[Bug 646468] Re: Apparmor deny when trying to use hugetlbfs
A better way to do it would be to modify libvirt to create a directory on the hugetlbfs for the vm (not just for itself), then pass that as the mem-path to kvm and tell the sVirt driver about it somehow. -- Apparmor deny when trying to use hugetlbfs https://bugs.launchpad.net/bugs/646468 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 646468] Re: Apparmor deny when trying to use hugetlbfs
Ok, that was closer, but this time I get the message: [84836.383289] type=1400 audit(1285366835.469:59): apparmor=DENIED operation=open parent=1 profile=libvirt- e2420e79-06d6-f8d0-0523-7c52b3650191 name=/dev/hugepages/libvirt/qemu/kvm.3Ag3N7 pid=1149 comm=kvm requested_mask=r denied_mask=r fsuid=103 ouid=103 When I changed it to rw it worked... But does that mean that guests can read each others' memory (if compromised)? -- Apparmor deny when trying to use hugetlbfs https://bugs.launchpad.net/bugs/646468 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 646468] Re: Apparmor deny when trying to use hugetlbfs
Just a follow-up... This actually does work, and since qemu seems to unlink() right after the mkstemp() there's only a small race condition there, and after that the only way to steal another VMs memory is via procfs. Is it worth writing a small doc (or debconf option?) to help people setup hugetlbfs with libvirt? -- Apparmor deny when trying to use hugetlbfs https://bugs.launchpad.net/bugs/646468 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 646468] [NEW] Apparmor deny when trying to use hugetlbfs
Public bug reported: When starting a VM with hugepages support, I get an apparmor deny message and the VM starts with normal pages. dmesg shows: [ 449.428584] type=1400 audit(1285282448.505:47): apparmor=DENIED operation=mknod parent=1 profile=libvirt-e2420e79-06d6-f8d0-0523-7c52b3650191 name=/dev/hugepages/libvirt/qemu/kvm.2DUKKZ pid=3325 comm=kvm requested_mask=c denied_mask=c fsuid=103 ouid=103 # lsb_release -rd Description:Ubuntu maverick (development branch) Release:10.10 To reproduce, I did this: echo hugetlbfs /dev/hugepages hugetlbfs defaults 0 0 /etc/fstab echo vm.nr_hugepages = 1024 /etc/sysctl.conf WARNING: this will use 2G of RAM. Don't try to apply sysctl settings on a running system... Added to my domain xml (somewhere under the domain tag): memoryBackinghugepages//memoryBacking Then rebooted and tried to start the domain. ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: hugepages hugetlbfs -- Apparmor deny when trying to use hugetlbfs https://bugs.launchpad.net/bugs/646468 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
