libvirt (10.10.0-2) experimental; urgency=medium nftables is now used by default in the network driver. This makes it finally possible to use libvirt without having iptables installed on the system, but there are still a couple of caveats: * the nwfilter driver hasn't been converted to nftables yet, so if that's installed iptables will be dragged in; * the libvirt-daemon-system package, now a convenient way to quickly bring up a reasonably featured QEMU-based hypervisor, depends on both the network and nwfilter drivers, which means that going that route will cause iptables to be installed and used for both. If not having iptables present on the system is a hard requirement, individual libvirt components (obviously excluding the nwfilter driver) will have to be selected and installed manually. -- Andrea Bolognani Thu, 05 Dec 2024 23:38:13 +0100 libvirt (10.6.0-2) experimental; urgency=medium The package has been reworked significantly. All the various drivers and storage backends come in their own separate binary packages now, which makes it possible to install exactly as many or as few as desired. The system-wide configuration for the libvirtd daemon is no longer shipped separately from the daemon itself, as was the case until now. The libvirt-daemon-system package still exists, but it's now simply a convenient way to install the "typical" libvirt deployment consisting of all the components needed to run a QEMU-based hypervisor. -- Andrea Bolognani Sat, 24 Aug 2024 11:01:43 +0200 libvirt (9.6.0-1) unstable; urgency=medium Local overrides for AppArmor abstractions are now expected to be /etc/apparmor.d/abstractions/libvirt-{qemu,lxc}.d/... instead of /etc/apparmor.d/local/abstractions/libvirt-{qemu,lxc}. The old locations are still accepted for now, but support for them will be dropped in a future release. -- Andrea Bolognani Wed, 02 Aug 2023 21:41:19 +0200 libvirt (8.10.0-2) experimental; urgency=medium Localization for libvirt has been moved to the libvirt-l10n package, which gets installed by default but can later be removed if a smaller footprint is desired. -- Andrea Bolognani Thu, 08 Dec 2022 18:48:24 +0100 libvirt (7.6.0-1) unstable; urgency=medium netcf support is now disabled in libvirt. This results in most virInterface* APIs, as well as the corresponding iface-* virsh commands, becoming non-functional, and mirrors upstream's decision to deprecate the feature. -- Andrea Bolognani Tue, 17 Aug 2021 20:56:14 +0200 libvirt (7.0.0-3) unstable; urgency=medium The $libvirtd_opts variable in /etc/default/libvirtd has been renamed to $LIBVIRTD_ARGS to match upstream and other daemons that are part of libvirt. Other changes have been made to the file as well, so it's recommended to pay extra attention if prompted by dpkg about it during an upgrade. -- Andrea Bolognani Mon, 15 Feb 2021 00:45:40 +0100 libvirt (6.9.0-4) unstable; urgency=medium The configuration for the default network and the default set of nwfilters have been moved from the libvirt-daemon-system package to the new libvirt-daemon-config-network and libvirt-daemon-config-nwfilter packages respectively. -- Andrea Bolognani Thu, 21 Jan 2020 21:54:03 +0100 libvirt (6.9.0-2) experimental; urgency=medium The virt-login-shell tool has been moved from the libvirt-clients package to the new libvirt-login-shell package: this change makes it possible to uninstall this seldomly-used tool if desired. -- Andrea Bolognani Sun, 15 Nov 2020 03:45:44 +0100 libvirt (6.0.0-2) unstable; urgency=medium Since sysv init scripts were split into a separate package, systems not using systemd as init system need to install libvirt-daemon-system-sysv. This helps to support init system specific features on both sysv and systemd based systems. -- Guido Günther Sat, 14 Mar 2020 12:38:09 +0100 libvirt (5.6.0-3) unstable; urgency=medium Just as version 3.7.0-3 separated the storage drivers into individual binary packages - for a smaller amount of default dependencies and the ability to reduce the active codebase for security concerns - this is now done for the connection drivers as well. Internal drivers such as interface, network and storage stay part of the libvirt-daemon package for now. But lxc, qemu, vbox and xen are in packages like libvirt-daemon-driver-. By default libvirt-daemon depends on the qemu connection (most common use case) and recommends the further formerly integrated connection types. This allows users concerned about size or active codebase to remove those drivers they do not use. -- Christian Ehrhardt Thu, 04 Apr 2019 15:07:34 +0200 libvirt (5.0.0-1) unstable; urgency=medium Sheepdog support has been removed since sheepdog is unmaintained in Debian. See #918947. -- Guido Günther Sun, 13 Jan 2019 13:20:54 +0100 libvirt (2.5.0-2) unstable; urgency=medium libvirt-daemon-system now uses the allocated uid and gid 64055 for the libvirt-qemu user and group on new installations, when the uid/gid is available (otherwise a debconf warning is shown). On existing installations, which have different uid/gid values assigned, the recommended procedure is to reassign the uid/gid (might require considerations for ownership/permission changes). No debconf warning is shown in this case; only this NEWS entry. This change is in order to prevent I/O errors during migration of guests with disk image files shared over NFS, caused by the different uid/gid ownership between the source and destination host systems, which leads to access/permission errors with NFS. If guest migration over NFS is not a requirement in the system, there should not be any impact to the guests for not using the allocated uid/gid. -- Mauricio Faria de Oliveira Thu, 18 Nov 2016 13:56:38 -0200 libvirt (1.2.9~rc1-1) experimental; urgency=medium libvirtd now uses PolicyKit instead of unix socket domain permissions for r/w connections. This has the advantage of requiring less reconfiguration when using ACL based access and bringing us closer to upstream's recommendations. In order to keep old configurations working we're still allowing all members of the libvirt group full access via /etc/polkit-1/rules.d/60-libvirt.rules. If you want to continue to use socket permission based access control you can still configure it in /etc/libvirt/libvirtd.conf. -- Guido Günther Sat, 27 Sep 2014 19:22:46 +0200 libvirt (1.1.4-2) unstable; urgency=low If you're using cgroups make sure you're using a different mount per cgroup controller (cpu, memory, ...) that is mounted to /sys/fs/cgroup/. This can be achieved using mount_cgroups in /etc/default/libvirt-bin or by using systemd. Using a single mount point /sys/fs/cgroup for all controllers will no longer work and will prevent vms from starting. See http://libvirt.org/cgroups.html for more information. If you're not using cgroups nothing has to be changed. -- Guido Günther Sun, 01 Dec 2013 19:33:56 +0100 libvirt (1.0.2-3) experimental; urgency=low For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This makes sure image files and volumes aren't accessible by users in the more general and previously used kvm group. To change this behaviour adjust the group option in /etc/libvirt/qemu.conf. -- Guido Günther Tue, 26 Feb 2013 06:30:48 +0100 libvirt (0.8.3-2) unstable; urgency=low Disk format probing is disabled now by default for security reasons (CVE-2010-2237). You need to explicitly add a driver type element to your disk devices in the domain XML: ... Alternatively you can re-enable probing by setting allow_disk_format_probing=1 in /etc/libvirt/qemu.conf but this is insecure. -- Guido Günther Wed, 29 Sep 2010 13:10:02 +0200 libvirt (0.8.1-2) unstable; urgency=low If you're using a script such as /etc/qemu-ifup to set up QEMU network interfaces, have a look at README.Debian about the new config option clear_emulator_capabilities in /etc/libvirt/qemu.conf. When using NAT via libvirt's default network you don't have to change anything. -- Guido Günther Mon, 12 Jul 2010 19:58:35 +0200