[Bug 1250216] Re: apparmor policy prevents using hugepages
This bug was fixed in the package libvirt - 1.1.1-0ubuntu8.2 --- libvirt (1.1.1-0ubuntu8.2) saucy-proposed; urgency=low * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322) * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251) * debian/apparmor/libvirt-qemu: allow access to hugepages mounts (LP: #1250216) -- Serge Hallyn serge.hal...@ubuntu.com Thu, 14 Nov 2013 10:09:24 -0600 ** Changed in: libvirt (Ubuntu Saucy) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
This bug was fixed in the package libvirt - 1.1.1-0ubuntu8.2 --- libvirt (1.1.1-0ubuntu8.2) saucy-proposed; urgency=low * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322) * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251) * debian/apparmor/libvirt-qemu: allow access to hugepages mounts (LP: #1250216) -- Serge Hallyn serge.hal...@ubuntu.com Thu, 14 Nov 2013 10:09:24 -0600 ** Changed in: libvirt (Ubuntu Saucy) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
This bug was fixed in the package libvirt - 1.1.4-0ubuntu2 --- libvirt (1.1.4-0ubuntu2) trusty; urgency=low * debian/patches/9002-better_default_uri_virsh.patch: Update to fix the FTBFS. -- Chuck Short zul...@ubuntu.com Wed, 13 Nov 2013 11:04:29 -0500 ** Changed in: libvirt (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
This bug was fixed in the package libvirt - 1.1.4-0ubuntu2 --- libvirt (1.1.4-0ubuntu2) trusty; urgency=low * debian/patches/9002-better_default_uri_virsh.patch: Update to fix the FTBFS. -- Chuck Short zul...@ubuntu.com Wed, 13 Nov 2013 11:04:29 -0500 ** Changed in: libvirt (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
** Also affects: libvirt (Ubuntu Saucy) Importance: Undecided Status: New ** Changed in: libvirt (Ubuntu Saucy) Importance: Undecided = High ** Changed in: libvirt (Ubuntu Saucy) Status: New = Triaged ** Description changed: + = + SRU Justification + = + 1. Impact: users cannot use hugepages + 2. Development fix: allow libvirt to write to its own hugepage files + 3. Stable fix: same as development fix + 4. Test case: see below + 5. Regression potential: we only add a new apparmor permission to files owned by libvirt, so there should be no regressions. + + The generated Apparmor policy prevents a guest from using huge pages. Steps to reproduce: 1) Set KVM_HUGEPAGES=1 in /etc/default/qemu-kvm 2) restart qemu-kvm 3) sysctl vm.nr_hugepages = 256 4) virsh define/edit test-guest - ... - memoryBacking - hugepages/ - /memoryBacking - ... + ... + memoryBacking + hugepages/ + /memoryBacking + ... 5) virsh start test-guest 6) check /var/log/kern.log searching for: - apparmor=DENIED operation=mknod parent=1 profile=libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658 name=/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U pid=4035 comm=qemu-system-x86 requested_mask=c denied_mask=c fsuid=107 ouid=107 + apparmor=DENIED operation=mknod parent=1 profile=libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658 name=/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U pid=4035 comm=qemu-system-x86 requested_mask=c denied_mask=c fsuid=107 ouid=107 + As a temporary measure, I added this to /etc/apparmor.d/abstractions + /libvirt-qemu: - As a temporary measure, I added this to /etc/apparmor.d/abstractions/libvirt-qemu: - - owner /run/hugepages/kvm/libvirt/qemu/** rw, + owner /run/hugepages/kvm/libvirt/qemu/** rw, And it works. A better fix would be to fix the policy generator because the huge pages is now pretty visible since it is in /etc/default/qemu- kvm. Even if this bug is related to LP: #1001584 I think it's 2 different issues. - # lsb_release -rd Description: Ubuntu 13.10 Release: 13.10 # apt-cache policy libvirt-bin libvirt-bin: - Installed: 1.1.1-0ubuntu8.1 - Candidate: 1.1.1-0ubuntu8.1 - Version table: - *** 1.1.1-0ubuntu8.1 0 - 500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages - 100 /var/lib/dpkg/status - 1.1.1-0ubuntu8 0 - 500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages + Installed: 1.1.1-0ubuntu8.1 + Candidate: 1.1.1-0ubuntu8.1 + Version table: + *** 1.1.1-0ubuntu8.1 0 + 500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages + 100 /var/lib/dpkg/status + 1.1.1-0ubuntu8 0 + 500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
Hello Simon, or anyone else affected, Accepted libvirt into saucy-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libvirt/1.1.1-0ubuntu8.2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: libvirt (Ubuntu Saucy) Status: Triaged = Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1250216] Re: apparmor policy prevents using hugepages
Thanks Serge and Chuck, excellent support as always! Verification done on Saucy. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250216 Title: apparmor policy prevents using hugepages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs