The current start of searching */ ++ char *next = reply; /* The start of the next line */ + char *eol; /* The character which ends the current line */ ++ char *end = reply + strlen(reply); /* The end of the reply string */ ++ ++ while (next) { ++ pos = next; + +- while (pos < end) { + /* Split the output into lines */ + eol = memchr(pos, '\n', end - pos); +- if (eol == NULL) ++ if (eol == NULL) { + eol = end; ++ next = NULL; ++ } else { ++ next = eol + 1; ++ } ++ ++ /* Ignore all whitespace immediately before eol */ ++ while (eol > pos && c_isspace(*(eol-1))) ++ eol -= 1; + + /* Look for 'filename=pty:' */ + #define NEEDLE "filename=pty:" +@@ -1721,13 +1732,13 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + + /* If it's not there we can ignore this line */ + if (!needle) +- goto next; ++ continue; + + /* id is everthing from the beginning of the line to the ':' + * find ':' and turn it into a terminator */ + char *colon = memchr(pos, ':', needle - pos); + if (colon == NULL) +- goto next; ++ continue; + *colon = '\0'; + char *id = pos; + +@@ -1747,9 +1758,6 @@ int qemuMonitorTextGetPtyPaths(qemuMonitorPtr mon, + goto cleanup; + } + #undef NEEDLE +- +- next: +- pos = eol + 1; + } + + ret = 0; --- libvirt-0.7.5.orig/debian/patches/series +++ libvirt-0.7.5/debian/patches/series @@ -0,0 +1,32 @@ +0001-remove-RHism.diff.patch +#0002-qemu-disable-network.diff.patch +0003-allow-libvirt-group-to-access-the-socket.patch +0004-fix-Debian-specific-path-to-hvm-loader.patch +0005-Also-look-for-dmi-information-in-sys-class.patch +#0006-Terminate-nc-on-EOF.patch +0007-Implement-path-lookup-for-USB-by-vendor-product.patch +0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch +0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch +0010-Use-base-16-for-product-vendor.patch +9000-delayed_iff_up_bridge.patch +9001-dont_clobber_existing_bridges.patch +9002-better_default_uri_virsh.patch +9003-increase-logoutput-timeout.patch +9004-better-default-arch.patch +9005-libvirtd-group-name.patch +9006-increase-unix-socket-timeout.patch +9007-default-config-test-case.patch +9008-fix-daemon-conf-ftbfs.patch +9009-run-as-root-by-default.patch +9010-apparmor-ftbfs.patch +9011-node_device_driver.patch +9012-dont-crash-on-restart.patch +9013-apparmor-dont-clear-caps.patch +9014-apparmor-remove-unloaded-profile-is-not-fatal.patch +9015-autodetect-nc-params.patch +9016-disk-cache-setting-xml.patch +9017-dont-disable-ipv6.patch +9018-fix-pty-console.patch +9019-apparmor-fix-xauth.patch +9020-apparmor-fix-backingstore.patch +9021-apparmor-fix-hostdev.patch --- libvirt-0.7.5.orig/debian/patches/9003-increase-logoutput-timeout.patch +++ libvirt-0.7.5/debian/patches/9003-increase-logoutput-timeout.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/src/qemu/qemu_driver.c libvirt-0.7.5.new/src/qemu/qemu_driver.c +--- libvirt-0.7.5/src/qemu/qemu_driver.c 2010-01-22 14:45:02.470772805 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_driver.c 2010-01-22 14:46:37.039529964 -0600 +@@ -1523,7 +1523,7 @@ + + ret = qemudReadLogOutput(conn, vm, logfd, buf, sizeof(buf), + qemudFindCharDevicePTYs, +- "console", 3); ++ "console", 30); + if (close(logfd) < 0) { + char ebuf[4096]; + VIR_WARN(_("Unable to close logfile: %s\n"), --- libvirt-0.7.5.orig/debian/patches/9005-libvirtd-group-name.patch +++ libvirt-0.7.5/debian/patches/9005-libvirtd-group-name.