lp://qastaging/ubuntu/karmic-security/libvirt
- Get this branch:
- bzr branch lp://qastaging/ubuntu/karmic-security/libvirt
Branch merges
Branch information
Recent revisions
- 57. By Jamie Strandboge
-
* SECURITY UPDATE: debian/
patches/ 9902-CVE- 2011-1146. patch: Add missing
checks for read only connections.
- CVE-2011-1146 - 56. By Jamie Strandboge
-
* SECURITY UPDATE: force qemu-img backing stores creation to have a defined
disk format.
- debian/patches/ CVE-2010- 2239: explicitly set the user defined backing
store format when creating a new image
- CVE-2010-2239
* SECURITY UPDATE: fix to disallow privileged users in guests from accessing
privileged resources, such as NFS
- debian/patches/ 9901-CVE- 2010-2242. patch: set iptables masqerading rules
to use ports 1024-65535
- CVE-2010-2242 - 55. By Jamie Strandboge
-
* allow save/restore to work in $HOME. This is a workaround until upstream
https://bugzilla. redhat. com/show_ bug.cgi? id=529363 is fixed. (LP: #457716)
* debian/libvirt- bin.cron. daily: don't comlain if no domain XML definitions
or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607) - 54. By Jamie Strandboge
-
debian/
apparmor/ libvirt- qemu: a couple more fixes for pulseaudio
LP: #453329 - 53. By Jamie Strandboge
-
* debian/
patches/ 9091-apparmor. patch:
- src/virt-aa-helper. c: update to parse XML for guest's architecture and
os.type rather than just trying to make something up.
- tests/virt-aa-helper- test: add some tests for the above and fix another
test
- LP: #448671 - 52. By Dustin Kirkland
-
debian/
patches/ 0005-Close- logfile- fd-after- spawning- qemu.patch: fix
egregious file descriptor leak with cherry-pick from upstream git,
LP: #438815 - 51. By Jamie Strandboge
-
* allow access for sound (LP: #437854)
- abstractions/libvirt- qemu: add very specific rules for allowing ALSA. We
do not use the audio abstraction because the virtual machine runs as root
and therefore DAC cannot be used as a fallback.
- debian/README. Debian: add some text to encourage review of the AppArmor
profiles and abstraction when using in production environments
* debian/libvirt- bin.cron. daily: added to clean out old profiles that are no
longer associated with a virtual machine definition (LP: #438165)
* debian/patches/ 9091-apparmor. patch:
- quote the pid, monitor and logfile in case any of them have weird
characters (complete fix for LP: #432810)
- support <readonly/> for disks - 50. By Jamie Strandboge
-
* debian/
patches/ 9091-apparmor. patch: sync with upstream for maintenance,
licensing compliance with upstream and bug fixes:
- handle files with spaces in the name (LP: #432810)
- add serial, console, kernel and initrd support (LP: #432581)
- allow read only access to /boot, /vmlinuz and /initrd.img
- allow access to character devices (eg USB devices)
- have virt-aa-helper accept XML on stdin, which allows for adding
other devices in the future and helps ensure we always have the most
up to date definition
- update profile on attach and detach of devices (LP: #435527)
- add --dryrun option to virt-aa-helper, and greatly improve the
virt-aa-helper- test script
* revert workaround for LP: #431090 now that kernel, initrd, et al is
properly supported
* debian/apparmor/ usr.sbin. libvirtd: add various capabilities
recommended by upstream to prevent potential regressions - 48. By Jamie Strandboge
-
debian/
apparmor/ libvirt- qemu: workaround eucalyptus serial console,
kernel and initrd location. This should be removed after virt-aa-helper is
able to get these from XML. (LP: #431090)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/natty/libvirt