[Bug 480478] Re: libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc

Launchpad Bug Tracker 480478 at bugs.launchpad.net
Wed Dec 2 17:00:08 GMT 2009 

This bug was fixed in the package libvirt - 0.7.2-4ubuntu1

---------------
libvirt (0.7.2-4ubuntu1) lucid; urgency=low

  * Merge from debian testing. Remaining changes:
    - debian/control:
      + Don't build-depend on QEmu
      + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
        to Depends of libvirt-bin
      + Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
      + Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
        since we used to ship them as such
      + We call libxen-dev libxen3-dev, so change all references
      + Build-Depends on libxml2-utils
      + Build-Depends on open-iscsi-utils instead of open-iscsi due to
        LP: #414986
    - debian/postinst:
      + rename the libvirt group to libvirtd
      + add each admin user to the libvirtd group
    - debian/libvirt-bin.postrm: rename the libvirt group to libvirtd
    - debian/rules: add DEB_MAKE_CHECK_TARGET := check
    - debian/patches/900[0-7]: updated/refreshed for new paths in 0.7.2
    - debian/patches/series: don't apply 0002-qemu-disable-network.diff.patch
    - AppArmor integration:
      + debian/control: Build-Depends on libapparmor-dev and Suggests
        apparmor (>= 2.3+1289-0ubuntu14)
      + debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
        /etc/apparmor.d/force-complain, /etc/apparmor.d/libvirt,
        /etc/cron.daily and /usr/share/apport/package-hooks
      + add debian/libvirt-bin.cron.daily (LP: #438165)
      + add debian/libvirt-bin.apport
      + debian/libvirt-bin.install: install apparmor profiles, abstractions
        and apport hook
      + debian/postinst: reload apparmor profiles
      + debian/libvirt-bin.postrm: remove apparmor symlinks on purge
      + debian/libvirt-bin.preinst: added to force complain on certain
        upgrades
      + debian/README.Debian: add AppArmor section based on the upstream
        documentation
      + debian/rules: use --with-apparmor and copy apparmor and apport hook to
        debian/tmp
    - Dropped the following patches now included upstream:
      + 0005-Close-logfile-fd-after-spawning-qemu.patch
      + 9090-reenable-nonfile-labels.patch
      + 9091-apparmor.patch
      + 9092-apparmor-autoreconf.patch
  * AppArmor integration updates:
    - debian/apparmor/usr.sbin.libvirtd: allow libvirtd access to
      /usr/lib/libvirt/* (LP: #480478)
    - debian/apparmor/libvirt-qemu: allow guests access to
      /etc/pki/libvirt-vnc/** (LP: #484562)
    - debian/libvirt-bin.postinst: 0.7.2 moved /usr/bin/virt-aa-helper to
      /usr/lib/libvirt, so the profile changed from usr.bin.virt-aa-helper
      to usr.lib.libvirt.virt-aa-helper and needs to be migrated. If the user
      made no changes to the old profile, remove it, otherwise, update the
      paths, preserving the shipped usr.lib.libvirt.virt-aa-helper
    - update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in
      0.7.4):
      + debian/patches/9008-apparmor-caps-mockup.patch
      + debian/patches/9009-apparmor-lp453335.patch
      + debian/patches/9010-apparmor-lp460271.patch
      + debian/patches/9011-apparmor-code-cleanups.patch
    - add virt-aa-helper-test and examples/apparmor that were omitted from the
      upstream tarball (can be dropped in 0.7.5):
      + debian/patches/9012-apparmor-add-virt-aa-helper-test.patch
      + debian/patches/9013-apparmor-examples.patch
      + debian/rules: add post-patches target to make virt-aa-helper-test
        executable
  * debian/patches/0005-Fix-SELinux-linking-issues.patch: updated to work
    when both apparmor and selinux are available. This patch should be
    dropped in 0.7.4.
  * debian/patches/9007-default-config-test-case.patch: updated to not fail
    if building in a deep directory
  * debian/patches/9014-event-fuzz.patch: add a little fuzz to not be quite
    so precise with expected expiry time. Fixes FTBFS with HZ=100 kernels.
    Can be dropped in 0.7.5.
  * debian/patches/9015-hal-startup-failure-is-nonfatal.patch: disable hal
    driver if hald is not running instead of dying. Can be dropped in
    0.7.4.
  * debian/control: temporarily remove Build-Depends on libcap-ng-dev, which
    isn't available in Ubuntu main yet
  * revert change to new source format 3.0 (quilt) since Launchpad can't
    handle it yet (see LP: #293106)

libvirt (0.7.2-4) unstable; urgency=low

  * [213ca47] switch to new source format 3.0 (quilt)
  * [f5a10e9] Depend on hal (Closes: #556730)
  * [7d1422d] Drop build-dep on libpolkit-dbus-dev (Closes: #549500)
  * [95ad85c] Depend on libcap-ng-dev for lxc driver.

libvirt (0.7.2-3) unstable; urgency=low

  * [2c0aa82] Fix qemu:///session Backported from upsgtream's
    79218cdd9887b132eb0f29fe2048f89e90beae1 (Closes: #554869)

libvirt (0.7.2-2) unstable; urgency=low

  [ Laurent Léonard ]
  * [a9ea205] Change requirement of libvirt-bin in libvirt- suspendonreboot.
  * [a4db804] Update debian/patches/0006-Don-t-let-parent-of-daemon-
    exit-until-basic-initiali.patch. Fix use of an uninitialized variable that
    was causing a bug on i386 systems.
  * [59e1e53] Redo patches.

  [ Guido Günther ]
  * upload to unstable
  * [43f106a] Only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
    (Closes: #549949) - thanks to Rob S. Wolfram for testing

libvirt (0.7.2-1) experimental; urgency=low

  [ Laurent Léonard ]
  * [51a4814] Imported Upstream version 0.7.2
  * [12268f6] Update patches.
  * [175d497] Fix SELinux linking issues. Pulled from upstream
    309acaa0230494b8ec08d03375c10238cb2daf55.
  * [5cfdaf8] Update libvirt-doc docs.
  * [dc2059f] Update libvirt-bin manpages.
  * [a62a4a7] Update libvirt-bin examples.
  * [9e38cbc] Update libvirt0 symbols.
  * [412b12f] Make init.d script provide itself.
  * [35451bf] Update debian/rules to support new example files.
  * [43b7dac] Don't let parent of daemon exit until basic initialization is
    done.
  * [5a37e69] Make init.d provide libvirtd for backward compatibility.

libvirt (0.7.1-2) unstable; urgency=low

  * [f5299d3] document changes and release 0.7.1-1
  * [f137c00] Allow for older versions of dpkg-dev to ease backports.
  * [74f5832] Use Policykit 1.0 (Closes: #549500)

libvirt (0.7.1-1) unstable; urgency=low

  [ Laurent Léonard ]
  * [40fb620] Bump Debhelper version to 7.
  * [e0e89f2] Bump Standards-Version to 3.8.3.
  * [50a862f] Clean debian/rules.
  * [e9c9906] Change build dependency on libreadline5-dev to
    libreadline-dev.
  * [b6cb738] Imported Upstream version 0.7.1
  * [780f6a7] Redo patches.
  * [3d66f37] Update libvirt-bin examples.
  * [c01ed84] Update libvirt0 symbols.
 -- Jamie Strandboge <jamie at ubuntu.com>   Wed, 02 Dec 2009 09:22:21 -0600

** Changed in: libvirt (Ubuntu Lucid)
       Status: In Progress => Fix Released

-- 
libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc
https://bugs.launchpad.net/bugs/480478
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

More information about the Ubuntu-server-bugs mailing list