Oh well, I see. Sorry I misunderstood some things here.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing
Oh well, I see. Sorry I misunderstood some things here.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Ancoron, I'm going to add read access to /mnt, /media and /srv vir virt-
aa-helper.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Well, to be correct we should read the domain configuration as well as
the storage pool definitions to correctly set up apparmor rules (just
open them as required and by demand, not by foresight).
Additionally what if someone decides to have an iscsi mounted filesystem
on /opt or using some NFS
Ancoron, this isn't a 'quick hack'. The /mnt, /media and /srv read
permissions are for virt-aa-helper, not the virtual machines. virt-aa-
helper is used by the libvirtd daemon to dynamically update the profiles
for individual VM definitions, and uses the libvirt API extensively.
While
Ancoron, I'm going to add read access to /mnt, /media and /srv vir virt-
aa-helper.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
Well, to be correct we should read the domain configuration as well as
the storage pool definitions to correctly set up apparmor rules (just
open them as required and by demand, not by foresight).
Additionally what if someone decides to have an iscsi mounted filesystem
on /opt or using some NFS
Ancoron, this isn't a 'quick hack'. The /mnt, /media and /srv read
permissions are for virt-aa-helper, not the virtual machines. virt-aa-
helper is used by the libvirtd daemon to dynamically update the profiles
for individual VM definitions, and uses the libvirt API extensively.
While
Just tested it with kernel 2.6.32-20-generic (amd64) and libvirt0
0.7.5-5ubuntu21.
$ sudo virsh -c qemu:///system define /srv/virtual/aria.xml
Domain aria defined from /srv/virtual/aria.xml
$ sudo virsh -c qemu:///system start aria
error: Failed to start domain aria
error: internal error unable
Just tested it with kernel 2.6.32-20-generic (amd64) and libvirt0
0.7.5-5ubuntu21.
$ sudo virsh -c qemu:///system define /srv/virtual/aria.xml
Domain aria defined from /srv/virtual/aria.xml
$ sudo virsh -c qemu:///system start aria
error: Failed to start domain aria
error: internal error unable
libvirt 0.7.5-5ubuntu21 is accepted into lucid, but some of the
intermediate versions were bounced out of the queue for simplicity's
sake - so this didn't get autoclosed. Changelog entry:
libvirt (0.7.5-5ubuntu18) lucid; urgency=low
* handle SDL graphics (LP: #545426). This can be dropped in
libvirt 0.7.5-5ubuntu21 is accepted into lucid, but some of the
intermediate versions were bounced out of the queue for simplicity's
sake - so this didn't get autoclosed. Changelog entry:
libvirt (0.7.5-5ubuntu18) lucid; urgency=low
* handle SDL graphics (LP: #545426). This can be dropped in
** Changed in: libvirt (Ubuntu Lucid)
Status: Triaged = In Progress
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing
** Summary changed:
- SDL support broken
+ SDL support broken when using apparmor
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Could you please attach your /etc/libvirt/qemu.conf and
/etc/libvirt/libvirtd.conf files?
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
Uploaded 0.7.5-5ubuntu18. This adjusts virt-aa-helper to add the xauth
path and a comment in libvirt-qemu for access to /dev/fb*. Upload just
needs to be approved.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are
** Changed in: libvirt (Ubuntu Lucid)
Status: Triaged = In Progress
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Summary changed:
- SDL support broken
+ SDL support broken when using apparmor
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
Could you please attach your /etc/libvirt/qemu.conf and
/etc/libvirt/libvirtd.conf files?
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
** Changed in: libvirt (Ubuntu Lucid)
Status: In Progress = Fix Committed
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
Uploaded 0.7.5-5ubuntu18. This adjusts virt-aa-helper to add the xauth
path and a comment in libvirt-qemu for access to /dev/fb*. Upload just
needs to be approved.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are
** Also affects: libvirt (Ubuntu Lucid)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
** Also affects: libvirt (Ubuntu Lucid)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@Marc: please, let us not think for others. If someone has a reason to
do so it should be completely up to him/her.
