This bug was fixed in the package libvirt - 5.4.0-0ubuntu5.2
---
libvirt (5.4.0-0ubuntu5.2) eoan; urgency=medium
* d/p/u/lp-1655111-apparmor-fix-qemu_bridge_helper-for-named-profile.patch:
fix qemu_bridge_helper to work with named profiles (LP: #1655111)
-- Christian Ehrhardt
1. Upgrade to the version in proposed worked fine without issues.
2. static test
root@e:~# grep qemu_bridge_helper /etc/apparmor.d/usr.sbin.libvirtd
unix (send, receive) type=stream addr=none
peer=(label=/usr/sbin/libvirtd//qemu_bridge_helper),
signal (send) set=("term") peer=/usr/sbin/libvi
Hello bluedogs, or anyone else affected,
Accepted libvirt into eoan-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/libvirt/5.4.0-0ubuntu5.2 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https:/
** Description changed:
+ [Impact]
+
+ * Upstream changed the apparmor profiles of libvirt to be named profiles
+(instead of being path based). Yet some rules still sued the odl paths,
+so they no more applied.
+
+ * Backport the upstreamed fix to have the rules match and let qemu-
+
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/380765
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655111
Title:
LibVirt Apparmor prof
I'm adding an SRU Template to the bug.
MP:
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/380765
Test build at:
https://launchpad.net/~paelzer/+archive/ubuntu/lp-1655111-libvirt-eoan-bridge-rule
Note: [1] is in Eoan proposed right now, this has to complete first
Now that Focal is done check older releases.
Pre 5.1 that wasn't an issue (no named labels), Eoan has 5.4 so mark that as
affected for a potential SRU.
** Also affects: libvirt (Ubuntu Eoan)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Eoan)
Importance: Undecided
This bug was fixed in the package libvirt - 6.0.0-0ubuntu1
---
libvirt (6.0.0-0ubuntu1) focal; urgency=medium
* Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
Among many other new features and fixes this includes fixes for:
- LP: #1859253 - rbd driver
The change is now upstream and I will make it part of the upload I'm
preparing for Ubuntu 20.04
** Tags added: libvirt-20.04
** Changed in: libvirt (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed t
@Bart - also your rule change seems absolutely right to me - well done.
I lack a full email to add you as reported-by in the patch - if you do mind
about that let me know.
Submitted for upstream discussion as:
https://www.redhat.com/archives/libvir-list/2020-January/msg01329.html
--
You receive
The original bug here was fixed by changing the sub-element to
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx ->
qemu_bridge_helper,
Which covers the correct path as well.
Due to that it is "now" detected correctly.
This detection puts it under the label of libvirt and that is what tr
I'm using qemu-bridge-helper already for a while. Since updating to
19.10 libvirtd suddenly refused to start my VMs. Turned out to be caused
by apparmor, I found these log messages:
audit: type=1400 audit(1580253669.262:100): apparmor="DENIED"
operation="file_inherit" profile="libvirtd//qemu_brid
[Expired for libvirt (Ubuntu) because there has been no activity for 60
days.]
** Changed in: libvirt (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/165511
Interesting, I definitely could start VMs I'd have found that issue with
all the tests - so would have Debian.
As I listed above the path in the rules always was /usr/lib while the binary
always was in /usr/lib/qemu. What really changed was which tool this rule
applies to. These files are
Could
Good day,
The biggest impact I had is after updating and pulling in updated libvirt
apparmor settings my VMs were unable to start due to app armor not allowing
access to qemu-bridge-helper.
This may a regression bug as in the replaced configuration file it was
correct, but that may have been f
Hi,
thank you so much for reporting and helping to make Ubuntu better.
It is the right place to report it.
I checked on last and current version, as well as the Debian counterpart.
It is true that the rule is not matching, but it kind of never did.
Zesty:
qemu-system-common: /usr/lib/qemu/qemu-br
This is on:
Description:Ubuntu Zesty Zapus (development branch)
Release:17.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1655111
Title:
LibVirt Apparmor profile has qemu-bridge-helper
17 matches
Mail list logo
