Bug#816602: marked as done (libvirt-daemon: Expects qemu-bridge-helper in /usr/libexec/)

Fri, 25 Mar 2016 12:31:21 -0700 

Your message dated Fri, 25 Mar 2016 19:17:08 +0000
with message-id <[email protected]>
and subject line Bug#816602: fixed in libvirt 1.2.9-9+deb8u2
has caused the Debian Bug report #816602,
regarding libvirt-daemon: Expects qemu-bridge-helper in /usr/libexec/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
816602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816602
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libvirt-daemon
Version: 1.2.9-9+deb8u1
Severity: normal

Hi Guido,

$ strings /usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so | grep 
bridge-helper
/usr/libexec/qemu-bridge-helper

# dpkg -S bridge-helper
qemu-system-common: /usr/lib/qemu/qemu-bridge-helper


As <https://lists.gnu.org/archive/html/qemu-devel/2013-11/msg01534.html>
seems to never got applied, the helper is also missing the required
capability CAP_NET_ADMIN, which must be added by running
        setcap cap_net_admin+ep /usr/lib/qemu/qemu-bridge-helper

I choose to put that information in the README.Debian.

Greeting
Philipp

PS: I hope I didn't break some test-suite - at least building the new
version in my pbuilder environment worked okay.

-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvirt-daemon depends on:
ii  libapparmor1        2.9.0-3
ii  libaudit1           1:2.4-1+b1
ii  libavahi-client3    0.6.31-5
ii  libavahi-common3    0.6.31-5
ii  libblkid1           2.25.2-6
ii  libc6               2.19-18+deb8u3
ii  libcap-ng0          0.7.4-2
ii  libdbus-1-3         1.8.20-0+deb8u1
ii  libdevmapper1.02.1  2:1.02.90-2.2
ii  libfuse2            2.9.3-15+deb8u2
ii  libgnutls-deb0-28   3.3.8-6+deb8u3
ii  libnetcf1           1:0.2.3-4.1
ii  libnl-3-200         3.2.24-2
ii  libnl-route-3-200   3.2.24-2
ii  libnuma1            2.0.10-1
ii  libparted2          3.2-7
ii  libpcap0.8          1.6.2-2
ii  libpciaccess0       0.13.2-3+b1
ii  librados2           0.80.7-2+deb8u1
ii  librbd1             0.80.7-2+deb8u1
ii  libsasl2-2          2.1.26.dfsg1-13+deb8u1
ii  libselinux1         2.3-2
ii  libssh2-1           1.4.3-4.1+deb8u1
ii  libsystemd0         215-17+deb8u3
ii  libudev1            215-17+deb8u3
ii  libvirt0            1.2.9-9+deb8u1
ii  libxen-4.4          4.4.1-9+deb8u3
ii  libxenstore3.0      4.4.1-9+deb8u3
ii  libxml2             2.9.1+dfsg1-5+deb8u1
ii  libyajl2            2.1.0-2

Versions of packages libvirt-daemon recommends:
ii  libxml2-utils   2.9.1+dfsg1-5+deb8u1
ii  netcat-openbsd  1.105-7
ii  qemu-kvm        1:2.1+dfsg-12+deb8u5a

Versions of packages libvirt-daemon suggests:
ii  libvirt-daemon-system  1.2.9-9+deb8u1

-- no debconf information

--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -357,7 +357,7 @@
 # is used to create <source type='bridge'> interfaces when libvirtd is
 # running unprivileged.  libvirt invokes the helper directly, instead
 # of using "-netdev bridge", for security reasons.
-#bridge_helper = "/usr/libexec/qemu-bridge-helper"
+#bridge_helper = "/usr/lib/qemu/qemu-bridge-helper"
 
 
 
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -244,7 +244,7 @@ virQEMUDriverConfigPtr virQEMUDriverConf
             goto error;
     }
 
-    if (VIR_STRDUP(cfg->bridgeHelperName, "/usr/libexec/qemu-bridge-helper") < 0)
+    if (VIR_STRDUP(cfg->bridgeHelperName, "/usr/lib/qemu/qemu-bridge-helper") < 0)
         goto error;
 
     cfg->clearEmulatorCapabilities = true;
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -56,7 +56,7 @@ module Test_libvirtd_qemu =
 { "auto_dump_bypass_cache" = "0" }
 { "auto_start_bypass_cache" = "0" }
 { "hugetlbfs_mount" = "/dev/hugepages" }
-{ "bridge_helper" = "/usr/libexec/qemu-bridge-helper" }
+{ "bridge_helper" = "/usr/lib/qemu/qemu-bridge-helper" }
 { "clear_emulator_capabilities" = "1" }
 { "set_process_name" = "1" }
 { "max_processes" = "0" }
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -51,6 +51,18 @@ EOF
 This makes dnsmasq only bind to the loopback interface by default so libvirtd
 can handle the virtual bridges.
 
