Hello Kevin, or anyone else affected,
Accepted libvirt into trusty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.18 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
http
This bug was fixed in the package libvirt - 1.2.12-0ubuntu14.3
---
libvirt (1.2.12-0ubuntu14.3) vivid; urgency=medium
* virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
-- Serge Hallyn Wed, 04 Nov 2015 11:23:08
-0600
** Changed in: libvirt (Ubuntu Vivid)
This bug was fixed in the package libvirt - 1.2.16-2ubuntu11.15.10.1
---
libvirt (1.2.16-2ubuntu11.15.10.1) wily; urgency=medium
* virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
-- Serge Hallyn Wed, 04 Nov 2015 11:17:20
-0600
** Changed in: libvirt (Ubuntu
thanks for testing!
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1511830
Title:
apparmor denies VM startup when image is netwo
Apologies for the delay in getting the test done.
Test procedure:
- Enable proposed per instructions
- Update packages
# apt-get -t wily-proposed install libvirt-bin
...
Setting up libvirt0 (1.2.16-2ubuntu11.15.10.1) ...
Setting up libvirt-bin (1.2.16-2ubuntu11.15.10.1) ...
...
- Reload apparmor p
Hello Kevin, or anyone else affected,
Accepted libvirt into wily-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/libvirt/1.2.16-2ubuntu11.15.10.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
ht
** Description changed:
+ =
+ SRU Justification
+ Impact: cannot start vms on nfs mounted disk images
+ Testcase: set up libvirt managed nfs mount, try to start a vm on it.
+ Fix: add 'network ipv6' permission to virt-aa-helper's apparmor policy.
+ Regressio
** Changed in: libvirt (Ubuntu)
Importance: Undecided => High
** Changed in: libvirt (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: libvirt (Ubuntu Vivid)
Importance: Undecided => High
** Changed in: libvirt (Ubuntu Wily)
Importance: Undecided => High
--
You received
** Also affects: libvirt (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Vivid)
Importance: Undecided
Status: New
--
You received this bug notification becau
This bug was fixed in the package libvirt - 1.2.16-2ubuntu12
---
libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
* virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
-- Serge Hallyn Mon, 02 Nov 2015 11:49:56
-0600
** Changed in: libvirt (Ubuntu)
Status
The apparmor_parser ... command did the trick.
Just need to put the "network inet6," in the package for the next release then?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1511830
Title:
apparmor d
Kevin, be sure that you ran 'sudo apparmor_parser -r
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper' for you change to take
affect in the policy.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1511830
As Christian mentioned, just need to adjust the virt-aa-helper policy.
Removing the apparmor task.
** No longer affects: apparmor (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1511830
Title:
Now this is bizarre. The first start of the VM after restarting libvirt-
bin succeeds. Once I shut down the VM and try to start it again, I get
the same DENIED message in syslog.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://
Ah ha! I was looking in the abstractions.d for the actual VM
definitions. I hadn't thought to look up a level for the virt-aa-helper
definition.
Sure enough, adding "network inet6," just below the "network inet," and
restarting the libvirt-bin service caused the VM to be able to start.
--
You re
The log message says family="inet6" so you'll need "network inet6
stream," (inet != inet6 ;-)
"stream" is an optional restriction - I'd recommend to add it (also to
the existing "network inet," rule, assuming that only "stream" is
needed) to avoid superfluous permissions.
--
You received this bu
Thanks for reporting this bug.
Can you show the xml for the libvirt managed nfs storage and for the VM?
The virt-aa-helper policy has
# needed for when disk is on a network filesystem
network inet,
Which I suspect should prevent this from happening, so I will target
this at apparmor.
** A
17 matches
Mail list logo
