[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-09 Thread Launchpad Bug Tracker
This bug was fixed in the package libvirt - 0.9.7-2ubuntu10 --- libvirt (0.9.7-2ubuntu10) precise; urgency=low * debian/control: move (cgroup-lite | cgroup-bin) from Suggests to Depends. Libvirt-lxc is broken without it. * apparmor/usr.lib.libvirt.virt-aa-helper: add 'deny /de

Re: [Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-05 Thread Simon Déziel
On 12-01-05 11:58 AM, Serge Hallyn wrote: > Per discussion on irc, I'll add a deny rule to usr.lib.libvirt.virt-aa- > helper: > > deny /dev/md* r, I'm assuming you meant: deny /dev/dm-* r, > which will silence the message. Out of curiosity I tried allowing read access for virt-aa-helper to /de

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-05 Thread Serge Hallyn
Thanks, Simon. Per discussion on irc, I'll add a deny rule to usr.lib.libvirt.virt-aa- helper: deny /dev/md* r, which will silence the message. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/912007

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-05 Thread Simon Déziel
That conclusion is consistent with the behavior observed where the VM itself is able to access the storage partition without problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/912007 Title: Appa

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-05 Thread Serge Hallyn
For the record I've reproduced this. Interestingly, /dev/dm-2 *is* in the allowed list. Following is the syslog entry: Jan 5 10:07:11 sergelap kernel: [ 5768.408495] type=1400 audit(1325779631.010:95): apparmor="DENIED" operation="open" parent=1606 profile="/usr/lib/libvirt/virt-aa-helper" na

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-05 Thread Serge Hallyn
Thanks for taking the time to report this bug. It sounds like the apparmor svirt driver should check whether a storage backing file is a symbolic link, and, if so, add the link target to the list of allowed devices? ** Changed in: libvirt (Ubuntu) Importance: Undecided => Low -- You received

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-04 Thread Simon Déziel
Here is the guest definition using LVM partitions. ** Attachment added: "virsh-build-lucid.xml" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/912007/+attachment/2657660/+files/virsh-build-lucid.xml -- You received this bug notification because you are a member of Ubuntu Bugs, which

[Bug 912007] Re: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage

2012-01-04 Thread Simon Déziel
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/912007 Title: Apparmor profile denies access to /dev/dm-* for guests using LVM partitions storage To manage notifications about this bug go to: https: