Note to document this with the original issue:
with a a more recent libvirt/qemu stack (2.5/2.8) or later (maybe before but
that is not important)
-chardev pty,id=charserial0
-device isa-serial,chardev=charserial0,id=serial0
(or both together)
work fine now even without this rule.
Upstream
** Changed in: libvirt (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
"Failed to create chardev" due to
** Changed in: libvirt (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
"Failed to create chardev" due to apparmor DENIED
Oh, I misread, it's only a sub-policy that has cap-fowner.
pt_chown is not exactly trusted to begin with, so I'm not sure i want to
allow all vms to run it with cap-fowner.
Not sure what the best way forward is.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
It's a VM (centos7-based system)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
"Failed to create chardev" due to apparmor DENIED execute of
"/usr/lib/pt_chown"
To manage
Thanks - that's very odd, since your file actually does include
'capability fowner', which is what the syslog says was denied. Are
these qemu vms, or are they containers?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Serge,
libvirt-qemu file is attached on #23 :)Let me know what else you
need.
Note: I did remove the serial console hardware component from the VM since I
didn't need it, and things worked ok after that.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Hi,
you should be able to work around it by adding
capability fowner,
to that file. Note that /etc/apparmor.d/abstractions/libvirt-qemu on my
system already has that. I wonder whether your file libvirt-qemu abstractions
file may be out of date? Can you paste it here?
--
You received this
Lubuntu 15.10 64bit, Lenovo t450s:
I too see this issue. I have this fix in /etc/apparmor.d/abstractions
/libvirt-qemu:
# allow serial console backed by pts chardev (LP: #1342083)
/usr/lib/pt_chown ix,
owner @{PROC}/0-9*/fd/ r,
but still see an apparmor issue in /var/log/kern.log.
I failed to reproduce the original problem, but the -proposed packages
pass the qa regression tests in lp:qa-regression-tests.
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
nevermind, my issue was caused by piuparts messing the /dev/pts mount
permissions..
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
"Failed to create chardev" due to apparmor DENIED
here you go
** Attachment added: "libvirt-qemu"
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1342083/+attachment/4484338/+files/libvirt-qemu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@tjaalton,
can you show the contents of /etc/apparmor.d/abstractions/libvirt-qemu ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
"Failed to create chardev" due to apparmor DENIED
I got this on current wily:
[112561.711239] audit: type=1400 audit(1441743584.472:152): apparmor="DENIED"
operation="open" profile="libvirt-e6d2c4fc-e234-4c35-f059-1bfa1fd67501"
name="/proc/19534/fd/" pid=19534 comm="qemu-system-x86" requested_mask="r"
denied_mask="r" fsuid=121 ouid=121
** Description changed:
+
+ 1. Impact: cannot create pts-backed serial console
+ 2. Fix: grant qemu the needed permissions
+ 3. Test case: Create a vm definition with the xml in #7.
+ 4. Regression potential: there should be no regressions, however
Hello TJ, or anyone else affected,
Accepted libvirt into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.15 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package libvirt - 1.2.16-2ubuntu3
---
libvirt (1.2.16-2ubuntu3) wily; urgency=medium
* debian/apparmor/libvirt-qemu:
allow serial console backed by pts chardev (LP: #1342083)
-- Chris J Arges chris.j.ar...@canonical.com Tue, 07 Jul 2015
16:38:17
This bug was fixed in the package libvirt - 1.2.16-2ubuntu3
---
libvirt (1.2.16-2ubuntu3) wily; urgency=medium
* debian/apparmor/libvirt-qemu:
allow serial console backed by pts chardev (LP: #1342083)
-- Chris J Arges chris.j.ar...@canonical.com Tue, 07 Jul 2015
16:38:17
Ok, thanks - we will add that to the 1.2.16 merge, then we can SRU.
Please note here if you need this SRU'd to vivid, or only to trusty.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Triaged
** Also affects: libvirt (Ubuntu Trusty)
Importance: Undecided
Status: New
--
Ok, thanks - we will add that to the 1.2.16 merge, then we can SRU.
Please note here if you need this SRU'd to vivid, or only to trusty.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Triaged
** Also affects: libvirt (Ubuntu Trusty)
Importance: Undecided
Status: New
--
Serge, I think the real question is how it can work for some people,
without the
/usr/lib/pt_chown ix,
how can it work at all (for VMs with a serial port backed by a pty
device, which should be the default with a typical libvirt deployment).
--
You received this bug notification because you
I made configuration changes when the issue originally occurred and
despite reverting the ones I can identify cannot now reproduce the issue
- although I suspect that is because I've forgotten one or more changes
I made.
--
You received this bug notification because you are a member of Ubuntu
Hi Serge, sorry, I wasn't receiving email notifications (I thought it
happened automatically when one ticked this affects me).
I can't test on that system as it's in production now. I may be able to
test on another system later, but probably not in July. It shouldn't be
difficult to reproduce
(ping)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev due to apparmor DENIED execute of
/usr/lib/pt_chown
To manage notifications about this bug go to:
Could you please test whether just adding
/usr/lib/pt_chown ix,
owner @{PROC}/0-9*/fd/ r,
also suffices?
** Changed in: libvirt (Ubuntu)
Status: Triaged = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev due to apparmor DENIED execute of
Adding:
/usr/lib/pt_chown ix,
owner @{PROC}/[0-9]*/fd/* r,
To /etc/apparmor.d/abstractions/libvirt-qemu fixes the problem for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
pt_chown is executed when adding a serial console backed by a pts
chardev:
It is the same problem as
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/632696
serial type='pty'
target port='0'/
/serial
I get the same error on the second start of the VM after a reboot of
** Changed in: libvirt (Ubuntu)
Status: Confirmed = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev due to apparmor DENIED execute of
Note we are waiting for information to help debug this. Please do not
re-mark this confirmed without first adding the information.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
** Changed in: libvirt (Ubuntu)
Status: Expired = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev due to apparmor DENIED
** Changed in: libvirt (Ubuntu)
Status: Expired = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev due to apparmor DENIED execute of
[Expired for libvirt (Ubuntu) because there has been no activity for 60
days.]
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
[Expired for libvirt (Ubuntu) because there has been no activity for 60
days.]
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks - this is odd, as neither libvirt nor qemu should be calling
pt_chown. I cannot reproduce this locally.
Could you please show screen-by-screen which options you are showing
while creating the new VM in virt-manager?
Also please show the results of:
dpkg -l | grep libvirt
dpkg -l | grep
Serge, there is no XML since the failure occurred during the creation by
virt-manager and it doesn't save a domain XML file if there's a creation
failure, which was why I had to show the log outputs.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Please show the xml for the failing domain.
** Changed in: libvirt (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083
Title:
Failed to create chardev
Thank you for taking the time to report this bug and helping to make Ubuntu
better. Please execute the following command, as it will automatically gather
debugging information, in a terminal:
apport-collect BUGNUMBER
When reporting bugs in the future please use apport by using 'ubuntu-bug' and
38 matches
Mail list logo
