[Bug 470636] Re: virt-aa-helper fails to add copy-on-write images on apparmor profile
Because this feature is officially supported, can the importance be updated ?. I think it should not be defined as a wishlist, actually it's a feature that no longer works with 9.10. -- virt-aa-helper fails to add copy-on-write images on apparmor profile https://bugs.launchpad.net/bugs/470636 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 470636] Re: virt-aa-helper fails to add copy-on-write images on apparmor profile
Here is a script that can exactly reproduce the bug. First, a traditional VM is created and started without problem. Then a double copy-on-write vm is defined and (not) started. When can see in the log : Nov 3 10:48:36 wasabi kernel: [88903.924234] type=1503 audit(1257241716.474:1888): operation=open pid=12022 parent=12021 profile=libvirt-9b026ac6-0e31-816c-580f-3af18fe5d375 requested_mask=::r denied_mask=::r fsuid=0 ouid=1000 name=/tmp/test-ro2.img Nov 3 10:49:06 wasabi kernel: [88934.163494] type=1505 audit(1257241746.714:1889): operation=profile_remove pid=12038 name=libvirt-9b026ac6-0e31-816c-580f-3af18fe5d375 namespace=default ** Attachment added: script + log http://launchpadlibrarian.net/35015070/apparmor-test.tgz -- virt-aa-helper fails to add copy-on-write images on apparmor profile https://bugs.launchpad.net/bugs/470636 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 470636] [NEW] virt-aa-helper fails to add copy-on-write images on apparmor profile
Public bug reported: Binary package hint: libvirt-bin System : Ubuntu 9.10 (x86_64) Version of libvirt-bin : 0.7.0-1ubuntu13 When virt-aa-helper add a profile on apparmor, it does check if the QEMU disk image is based on a read-only image. This command create a copy-on-write image system.img based on readonly.img : $ kvm-img create -b readonly.img -f qcow2 system.img virt-aa-helper should allows read acces on readonly.img, and also check that readonly.img is not a COW image. But it only add an access to system.img : $ grep img /etc/apparmor.d/libvirt/libvirt-e1b4153d-9884-b3a2-2af0-b6bd051d6f56.files /home/virtual/kvm/system.img rw, $ ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New -- virt-aa-helper fails to add copy-on-write images on apparmor profile https://bugs.launchpad.net/bugs/470636 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 470636] Re: virt-aa-helper fails to add copy-on-write images on apparmor profile
Ok, thanks for the workaround, it should work (I've added them in an other files, and it works fine). This command is not the snapshot feature (i.e: not the kvm snapshot command) which I knew was not supported actually. Based on http://libvirt.org/news.html, copy-on-write is supported since 0.6.0, am I wrong ? -- virt-aa-helper fails to add copy-on-write images on apparmor profile https://bugs.launchpad.net/bugs/470636 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
