** Changed in: libvirt (Ubuntu Lucid)
Milestone: ubuntu-10.04.1 = ubuntu-10.04.2
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
John, while this patch seems ok to me, this is really an upstream bug.
Can you submit a bug upstream (http://libvirt.org/bugs.html) and link to
it from this bug? Once upstream accepts it, we can cherrypick it for
Maverick, verify it and backport it to Lucid. Thanks!
--
apparmor driver blocks
** Changed in: libvirt (Ubuntu Maverick)
Status: Triaged = Incomplete
** Changed in: libvirt (Ubuntu Lucid)
Status: Triaged = Incomplete
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because
Looks like it needs device as well. Will attach a patch shortly
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Patch to allow PCI pass through to work woth app armor. It's currently
missing a couple of files
** Patch added: 8001-apparmor-extras-for-pci-passthru.patch
http://launchpadlibrarian.net/50106988/8001-apparmor-extras-for-pci-passthru.patch
--
apparmor driver blocks access to hostdev and
util/pci.c in function pciDeviceFileIterate
needs vendor added as a directory match:wq
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Hi,
I think I may also be having this problem, I'm trying to pass through a PCI
WinTV NOVA T 500.
It's actually a pair of USB DVB-T tuners on a PCI card so it needed the 'three
stars' in the /sys path in the apparmour profile.
I appended the improved solution:
/sys/bus/usb/devices/ r,
Rebooting the PC fixed that problem so I guess something hadn't been reloaded.
I've also added /dev/** rwk, to the apparmour profile. Taking it away doesn't
stop it from working again, although I've not tried rebooting the host yet.
It still doesn't quite work however, as now (on the guest) I
Hmm, it seems thats actually because usb2 is not supported in KVM?
I tried passing through the PCI card itself, but I'm back to permission
denied :(
device: 03:06.0: driver=pci-assign host=03:06.0
device: 03:06.1: driver=pci-assign host=03:06.1
device: 03:06.2: driver=pci-assign host=03:06.2
Found the apparmour errors in syslog, related to virt-aa helper.
I added /sys/devices/** r, to usr.lib.virt-aa-helper and got a bit further.
Still getting this:
May 10 23:14:25 hal kernel: [ 179.037233] type=1503
audit(1273529665.107:22): operation=open pid=1601 parent=1 profile
** Changed in: libvirt (Ubuntu Lucid)
Milestone: ubuntu-10.04 = ubuntu-10.04.1
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Looks like I found it. The VM in my case is trying to access
/sys/devices/pci:00/:00:1e.0/:01:04.4/usb6/devnum
but the abstractions/libvirt-qemu profile only allows
/sys/bus/usb/devices/ r,
/sys/devices/*/*/usb[0-9]*/** r,
when it should (also) allow
Andreas, can you adjust this to be:
/sys/bus/usb/devices/ r,
/sys/bus/usb/devices/** r,
/sys/devices/**/usb[0-9]*/** r,
and report back if it fixes it for you?
** Changed in: libvirt (Ubuntu Lucid)
Status: Fix Released = Incomplete
--
apparmor driver blocks access to hostdev and
Jamie, yes this fixes it. thank you!
I notice however some redundancies between abstractions/libvirt-qemu and
usr.lib.libvirt.virt-aa-helper? At least the line /sys/bus/usb/devices/
r, appears in both, don't know if that matters any, though. So that's
good :)
But now I have discovered something
Oh and it seems that disconnecting/detaching an USB device from the
running VM doesn't work at all? virt-manager complains:
Device could not be removed from the running machine.
This change will take effect after the next VM reboot
But this has probably nothing to do with AppArmor and may just
Andreas, thanks for reporting back. abstractions/libvirt-qemu and
usr.lib.libvirt.virt-aa-helper are used by different applications. Eg,
virt-aa-helper is confined by the usr.lib.libvirt.virt-aa-helper profile
and VMs include the libvirt-qemu abstraction. Please file a different
bug regarding hot
I'm sorry to post to this bug that has a status of Fix released but I
am not sure it is really fixed. I have a situation similar too the
original poster's concerning a USB card reader that won't make it past
AppArmor it seems. Using libvirt-bin 0.7.5-5ubuntu27.