+Bridged network
+===============
+libvirt can use the qemu-bridge-helper to create bridged network interfaces for
+session domains. For this to work the helper must have the capability to create
+TUN/TAP devices or must have the SUID permission set.
+This can be done by running the following command as the user root:
+
+    setcap cap_net_admin+ep /usr/lib/qemu/qemu-bridge-helper
+
+The allowed bridges must be configured in the file '/etc/qemu/bridge.conf'. For
+each bridge add a line like 'allow br0'.
+
 Access Control
 ==============
 Access to the libvirt managing tasks is controlled by PolicyKit. To ease

--- End Message ---
--- Begin Message --- 
Source: libvirt
Source-Version: 1.2.9-9+deb8u2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 25 Mar 2016 11:19:45 +0100
Source: libvirt
Binary: libvirt-bin libvirt-clients libvirt-daemon libvirt-daemon-system 
libvirt0 libvirt0-dbg libvirt-doc libvirt-dev libvirt-sanlock
Architecture: all source
Version: 1.2.9-9+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Debian Libvirt Maintainers 
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Closes: 808273 816602
Description: 
 libvirt0-dbg - library for interfacing with different virtualization systems
 libvirt0   - library for interfacing with different virtualization systems
 libvirt-bin - programs for the libvirt library
 libvirt-clients - programs for the libvirt library
 libvirt-daemon - programs for the libvirt library
 libvirt-daemon-system - Libvirt daemon configuration files
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt-sanlock - library for interfacing with different virtualization systems
Changes:
 libvirt (1.2.9-9+deb8u2) jessie; urgency=medium
 .
   [ Philipp Hahn ]
   * [16e52e6] CVE-2015-5313: Don't allow allow '/' in filesystem volume
     (Closes: #808273)
   * [e69dd73] libvirt-daemon: Expect qemu-bridge-helper in /usr/lib/qemu
     like we fixed #790935 in sid. (Closes: #816602)
 .
   [ Guido Günther ]
   * [72db643] Allow autopkg tests to print to stderr
Checksums-Sha1: 
 9f5811fd4ce1b87b20177151294b09c9c617b69e 3591 libvirt_1.2.9-9+deb8u2.dsc
 ca7fb27e40f26e59b3865f926ec9bcce4bba6097 59840 
libvirt_1.2.9-9+deb8u2.debian.tar.xz
 b78a8e30a4a859966bc7a133b4b5f48db92d62b6 1207918 
libvirt-doc_1.2.9-9+deb8u2_all.deb
Checksums-Sha256: 
 bb7e81cb2bd3075a32bda82ace25215cae0afe93b1af0fb697ea3f63f4d7c0df 3591 
libvirt_1.2.9-9+deb8u2.dsc
 703c9baf62e53da7a02d60c9f8ada837b3b81cc25fe1f860478c32db071979c5 59840 
libvirt_1.2.9-9+deb8u2.debian.tar.xz
 4dbf3cff0f6fc16ac1d49f9d10f041df96097e830646c388820e5288f703dbfe 1207918 
libvirt-doc_1.2.9-9+deb8u2_all.deb
Files: 
 ae9fdeea02a8800b608b0ea09a3ea4dc 3591 libs optional libvirt_1.2.9-9+deb8u2.dsc
 f0b53a50ce8e709772399d03bd671a0e 59840 libs optional 
libvirt_1.2.9-9+deb8u2.debian.tar.xz
 595aecf8d0a75186ecfa272abdf138ac 1207918 doc optional 
libvirt-doc_1.2.9-9+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJW9UQ9AAoJEAe4t7DqmBILTjMP/ihPB3lBD8PC0J5hD7lYXtpt
KelgmaXml1iuAj2RBwg+HO5vGRqB34ZaKZ69fVQd68VKKAe01O8+cdzQDEYcFO4G
VjjdINgM35GZupZNlADIfZ2wplKNoEZ5ChsKijwoqyr0Yr0q0TsgOAnNKE5QacYn
cJrXJz9Ye+OcbL7DaFNrg9fzAkrKya++6nEiJdbh5kKLHhmNfTPr0dwcqOUdc6rG
TGknjHOWpkPk+D/Npisz+asht2r91EzrarRTnph8AS49zMh7HEQJ9r+WcFy8YleG
81ZTmP5ThKqY1S3FDvk+7YkiXJOT/ckxFkOh9+RuXMjPpL68KsbT/GfeNKUfY/QP
xFMwkXAgAzCj4T30sNbjnwbCKCLadp2JJu/7L3fFAQ8LknR8zibAVmEa+9ZC4+jM
xAKtVGEiQDwGRjKhiOLDFCeFTm6FgW6gwlZ8FLDO4F5dNaWYYGylUStL8XUPz/JV
Av6XD4zxAe918WzxsIGBfuW6/krKhUiWOSHR5gOlX0PV+AS4pdNhYBWIR63PIR2D
oU1X35BWIlNvSz3MQzYFMBFbh+egbZWMnerjEecOc45prglnyJWj35AWTR9k7iU/
30ttTPu0cEP0/V0JHWC89OooXy1VbJjycg8zhv4FBbb3EN0YYGJnSmbin2s6Me3L
9mgaiN+7oF4MaXoUKzhw
=IVFh
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to