lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: libvirt (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: libvirt (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
@Level15,
please file a new bug, as yours is different from what this bug fixed.
** Changed in: libvirt (Ubuntu Oneiric)
Status: Confirmed = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
@Level15,
please file a new bug, as yours is different from what this bug fixed.
** Changed in: libvirt (Ubuntu Oneiric)
Status: Confirmed = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libvirt (Ubuntu Oneiric)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libvirt (Ubuntu Lucid)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
Title:
I am running Precise but the bug continues to affect me, despite it
being marked as solved. This is what I get on libvirt.log:
2013-11-01 12:10:57.180+: 21958: warning : AppArmorSetImageFDLabel:799 :
could not find path for descriptor /proc/self/fd/21, skipping
2013-11-01 12:10:57.430+:
** Branch linked: lp:ubuntu/libvirt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
Title:
Apparmor prevents KVM tunnelled migration
To manage notifications about this bug go to:
** Description changed:
===
SRU Justification:
1. Impact: tunnelled migration fails
2. Development fix: adjust the apparmor security driver in libvirt to allow
guests the access to the tunneled migration info
3. Stable fix: same as development fix
** Changed in: libvirt (Ubuntu Maverick)
Status: New = Won't Fix
** Changed in: libvirt (Ubuntu Natty)
Status: New = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
** Description changed:
===
SRU Justification:
1. Impact: tunnelled migration fails
2. Development fix: adjust the apparmor security driver in libvirt to allow
guests the access to the tunneled migration info
3. Stable fix: same as development fix
** Description changed:
+ ===
+ SRU Justification:
+ 1. Impact: tunnelled migration fails
+ 2. Development fix: adjust the apparmor security driver in libvirt to allow
guests the access to the tunneled migration info
+ 3. Stable fix: same as development fix
+
Serge,
Sorry for the delay.
This patch seems fine assuming that the behavior is expected (ie, the path is
deleted intentionally). I think I'd prefer to use VIR_WARN() instead of
virSecurityReportError(). Perhaps:
VIR_WARN(could not find path for descriptor %s, skipping, proc);
IIRC, the
This bug was fixed in the package libvirt - 0.9.7-2ubuntu4
---
libvirt (0.9.7-2ubuntu4) precise; urgency=low
* debian/apparmor/usr.sbin.libvirtd:
- allow access to /etc/libvirt/hooks/** (LP: #891472)
- #include local/usr.sbin.libvirtd for site-local customizations
*
@Jamie,
With this debdiff I am able to do tunnelled migration on precise.
I think it's ok to do, but I'll wait for you to take a look before
sending it upstream and pushing to the archive.
** Patch added: libvirt-tunnel.debdiff
@Simon,
I will send apply/test this patch on precise and send the result
upstream in the next few days. If you were intending to do that
yourself, please let me know and sorry for stepping on your toes :)
Thanks again for your patch.
--
You received this bug notification because you are a
If you were intending to do that yourself, please let me know and
sorry for stepping on your toes :)
Oh no, be my guest. Thanks a lot for taking care of this (as well as LP:
#869590).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
This bug was fixed in the package libvirt - 0.9.7-2ubuntu2
---
libvirt (0.9.7-2ubuntu2) precise; urgency=low
* apparmor-allow-tunnelled-migration.patch: adjust virt-aa-helper to
allow tunnelled migration (LP: #869553)
(Thanks to Simon Deziel simon.dez...@gmail.com)
* fix
While this patch sufficed in lucid, it did not in precise. We'll have
to figure out what else is needed so that we can send a working patch
upstream.
** Also affects: libvirt (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Maverick)
Importance:
2011-11-18 23:43:36.939: 4980: debug : qemuProcessStart:3129 : setting security
label on pipe used for migration
2011-11-18 23:43:36.940: 4980: error : AppArmorSetImageFDLabel:795 : internal
error could not find path for descriptor
is what i get in the logs on precise.
--
You received this
@Simon,
I will send apply/test this patch on precise and send the result
upstream in the next few days. If you were intending to do that
yourself, please let me know and sorry for stepping on your toes :)
Thanks again for your patch.
--
You received this bug notification because you are a
If you were intending to do that yourself, please let me know and
sorry for stepping on your toes :)
Oh no, be my guest. Thanks a lot for taking care of this (as well as LP:
#869590).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package libvirt - 0.9.7-2ubuntu2
---
libvirt (0.9.7-2ubuntu2) precise; urgency=low
* apparmor-allow-tunnelled-migration.patch: adjust virt-aa-helper to
allow tunnelled migration (LP: #869553)
(Thanks to Simon Deziel simon.dez...@gmail.com)
* fix
While this patch sufficed in lucid, it did not in precise. We'll have
to figure out what else is needed so that we can send a working patch
upstream.