Situation: one of our servers was
Yes, that worked! :)
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing list
Francesco. Excellent, thanks for your feedback. This will be added in
0.7.5-5ubuntu26. I am going to mark this back to Fix Released since it
works some of the time as is. Please file a new bug if 0.7.5-5ubuntu26
doesn't resolve the issue for you.
** Changed in: libvirt (Ubuntu Lucid)
Class,
Can you add the following line to
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
/sys/bus/usb/devices/ r,
/sys/bus/usb/devices/** r,
Then perform:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
and try to start the VM again?
** Changed in: libvirt
Err... sorry, that last message was for Francesco, not Claas.
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
I'm using libvirt-bin 0.7.5-5ubuntu25 and the bug is still there. Is the
fix lost somewhere?
My /var/log/libvirt/qemu/storage.log have these lines:
usb_create: no bus specified, using usb.0 for usb-host
husb: open device 6.2
/dev/bus/usb/006/002: Permission denied
husb: open device 6.2
Just to confirm something is still not working for me:
$ sudo apt-cache showpkg libvirt-bin
Package: libvirt-bin
Versions:
0.7.5-5ubuntu25
Adding the generic (and unsafe) line:
/dev/bus/usb/*/[0-9]* rw,
to /etc/apparmor.d/abstractions/libvirt-qemu and reloading profiles
works for me so it
FYI: I didn't try the latest fix since apparmor causes all kinds of
trouble in the last days. Since I need a stable KVM I didn't test the
fix so far. Maybe I have some spare time tomorrow.
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You
Francesco, how did you add this item? Can you attach the XML for the VM
in question by using 'virsh dumpxml vmname'.
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server
I used virt-manager:
domain type='kvm' id='5'
namestorage/name
uuid0175b337-5faf-42ba-d6a7-bb60ec8da4ad/uuid
memory1572864/memory
currentMemory1572864/currentMemory
vcpu1/vcpu
os
type arch='x86_64' machine='pc-0.12'hvm/type
boot dev='hd'/
/os
features
acpi/
apic/
libvirt 0.7.5-5ubuntu21 is accepted into lucid, but some of the
intermediate versions were bounced out of the queue for simplicity's
sake - so this didn't get autoclosed. Changelog entry:
libvirt (0.7.5-5ubuntu19) lucid; urgency=low
* fix for hostdev devices (LP: #545795). This can be dropped
** Changed in: libvirt (Ubuntu Lucid)
Milestone: ubuntu-10.04-beta-2 = ubuntu-10.04
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Actually, I thought about this some more and I can get this to work for
Lucid.
** Changed in: libvirt (Ubuntu Lucid)
Status: Won't Fix = In Progress
** Changed in: libvirt (Ubuntu Lucid)
Milestone: None = ubuntu-10.04-beta-2
--
apparmor driver blocks access to hostdev and pcidev
Uploaded 0.7.5-5ubuntu19 which fixes this. Just needs to be approved.
** Changed in: libvirt (Ubuntu Lucid)
Status: In Progress = Fix Committed
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because
I'm going to unmilestone this since it mostly depends on bug #553737. If
that bug is fixed, I can add my upstream work to it, otherwise this may
have to wait until lucid+1.
** Changed in: libvirt (Ubuntu Lucid)
Milestone: ubuntu-10.04-beta-2 = None
** Changed in: libvirt (Ubuntu Lucid)
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) = Jamie Strandboge (jdstrand)
** Also affects: libvirt (Ubuntu Lucid)
Importance: Medium
Assignee: Jamie Strandboge (jdstrand)
Status: Triaged
** Changed in: libvirt (Ubuntu Lucid)
Milestone: None =
32 matches
Mail list logo
