[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Lucid) Milestone: ubuntu-10.04.1 = ubuntu-10.04.2 -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
John, while this patch seems ok to me, this is really an upstream bug. Can you submit a bug upstream (http://libvirt.org/bugs.html) and link to it from this bug? Once upstream accepts it, we can cherrypick it for Maverick, verify it and backport it to Lucid. Thanks! -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Maverick) Status: Triaged = Incomplete ** Changed in: libvirt (Ubuntu Lucid) Status: Triaged = Incomplete -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Looks like it needs device as well. Will attach a patch shortly -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Patch to allow PCI pass through to work woth app armor. It's currently missing a couple of files ** Patch added: 8001-apparmor-extras-for-pci-passthru.patch http://launchpadlibrarian.net/50106988/8001-apparmor-extras-for-pci-passthru.patch -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
util/pci.c in function pciDeviceFileIterate needs vendor added as a directory match:wq -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Hi, I think I may also be having this problem, I'm trying to pass through a PCI WinTV NOVA T 500. It's actually a pair of USB DVB-T tuners on a PCI card so it needed the 'three stars' in the /sys path in the apparmour profile. I appended the improved solution: /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, /sys/devices/**/usb[0-9]*/** r, But in the qemu log file I get: husb: open device 10.2 husb: config #1 need -1 husb: 1 interfaces claimed for configuration 1 husb: grabbed usb device 10.2 usb_linux_update_endp_table: Cannot send after transport endpoint shutdown Is this the same problem or have I found a new one? Googeling for that last line finds nothing! I also had to add this to get past the permission denied error: /dev/bus/usb/** rw, Would the output of 'find /sys/devices' be of any use? Regards, James. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Rebooting the PC fixed that problem so I guess something hadn't been reloaded. I've also added /dev/** rwk, to the apparmour profile. Taking it away doesn't stop it from working again, although I've not tried rebooting the host yet. It still doesn't quite work however, as now (on the guest) I see this in lsusb: ja...@myth:~$ lsusb Bus 001 Device 002: ID 2040:9950 Hauppauge Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub but in dmesg I see: [5.806567] dib0700: loaded with support for 13 different device-types [5.816285] dvb-usb: found a 'Hauppauge Nova-T 500 Dual DVB-T' in warm state. [5.816612] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [5.816682] dvb-usb: Hauppauge Nova-T 500 Dual DVB-T error while loading driver (-19) [5.816787] usbcore: registered new interface driver dvb_usb_dib0700 Different problem? Why is it on a USB 1 port? Is the virtual USB hub 1.1? Can I change that? Regards, James. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Hmm, it seems thats actually because usb2 is not supported in KVM? I tried passing through the PCI card itself, but I'm back to permission denied :( device: 03:06.0: driver=pci-assign host=03:06.0 device: 03:06.1: driver=pci-assign host=03:06.1 device: 03:06.2: driver=pci-assign host=03:06.2 get_real_device: /sys/bus/pci/devices/:03:06.0/config: Permission denied pci-assign: Error: Couldn't get real device (03:06.0)! Error initializing device pci-assign apparmour files contains: /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, /sys/devices/**/usb[0-9]*/** r, /sys/bus/pci/devices/ r, /sys/bus/pci/devices/** r, /sys/devices/pci/** r, /dev/shm/ r, /dev/shm/pulse-shm* r, /dev/shm/pulse-shm* rwk, /dev/snd/* rw, /dev/bus/usb/** rw, /dev/** rwk, Is there any way to get access to an apparmor trace file? See what it's accessing? Thanks, James. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Found the apparmour errors in syslog, related to virt-aa helper. I added /sys/devices/** r, to usr.lib.virt-aa-helper and got a bit further. Still getting this: May 10 23:14:25 hal kernel: [ 179.037233] type=1503 audit(1273529665.107:22): operation=open pid=1601 parent=1 profile =libvirt-28b82cfd-52c0-b743-475e-77dde3933f44 requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/pci:00/:00:14.4/:03:06.0/vendor in syslog, but now it's some kind of dynamic profile, but I don't know where the template is to edit? That's it for tonight, I'm going to bed -.- zz Regards, James. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Lucid) Milestone: ubuntu-10.04 = ubuntu-10.04.1 -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Looks like I found it. The VM in my case is trying to access /sys/devices/pci:00/:00:1e.0/:01:04.4/usb6/devnum but the abstractions/libvirt-qemu profile only allows /sys/bus/usb/devices/ r, /sys/devices/*/*/usb[0-9]*/** r, when it should (also) allow /sys/devices/*/*/*/usb[0-9]*/** r, With this line added the guest boots fine and immediately gets access to the USB device. I have attached a patch for this one-line fix, hope it helps. ** Patch added: One-line fix for hostdev access to USB devices http://launchpadlibrarian.net/47796844/libvirt-qemu.patch -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Andreas, can you adjust this to be: /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, /sys/devices/**/usb[0-9]*/** r, and report back if it fixes it for you? ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Released = Incomplete -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Jamie, yes this fixes it. thank you! I notice however some redundancies between abstractions/libvirt-qemu and usr.lib.libvirt.virt-aa-helper? At least the line /sys/bus/usb/devices/ r, appears in both, don't know if that matters any, though. So that's good :) But now I have discovered something else. When booting a VM that has a USB device included in its XML definition (like here: https://daff.pseudoterminal.org/files/vm-usb.txt) now thanks to this fix works fine. *However* trying to attach a USB device while the VM is running (using virt-manager in my case) results in these messages in /var/log/libvirt/qemu/vm.log: usb_create: no bus specified, using usb.0 for usb-host husb: open device 5.2 /dev/bus/usb/005/002: Permission denied husb: open device 5.2 /dev/bus/usb/005/002: Permission denied husb: open device 5.2 And in /var/log/kern.log: May 4 17:01:19 TESTHOST kernel: [79029.932635] type=1503 audit(1272985279.341:1009): operation=open pid=23782 parent=1 profile =libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e requested_mask=rw:: denied_mask=rw:: fsuid=0 ouid=0 name=/dev/bus/usb/005/002 So it seems that access to /dev/bus/usb/** is needed as well? -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Oh and it seems that disconnecting/detaching an USB device from the running VM doesn't work at all? virt-manager complains: Device could not be removed from the running machine. This change will take effect after the next VM reboot But this has probably nothing to do with AppArmor and may just be a shortcoming of Libvirt? Just pointing it out here since it seems to fit. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Andreas, thanks for reporting back. abstractions/libvirt-qemu and usr.lib.libvirt.virt-aa-helper are used by different applications. Eg, virt-aa-helper is confined by the usr.lib.libvirt.virt-aa-helper profile and VMs include the libvirt-qemu abstraction. Please file a different bug regarding hot attach of a USB device. ** Also affects: libvirt (Ubuntu Maverick) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Fix Released ** Changed in: libvirt (Ubuntu Maverick) Status: Fix Released = Triaged ** Changed in: libvirt (Ubuntu Lucid) Status: Incomplete = Triaged ** Changed in: libvirt (Ubuntu Maverick) Milestone: ubuntu-10.04 = None -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
I'm sorry to post to this bug that has a status of Fix released but I am not sure it is really fixed. I have a situation similar too the original poster's concerning a USB card reader that won't make it past AppArmor it seems. Using libvirt-bin 0.7.5-5ubuntu27. Situation: one of our servers was upgraded from Ubuntu 9.10 to 10.04 today. The server runs a few Ubuntu 9.10 VMs, nothing fancy or out of the ordinary. These VMs were defined and installed a few weeks ago, prior to the release of and update to Ubuntu 10.04 (if that matters at all). We've had problems with AppArmor and Libvirt/KVM before so we disabled AppArmor and pass-through of the USB card readers worked fine this way. This situation was not ideal from a security point-of-view but since the host and guests are strictly for internal test and development purposes we went with it. Now I see that a lot has happened with regards to AppArmor, USB and PCI pass-through and Libvirt, so tried again enabling AppArmor. Alas, when starting a VM dmesg and /var/log/kern.log show these entries, repeating every second it seems: May 3 19:44:18 TESTHOST kernel: [ 2407.509182] type=1503 audit(1272908658.618:785): operation=open pid=1532 parent=1 profile =libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e requested_mask=r:: denied_mask=r:: fsuid=0 ouid=0 name=/sys/devices/pci:00/:00:1e.0/:01:04.4/usb6/devnum The guest of course does not get to see anything of the USB device in question. Please find the XML definition of the guest in question here: https://daff.pseudoterminal.org/files/vm-usb.txt After disabling AppArmor (/etc/init.d/apparmor stop) the USB device is again visible in the guest. Why would this happen? The file /etc/apparmor.d/usr.lib.libvirt.virt-aa- helper explicitly states that access to /sys/devices/** should be allowed. Am I missing anything? I can experiment and run tests on this server for the next week or so, so please tell me if I can help debugging anything. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Yes, that worked! :) -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Francesco. Excellent, thanks for your feedback. This will be added in 0.7.5-5ubuntu26. I am going to mark this back to Fix Released since it works some of the time as is. Please file a new bug if 0.7.5-5ubuntu26 doesn't resolve the issue for you. ** Changed in: libvirt (Ubuntu Lucid) Status: Incomplete = Fix Released -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Class, Can you add the following line to /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper: /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, Then perform: $ sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper and try to start the VM again? ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Released = Incomplete -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Err... sorry, that last message was for Francesco, not Claas. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
