subject:"\[Bug 654680\] Re\: libvir\: Security Labeling error \: error calling aa_change

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

2010-10-08 Thread Jamie Strandboge

Unfortunately, the error reporting in libvirt didn't make this easier, but the 
problem can be seen clearly with:
$ cat /tmp/kolab-new.xml | /usr/lib/libvirt/virt-aa-helper -c --dryrun -u 
libvirt-79b2a347-7841-39df-8399-c072b05e7f6f
libvir: Storage error : cannot open file '/libvirt/kolab.img': No such file or 
directory
virt-aa-helper: warning: could not open path, skipping
virt-aa-helper: warning: path does not exist, skipping file type checks
virt-aa-helper: error: /libvirt/kolab.img
virt-aa-helper: error:   skipped restricted file
virt-aa-helper: error: invalid VM definition

What is happening is that virt-aa-helper does some checks to make sure the 
image is in an ok place, and if it isn't, fails. Because you chose 
'/libvirt/kolab.img', this matches as a restricted path, as seen in 
virt-aa-helper.c:
...
valid_path(const char *path, const bool readonly)
{
...
const char * const restricted[] = {
/bin/,
/etc/,
/lib,
/lost+found/,
...

'/lib' is used instead of '/lib/' since we also want to match /lib32,
/lib64 and anything else that might be a library path. As such, I am
going to mark this as Won't Fix for now, but have made a note to
improve the error feedback.

As a workaround, simply set your NFS mountpoint to something other than
'/libvirt'. I suggest something FHS compliant such as /srv/server
name/libvirt. Thanks for reporting this error and please feel free to
report any other bugs you might find in Ubuntu.

** Changed in: libvirt (Ubuntu)
   Status: Incomplete = Won't Fix

** Summary changed:

- libvir: Security Labeling error : error calling aa_change_profile()
+ virt-aa-helper fails on disks with absolute paths starting with /lib

-- 
virt-aa-helper fails on disks with absolute paths starting with /lib
https://bugs.launchpad.net/bugs/654680
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

2010-10-04 Thread Alvin


** Attachment added: Dependencies.txt
   
https://bugs.launchpad.net/bugs/654680/+attachment/1671659/+files/Dependencies.txt

-- 
libvir: Security Labeling error : error calling aa_change_profile()
https://bugs.launchpad.net/bugs/654680
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

2010-10-04 Thread Jamie Strandboge

Can you please attach the xml for the affected virtual machine, before
and after the change?

** Changed in: libvirt (Ubuntu)
   Status: New = Incomplete

** Changed in: libvirt (Ubuntu)
 Assignee: (unassigned) = Jamie Strandboge (jdstrand)

-- 
libvir: Security Labeling error : error calling aa_change_profile()
https://bugs.launchpad.net/bugs/654680
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

2010-10-04 Thread Alvin

Attached xml of previous configuration

** Attachment added: kolab-old.xml
   
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/654680/+attachment/1672038/+files/kolab-old.xml

-- 
libvir: Security Labeling error : error calling aa_change_profile()
https://bugs.launchpad.net/bugs/654680
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

2010-10-04 Thread Alvin

Attached xml of new configuration

** Attachment added: kolab-new.xml
   
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/654680/+attachment/1672039/+files/kolab-new.xml

-- 
libvir: Security Labeling error : error calling aa_change_profile()
https://bugs.launchpad.net/bugs/654680
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

[Bug 654680] Re: libvir: Security Labeling error : error calling aa_change_profile()

5 matches

Site Navigation

Mail list logo

Footer information