** Also affects: libvirt (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Maverick)
Importance:
2011-11-18 23:43:36.939: 4980: debug : qemuProcessStart:3129 : setting security
label on pipe used for migration
2011-11-18 23:43:36.940: 4980: error : AppArmorSetImageFDLabel:795 : internal
error could not find path for descriptor
is what i get in the logs on precise.
--
You received this
A workaround for this particular VM is to add the following to
/etc/apparmor.d/libvirt/libvirt-4aa60863-6b03-2f19-897f-4de6d12c96e1 (note that
I expressly did *not* use
/etc/apparmor.d/libvirt/libvirt-4aa60863-6b03-2f19-897f-4de6d12c96e1.files):
@Jamie, I assumed that your advise to not modify the .files profile
directly was because this file is regenerated on the VM startup. I have
attached a patch to have virt-aa-helper add the required rule to the
/etc/apparmor.d/libvirt/libvirt-UUID.files. Let me know if that's not
the correct/best
Simon,
That's correct. Without testing it, this patch looks fine. Ideally this
would be handled better via the security driver framework, but the
latest git seems to indicate this isn't implemented yet, so this would
be fine for Precise.
So getting this into Ubuntu, the patch should be tested,
The attachment adjust virt-aa-helper to allow tunnelled migrations of
this bug report has been identified as being a patch. The ubuntu-
reviewers team has been subscribed to the bug report so that they can
review the patch. In the event that this is in fact not a patch you can
resolve this
A workaround for this particular VM is to add the following to
/etc/apparmor.d/libvirt/libvirt-4aa60863-6b03-2f19-897f-4de6d12c96e1 (note that
I expressly did *not* use
/etc/apparmor.d/libvirt/libvirt-4aa60863-6b03-2f19-897f-4de6d12c96e1.files):
@Jamie, I assumed that your advise to not modify the .files profile
directly was because this file is regenerated on the VM startup. I have
attached a patch to have virt-aa-helper add the required rule to the
/etc/apparmor.d/libvirt/libvirt-UUID.files. Let me know if that's not
the correct/best
Simon,
That's correct. Without testing it, this patch looks fine. Ideally this
would be handled better via the security driver framework, but the
latest git seems to indicate this isn't implemented yet, so this would
be fine for Precise.
So getting this into Ubuntu, the patch should be tested,
The attachment adjust virt-aa-helper to allow tunnelled migrations of
this bug report has been identified as being a patch. The ubuntu-
reviewers team has been subscribed to the bug report so that they can
review the patch. In the event that this is in fact not a patch you can
resolve this
@Jamie, please let me know if more information is required. I've set the
status to New again but let me know if I should have set it to
Triaged or any other status. Thank you.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = New
--
You received this bug notification because you are a
@Jamie, please let me know if more information is required. I've set the
status to New again but let me know if I should have set it to
Triaged or any other status. Thank you.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = New
--
You received this bug notification because you are a
This is not an appropriate rule because it negates the property of guest
isolation. This should be handled dynamically by the security driver,
but it is not (which is the bug). This could be done in a couple of
ways. What are the contents of /var/log/libvirt/qemu/guest1.log after
the AppArmor
On the receiving host :
root@node1:~# cat /var/log/libvirt/qemu/guest1.log
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 1 -name
guest1 -uuid 4aa60863-6b03-2f19-897f-4de6d12c96e1 -chardev
This is not an appropriate rule because it negates the property of guest
isolation. This should be handled dynamically by the security driver,
but it is not (which is the bug). This could be done in a couple of
ways. What are the contents of /var/log/libvirt/qemu/guest1.log after
the AppArmor
On the receiving host :
root@node1:~# cat /var/log/libvirt/qemu/guest1.log
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 1 -name
guest1 -uuid 4aa60863-6b03-2f19-897f-4de6d12c96e1 -chardev
Thanks for submitting this bug and the detailed info.
Jamie, the needed rule sounds dangerous to me. Can you comment?
** Changed in: libvirt (Ubuntu)
Importance: Undecided = High
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Serge Hallyn (serge-hallyn)
** Changed in:
Thanks for submitting this bug and the detailed info.
Jamie, the needed rule sounds dangerous to me. Can you comment?
** Changed in: libvirt (Ubuntu)
Importance: Undecided = High
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Serge Hallyn (serge-hallyn)
** Changed in:
** Summary changed:
- KVM migration fails when tunnelled
+ Apparmor prevents KVM tunnelled migration
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/869553
Title:
Apparmor prevents
The bug #869590
(https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/869590) was
opened for the qemuMonitrText migration parsing error.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
** Summary changed:
- KVM migration fails when tunnelled
+ Apparmor prevents KVM tunnelled migration
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
Title:
Apparmor prevents KVM tunnelled
The bug #869590
(https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/869590) was
opened for the qemuMonitrText migration parsing error.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869553
Title:
45 matches
Mail list logo
