[Bug 435527] Re: [regression] apparmor profile not updated on attach and detach of devices
On jaunty I could attach usb devices to a running machine like this: $ virsh attach-device winbox usb-nokia.xml After upgrading to karmic this results in the folloing kernel log: [22389.943569] type=1503 audit(1258461825.254:41): operation=open pid=7705 parent=1 profile=libvirt-9edf0dc3-867a-4ae1-bc7a-acbbd148d44e requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/bus/usb/devices/ As far as I understand it the profile under /etc/apparmor.d/libvirt is not updated properly when attaching a device. -- [regression] apparmor profile not updated on attach and detach of devices https://bugs.launchpad.net/bugs/435527 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 435527] Re: [regression] apparmor profile not updated on attach and detach of devices
It is possible the spurious messages happen when ACPI is initializing in the guest when the attach occurs. This needs to be investigated further to be certain. -- [regression] apparmor profile not updated on attach and detach of devices https://bugs.launchpad.net/bugs/435527 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 435527] Re: [regression] apparmor profile not updated on attach and detach of devices
This bug was fixed in the package libvirt - 0.7.0-1ubuntu8 --- libvirt (0.7.0-1ubuntu8) karmic; urgency=low * debian/patches/9091-apparmor.patch: sync with upstream for maintenance, licensing compliance with upstream and bug fixes: - handle files with spaces in the name (LP: #432810) - add serial, console, kernel and initrd support (LP: #432581) - allow read only access to /boot, /vmlinuz and /initrd.img - allow access to character devices (eg USB devices) - have virt-aa-helper accept XML on stdin, which allows for adding other devices in the future and helps ensure we always have the most up to date definition - update profile on attach and detach of devices (LP: #435527) - add --dryrun option to virt-aa-helper, and greatly improve the virt-aa-helper-test script * revert workaround for LP: #431090 now that kernel, initrd, et al is properly supported * debian/apparmor/usr.sbin.libvirtd: add various capabilities recommended by upstream to prevent potential regressions -- Jamie Strandboge ja...@ubuntu.com Tue, 22 Sep 2009 20:04:58 -0500 ** Changed in: libvirt (Ubuntu) Status: In Progress = Fix Released -- [regression] apparmor profile not updated on attach and detach of devices https://bugs.launchpad.net/bugs/435527 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
