Your message dated Mon, 18 Sep 2017 19:36:02 +0000
with message-id <e1du1pq-000i2z...@fasolo.debian.org>
and subject line Bug#876071: fixed in libvirt 3.7.0-4
has caused the Debian Bug report #876071,
regarding libvirt-daemon-system: Mount namespace and AppArmor confinement are
incompatible => breaks networking
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
876071: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876071
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libvirt-daemon-system
Version: 3.7.0-2
Severity: normal
Hi,
since some fairly recent sid upgrade, my VMs don't get network
anymore and my logs contain lots of:
kernel: audit: type=1400 audit(1505719435.761:27425226): apparmor="DENIED"
operation="file_perm" info="Failed name lookup - disconnected path" error=-13
profile="libvirt-213ff882-ce4b-035d-e2b1-9059d66cd67d" name="dev/net/tun"
pid=25947 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=119
ouid=0
I've tried passing flags=(attach_disconnected) in
/etc/apparmor.d/libvirt/TEMPLATE.qemu but that did not fix the bug for
some reason, so I've reverted this change.
My current workaround is to disable private mount namespaces in
/etc/libvirt/qemu.conf:
namespaces = [ ]
FWIW the network these VMs are connected to looks like:
<network connections='1'>
<name>routed</name>
<uuid>054fadcc-23da-4014-94e7-cdde77924045</uuid>
<forward mode='route'/>
<bridge name='vmz0' stp='on' delay='0'/>
[…]
</network>
Cheers!
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'stable-updates'), (500,
'oldstable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libvirt-daemon-system depends on:
ii adduser 3.116
ii debconf 1.5.63
ii gettext-base 0.19.8.1-4
ii init-system-helpers 1.49
ii iptables 1.6.1-2
ii libacl1 2.2.52-3+b1
ii libapparmor1 2.11.0-10
ii libaudit1 1:2.7.7-1+b2
ii libblkid1 2.29.2-5
ii libc6 2.24-17
ii libcap-ng0 0.7.7-3+b1
ii libdbus-1-3 1.11.16+really1.10.22-1
ii libdevmapper1.02.1 2:1.02.142-1
ii libnl-3-200 3.2.27-2
ii libnl-route-3-200 3.2.27-2
ii libnuma1 2.0.11-2.1
ii libselinux1 2.7-2
ii libvirt-clients 3.7.0-2
ii libvirt-daemon 3.7.0-2
ii libvirt0 3.7.0-2
ii libxml2 2.9.4+dfsg1-4
ii libyajl2 2.1.0-2+b3
ii logrotate 3.11.0-0.1
ii lsb-base 9.20170808
ii policykit-1 0.105-18
Versions of packages libvirt-daemon-system recommends:
ii bridge-utils 1.5-14
ii dmidecode 3.1-1
ii dnsmasq-base 2.77-2
ii ebtables 2.0.10.4-3.5+b1
ii iproute2 4.9.0-2
ii parted 3.2-17
Versions of packages libvirt-daemon-system suggests:
ii apparmor 2.11.0-10
pn auditd <none>
ii nfs-common 1:1.3.4-2.1+b1
ii pm-utils 1.4.1-17
ii radvd 1:2.16-3
ii systemd 234-3
pn systemtap <none>
pn zfsutils <none>
-- debconf information:
libvirt-daemon-system/id_warning: true
--
intrigeri
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 3.7.0-4
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 876...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <a...@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Sep 2017 20:24:07 +0200
Source: libvirt
Binary: libvirt-clients libvirt-daemon libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-sheepdog
libvirt-daemon-driver-storage-zfs libvirt-daemon-system libvirt0 libvirt-doc
libvirt-dev libvirt-sanlock libnss-libvirt libvirt-wireshark
Architecture: source
Version: 3.7.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<pkg-libvirt-maintain...@lists.alioth.debian.org>
Changed-By: Guido Günther <a...@sigxcpu.org>
Description:
libnss-libvirt - nss plugin providing IP add ress resolution for virtual
machines
libvirt-clients - Programs for the libvirt library
libvirt-daemon - Virtualization daemon
libvirt-daemon-driver-storage-gluster - Virtualization daemon glusterfs
storage driver
libvirt-daemon-driver-storage-rbd - Virtualization daemon RBD storage driver
libvirt-daemon-driver-storage-sheepdog - Virtualization daemon Sheedog storage
driver
libvirt-daemon-driver-storage-zfs - Virtualization daemon ZFS storage driver
libvirt-daemon-system - Libvirt daemon configuration files
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt-sanlock - Sanlock plugin for virtlockd
libvirt-wireshark - Wireshark dissector for the libvirt protocol
libvirt0 - library for interfacing with different virtualization systems
Closes: 876071
Changes:
libvirt (3.7.0-4) unstable; urgency=medium
.