I'm using libvirt-bin 0.7.5-5ubuntu25 and the bug is still there. Is the fix lost somewhere? My /var/log/libvirt/qemu/storage.log have these lines: usb_create: no bus specified, using usb.0 for usb-host husb: open device 6.2 /dev/bus/usb/006/002: Permission denied husb: open device 6.2 /dev/bus/usb/006/002: Permission denied husb: open device 6.2 /dev/bus/usb/006/002: Permission denied husb: open device 6.2 /dev/bus/usb/006/002: Permission denied husb: open device 6.2 /dev/bus/usb/006/002: Permission denied ... -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Just to confirm something is still not working for me: $ sudo apt-cache showpkg libvirt-bin Package: libvirt-bin Versions: 0.7.5-5ubuntu25 Adding the generic (and unsafe) line: /dev/bus/usb/*/[0-9]* rw, to /etc/apparmor.d/abstractions/libvirt-qemu and reloading profiles works for me so it seems the mechanism to dynamically add host devices to the apparmor profile has been bounced as well or not working anymore. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
FYI: I didn't try the latest fix since apparmor causes all kinds of trouble in the last days. Since I need a stable KVM I didn't test the fix so far. Maybe I have some spare time tomorrow. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Francesco, how did you add this item? Can you attach the XML for the VM in question by using 'virsh dumpxml vmname'. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
I used virt-manager: domain type='kvm' id='5' namestorage/name uuid0175b337-5faf-42ba-d6a7-bb60ec8da4ad/uuid memory1572864/memory currentMemory1572864/currentMemory vcpu1/vcpu os type arch='x86_64' machine='pc-0.12'hvm/type boot dev='hd'/ /os features acpi/ apic/ pae/ /features clock offset='utc'/ on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot on_crashrestart/on_crash devices emulator/usr/bin/kvm/emulator disk type='file' device='disk' driver name='qemu'/ source file='/var/vm/storage.img'/ target dev='vda' bus='virtio'/ /disk disk type='block' device='cdrom' driver name='qemu'/ target dev='hdc' bus='ide'/ readonly/ /disk interface type='network' mac address='52:54:00:4a:80:1e'/ source network='server'/ target dev='vnet4'/ model type='virtio'/ /interface console type='pty' tty='/dev/pts/2' source path='/dev/pts/2'/ target port='0'/ /console console type='pty' tty='/dev/pts/2' source path='/dev/pts/2'/ target port='0'/ /console input type='mouse' bus='ps2'/ graphics type='vnc' port='5901' autoport='yes' keymap='it'/ video model type='cirrus' vram='9216' heads='1'/ /video hostdev mode='subsystem' type='usb' managed='yes' source vendor id='0x03f0'/ product id='0x0317'/ /source /hostdev /devices seclabel type='dynamic' model='apparmor' labellibvirt-0175b337-5faf-42ba-d6a7-bb60ec8da4ad/label imagelabellibvirt-0175b337-5faf-42ba-d6a7-bb60ec8da4ad/imagelabel /seclabel /domain -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
libvirt 0.7.5-5ubuntu21 is accepted into lucid, but some of the intermediate versions were bounced out of the queue for simplicity's sake - so this didn't get autoclosed. Changelog entry: libvirt (0.7.5-5ubuntu19) lucid; urgency=low * fix for hostdev devices (LP: #545795). This can be dropped in 0.7.8 - debian/patches/9021-apparmor-fix-hostdev.patch: adjust virt-aa-helper to handle pci devices. Update valid_path() to have an override array to check against, and add /sys/devices/pci to it. Then rename file_iterate_cb() to file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it. Update tests suite for this and SDL - debian/apparmor/libvirt-qemu: adjust for the above - debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to /sys/devices -- Jamie Strandboge ja...@ubuntu.com Mon, 05 Apr 2010 19:50:15 -0500 ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Committed = Fix Released -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
** Changed in: libvirt (Ubuntu Lucid) Milestone: ubuntu-10.04-beta-2 = ubuntu-10.04 -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Actually, I thought about this some more and I can get this to work for Lucid. ** Changed in: libvirt (Ubuntu Lucid) Status: Won't Fix = In Progress ** Changed in: libvirt (Ubuntu Lucid) Milestone: None = ubuntu-10.04-beta-2 -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Uploaded 0.7.5-5ubuntu19 which fixes this. Just needs to be approved. ** Changed in: libvirt (Ubuntu Lucid) Status: In Progress = Fix Committed -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
I'm going to unmilestone this since it mostly depends on bug #553737. If that bug is fixed, I can add my upstream work to it, otherwise this may have to wait until lucid+1. ** Changed in: libvirt (Ubuntu Lucid) Milestone: ubuntu-10.04-beta-2 = None ** Changed in: libvirt (Ubuntu Lucid) Status: Triaged = In Progress -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
** Changed in: libvirt (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Also affects: libvirt (Ubuntu Lucid) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Triaged ** Changed in: libvirt (Ubuntu Lucid) Milestone: None = ubuntu-10.04-beta-2 -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