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/daemon/libvirtd.conf libvirt-0.7.5.new/daemon/libvirtd.conf +--- libvirt-0.7.5/daemon/libvirtd.conf 2010-01-22 14:47:37.469547794 -0600 ++++ libvirt-0.7.5.new/daemon/libvirtd.conf 2010-01-22 14:48:22.690780210 -0600 +@@ -78,7 +78,7 @@ + # without becoming root. + # + # This is restricted to 'root' by default. +-unix_sock_group = "libvirt" ++unix_sock_group = "libvirtd" + + # Set the UNIX socket permissions for the R/O socket. This is used + # for monitoring VM status only --- libvirt-0.7.5.orig/debian/patches/0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch +++ libvirt-0.7.5/debian/patches/0009-Fix-QEMU-driver-custom-domain-status-XML-extensions.patch @@ -0,0 +1,181 @@ +From: Daniel P. Berrange +Date: Mon, 18 Jan 2010 16:24:25 +0000 +Subject: [PATCH] Fix QEMU driver custom domain status XML extensions + +Invoking the virConnectGetCapabilities() method causes the QEMU +driver to rebuild its internal capabilities object. Unfortunately +it was forgetting to register the custom domain status XML hooks +again. + +To avoid this kind of error in the future, the code which builds +capabilities is refactored into one single method, which can be +called from all locations, ensuring reliable rebuilds. + +* src/qemu/qemu_driver.c: Fix rebuilding of capabilities XML and + guarentee it is always consistent +--- + src/qemu/qemu_driver.c | 110 +++++++++++++++++++++++------------------------- + 1 files changed, 53 insertions(+), 57 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 9e44b46..0d4833e 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -885,34 +885,6 @@ qemuReconnectDomains(struct qemud_driver *driver) + + + static int +-qemudSecurityCapsInit(virSecurityDriverPtr secdrv, +- virCapsPtr caps) +-{ +- const char *doi, *model; +- +- doi = virSecurityDriverGetDOI(secdrv); +- model = virSecurityDriverGetModel(secdrv); +- +- caps->host.secModel.model = strdup(model); +- if (!caps->host.secModel.model) { +- virReportOOMError(NULL); +- return -1; +- } +- +- caps->host.secModel.doi = strdup(doi); +- if (!caps->host.secModel.doi) { +- virReportOOMError(NULL); +- return -1; +- } +- +- VIR_DEBUG("Initialized caps for security driver \"%s\" with " +- "DOI \"%s\"", model, doi); +- +- return 0; +-} +- +- +-static int + qemudSecurityInit(struct qemud_driver *qemud_drv) + { + int ret; +@@ -933,15 +905,52 @@ qemudSecurityInit(struct qemud_driver *qemud_drv) + qemud_drv->securityDriver = security_drv; + + VIR_INFO("Initialized security driver %s", security_drv->name); +- +- /* +- * Add security policy host caps now that the security driver is +- * initialized. +- */ +- return qemudSecurityCapsInit(security_drv, qemud_drv->caps); ++ return 0; + } + + ++static virCapsPtr ++qemuCreateCapabilities(virCapsPtr oldcaps, ++ virSecurityDriverPtr secDriver) ++{ ++ virCapsPtr caps; ++ ++ /* Basic host arch / guest machine capabilities */ ++ if (!(caps = qemudCapsInit(oldcaps))) { ++ virReportOOMError(NULL); ++ return NULL; ++ } ++ ++ /* Domain XML parser hooks */ ++ caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; ++ caps->privateDataFreeFunc = qemuDomainObjPrivateFree; ++ caps->privateDataXMLFormat = qemuDomainObjPrivateXMLFormat; ++ caps->privateDataXMLParse = qemuDomainObjPrivateXMLParse; ++ ++ ++ /* Security driver data */ ++ if (secDriver) { ++ const char *doi, *model; ++ ++ doi = virSecurityDriverGetDOI(secDriver); ++ model = virSecurityDriverGetModel(secDriver); ++ ++ if (!(caps->host.secModel.model = strdup(model))) ++ goto no_memory; ++ if (!