* Pass-GPG_TTY-env-var-to-the-ssh-binary.patch: sanitize commit message
* apparmor: add attach_disconnected (Closes: #876071)
* apparmor: cater for new AAVMF image location
* apparmor: delete profile on VM shutdown
Checksums-Sha1:
3aab1e2338d35c97418701502f17532621d9ecac 4745 libvirt_3.7.0-4.dsc
535fc7b6fb8ba98e3f95eb8c51669637164fab8f 67064 libvirt_3.7.0-4.debian.tar.xz
8c002eae06fb2734ff2f8c869a5d0e047b813848 19992 libvirt_3.7.0-4_amd64.buildinfo
Checksums-Sha256:
1fe0d4712b85565af6abf571bbed8aa25a52598e27ebdf7a60bb998e8cd65ae4 4745
libvirt_3.7.0-4.dsc
447f5bc674d4a52fae925d6f0882b6a99dedc3077f1accd9e1e249fc7c44a36f 67064
libvirt_3.7.0-4.debian.tar.xz
80d758a6bc949b54a9edb36f8c1ab85e3d073b638d23d0d59ef6b67fa8df467e 19992
libvirt_3.7.0-4_amd64.buildinfo
Files:
7316753da44f3915d72090da3e1fe103 4745 libs optional libvirt_3.7.0-4.dsc
46fd60f8b57b59dc0c85b7ca253a094c 67064 libs optional
libvirt_3.7.0-4.debian.tar.xz
06be2414e321adf0f4ba7346d9e82404 19992 libs optional
libvirt_3.7.0-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAlnAG/gACgkQB7i3sOqY
EgtOZQ//WjQD131kg//ARSZk6UNFXQYW6tMYQxylAfolN8zoVlNnEMCMvSgIZP4Z
cVu46vPJpoe+/R93NyCxxS8Y5F9wu16Z7ErJUEE+2mspl+8aKwmOSMaX/TnsZKv+
2P9n+EfOMRCdw6mabrcfcZKWpfo6L93IwnSwF32dM85X3oAQUy4yF5j64A8xRgJT
LMCO2MI61H5G6NL6S3OYup01T01MvBJ60nJZuD19aQUuEEKV9prVleGB1xz9RRY2
rFVQLgYNKPymXuie4/gCbduEuo73KCBbsOOBJ0q0HwbWIIjZym01Zo1eFKVbDwLr
eyyuuaEUh0sI0bg88LutXAqAx7T305hg/Y64dBWhMgN2n0oDMXy28pSnmrhtB2fb
ZpsiW4VPGD0Qhn6it3JJz5Wvwq2uW1Nraz78IgVBkhA7bEx8xMaF11yQPtDeDwnc
BR/Ldt5m80fu4wzUMddr2BbRi3OxlSs70NdEokXgcMD10doz0qgB9m08v705oHib
8wXAXOb1FvBflbzp6eM/k0kcP19tJe6OAW2s24lYcOpLPF9a49aQfO2sS0FTIniF
frG54phsYsz/vLiCLFXcC3SwlLLR8uzEmMSo9B89kg0WOjFfKqD7trXcfZbvaJhN
nW5CY0R9RtA/9QDVUP0o8+4p8VYJlLDwxks/5Fe8XFKX4H9TU50=
=MCg5
-----END PGP SIGNATURE-----
--- End Message ---
