** Description changed: + [Impact] + + * A while ago qemu switched to libusb, since then qemu fails to scan for + usb devices. Thereby it fails to use them for passthrough. + + * This + + * Fix by back-porting small upstream change + + [Test Case] + + * Create a VM Guest (e.g. via uvtool) + * Create a XMl file desrcibing a usb hostdev from your System (check lsusb for IDs) + * See the c#3 for XML examples + * Then add that to your guest with + $ virsh attach-device <guestname> <xml-describing-your-device> + + * Without the fix you'll see apparmor blocks and a fail to generate the rules + * With the fix it works + + [Regression Potential] + + * The change "only" allows to access a few more files udev populates. In + those it is still restricted to just USB types - that seems safe to me. + + * If no USB devices are used in the guest config (or via hot-add) then it + is not initialized and thereby the rules not needed. + + * But if users use USB Host devices they now can work due to the fix. And + "suddenly working" is not a regression but a fix. + + [Other Info] + + * I waited to be accepted upstream to be more confident which is + partially why this took so long but provides some extra confidence. + + * This was long in discussion here since the suggestions always had a bit + of a very open blanket apparmor rule, but we now found a minimal one to + work and that was upstreamable. + + --- + + This fix is for Ubuntu Xenial The following file needs some fixes in order to work for usb host device access: /etc/apparmor.d/abstractions/libvirt-qemu The line is wrong: - /sys/devices/**/usb[0-9]*/** r, + /sys/devices/**/usb[0-9]*/** r, correct is: - /sys/devices/*/*/usb[0-9]*/** r, + /sys/devices/*/*/usb[0-9]*/** r, This line is missing: - /run/udev/data/** r, + /run/udev/data/** r,
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1552241 Title: libvirt-bin apparmor settings for usb host device To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1552241/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
