[Bug 453335] Re: apparmor complains about write access to a readonly file
This bug was fixed in the package linux - 2.6.31-15.50 --- linux (2.6.31-15.50) karmic-proposed; urgency=low [ Kees Cook ] * SAUCE: Fix nx_enable reporting - LP: #454285 linux (2.6.31-15.49) karmic-proposed; urgency=low [ Benjamin Herrenschmidt ] * [Upstream] (drop after 2.6.31) usb-storage: Workaround devices with bogus sense size - LP: #446146 [ John Johansen ] * SAUCE: AppArmor: AppArmor wrongly reports allow perms as denied - LP: #453335 * SAUCE: AppArmor: Policy load and replacement can fail to alloc mem - LP: #458299 * SAUCE: AppArmor: AppArmor fails to audit change_hat correctly - LP: #462824 * SAUCE: AppArmor: AppArmor disallows truncate of deleted files. - LP: #451375 [ Kees Cook ] * SAUCE: [x86] fix report of cs-limit nx-emulation - LP: #454285 [ Scott James Remnant ] * Revert SAUCE: trace: add trace_event for the open() syscall * SAUCE: trace: add trace events for open(), exec() and uselib() - LP: #462111 [ Stefan Bader ] * SAUCE: Fix sub-flavour script to not stop on missing directories - LP: #453073 [ Tim Gardner ] * [Upstream] (drop after 2.6.31) Input: synaptics - add another Protege M300 to rate blacklist - LP: #433801 [ Upstream Kernel Changes ] * PM: Make warning in suspend_test_finish() less likely to happen - LP: #464552 -- Stefan Bader stefan.ba...@canonical.com Tue, 10 Nov 2009 14:31:52 +0100 ** Changed in: linux (Ubuntu Karmic) Status: Fix Committed = Fix Released -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
This bug was fixed in the package libvirt - 0.7.0-1ubuntu13.1 --- libvirt (0.7.0-1ubuntu13.1) karmic-proposed; urgency=low * debian/patches/9093-lp460271.patch: require absolute path for dynamic added files (LP: #460271) * debian/patches/9094-lp453335.patch: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly. (LP: #453335) * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to work (LP: #461528) * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) -- Jamie Strandboge ja...@ubuntu.com Mon, 09 Nov 2009 17:12:32 -0600 ** Changed in: libvirt (Ubuntu Karmic) Status: Fix Committed = Fix Released -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
Both the kernel and libvirt are ready to go to -updates, so I remove the v-failed reminder tag now. ** Tags removed: verification-failed -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
Thanks for the testing. I added a verification-failed tag purely to avoid me accidentally copying to -updates before the kernel. I'll revisit this when the kernel is in, then it can go to -updates. ** Tags added: verification-done ** Tags removed: verification-needed ** Tags added: verification-failed -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
** Branch linked: lp:ubuntu/linux-fsl-imx51 -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
With libvirt 0.7.0-1ubuntu13.1 and kernel 2.6.31-15.49-generic, I get the following in /etc/apparmor.d/libvirt/libvirt-uuid.files: /home/jamie/vms/isos/karmic/karmic-server-amd64.iso r, # don't audit writes to readonly media deny /home/jamie/vms/isos/karmic/karmic-server-amd64.iso w, Starting the VM results in access to the iso without the confusing denial message. In other words, this bug is fixed with the libvirt and kernel packages in -proposed. Again, please do not copy libvirt to -updates before the kernel. Thanks! -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
** Also affects: libvirt (Ubuntu Lucid) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: In Progress ** Also affects: linux (Ubuntu Lucid) Importance: Medium Assignee: John Johansen (jjohansen) Status: In Progress -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
SRU (libvirt) Impact: confusing messages in kernel log. Told access to ISO is denied, but it is correctly allowed. Bug is addressed in Lucid adding a deny rule for the 'w' action, which silences the message while still enforcing readonly Patch is debian/patches/9094-lp453335.patch See comment #7 The regression potential is considered low. It passes the qa-regression- testing script. The added deny rule does nothing except silence a confusing denial message. -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
I should also mention that libvirt should *MUST* be moved to karmic- updates at the same time or after the kernel SRU for this bug, ie 2.6.31-15.49. -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
This bug was fixed in the package libvirt - 0.7.0-1ubuntu14 --- libvirt (0.7.0-1ubuntu14) lucid; urgency=low * debian/patches/9093-lp460271.patch: require absolute path for dynamic added files (LP: #460271) * debian/patches/9094-lp453335.patch: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly. (LP: #453335) * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to work (LP: #461528) * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) -- Jamie Strandboge ja...@ubuntu.com Mon, 09 Nov 2009 17:11:05 -0600 ** Changed in: libvirt (Ubuntu Lucid) Status: In Progress = Fix Released -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
** Changed in: libvirt (Ubuntu Karmic) Status: In Progress = Fix Committed ** Changed in: libvirt (Ubuntu Lucid) Milestone: karmic-updates = None ** Changed in: linux (Ubuntu Lucid) Milestone: karmic-updates = None ** Changed in: linux (Ubuntu Lucid) Status: In Progress = Fix Released -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
Accepted linux into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Tags added: verification-needed -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
The latest version works well too: http://kernel.ubuntu.com/~jj/linux-image-2.6.31-14-generic_2.6.31-14.49~jj_amd64.deb -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
** Changed in: linux (Ubuntu) Status: Triaged = In Progress ** Changed in: linux (Ubuntu Karmic) Status: Triaged = In Progress -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
This kernel allows me to have things like this in the profile and have it work as expected: /home/jamie/vms/isos/karmic/karmic-server-amd64.iso r, # don't audit writes to readonly media deny /home/jamie/vms/isos/karmic/karmic-server-amd64.iso w, Ie, jj's kernel fixes this for me. -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 453335] Re: apparmor complains about write access to a readonly file
I have placed a test kernel at http://kernel.ubuntu.com/~jj/linux-image-2.6.31-14-generic_2.6.31-14.48~jj_amd64.deb -- apparmor complains about write access to a readonly file https://bugs.launchpad.net/bugs/453335 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