(caps->host.secModel.doi = strdup(doi))) ++ goto no_memory; ++ ++ VIR_DEBUG("Initialized caps for security driver \"%s\" with " ++ "DOI \"%s\"", model, doi); ++ } ++ ++ return caps; ++ ++no_memory: ++ virReportOOMError(NULL); ++ virCapabilitiesFree(caps); ++ return NULL; ++} + + /** + * qemudStartup: +@@ -1067,13 +1076,12 @@ qemudStartup(int privileged) { + virStrerror(-rc, buf, sizeof(buf))); + } + +- if ((qemu_driver->caps = qemudCapsInit(NULL)) == NULL) +- goto out_of_memory; ++ if (qemudSecurityInit(qemu_driver) < 0) ++ goto error; + +- qemu_driver->caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; +- qemu_driver->caps->privateDataFreeFunc = qemuDomainObjPrivateFree; +- qemu_driver->caps->privateDataXMLFormat = qemuDomainObjPrivateXMLFormat; +- qemu_driver->caps->privateDataXMLParse = qemuDomainObjPrivateXMLParse; ++ if ((qemu_driver->caps = qemuCreateCapabilities(NULL, ++ qemu_driver->securityDriver)) == NULL) ++ goto error; + + if ((qemu_driver->activePciHostdevs = pciDeviceListNew(NULL)) == NULL) + goto error; +@@ -1097,10 +1105,6 @@ qemudStartup(int privileged) { + } + } + +- if (qemudSecurityInit(qemu_driver) < 0) { +- goto error; +- } +- + /* If hugetlbfs is present, then we need to create a sub-directory within + * it, since we can't assume the root mount point has permissions that + * will let our spawned QEMU instances use it. +@@ -2859,15 +2863,12 @@ static char *qemudGetCapabilities(virConnectPtr conn) { + char *xml = NULL; + + qemuDriverLock(driver); +- if ((caps = qemudCapsInit(qemu_driver->caps)) == NULL) +- goto no_memory; + +- caps->privateDataAllocFunc = qemuDomainObjPrivateAlloc; +- caps->privateDataFreeFunc = qemuDomainObjPrivateFree; +- +- if (qemu_driver->securityDriver && +- qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) +- goto no_memory; ++ if ((caps = qemuCreateCapabilities(qemu_driver->caps, ++ qemu_driver->securityDriver)) == NULL) { ++ virCapabilitiesFree(caps); ++ goto cleanup; ++ } + + virCapabilitiesFree(qemu_driver->caps); + qemu_driver->caps = caps; +@@ -2879,11 +2880,6 @@ cleanup: + qemuDriverUnlock(driver); + + return xml; +- +-no_memory: +- virCapabilitiesFree(caps); +- virReportOOMError(conn); +- goto cleanup; + } + + +-- --- libvirt-0.7.5.orig/debian/patches/9012-dont-crash-on-restart.patch +++ libvirt-0.7.5/debian/patches/9012-dont-crash-on-restart.patch @@ -0,0 +1,33 @@ +Description: Fix a crash when restarting libvirtd. + If you shutdown libvirtd while a domain with PCI devices is running, then try + to restart libvirtd, libvirtd will crash. + . + This happens because qemuUpdateActivePciHostdevs() is calling + pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying to dereference + it. This patch fixes it up so that qemuUpdateActivePciHostdevs() steals the + devices after first Get()'ting them, avoiding the crash. +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=7cc5410bfd78f67300fe0344658e66df6482aa25 + +diff -Nur libvirt-0.7.5/src/qemu/qemu_driver.c libvirt-0.7.5.new/src/qemu/qemu_driver.c +--- libvirt-0.7.5/src/qemu/qemu_driver.c 2010-01-28 08:35:14.467104576 -0600 ++++ libvirt-0.7.5.new/src/qemu/qemu_driver.c 2010-01-28 08:35:43.735863804 -0600 +@@ -1771,6 +1771,7 @@ + virDomainDefPtr def) + { + pciDeviceList *pcidevs; ++ int i; + int ret = -1; + + if (!def->nhostdevs) +@@ -1779,8 +1780,9 @@ + if (!(pcidevs = qemuGetPciHostDeviceList(NULL, def))) + return -1; + +- while (pciDeviceListCount(pcidevs) > 0) { +- pciDevice *dev = pciDeviceListSteal(NULL, pcidevs, 0); ++ for (i = 0; i < pciDeviceListCount(pcidevs); i++) { ++ pciDevice *dev = pciDeviceListGet(pcidevs, i); ++ pciDeviceListSteal(NULL, pcidevs, dev); + if (pciDeviceListAdd(NULL, + driver->activePciHostdevs, + dev) < 0) { --- libvirt-0.7.5.orig/debian/patches/0001-remove-RHism.diff.patch +++ libvirt-0.7.5/debian/patches/0001-remove-RHism.diff.patch @@ -0,0 +1,22 @@ +From: Guido Guenther +Date: Fri, 7 Mar 2008 09:08:25 +0100 +Subject: [PATCH] remove-RHism.diff + +--- + tools/virsh.pod | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/tools/virsh.pod b/tools/virsh.pod +index ee8cc11..d2458f5 100644 +--- a/tools/virsh.pod ++++ b/tools/virsh.pod +@@ -34,7 +34,7 @@ the program. + + All B operations rely upon the libvirt library. + For any virsh commands to run xend/qemu, or what ever virtual library that libvirt supports. For this reason you should start xend/qemu as a service when your system first boots using xen/qemu. This can usually be done using the command +-B . ++B . + + Most B commands require root privileges to run due to the + communications channels used to talk to the hypervisor. Running as +-- --- libvirt-0.7.5.orig/debian/patches/9007-default-config-test-case.patch +++ libvirt-0.7.5/debian/patches/9007-default-config-test-case.patch @@ -0,0 +1,12 @@ +diff -Nur libvirt-0.7.5/tests/daemon-conf libvirt-0.7.5.new/tests/daemon-conf +--- libvirt-0.7.5/tests/daemon-conf 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/tests/daemon-conf 2010-01-22 14:53:38.039531290 -0600 +@@ -20,7 +20,7 @@ + conf="$abs_top_srcdir/daemon/libvirtd.conf" + + # Ensure that each commented out PARAMETER = VALUE line has the expected form. +-grep '[a-z_] *= *[^ ]' "$conf" | grep -vE '^#[a-z_]+ = ' \ ++grep '^#' "$conf" | grep '[a-z_] *= *[^ ]' | grep -vE '^#[a-z_]+ = ' \ + && { echo "$0: found unexpected lines (above) in $conf" 1>&2; exit 1; } + + # Start with the sample libvirtd.conf file, uncommenting all real directives. --- libvirt-0.7.5.orig/debian/patches/0002-qemu-disable-network.diff.patch +++ libvirt-0.7.5/debian/patches/0002-qemu-disable-network.diff.patch @@ -0,0 +1,38 @@ +From: Guido Guenther +Date: Fri, 7 Mar 2008 09:08:26 +0100 +Subject: [PATCH] qemu-disable-network.diff + +--- + src/Makefile.am | 3 --- + src/Makefile.in | 3 --- + 2 files changed, 0 insertions(+), 6 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 8ef0e81..f59eb08 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -913,9 +913,6 @@ if WITH_NETWORK + test -z "$(UUID)" || \ + sed -i -e "s,,\n $(UUID)," \ + $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +- test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +- ln -s ../default.xml \ +- $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + endif + + uninstall-local:: +diff --git a/src/Makefile.in b/src/Makefile.in +index 5301dfc..143fe64 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -4197,9 +4197,6 @@ install-data-local: + @WITH_NETWORK_TRUE@ test -z "$(UUID)" || \ + @WITH_NETWORK_TRUE@ sed -i -e "s,,\n $(UUID)," \ + @WITH_NETWORK_TRUE@ $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/default.xml +-@WITH_NETWORK_TRUE@ test -e $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml || \ +-@WITH_NETWORK_TRUE@ ln -s ../default.xml \ +-@WITH_NETWORK_TRUE@ $(DESTDIR)$(sysconfdir)/libvirt/qemu/networks/autostart/default.xml + + uninstall-local:: + rmdir "$(DESTDIR)$(localstatedir)/cache/libvirt" ||: +-- --- libvirt-0.7.5.orig/debian/patches/0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch +++ libvirt-0.7.5/debian/patches/0008-qemu-Use-log-output-for-pty-assignment-if-info-chard.patch @@ -0,0 +1,43 @@ +From: Matthias Bolte +Date: Mon, 18 Jan 2010 21:04:50 +0100 +Subject: [PATCH] qemu: Use log output for pty assignment if 'info chardev' is unavailable + +qemudFindCharDevicePTYsMonitor reports an error if 'info chardev' didn't +provide information for a requested device, even if the log output parsing +had found the pty path for that device. This makes pty assignment fail for +older QEMU/KVM versions. For example KVM 72 on Debian doesn't support +'info chardev', so qemuMonitorTextGetPtyPaths cannot parse any useful +information and the hash for device-id-to-pty-path mapping stays empty. + +Make qemudFindCharDevicePTYsMonitor report an error only if the log output +parsing and the 'info chardev' parsing failed to provide the pty path. +--- + src/qemu/qemu_driver.c | 14 +++++++++++--- + 1 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 7dfa78f..9e44b46 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -1428,9 +1428,17 @@ qemudFindCharDevicePTYsMonitor(virConnectPtr conn, + \ + const char *path = (const char *) virHashLookup(paths, id); \ + if (path == NULL) { \ +- qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,\ +- _("no assigned pty for device %s"), id); \ +- return -1; \ ++ if (chr->data.file.path == NULL) { \ ++ /* neither the log output nor 'info chardev' had a */ \ ++ /* pty path for this chardev, report an error */ \ ++ qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR, \ ++ _("no assigned pty for device %s"), id); \ ++ return -1; \ ++ } else { \ ++ /* 'info chardev' had no pty path for this chardev, */\ ++ /* but the log output had, so we're fine */ \ ++ continue; \ ++ } \ + } \ + \ + chr->data.file.path = strdup(path); \ +-- --- libvirt-0.7.5.orig/debian/patches/9011-node_device_driver.patch +++ libvirt-0.7.5/debian/patches/9011-node_device_driver.patch @@ -0,0 +1,29 @@ +Description: Don't free an uninitalized pointer in update_driver_name() + This invalid free results in heap corruption. Some symptoms I saw + because of this were libvirtd crashing and virt-manager hanging + while trying to enumerate devices. +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=338e7c3c8d5b861f3ad376863519f3496736987e +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=556815 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/513544 + +diff -Nur libvirt-0.7.5/src/node_device/node_device_driver.c libvirt-0.7.5.new/src/node_device/node_device_driver.c +--- libvirt-0.7.5/src/node_device/node_device_driver.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/node_device/node_device_driver.c 2010-01-28 08:24:22.765837964 -0600 +@@ -78,7 +78,7 @@ + virNodeDeviceObjPtr dev) + { + char *driver_link = NULL; +- char *devpath; ++ char *devpath = NULL; + char *p; + int ret = -1; + +@@ -114,7 +114,7 @@ + + cleanup: + VIR_FREE(driver_link); +- free(devpath); ++ VIR_FREE(devpath); + return ret; + } + #else --- libvirt-0.7.5.orig/debian/patches/9013-apparmor-dont-clear-caps.patch +++ libvirt-0.7.5/debian/patches/9013-apparmor-dont-clear-caps.patch @@ -0,0 +1,31 @@ +Author: Jamie Strandboge +Description: Don't clear capabilities when calling virt-aa-helper. When built + with libcap-ng, clearing caps makes virt-aa-helper lose MAC_ADMIN, which is + (obviously) needed by apparmor_parser. This restores libcap-ng behavior to + what it was when not built with libcap-ng. +diff -Nur libvirt-0.7.5/src/security/security_apparmor.c libvirt-0.7.5.new/src/security/security_apparmor.c +--- libvirt-0.7.5/src/security/security_apparmor.c 2009-12-22 03:37:57.000000000 -0600 ++++ libvirt-0.7.5.new/src/security/security_apparmor.c 2010-02-05 16:32:53.588796032 -0600 +@@ -174,19 +174,19 @@ + VIRT_AA_HELPER, "-c", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else if (disk && disk->src) { + const char *const argv[] = { + VIRT_AA_HELPER, "-r", "-u", profile, "-f", disk->src, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } else { + const char *const argv[] = { + VIRT_AA_HELPER, "-r", "-u", profile, NULL + }; + ret = virExec(conn, argv, NULL, NULL, &child, +- pipefd[0], NULL, NULL, VIR_EXEC_CLEAR_CAPS); ++ pipefd[0], NULL, NULL, VIR_EXEC_NONE); + } + if (ret < 0) + goto clean; --- libvirt-0.7.5.orig/debian/patches/9010-apparmor-ftbfs.patch +++ libvirt-0.7.5/debian/patches/9010-apparmor-ftbfs.patch @@ -0,0 +1,60 @@ +Description: fix a miscommit and automake dependency ordering +Origin: http://libvirt.org/git/?p=libvirt.git;a=commit;h=cfe49446d3d2b181db69330a01a609bf84490072 + http://libvirt.org/git/?p=libvirt.git;a=commit;h=9933c4f2f6b8c084bbda6195d5025e1bb103a611 + +Index: libvirt-0.7.5/src/security/virt-aa-helper.c +=================================================================== +--- libvirt-0.7.5.orig/src/security/virt-aa-helper.c 2010-01-25 17:42:10.000000000 -0600 ++++ libvirt-0.7.5/src/security/virt-aa-helper.c 2010-01-25 17:43:03.000000000 -0600 +@@ -851,7 +851,6 @@ + if (rc != 0) + goto clean; + break; +- } + } + /* TODO: update so files in /sys are readonly + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { +Index: libvirt-0.7.5/src/Makefile.am +=================================================================== +--- libvirt-0.7.5.orig/src/Makefile.am 2009-12-23 08:55:40.000000000 -0600 ++++ libvirt-0.7.5/src/Makefile.am 2010-01-25 17:42:10.000000000 -0600 +@@ -876,9 +876,9 @@ + virt_aa_helper_LDADD = \ + $(WARN_CFLAGS) \ + $(LIBXML_LIBS) \ +- @top_srcdir@/gnulib/lib/libgnu.la \ + @top_srcdir@/src/libvirt_conf.la \ +- @top_srcdir@/src/libvirt_util.la ++ @top_srcdir@/src/libvirt_util.la \ ++ @top_srcdir@/gnulib/lib/libgnu.la + virt_aa_helper_CFLAGS = \ + -I@top_srcdir@/src/conf \ + -I@top_srcdir@/src/security +Index: libvirt-0.7.5/src/Makefile.in +=================================================================== +--- libvirt-0.7.5.orig/src/Makefile.in 2009-12-23 09:17:42.000000000 -0600 ++++ libvirt-0.7.5/src/Makefile.in 2010-01-25 17:42:10.000000000 -0600 +@@ -758,9 +758,9 @@ + virt_aa_helper_OBJECTS = $(am_virt_aa_helper_OBJECTS) + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_DEPENDENCIES = $(am__DEPENDENCIES_2) \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(am__DEPENDENCIES_2) \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_conf.la \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la \ ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la + virt_aa_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(virt_aa_helper_CFLAGS) $(CFLAGS) $(virt_aa_helper_LDFLAGS) \ +@@ -2095,9 +2095,9 @@ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_LDADD = \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(WARN_CFLAGS) \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ $(LIBXML_LIBS) \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_conf.la \ +-@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/src/libvirt_util.la \ ++@WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ @top_srcdir@/gnulib/lib/libgnu.la + + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@virt_aa_helper_CFLAGS = \ + @WITH_LIBVIRTD_TRUE@@WITH_SECDRIVER_APPARMOR_TRUE@ -I@top_srcdir@/src/conf \ --- libvirt-0.7.5.orig/debian/patches/0006-Terminate-nc-on-EOF.patch +++ libvirt-0.7.5/debian/patches/0006-Terminate-nc-on-EOF.patch @@ -0,0 +1,32 @@ +From: Gabor Gombas +Date: Fri, 8 Jan 2010 11:00:07 +0100 +Subject: [PATCH] Terminate nc on EOF + +Closes: #564053 +--- + src/remote/remote_driver.c | 4 +++- + 1 files changed, 3 insertions(+), 1 deletions(-) + +diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c +index d6f5fce..a4055f8 100644 +--- a/src/remote/remote_driver.c ++++ b/src/remote/remote_driver.c +@@ -730,7 +730,7 @@ doRemoteOpen (virConnectPtr conn, + } + + case trans_ssh: { +- int j, nr_args = 6; ++ int j, nr_args = 8; + + if (username) nr_args += 2; /* For -l username */ + if (no_tty) nr_args += 5; /* For -T -o BatchMode=yes -e none */ +@@ -764,6 +764,8 @@ doRemoteOpen (virConnectPtr conn, + } + cmd_argv[j++] = strdup (priv->hostname); + cmd_argv[j++] = strdup (netcat ? netcat : "nc"); ++ cmd_argv[j++] = strdup ("-q"); ++ cmd_argv[j++] = strdup ("0"); + cmd_argv[j++] = strdup ("-U"); + cmd_argv[j++] = strdup (sockname ? sockname : + (flags & VIR_CONNECT_RO +--