Ubuntu 21.04 (Hirsute Hippo) has reached end of life, so this bug will
not be fixed for that specific release.
** Changed in: libvirt (Ubuntu Hirsute)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubun
** Changed in: libvirt (Debian)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile for libvirtd/libvirt-daemon needs fixing
To m
It's been a year and a half since I submitted this bug, I was on kernel
5.6.0 (mainstream from kernel.org) and now I'm on 5.13.19 and this error
is no longer showing at boot time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
Hi Costinel and Robert,
sorry that we all had dropped the ball on this for a while - it was mostly by
the lack of being able to reproduce it anywhere else that stalled this.
... [imagine a long useless trip trying to re-trigger it, but details of
that would not help] ...
Much better I found that
what is the fix right now?
I get this message only once per kernel lifetime, when libvirtd starts
for the first time.
If I stop and restart libvirtd, it never shows again.
happens both with 20.04 lts kernel and hwe kernel (5.4 and 5.11)
--
You received this bug notification because you are a m
** Tags removed: server-next
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile for libvirtd/libvirt-daemon needs fixing
To manage notifications about this bug go to:
htt
1969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> @Robert - you said you see that since an upgrade to 20.04 - to what
> extend could you try other older libvirt versions?
>
> --
> You received this bug notification because you are subscribed to the bug
: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Mon, 8 Jun 2020, Christian Ehrhardt wrote:
> Date: Mon, 08 Jun 2020 09:04:00 -
> From: Christian Ehrhardt <1881...@bugs.launchpad.net>
> To: nan...@eskimo.com
> Subject: Re: [Bug 1881969] Re: apparmor profile fo
I already got a reply, it didn't ring a bell.
Never the less this is a test worth a try once you are able to do it.
The apparmor maintainer will poke at it a bit more and let me know.
P.S. since we had much earlier reports of the same denial it surely
doesn't have to be the new kernel.
--
You re
@Paride - do you have other scsi adapters we could use. I have tried
both ends - the virtual scsi in KVM and the multi-channel FCP on s390x.
But if you have something more common like an x86 box with a local scsi
adapter we could try - then let me know.
--
You received this bug notification becau
@Robert - you said you see that since an upgrade to 20.04 - to what
extend could you try other older libvirt versions?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile f
On Mon, Jun 8, 2020 at 11:01 AM Robert Dinse <1881...@bugs.launchpad.net>
wrote:
> No these servers are in service providing services to people so I can't
> just reboot at my leisure.
>
Too bad, it is the most likely case atm to further identify the root cause.
If at a maintenance window somewhen
.com
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> Hmm, interesting.
> any chance to reboot into a normal Focal 5.4 kernel for a try if that is part
> of the cause?
>
> --
> You received this bug notification because
Hmm, interesting.
any chance to reboot into a normal Focal 5.4 kernel for a try if that is part
of the cause?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile for libvi
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> I was using this real SCSI disks to check Paride's theory that virtio-
> scsi might be special.
>
> I was using /var on it as well as passing a guest disk with it on either
>
Hmm,
the only other occurrence of net_bind_service was way back when the profiles
were not generated correctly. But since you hit this on re-load the profile is
loaded for sure.
@Robert - just to be sure - do you have the up-to-date package and
conffiles?
ubuntu@s1lp05:~$ dpkg -S /etc/apparmor.
First of all thanks Robert.
Out of the results we have learned that this is really only related to
libvirt (re)starting and not to anything with the guests.
Two capabilities that are hit are:
capname="sys_rawio"
capname="net_bind_service"
I have a system with /var on LVM on SCSI (Fcp) disks.
FYI rurther related links (also talk about scsi disks being related):
- https://github.com/cockpit-project/cockpit/issues/12250
- https://github.com/cockpit-project/cockpit/pull/12545
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
I was using this real SCSI disks to check Paride's theory that virtio-
scsi might be special.
I was using /var on it as well as passing a guest disk with it on either
the multipath or the pure /dev/sda1 device.
Still nothing triggered the denials that we got reported.
--
You received this bug n
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> Christian: do you think it's worth trying to emulate an actual hardware
> controller instead of using virtio-scsi in your nested VM test setup?
> Maybe sys_rawio is not used with vi
Christian: do you think it's worth trying to emulate an actual hardware
controller instead of using virtio-scsi in your nested VM test setup?
Maybe sys_rawio is not used with virtio-scsi.
Robert: I think sharing the XML definition of a VM triggering the
problem would still be useful. You can easil
) 246-6874.
On Fri, 5 Jun 2020, Christian Ehrhardt wrote:
> Date: Fri, 05 Jun 2020 05:34:26 -
> From: Christian Ehrhardt <1881...@bugs.launchpad.net>
> To: nan...@eskimo.com
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
o: nan...@eskimo.com
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> Hmm,
> virt-manager can still set up a lot of different guest configurations.
> I've been using virt-manager guests as well and they don't show this.
>
Hmm,
virt-manager can still set up a lot of different guest configurations.
I've been using virt-manager guests as well and they don't show this.
You said you see these messages after a reboot on auto-start.
Can you try to un-break this a bit.
For example:
a) disable auto-starting the guests, doe
(800) 246-6874.
On Fri, 5 Jun 2020, Christian Ehrhardt wrote:
> Date: Fri, 05 Jun 2020 04:23:39 -
> From: Christian Ehrhardt <1881...@bugs.launchpad.net>
> To: nan...@eskimo.com
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixi
I'd agree and work on adding the rule upstream and into Ubuntu, but what
I need to to do is help to understand "why this triggers for you".
I run libvirt locally and in many tests, but so far have never seen this
apparmor denial.
Although if it is a non fatal bug it is easier to miss ...
The lin
** Changed in: libvirt (Debian)
Status: Unknown => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile for libvirtd/libvirt-daemon needs fixing
To manage
Thanks Robert for this bug report. Looks like this has to be fixed in
the libvirt-daemon-system binary package.
For reference I linked this report to an analogous Debian bug, even if
src:libvirt is not synced from Debian.
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
** Tags adde
** Bug watch added: Debian Bug tracker #931470
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931470
** Also affects: libvirt (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931470
Importance: Unknown
Status: Unknown
--
You received this bug notification because
29 matches
Mail list logo