[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
Launchpad has imported 4 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=624151.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2010-08-13T20:32:52+00:00 Jamie wrote:
Someone reported a bug in Ubuntu on pcidev devices not being correctly added
with the AppArmor driver and a patch was submitted:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/29
This patch is not tested but suggests that more than just the AppArmor
driver is affected, so I am forwarding it here. That bug is kinda all
over the place and has various things unrelated to this report.
Here is the comment and submitted patch:
"Patch to allow PCI pass through to work woth app armor. It's currently
missing a couple of files"
--- libvirt-0.7.5.orig/src/util/pci.c 2010-06-11 01:43:41 +
+++ libvirt-0.7.5/src/util/pci.c 2010-06-11 01:45:06 +
@@ -1089,6 +1089,8 @@
*/
if (STREQ(ent->d_name, "config") ||
STRPREFIX(ent->d_name, "resource") ||
+STREQ(ent->d_name, "vendor") ||
+STREQ(ent->d_name, "device") ||
STREQ(ent->d_name, "rom")) {
if (virAsprintf(&file, "%s/%s", pcidir, ent->d_name) < 0) {
virReportOOMError(conn);
Reply at:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/31
On 2010-08-14T20:19:06+00:00 Daniel wrote:
This is rather odd. QEMU appears to use the vendor + device files, but
AFAICK, under SElinux QEMU is working fine without this change. The
patch certainly looks reasonable though.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/33
On 2010-11-05T18:17:21+00:00 Jamie wrote:
I'm just following up on this since we are pulling in 0.8.5 into Ubuntu
and the above isn't committed yet. I can say that at this point Ubuntu
is carrying it in its 10.10 release (libvirt 0.8.3) and there are no
reported regressions.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/35
On 2015-07-28T14:53:21+00:00 Ján wrote:
Identical patch was already pushed upstream:
commit 28d599c5130ee102d5174c01d59eeb14a75a3747
Author: Cédric Bosdonnat
AuthorDate: 2015-04-23 09:32:16 +0200
Commit: Cédric Bosdonnat
CommitDate: 2015-04-24 10:47:41 +0200
Allow access to vendor and device file for PCI device passthrough
For some devices, the $PCIDIR/vendor and $PCIDIR/device need to be
read. Iterate over them to get them as well in the the generated
apparmor profile.
git describe: v1.2.14-282-g28d599c contains: v1.2.15-rc1~57
Reply at:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/comments/43
** Changed in: libvirt (Fedora)
Status: Unknown => Fix Released
** Changed in: libvirt (Fedora)
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/545795
Title:
apparmor driver blocks access to some hostdev and pcidev devices
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix". ** Changed in: libvirt (Ubuntu Lucid) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
Found that this is actually another bug... https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/639712 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
I tried to add a host NIC to one of my VMs using virt-manager. First, I had to enable IOMMU... https://bugs.launchpad.net/fedora/+source/libvirt/+bug/741706 Now I have a different problem: Aug 14 11:44:49 thinkpad kernel: [ 63.432692] kvm_iommu_map_guest: No interrupt remapping support, disallowing device assignment. Re-enble with "allow_unsafe_assigned_interrupts=1" module option. The reason to pass a host NIC to a VM is testing new drivers... guess the use case is not that exotic... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/545795/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
At the moment, I'm using packages from your PPA, so no. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
@Sergey will you be submitting a debdiff any time soon? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
Will this fix go into Lucid any time soon? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
For Lucid: https://launchpad.net/~nutznboltz/+archive/kvm-libvirt-lts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/545795 Title: apparmor driver blocks access to some hostdev and pcidev devices -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
** Branch linked: lp:ubuntu/libvirt -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
This bug was fixed in the package libvirt - 0.8.3-1ubuntu5 --- libvirt (0.8.3-1ubuntu5) maverick; urgency=low * update to allow pcidev and hostdev to work with AppArmor (LP: #545795) - debian/patches/lp-545795.patch: add vendor and device to pciDeviceFileIterate(). Patch submitted upstream and they feel it is reasonable, but not committed yet. This should fix pcidev. - debian/apparmor/usr.lib.libvirt.virt-aa-helper: add read access to /sys/bus/usb/devices/** - debian/apparmor/libvirt-qemu: adjust read access to be /sys/devices/**/usb[0-9]*/** instead of /sys/devices/*/*/usb[0-9]*/**. Patched based on work by Andreas Ntaflos. -- Jamie StrandbogeFri, 20 Aug 2010 09:21:15 -0500 ** Changed in: libvirt (Ubuntu Maverick) Status: Fix Committed => Fix Released -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Lucid) Status: Confirmed => Triaged ** Changed in: libvirt (Ubuntu Maverick) Status: In Progress => Fix Committed -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Maverick) Status: Confirmed => In Progress -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
I went ahead and filed an upstream bug for the attached patch and linked it to this one. ** Bug watch added: Red Hat Bugzilla #624151 https://bugzilla.redhat.com/show_bug.cgi?id=624151 ** Also affects: libvirt (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=624151 Importance: Unknown Status: Unknown ** Changed in: libvirt (Ubuntu Lucid) Status: Incomplete => Confirmed ** Changed in: libvirt (Ubuntu Maverick) Status: Incomplete => Confirmed ** Changed in: libvirt (Ubuntu Lucid) Milestone: ubuntu-10.04.2 => None ** Changed in: libvirt (Ubuntu Lucid) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 545795] Re: apparmor driver blocks access to some hostdev and pcidev devices
** Summary changed: - apparmor driver blocks access to hostdev and pcidev devices + apparmor driver blocks access to some hostdev and pcidev devices -- apparmor driver blocks access to some hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