I'm using KDE4 currently, and yes, running anything with sudo inside a
terminal does get it displayed on the screen just like expected. Also I
can run the KVM command line directly
@Marc: please, let us not think for others. If someone has a reason to
do so it should be completely up to him/her.
I'm using KDE4 currently, and yes, running anything with sudo inside a
terminal does get it displayed on the screen just like expected. Also I
can run the KVM command line directly
I'm uncomfortable adding the /dev/fb* rule by default, but can add it to
the profile in a commented fashion. While I can reproduce the apparmor
denied errors for ~/.Xauthority, the VM starts up. I guess you are
trying to start the VM without an X session?
Another alternative to adding '/dev/fb*
Regarding the /dev/fb* rule: me too!
We wouldn't need that as long as KVM wouldn't choose the DirectFB
fallback. It seems that the X-stuff required for KVM doesn't get set up
correctly by libvirt.
I already thought of just adding the rules if required. But this would
mean another patch for
No, I'm not starting without an X session.
But it seems to me that libvirt isn't X-session aware at all.
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
/dev/fb* probably shouldn't be in the apparmor profile. I don't think
setting up a graphical VM interface on a server without X is
appropriate.
@Ancoron: What graphical environment are you using? If you do sudo
gedit, does gedit display on your screen?
--
SDL support broken
I'm uncomfortable adding the /dev/fb* rule by default, but can add it to
the profile in a commented fashion. While I can reproduce the apparmor
denied errors for ~/.Xauthority, the VM starts up. I guess you are
trying to start the VM without an X session?
Another alternative to adding '/dev/fb*
Regarding the /dev/fb* rule: me too!
We wouldn't need that as long as KVM wouldn't choose the DirectFB
fallback. It seems that the X-stuff required for KVM doesn't get set up
correctly by libvirt.
I already thought of just adding the rules if required. But this would
mean another patch for
No, I'm not starting without an X session.
But it seems to me that libvirt isn't X-session aware at all.
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
/dev/fb* probably shouldn't be in the apparmor profile. I don't think
setting up a graphical VM interface on a server without X is
appropriate.
@Ancoron: What graphical environment are you using? If you do sudo
gedit, does gedit display on your screen?
--
SDL support broken
Can you please attach the output of the following command:
$ dmesg | grep audit
** Changed in: libvirt (Ubuntu)
Status: New = Incomplete
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
$ dmesg | grep audit
[ 6046.037322] type=1505 audit(1269377190.495:54): operation=profile_load
pid=17852 name=libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815
[ 6046.144800] type=1503 audit(1269377190.606:55): operation=open pid=17858
parent=1 profile=libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815
There's also a bug upstream that looks related (although with SELinux):
https://bugzilla.redhat.com/show_bug.cgi?id=536693
** Bug watch added: Red Hat Bugzilla #536693
https://bugzilla.redhat.com/show_bug.cgi?id=536693
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Triaged
** Changed in: libvirt (Ubuntu)
Importance: Undecided = Medium
** Changed in: libvirt (Ubuntu)
Milestone: None = ubuntu-10.04-beta-2
** Tags added: apparmor lucid
--
SDL support broken
Can you please attach the output of the following command:
$ dmesg | grep audit
** Changed in: libvirt (Ubuntu)
Status: New = Incomplete
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
$ dmesg | grep audit
[ 6046.037322] type=1505 audit(1269377190.495:54): operation=profile_load
pid=17852 name=libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815
[ 6046.144800] type=1503 audit(1269377190.606:55): operation=open pid=17858
parent=1 profile=libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815
There's also a bug upstream that looks related (although with SELinux):
https://bugzilla.redhat.com/show_bug.cgi?id=536693
** Bug watch added: Red Hat Bugzilla #536693
https://bugzilla.redhat.com/show_bug.cgi?id=536693
--
SDL support broken
https://bugs.launchpad.net/bugs/545426
You received
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Triaged
** Changed in: libvirt (Ubuntu)
Importance: Undecided = Medium
** Changed in: libvirt (Ubuntu)
Milestone: None = ubuntu-10.04-beta-2
** Tags added: apparmor lucid
--
SDL support broken
41 matches
Mail list logo
