libvirt (9.6.0-1) unstable; urgency=medium Local overrides for AppArmor abstractions are now expected to be /etc/apparmor.d/abstractions/libvirt-{qemu,lxc}.d/... instead of /etc/apparmor.d/local/abstractions/libvirt-{qemu,lxc}. The old locations are still accepted for now, but support for them will be dropped in a future release. -- Andrea Bolognani Wed, 02 Aug 2023 21:41:19 +0200 libvirt (8.10.0-2) experimental; urgency=medium Localization for libvirt has been moved to the libvirt-l10n package, which gets installed by default but can later be removed if a smaller footprint is desired. -- Andrea Bolognani Thu, 08 Dec 2022 18:48:24 +0100 libvirt (7.6.0-1) unstable; urgency=medium netcf support is now disabled in libvirt. This results in most virInterface* APIs, as well as the corresponding iface-* virsh commands, becoming non-functional, and mirrors upstream's decision to deprecate the feature. -- Andrea Bolognani Tue, 17 Aug 2021 20:56:14 +0200 libvirt (7.0.0-3) unstable; urgency=medium The $libvirtd_opts variable in /etc/default/libvirtd has been renamed to $LIBVIRTD_ARGS to match upstream and other daemons that are part of libvirt. Other changes have been made to the file as well, so it's recommended to pay extra attention if prompted by dpkg about it during an upgrade. -- Andrea Bolognani Mon, 15 Feb 2021 00:45:40 +0100 libvirt (6.9.0-4) unstable; urgency=medium The configuration for the default network and the default set of nwfilters have been moved from the libvirt-daemon-system package to the new libvirt-daemon-config-network and libvirt-daemon-config-nwfilter packages respectively. -- Andrea Bolognani Thu, 21 Jan 2020 21:54:03 +0100 libvirt (6.9.0-2) experimental; urgency=medium The virt-login-shell tool has been moved from the libvirt-clients package to the new libvirt-login-shell package: this change makes it possible to uninstall this seldomly-used tool if desired. -- Andrea Bolognani Sun, 15 Nov 2020 03:45:44 +0100 libvirt (6.0.0-2) unstable; urgency=medium Since sysv init scripts were split into a separate package, systems not using systemd as init system need to install libvirt-daemon-system-sysv. This helps to support init system specific features on both sysv and systemd based systems. -- Guido Günther Sat, 14 Mar 2020 12:38:09 +0100 libvirt (5.6.0-3) unstable; urgency=medium Just as version 3.7.0-3 separated the storage drivers into individual binary packages - for a smaller amount of default dependencies and the ability to reduce the active codebase for security concerns - this is now done for the connection drivers as well. Internal drivers such as interface, network and storage stay part of the libvirt-daemon package for now. But lxc, qemu, vbox and xen are in packages like libvirt-daemon-driver-. By default libvirt-daemon depends on the qemu connection (most common use case) and recommends the further formerly integrated connection types. This allows users concerned about size or active codebase to remove those drivers they do not use. -- Christian Ehrhardt Thu, 04 Apr 2019 15:07:34 +0200 libvirt (5.0.0-1) unstable; urgency=medium Sheepdog support has been removed since sheepdog is unmaintained in Debian. See #918947. -- Guido Günther Sun, 13 Jan 2019 13:20:54 +0100 libvirt (2.5.0-2) unstable; urgency=medium libvirt-daemon-system now uses the allocated uid and gid 64055 for the libvirt-qemu user and group on new installations, when the uid/gid is available (otherwise a debconf warning is shown). On existing installations, which have different uid/gid values assigned, the recommended procedure is to reassign the uid/gid (might require considerations for ownership/permission changes). No debconf warning is shown in this case; only this NEWS entry. This change is in order to prevent I/O errors during migration of guests with disk image files shared over NFS, caused by the different uid/gid ownership between the source and destination host systems, which leads to access/permission errors with NFS. If guest migration over NFS is not a requirement in the system, there should not be any impact to the guests for not using the allocated uid/gid. -- Mauricio Faria de Oliveira Thu, 18 Nov 2016 13:56:38 -0200 libvirt (1.2.9~rc1-1) experimental; urgency=medium libvirtd now uses PolicyKit instead of unix socket domain permissions for r/w connections. This has the advantage of requiring less reconfiguration when using ACL based access and bringing us closer to upstream's recommendations. In order to keep old configurations working we're still allowing all members of the libvirt group full access via /etc/polkit-1/rules.d/60-libvirt.rules. If you want to continue to use socket permission based access control you can still configure it in /etc/libvirt/libvirtd.conf. -- Guido Günther Sat, 27 Sep 2014 19:22:46 +0200 libvirt (1.1.4-2) unstable; urgency=low If you're using cgroups make sure you're using a different mount per cgroup controller (cpu, memory, ...) that is mounted to /sys/fs/cgroup/. This can be achieved using mount_cgroups in /etc/default/libvirt-bin or by using systemd. Using a single mount point /sys/fs/cgroup for all controllers will no longer work and will prevent vms from starting. See http://libvirt.org/cgroups.html for more information. If you're not using cgroups nothing has to be changed. -- Guido Günther Sun, 01 Dec 2013 19:33:56 +0100 libvirt (1.0.2-3) experimental; urgency=low For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This makes sure image files and volumes aren't accessible by users in the more general and previously used kvm group. To change this behaviour adjust the group option in /etc/libvirt/qemu.conf. -- Guido Günther Tue, 26 Feb 2013 06:30:48 +0100 libvirt (0.8.3-2) unstable; urgency=low Disk format probing is disabled now by default for security reasons (CVE-2010-2237). You need to explicitly add a driver type element to your disk devices in the domain XML: ... Alternatively you can re-enable probing by setting allow_disk_format_probing=1 in /etc/libvirt/qemu.conf but this is insecure. -- Guido Günther Wed, 29 Sep 2010 13:10:02 +0200 libvirt (0.8.1-2) unstable; urgency=low If you're using a script such as /etc/qemu-ifup to set up QEMU network interfaces, have a look at README.Debian about the new config option clear_emulator_capabilities in /etc/libvirt/qemu.conf. When using NAT via libvirt's default network you don't have to change anything. -- Guido Günther Mon, 12 Jul 2010 19:58:35 +0200