** Description changed:
- AppArmor denies libvirtd version 4.0.0-1ubuntu5 to ability to set the
- permissions of block storage devices:
+ AppArmor denies libvirtd version 4.0.0-1ubuntu5 the ability to set the
+ permissions of ZFS block storage devices:
--
Mar 18 23:11:23 adell kernel: [986012.140246] audit: type=1400
audit(1521432683.197:187): apparmor="STATUS" operation="profile_replace"
profile="unconfined" name="libvirt-abe352fc-0470-4f6b-9791-6983b2807e41"
pid=48874 comm="apparmor_parser"
Mar 18 23:11:23 adell kernel: [986012.183996] audit: type=1400
audit(1521432683.241:188): apparmor="DENIED" operation="open"
profile="libvirt-abe352fc-0470-4f6b-9791-6983b2807e41" name="/dev/zd80"
pid=48876 comm="qemu-system-x86" requested_mas
k="r" denied_mask="r" fsuid=106 ouid=106
Mar 18 23:11:23 adell kernel: [986012.184048] audit: type=1400
audit(1521432683.241:189): apparmor="DENIED" operation="open"
profile="libvirt-abe352fc-0470-4f6b-9791-6983b2807e41" name="/dev/zd80"
pid=48876 comm="qemu-system-x86" requested_mas
k="wr" denied_mask="wr" fsuid=106 ouid=106
--
For each virtual machine that one tries to start, the libvirt profiles
are deleted from `/etc/apparmor.d/libvirt`, but libvirt should actually
be generating profiles in this directory.
The error message observed by the client is as follows:
--
# virsh start demo-vm
error: Failed to start domain demo-vm
error: internal error: process exited while connecting to monitor:
2018-03-19T04:03:09.710374Z qemu-system-x86_64: -drive
file=/dev/zvol/rpool/demo-vm,format=raw,if=none,id=drive-ide0-0-0,cache=none,aio=native:
Could not open '/dev/zvol/rpool/demo-vm': Permission denied
--
(In the above output, `/dev/zvol/rpool/demo-vm` is a symbolic link to
`/dev/zd80`.)
Downgrading libvirt-daemon, libvirt0, libvirt-daemon-system, and
libvirt-clients version 4.0.0-1ubuntu4 makes the issue disappear:
--
# virsh start demo-vm
Domain demo-vm started
--
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1756786
Title:
Regression in libvirt-daemon 4.0.0-1ubuntu5 breaks AppArmor
compatibility
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1756786/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs