[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
This bug was fixed in the package libvirt - 0.7.0-1ubuntu13.1 --- libvirt (0.7.0-1ubuntu13.1) karmic-proposed; urgency=low * debian/patches/9093-lp460271.patch: require absolute path for dynamic added files (LP: #460271) * debian/patches/9094-lp453335.patch: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly. (LP: #453335) * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to work (LP: #461528) * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) -- Jamie Strandboge ja...@ubuntu.com Mon, 09 Nov 2009 17:12:32 -0600 ** Changed in: libvirt (Ubuntu Karmic) Status: Fix Committed = Fix Released -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
Bryan, your issue is due to bug #466315, which will be fixed in a future update. -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
** Tags added: verification-done ** Tags removed: verification-needed -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
I had to run '/etc/init.d/apparmor reload' after upgrading to the packages in -proposed before libvirt would properly start. ** Attachment added: output of my upgrade session http://launchpadlibrarian.net/35806805/462000.notes -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
Accepted libvirt into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Tags added: verification-needed -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
This now works in 0.7.0-1ubuntu13.1. ** Description changed: TEST CASE; 1. adjust /etc/libvirt/libvirtd.conf to have: listen_tls = 0 listen_tcp = 1 2. Restart libvirt in listen mode: $ sudo /etc/init.d/libvirt-bin stop $ sudo libvirtd -d --listen 3. see if it worked: - $ virsh qemu+tcp://ip address of remote libvirtd/system capabilities + $ virsh -c qemu+tcp://127.0.0.1/system capabilities Please enter your authentication name: If you are prompted for authentication in step #3, then everything is fine (can't authenticate because we haven't setup sasl). Currently get the following output from libvirtd in step #2: 14:48:14.916: warning : qemudStartup:521 : Unable to create cgroup for driver: No such device or address 14:48:15.005: warning : lxcStartup:1460 : Unable to create cgroup for driver: No such device or address 14:48:15.017: error : remoteMakeSockets:584 : socket: Permission denied And in dmesg: Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438021] type=1503 audit(1256654895.009:40): operation=socket_create pid=15842 parent=11268 profile=/usr/sbin/libvirtd family=inet6 sock_type=dgram protocol=0 Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438093] type=1503 audit(1256654895.009:41): operation=socket_create pid=15842 parent=11268 profile=/usr/sbin/libvirtd family=inet6 sock_type=stream protocol=6 Need to add the following to the profile: - network inet6 stream, - network inet6 dgram, + network inet6 stream, + network inet6 dgram, -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
** Also affects: libvirt (Ubuntu Lucid) Importance: Low Assignee: Jamie Strandboge (jdstrand) Status: In Progress -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
This bug was fixed in the package libvirt - 0.7.0-1ubuntu14 --- libvirt (0.7.0-1ubuntu14) lucid; urgency=low * debian/patches/9093-lp460271.patch: require absolute path for dynamic added files (LP: #460271) * debian/patches/9094-lp453335.patch: suppress confusing and misleading apparmor denied message when kvm/qemu tries to open a libvirt specified readonly file (such as a cdrom) with write permissions. libvirt uses the readonly attribute for the security driver only, and has no way of telling kvm/qemu that the device should be opened readonly. (LP: #453335) * debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to work (LP: #461528) * debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000) -- Jamie Strandboge ja...@ubuntu.com Mon, 09 Nov 2009 17:11:05 -0600 ** Changed in: libvirt (Ubuntu Lucid) Status: In Progress = Fix Released -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
SRU Impact: qemu+tcp:// connections no longer work Bug is addressed in Lucid by adding 'inet dgram6' and 'inet6 stream' to the usr.sbin.libvirtd profile See description The regression potential is considered extremely low. It only allows additional access the the profile previously denied. -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
** Changed in: libvirt (Ubuntu Karmic) Status: In Progress = Fix Committed ** Changed in: libvirt (Ubuntu Lucid) Milestone: karmic-updates = None -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 462000] Re: apparmor disallows qemu+tcp:// connections
** Description changed: TEST CASE; 1. adjust /etc/libvirt/libvirtd.conf to have: listen_tls = 0 listen_tcp = 1 2. Restart libvirt in listen mode: $ sudo /etc/init.d/libvirt-bin stop $ sudo libvirtd -d --listen 3. see if it worked: $ virsh qemu+tcp://ip address of remote libvirtd/system capabilities Please enter your authentication name: If you are prompted for authentication in step #3, then everything is fine (can't authenticate because we haven't setup sasl). Currently get the following output from libvirtd in step #2: 14:48:14.916: warning : qemudStartup:521 : Unable to create cgroup for driver: No such device or address 14:48:15.005: warning : lxcStartup:1460 : Unable to create cgroup for driver: No such device or address 14:48:15.017: error : remoteMakeSockets:584 : socket: Permission denied And in dmesg: Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438021] type=1503 audit(1256654895.009:40): operation=socket_create pid=15842 parent=11268 profile=/usr/sbin/libvirtd family=inet6 sock_type=dgram protocol=0 Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438093] type=1503 audit(1256654895.009:41): operation=socket_create pid=15842 parent=11268 profile=/usr/sbin/libvirtd family=inet6 sock_type=stream protocol=6 Need to add the following to the profile: + network inet6 stream, + network inet6 dgram, ** Tags added: apparmor ** Also affects: libvirt (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: libvirt (Ubuntu Karmic) Importance: Undecided = Low ** Changed in: libvirt (Ubuntu Karmic) Status: New = In Progress ** Changed in: libvirt (Ubuntu Karmic) Milestone: None = karmic-updates ** Changed in: libvirt (Ubuntu Karmic) Assignee: (unassigned) = Jamie Strandboge (jdstrand) -- apparmor disallows qemu+tcp:// connections https://bugs.launchpad.net/bugs/462000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
