Thanks, Richard. I've uploaded the fix for quantal. To permit the SRU
for precise, could you check the 'test case' ('#4') in the sru
justification in the description and make sure it's right? I've pushed
the tree to precise-proposed, but will wait for your ok to subscribe the
ubuntu-sru team to this bug.
** Description changed:
- When using an iSCSI storage pool, libvirt tries to run
- /lib/udev/scsi_id, which is denied:
+ ================================================
+ SRU Justification:
+ 1. Impact: virtual machines using an iSCSI storage pool do not work
+ 2. Development fix: allow libvirt to execute /lib/udev/scsi_id
+ 3. Stable fix: same as development fix
+ 4. Test case: use an iscsi storage pool as backing store for a vm in
+ libvirt, and try to start it.
+ 5. Regression potential: if there were a syntax error in the update, the
+ apparmor policy could refuse to load. Otherwise none.
+ ================================================
+ When using an iSCSI storage pool, libvirt tries to run /lib/udev/scsi_id,
which is denied:
type=1400 audit(1335826589.499:26): apparmor="DENIED" operation="exec"
parent=29400 profile="/usr/sbin/libvirtd" name="/lib/udev/scsi_id"
pid=30552 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0
ouid=0
The apparmor policy should allow execution of /lib/udev/scsi_id.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libvirt-bin 0.9.8-2ubuntu17
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Mon Apr 30 23:49:46 2012
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64
(20120424.1)
ProcEnviron:
- TERM=xterm
- LANG=en_US.UTF-8
- SHELL=/bin/bash
+ TERM=xterm
+ LANG=en_US.UTF-8
+ SHELL=/bin/bash
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.local.usr.sbin.libvirtd:
- # Site-specific additions and overrides for usr.sbin.libvirtd.
- # For more details, please see /etc/apparmor.d/local/README.
- /lib/udev/scsi_id PUx,
+ # Site-specific additions and overrides for usr.sbin.libvirtd.
+ # For more details, please see /etc/apparmor.d/local/README.
+ /lib/udev/scsi_id PUx,
modified.conffile..etc.logrotate.d.libvirtd: [modified]
modified.conffile..etc.logrotate.d.libvirtd.lxc: [modified]
modified.conffile..etc.logrotate.d.libvirtd.qemu: [modified]
modified.conffile..etc.logrotate.d.libvirtd.uml: [modified]
mtime.conffile..etc.apparmor.d.local.usr.sbin.libvirtd:
2012-04-30T21:41:20.815809
mtime.conffile..etc.logrotate.d.libvirtd: 2012-04-30T17:53:14.571061
mtime.conffile..etc.logrotate.d.libvirtd.lxc: 2012-04-30T17:53:14.575062
mtime.conffile..etc.logrotate.d.libvirtd.qemu: 2012-04-30T17:53:14.575062
mtime.conffile..etc.logrotate.d.libvirtd.uml: 2012-04-30T17:53:14.579062
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992378
Title:
libvirt apparmor policy does not allow /lib/udev/scsi_id
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/992378/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
