Comment 2 for bug 1709818

This bug was fixed in the package libvirt - 3.6.0-1ubuntu1

---------------
libvirt (3.6.0-1ubuntu1) artful; urgency=medium

  * Merged with Debian unstable (3.6)
    This closes several bugs:
    - aarch64: improved chardev handling (LP: #1697610)
    - Forbid locking memory without memtune (LP: #1708305)
  * Remaining changes:
    - Disable sheepdog (universe dependency)
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Disable selinux
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Regularly clear AppArmor profiles for vms that no longer exist
    - Additional apport package-hook
    - Modifications to adapt for our delayed switch away from libvirt-bin (can
      be dropped >18.04).
      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
        to old service name so that old references work
      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
        to old service name so that old references work
      + d/control: transitional package with the old name and maintainer
        scripts to handle the transition
    - Backwards compatible handling of group rename (can be dropped >18.04).
    - config details and autostart of default bridged network. Creating that is
      now the default in general, yet our solution provides the following on
      top as of today:
      + nat only on some ports <port start='1024' end='65535'/>
      + autostart the default network by default
      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
      which provided a separate kvm-spice.
    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
      section that adapts the path of the emulator to the Debian/Ubuntu
      packaging is kept.
    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
      set VRAM to minimum requirements
    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
    - Add libxl log directory
    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
      Xen dom0 via user profile (was missing on changelogs before)
    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
      included_files to avoid build failures due to duplicate definitions.
    - Update README.Debian with Ubuntu changes
    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - fix conffile upgrade handling to avoid obsolete files
      and inactive duplicates (LP 1694159)
    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
      vmlinuz available and accessible (Debian bug 848314)
    - d/test/smoke-lxc workaround for debbug 848317/867379
    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
    - Extended handling of apparmor profiles - clear lost profiles via cron
    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
      no more UCA onto Xenial then which has global dnsmasq by default).
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
      + /etc/init.d/virtlockd was sysv init only
      + /etc/apparmor.d/local/usr.sbin.libvirtd and
        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
        by dh_apparmor as needed
    - Reworked apparmor Delta, especially the more complex delta is dropped
      now, also our former delta is now split into logical pieces, has
      improved comments and is part of a continuous upstreaming effort.
      Listing related remaining changes:
      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
        Allow pygrub to run on Debian/Ubuntu
      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
        libvirt-qemu: Allow macvtap access
      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
        apparmor, libvirt-qemu: Allow read access to overcommit_memory
      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
        deny for setpcap
      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
        libvirt-qemu: Allow use of sgabios
      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
        apparmor, libvirt-qemu: Silence lttng related deny messages
      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
        apparmor, libvirt-qemu: Allow read access to sysfs system info
      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
        apparmor, libvirt-qemu: Allow read access to max_mem_regions
      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
        apparmor, libvirt-qemu: Allow access to hugepage mounts
      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
        apparmor, libvirtd: Allow access to netlink sockets
      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
        apparmor: Add rules for mediation support
      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
        apparmor, virt-aa-helper: Improve comment about backing store
      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
        apparmor, virt-aa-helper: Allow access to ecryptfs files
      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
        apparmor, virt-aa-helper: Allow access to tmp directories
      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
        apparmor, virt-aa-helper: Add ipv6 network policy
      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
        apparmor, virt-aa-helper: Add openvswitch support
      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
        references to qemu-kvm
      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
        won't call qemu-nbd
      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
        apparmor, virt-aa-helper: Allow access to name services
      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
        /dev/vfio for vf (hot) attach (LP 1680384).
      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
        apparmor: allow to parse cmdline of the pid that send the shutdown
        signal (LP 1680384).
      + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
        apparmor: add default pki path of lbvirt-spice (LP 1690140)
      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
        add l to 9p file options.
      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
  * Dropped Changes (Upstream):
    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
      default driver entries missing name='qemu'.
    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
      Fix to be able to follow BackinStorage chains when creating per
      guest apparmor rules.
  * Dropped Changes (In Debian):
    - Enable esx support
      + Add build-dep to libcurl4-gnutls-dev (required for esx)
  * Added Changes:
    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
      for compatibility with the behavior of qemu 2.10 this adds locking
      permission to rules generated for disk files (LP: #1709818)

 -- Christian Ehrhardt <email address hidden> Thu, 10 Aug 2017 12:44:47 +0200