[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#939036: buster-pu: package libvirt/5.0.0-4+deb10u1

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,
i'd like to update libvirt in pu adding a single new apparmor rule to
allow pygrub which helps xen based setups. Debdiff is attached.
Cheers,
 -- Guido

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff --git a/debian/changelog b/debian/changelog
index 5618e49bd1..29d4aeb690 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libvirt (5.0.0-4+deb10u1) buster; urgency=medium
+
+  [ Tobias Wolter ]
+  * [711f612] apparmor: Allow to run pygrup
+    (Closes: #931768)
+
+ -- Guido Günther <agx@sigxcpu.org>  Sat, 31 Aug 2019 13:38:31 +0200
+
 libvirt (5.0.0-4) unstable; urgency=medium
 
   * [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
diff --git a/debian/patches/apparmor-Allow-run-pygrup.patch b/debian/patches/apparmor-Allow-run-pygrup.patch
new file mode 100644
index 0000000000..5678aad517
--- /dev/null
+++ b/debian/patches/apparmor-Allow-run-pygrup.patch
@@ -0,0 +1,20 @@
+From: Tobias Wolter <towo@b1-systems.de>
+Date: Wed, 21 Aug 2019 10:27:05 +0200
+Subject: apparmor: Allow run pygrup
+
+---
+ src/security/apparmor/usr.sbin.libvirtd | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd
+index c7c52c6..477788e 100644
+--- a/src/security/apparmor/usr.sbin.libvirtd
++++ b/src/security/apparmor/usr.sbin.libvirtd
+@@ -85,6 +85,7 @@
+   /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
+   /usr/{lib,lib64}/xen/bin/* Ux,
+   /usr/lib/xen-*/bin/libxl-save-helper PUx,
++  /usr/lib/xen-*/bin/pygrub PUx,
+ 
+   # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
+   # read and run an ebtables script.
diff --git a/debian/patches/series b/debian/patches/series
index 3d1d86906d..1d298fab6e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,3 +34,4 @@ security/api-disallow-virDomainManagedSaveDefineXML-on-read-only-c.patch
 security/api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
 security/api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
 Include-etc-pki-qemu-in-apparmor.patch
+apparmor-Allow-run-pygrup.patch
Reply to: