[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
In regards to this potentially causing eucalyptus to fail, I was not able to reproduce this. -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
** Branch linked: lp:ubuntu/libvirt -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
0.8.3-1ubuntu10 uploaded to fix this. ** Changed in: libvirt (Ubuntu) Status: Triaged = Fix Released -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
** Attachment added: Dependencies.txt https://bugs.edge.launchpad.net/bugs/637544/+attachment/1579515/+files/Dependencies.txt -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
** Attachment added: kern.log https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/637544/+attachment/1579516/+files/kern.log -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
Here is an example message: Sep 13 15:57:29 marula kernel: [ 7535.484814] type=1400 audit(1284407849.038:878): apparmor=DENIED operation=open parent=3346 profile=/usr/lib/libvirt/virt-aa-helper name=/var/lib/eucalyptus/instances/admin/i-35280636/loader pid=29440 comm=virt-aa-helper requested_mask=r denied_mask=r fsuid=0 ouid=105 We currently only allow the following in /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper: /var/lib/eucalyptus/instances/**/disk* r, What is /var/lib/eucalyptus/instances/admin/i-35280636/loader? Can you also attach the domain XML for an instance that fails to start? ** Changed in: libvirt (Ubuntu) Importance: Undecided = Critical ** Changed in: libvirt (Ubuntu) Status: New = Incomplete ** Changed in: libvirt (Ubuntu) Assignee: (unassigned) = Jamie Strandboge (jdstrand) ** Changed in: libvirt (Ubuntu) Importance: Critical = High -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
Ugh!
I am in the middle of a new install, so it will be a while... If it
helps any, here's the aa-helper-generated .files (when I set aa-helper
to COMPLAIN mode):
#
# This profile is for the domain whose UUID matches this file.
#
#include tunables/global
/etc/apparmour.d/libvirt/ libvirt-ff58f570-9915-eaa8-4fa6-3cba2a827850:
profile libvirt-ff58f570-9915-eaa8-4fa6-3cba2a827850 {
#include abstractions/libvirt-qemu
#include libvirt/libvirt-ff58f570-9915-eaa8-4fa6-3cba2a827850.files
}
/etc/apparmor.d/libvirt/ libvirt-
ff58f570-9915-eaa8-4fa6-3cba2a827850.files:
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
/var/log/libvirt/**/i-3F170794.log w,
/var/lib/libvirt/**/i-3F170794.monitor rw,
/var/run/libvirt/**/i-3F170794.pid rwk,
/var/lib/eucalyptus/instances/admin/i-3F170794/loader rw,
/var/lib/eucalyptus/instances/admin/i-3F170794/disk rw,
/var/lib/eucalyptus/instances/admin/i-3F170794/console.log rw,
** Changed in: libvirt (Ubuntu)
Status: Incomplete = New
--
apparmor=DENIED operation=open parent=3343
profile=/usr/lib/libvirt/virt-aa-helper
https://bugs.launchpad.net/bugs/637544
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
** Attachment added: sample libvirt.xml https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/637544/+attachment/1580495/+files/libvirt.xml -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
A failure of virt-aa-helper to access a file is not necessarily fatal, as can be seen from /etc/apparmor.d/libvirt/libvirt- ff58f570-9915-eaa8-4fa6-3cba2a827850.files -- it added it to the profile just fine. While this certainly needs to be fixed in the AppArmor profile (to avoid confusion), the failure to start is something else. I've examined the kern.log and I don't see any AppArmor denials that would cause the guest to not start. ** Changed in: libvirt (Ubuntu) Importance: High = Low ** Changed in: libvirt (Ubuntu) Status: New = Triaged -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
Based on the title of this bug, I am going to triage the virt-aa-helper denial bug as Low and if you find what is causing eucalyptus to fail to start the VMs, a new bug should perhaps be filed. -- apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper https://bugs.launchpad.net/bugs/637544 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
