[Bug 801569] Re: apparmor security driver broken in 0.9.2
Launchpad Bug Tracker
801569 at bugs.launchpad.net
Fri Jun 24 15:40:18 UTC 2011
This bug was fixed in the package libvirt - 0.9.2-4ubuntu1
---------------
libvirt (0.9.2-4ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control:
* set X-Python-Version to 2.7, as 2.6 is not in oneiric.
* set ubuntu maintainer
* Build-Depends:
- remove [linux-any] from all dependencies
- remove [!linux-any] deps
- swap qemu to qemu-kvm and open-iscsi to
open-iscsi-utils in Build-Depends
- remove virtualbox-ose Build-Depends
- add parted and libapparmor-dev Build-Depends
* convert Vcs-Git to Xs-Debian-Vcs-Git
* libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
(>= 2.46-1), and iptables from Recommends to Depends
* libvirt-bin Recommends: move qemu to Suggests
* libvirt-bin Suggests: add apparmor
* libvirt0 Recommands: move lvm2 to Suggests
- keep debian/libvirt-bin.apport
- keep debian/libvirt-bin.cron.daily
- debian/libvirt-bin.dirs:
* add apparmor, cron.daily, and apport dirs
- debian/libvirt-bin.examples:
* add debian/libvirt-suspendonreboot
- debian/libvirt-bin.install:
* add /etc/apparmor.d files
* add apport hook
- debian/libvirt-bin.manpages:
* add debian/libvirt-migrate-qemu-disks.1
- debian/libvirt-bin.postinst:
* replace libvirt groupname with libvirtd
* add each admin user to libvirtd group
* call apparmor_parser on usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
* call 'libvirt-migrate-qemu-disks -a' after
libvirt-bin has started if migrating from
older than 0.8.3-1ubuntu1
- debian/libvirt-bin.postrm:
* replace libvirt groupname with libvirtd
* remove usr.sbin.libvirtd and
usr.lib.libvirt.virt-aa-helper
- keep added files under debian/:
* libvirt-bin.upstart
* libvirt-migrate-qemu-disks
* libvirt-migrate-qemu-disks.1
* libvirt-suspendonreboot
* apparmor profiles
- debian/README.Debian:
* add 'Apparmor Profile' section
* add 'Disk migration' section
- debian/rules:
* move include of debhelper.mk to top of file so DEB_HOST_ARCH_OS
is defined.
* don't build with vbox since virtualbox-ose is in universe
- remove WITH_VBOX, add explicit --without-vbox
* add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
* set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
* remove unneeded binary-install/libvirt-bin:: and clean::
sections (they only deal with sysvinit stuff)
* add build/libvirt-bin:: section to install
- apparmor files
- apport hooks
- libvirt-migrate-qemu-disks
* debian/patches/series:
- don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
- don't apply Disable qemu-disable-network.diff.patch
* debian/patches:
- dropped patches:
* 9022-allows-lxc-containers-with-lxcguest.patch (applied upstream)
* 9023-disable-test-poll.patch
* 9024-ftbfs-with-arm.patch (doesnt really fix arm just yet)
* 9025-CVE-2011-2178.patch (applied upstream)
- keep patches:
* 9000-delayed_iff_up_bridge.patch
* 9001-dont_clobber_existing_bridges.patch
* 9002-better_default_uri_virsh.patch
* 9003-better-default-arch.patch
* 9004-libvirtd-group-name.patch
* 9005-increase-unix-socket-timeout.patch
* 9006-default-config-test-case.patch
* 9011-move-ebtables-script.patch
* 9014-skip-nodeinfotest.patch
* 9020-lp545795.patch
* 9021-fix-uint64_t.patch
* 9026-lp795800.patch
[ Jamie Strandboge ]
* 9027-move-apparmor-load-to-genlabel.patch: 0.9.2 introduced a change that
caused aa_change_profile() to be called before the profile was loaded into
the kernel. Adjust AppArmorGenSecurityLabel() in
src/security/security_apparmor.c to load the profile itself, and adjust
AppArmorSetSecurityAllLabel() to reload the profile when stdin_fn is
specified. This patch can be removed in 0.9.3. (LP: #801569)
libvirt (0.9.2-4) unstable; urgency=low
* [398a4dd] New patch Split-out-dlopen-detection.patch. Explicitly pass
-ldl since the lock manager needs it.
* [3be22be] New patch Update-generated-autoconf-files.patch. Update
generated autoconf files
libvirt (0.9.2-3) unstable; urgency=low
* [008e65d] New patch Skip-nodeinfo-test-on-non-intel-architectures.patch:
Skip nodeinfo test on non intel architectures since the testfiles assume a
/proc/cpuinfo specific to this architecture.
libvirt (0.9.2-2) unstable; urgency=low
* [17570fc] Enable OpenVZ on Linux only (Closes: #630099)
* [31a35bc] New patch nodeinfo-remove-superfluous-braces.patch
nodeinfo: remove superfluous braces to fix compilation on non intel
architectures
libvirt (0.9.2-1) unstable; urgency=low
* [c6187ec] New upstream version 0.9.2
* [368375a] Update netcat detection to new code
* [e3319ee] Drop security-plug-regression-introduced-in-disk-probe-lo.patch
applied upstream
* [a1428a7] Refresh patches
* [77590ee] Update symbols
* [0626972] Depend on iproute
* [a1b211d] Version dependency on iptables and drop
Disable-CHECKSUM-rule.patch (Closes: #627595)
libvirt (0.9.1-2) unstable; urgency=high
* [4fbc990] New patch security-plug-regression-introduced-in-disk-probe-lo.
patch (Closes: #629128)
- Fixes: CVE-2011-2178
-- Chuck Short <zulcss at ubuntu.com> Wed, 22 Jun 2011 11:09:15 -0400
** Changed in: libvirt (Ubuntu Oneiric)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2178
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/801569
Title:
apparmor security driver broken in 0.9.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/801569/+subscriptions
More information about the Ubuntu-server-bugs
mailing list