Re: [Bug 1515791] [NEW] apparmor for qemu is too restrictive for USB passthrough
here is the vm's xml configuration: win7 3c21df5e-dfef-4cf5-8e24-aeaa47235205 512 2097152 6 /machine hvm Westmere destroy restart restart /usr/bin/qemu-system-x86_64 libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205 libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205 Saludos, Nahuel Greco. On Fri, Nov 13, 2015 at 6:19 PM, Serge Hallyn <1515...@bugs.launchpad.net> wrote: > Thanks - could you show the vm's xml configuration? (i.e. result of > virsh dumpxml vmname) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1515791 > > Title: > apparmor for qemu is too restrictive for USB passthrough > > Status in libvirt package in Ubuntu: > Incomplete > > Bug description: > When trying to use an USB printer from a QEMU guest (created with > virt-manager) I get many apparmor errors in /var/log/kern.log, like: > > Nov 8 18:08:00 ombu kernel: [ 8603.301618] audit: type=1400 > audit(1447016880.250:195): apparmor="DENIED" operation="open" > profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" > name="/dev/bus/usb/005/016" pid=10345 comm="qemu-system-x86" > requested_mask="rw" denied_mask="rw" fsuid=122 ouid=122 > Nov 12 20:01:35 ombu kernel: [360670.214358] audit: type=1400 > audit(1447369295.810:1531): apparmor="DENIED" operation="open" > profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" > name="/run/udev/data/c189:0" pid=8408 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=122 ouid=0 > > The guest can't see the USB device at all. I solved the problem by > editing /etc/apparmor.d/abstractions/libvirt-qemu changing this line: > >/dev/bus/usb/ r, > > to this: > >/dev/bus/usb/ rw, > > and adding these two lines: > > /dev/bus/usb/*/[0-9]* rw, > /run/udev/** rw, > > And then restarting apparmor and libvirtd. I think a similar > configuration must come included in /etc/apparmor.d/abstractions > /libvirt-qemu by default. > > ProblemType: Bug > DistroRelease: Ubuntu 15.10 > Package: libvirt-bin 1.2.16-2ubuntu11 > Uname: Linux 4.3.0-040300-generic x86_64 > ApportVersion: 2.19.1-0ubuntu4 > Architecture: amd64 > CurrentDesktop: Unity > Date: Thu Nov 12 20:10:16 2015 > InstallationDate: Installed on 2015-10-30 (13 days ago) > InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 > (20151021) > SourcePackage: libvirt > UpgradeStatus: No upgrade log present (probably fresh install) > modified.conffile..etc.apparmor.d.abstractions.libvirt.qemu: [modified] > modified.conffile..etc.libvirt.libvirtd.conf: [modified] > modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] > Permission denied: '/etc/libvirt/qemu.conf'] > modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: > [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml'] > mtime.conffile..etc.apparmor.d.abstractions.libvirt.qemu: > 2015-11-12T20:03:10.223851 > mtime.conffile..etc.libvirt.libvirtd.conf: 2015-11-12T19:32:30.170352 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1515791 Title: apparmor for qemu is too restrictive for USB passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1515791] [NEW] apparmor for qemu is too restrictive for USB passthrough
I simply clicked on "Add Hardware" -> "USB Host Device" and clicked on the USB printer (a Silhouette Cameo 2, not really a printer but a plotter). Saludos, Nahuel Greco. On Fri, Nov 13, 2015 at 5:14 PM, Serge Hallyn <1515...@bugs.launchpad.net> wrote: > Thanks for reporting this bug. > > Can you tell use exactly how you told virt-manager about the printer? > For other types of usb devices (like an ereader) this has definately > created the needed rules for me. > > Adding a blanket '/run/udev/** rw' rule would not be safe, but we should > be able to find a way to add the needed rules through virt-aa-helper. > > status: incomplete > priority: medium > > > ** Changed in: libvirt (Ubuntu) >Importance: Undecided => Medium > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1515791 > > Title: > apparmor for qemu is too restrictive for USB passthrough > > Status in libvirt package in Ubuntu: > Incomplete > > Bug description: > When trying to use an USB printer from a QEMU guest (created with > virt-manager) I get many apparmor errors in /var/log/kern.log, like: > > Nov 8 18:08:00 ombu kernel: [ 8603.301618] audit: type=1400 > audit(1447016880.250:195): apparmor="DENIED" operation="open" > profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" > name="/dev/bus/usb/005/016" pid=10345 comm="qemu-system-x86" > requested_mask="rw" denied_mask="rw" fsuid=122 ouid=122 > Nov 12 20:01:35 ombu kernel: [360670.214358] audit: type=1400 > audit(1447369295.810:1531): apparmor="DENIED" operation="open" > profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" > name="/run/udev/data/c189:0" pid=8408 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=122 ouid=0 > > The guest can't see the USB device at all. I solved the problem by > editing /etc/apparmor.d/abstractions/libvirt-qemu changing this line: > >/dev/bus/usb/ r, > > to this: > >/dev/bus/usb/ rw, > > and adding these two lines: > > /dev/bus/usb/*/[0-9]* rw, > /run/udev/** rw, > > And then restarting apparmor and libvirtd. I think a similar > configuration must come included in /etc/apparmor.d/abstractions > /libvirt-qemu by default. > > ProblemType: Bug > DistroRelease: Ubuntu 15.10 > Package: libvirt-bin 1.2.16-2ubuntu11 > Uname: Linux 4.3.0-040300-generic x86_64 > ApportVersion: 2.19.1-0ubuntu4 > Architecture: amd64 > CurrentDesktop: Unity > Date: Thu Nov 12 20:10:16 2015 > InstallationDate: Installed on 2015-10-30 (13 days ago) > InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 > (20151021) > SourcePackage: libvirt > UpgradeStatus: No upgrade log present (probably fresh install) > modified.conffile..etc.apparmor.d.abstractions.libvirt.qemu: [modified] > modified.conffile..etc.libvirt.libvirtd.conf: [modified] > modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] > Permission denied: '/etc/libvirt/qemu.conf'] > modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: > [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml'] > mtime.conffile..etc.apparmor.d.abstractions.libvirt.qemu: > 2015-11-12T20:03:10.223851 > mtime.conffile..etc.libvirt.libvirtd.conf: 2015-11-12T19:32:30.170352 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1515791 Title: apparmor for qemu is too restrictive for USB passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1515791] [NEW] apparmor for qemu is too restrictive for USB passthrough
Thanks for reporting this bug. Can you tell use exactly how you told virt-manager about the printer? For other types of usb devices (like an ereader) this has definately created the needed rules for me. Adding a blanket '/run/udev/** rw' rule would not be safe, but we should be able to find a way to add the needed rules through virt-aa-helper. status: incomplete priority: medium ** Changed in: libvirt (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1515791 Title: apparmor for qemu is too restrictive for USB passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1515791] [NEW] apparmor for qemu is too restrictive for USB passthrough
Thanks - could you show the vm's xml configuration? (i.e. result of virsh dumpxml vmname) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1515791 Title: apparmor for qemu is too restrictive for USB passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
