** Description changed: - The hooks documented in http://www.libvirt.org/hooks.html cannot be - executed, there are no mention of them in apparmor profile. + ============================================================== + SRU Justification: + 1. Impact: libvirt hooks cannot be used + 2. Development fix: add apparmor rule to allow use of libvirt hooks + 3. Stable fix: same as development fix + 4. Test case: + a. install libvirt + b. create /etc/libvirt/hooks/daemon containing: + #!/bin/sh << EOF + date >> /tmp/libvirt-hook-debug + EOF + c. stop libvirt-bin; start libvirt-bin + d. check whether /tmp/libvirt-hook-debug exists + 5. Regression potential: if the profile has a syntax error, it could cause problems loading the profile, or lead to too much or insufficient privilege for libvirt to run. + ============================================================== + The hooks documented in http://www.libvirt.org/hooks.html cannot be executed, there are no mention of them in apparmor profile. For example, "daemon" hook produces this message in the log: Nov 17 06:54:06 nexus kernel: [ 8914.624912] type=1400 audit(1321498446.082:65): apparmor="DENIED" operation="exec" parent=4756 profile="/usr/sbin/libvirtd" name="/etc/libvirt/hooks/daemon" pid=4757 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Description: Ubuntu 11.10 Release: 11.10 libvirt-bin: - Installed: 0.9.2-4ubuntu15.1 - Candidate: 0.9.2-4ubuntu15.1 - Version table: - *** 0.9.2-4ubuntu15.1 0 - 500 http://xx.archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages - 100 /var/lib/dpkg/status - 0.9.2-4ubuntu15 0 - 500 http://xx.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages + Installed: 0.9.2-4ubuntu15.1 + Candidate: 0.9.2-4ubuntu15.1 + Version table: + *** 0.9.2-4ubuntu15.1 0 + 500 http://xx.archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages + 100 /var/lib/dpkg/status + 0.9.2-4ubuntu15 0 + 500 http://xx.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/891472 Title: apparmor profile for libvirt does not allow hooks to be executed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/891472/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
