[Bug 454566] Re: False positive for SucKit

[Thomas Mayer]

Fedora fixed it in FC21 with chkrootkit-0.50-4.fc2.
https://bugzilla.redhat.com/show_bug.cgi?id=636231#c1

** Bug watch added: Red Hat Bugzilla #636231
   https://bugzilla.redhat.com/show_bug.cgi?id=636231

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to chkrootkit in Ubuntu.
https://bugs.launchpad.net/bugs/454566

Title:
  False positive for SucKit

To manage notifications about this bug go to:
https://bugs.launchpad.net/server-papercuts/+bug/454566/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 579584] Re: setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu

[Thomas Mayer]

Hello,

I just updated from jaunty to karmic and then to lucid.
After that, I had the same problem and I could not boot my images any more. 
Maybe apparmor was installed automatically and caused the problem when starting 
a guest:

error: Failed to start domain 220_trxerdpd330_installtest
error: internal error unable to start guest: libvir: QEMU error : cannot change 
to '114' group: Operation not permitted

after adding the following lines in /etc/apparmor.d/libvirt-qemu the problem 
was solved:
capability setgid,
capability setuid,

The xml of my guest looks like this

domain type='kvm'
  name220_trxerdpd330_installtest/name
  uuid87cb0f4f-1d8f-4e8b-2a1f-4cda94aca1ec/uuid
  memory524288/memory
  currentMemory524288/currentMemory
  vcpu2/vcpu
  os
type arch='x86_64' machine='pc'hvm/type
boot dev='hd'/
  /os
  features
acpi/
apic/
pae/
  /features
  clock offset='utc'/
  on_poweroffdestroy/on_poweroff
  on_rebootrestart/on_reboot
  on_crashrestart/on_crash
  devices
emulator/usr/bin/kvm/emulator
disk type='file' device='disk'
  source file='/home/vms/220_trxerdpd330_installtest.img'/
  target dev='hda' bus='ide'/
/disk
disk type='file' device='cdrom'
  target dev='hdc' bus='ide'/
  readonly/
/disk
interface type='bridge'
  mac address='00:16:36:4e:bd:fb'/
  source bridge='br0'/
/interface
serial type='pty'
  source path='/dev/pts/4'/
  target port='0'/
/serial
console type='pty' tty='/dev/pts/4'
  source path='/dev/pts/4'/
  target port='0'/
/console
input type='mouse' bus='ps2'/
graphics type='vnc' port='6220' autoport='no' keymap='de'/
  /devices
/domain

When I mount a readonly cd image, I get similar errors:

I think there are two issues:
1. libvirt should not chown/chgrp/chmod images, especially not readonly images
2. apparmor profile should correspond to libvirt.

-- 
setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu
https://bugs.launchpad.net/bugs/579584
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs