** Tags added: maverick
--
virt-aa-helper generate incomplete apparmor profiles with chained backing files
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs
Thank you for taking the time to report this bug and helping to make
Ubuntu better. Please execute the following command, as it will
automatically gather debugging information, in a terminal:
apport-collect 656173
When reporting bugs in the future please use apport, using 'ubuntu-bug'
and
I've been unable to re-produce this issue on either Lucid or Maverick
although they do exhibit different behaviour.
test.qcow2 - test_base.qcow2 - base/lenny_vase.qcow2 (sym link to
lenny.qcow2)
Lucid apparmor profile:
/var/log/libvirt/**/test.log w,
/var/lib/libvirt/**/test.monitor rw,
** Changed in: libvirt (Ubuntu)
Status: New = Incomplete
--
virt-aa-helper generate incomplete apparmor profiles with chained backing files
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
OK; I've now managed to re-produce the issue; It appears that virt-aa-
helper only parses backing_files one level; in this case the full chain
is two levels/three files, so the base qcow2 image is not included in
the apparmor profile:
/var/log/libvirt/**/test.log w,
Enabling the 'allow_disk_format_probing = 1' in /etc/libvirt/qemu.conf
and restarting libvirtd-bin re-instates the automated probing of
backing_files in Maverick.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Confirmed
--
libvirt no longer probes chained backing stores
This behavior changed in libvirt 0.8.3 and the pending lucid-security libvirt
update and is part of the fix for CVE-2010-2237, CVE-2010-2238 and
CVE-2010-2239. From /etc/libvirt/qemu.conf:
# If allow_disk_format_probing is enabled, libvirt will probe disk
# images to attempt to identify their
** Tags added: maverick
--
virt-aa-helper generate incomplete apparmor profiles with chained backing files
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Thank you for taking the time to report this bug and helping to make
Ubuntu better. Please execute the following command, as it will
automatically gather debugging information, in a terminal:
apport-collect 656173
When reporting bugs in the future please use apport, using 'ubuntu-bug'
and
I've been unable to re-produce this issue on either Lucid or Maverick
although they do exhibit different behaviour.
test.qcow2 - test_base.qcow2 - base/lenny_vase.qcow2 (sym link to
lenny.qcow2)
Lucid apparmor profile:
/var/log/libvirt/**/test.log w,
/var/lib/libvirt/**/test.monitor rw,
** Changed in: libvirt (Ubuntu)
Status: New = Incomplete
--
virt-aa-helper generate incomplete apparmor profiles with chained backing files
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
OK; I've now managed to re-produce the issue; It appears that virt-aa-
helper only parses backing_files one level; in this case the full chain
is two levels/three files, so the base qcow2 image is not included in
the apparmor profile:
/var/log/libvirt/**/test.log w,
Enabling the 'allow_disk_format_probing = 1' in /etc/libvirt/qemu.conf
and restarting libvirtd-bin re-instates the automated probing of
backing_files in Maverick.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Confirmed
--
libvirt no longer probes chained backing stores
This behavior changed in libvirt 0.8.3 and the pending lucid-security libvirt
update and is part of the fix for CVE-2010-2237, CVE-2010-2238 and
CVE-2010-2239. From /etc/libvirt/qemu.conf:
# If allow_disk_format_probing is enabled, libvirt will probe disk
# images to attempt to identify their
14 matches
Mail list logo
