** Also affects: libvirt (Ubuntu Saucy)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Saucy)
Importance: Undecided => High
** Changed in: libvirt (Ubuntu Saucy)
Status: New => Triaged
** Description changed:
+ =================================================
+ SRU Justification
+ =================================================
+ 1. Impact: users cannot use hugepages
+ 2. Development fix: allow libvirt to write to its own hugepage files
+ 3. Stable fix: same as development fix
+ 4. Test case: see below
+ 5. Regression potential: we only add a new apparmor permission to files owned
by libvirt, so there should be no regressions.
+ ====================================================
+
The generated Apparmor policy prevents a guest from using huge pages.
Steps to reproduce:
1) Set KVM_HUGEPAGES=1 in /etc/default/qemu-kvm
2) restart qemu-kvm
3) sysctl vm.nr_hugepages = 256
4) virsh define/edit test-guest
- ...
- <memoryBacking>
- <hugepages/>
- </memoryBacking>
- ...
+ ...
+ <memoryBacking>
+ <hugepages/>
+ </memoryBacking>
+ ...
5) virsh start test-guest
6) check /var/log/kern.log searching for:
- apparmor="DENIED" operation="mknod" parent=1
profile="libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658"
name="/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U" pid=4035
comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
+ apparmor="DENIED" operation="mknod" parent=1
profile="libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658"
name="/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U" pid=4035
comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
+ As a temporary measure, I added this to /etc/apparmor.d/abstractions
+ /libvirt-qemu:
- As a temporary measure, I added this to
/etc/apparmor.d/abstractions/libvirt-qemu:
-
- owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
+ owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
And it works. A better fix would be to fix the policy generator because
the huge pages is now pretty visible since it is in /etc/default/qemu-
kvm.
Even if this bug is related to LP: #1001584 I think it's 2 different
issues.
-
# lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10
# apt-cache policy libvirt-bin
libvirt-bin:
- Installed: 1.1.1-0ubuntu8.1
- Candidate: 1.1.1-0ubuntu8.1
- Version table:
- *** 1.1.1-0ubuntu8.1 0
- 500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64
Packages
- 100 /var/lib/dpkg/status
- 1.1.1-0ubuntu8 0
- 500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
+ Installed: 1.1.1-0ubuntu8.1
+ Candidate: 1.1.1-0ubuntu8.1
+ Version table:
+ *** 1.1.1-0ubuntu8.1 0
+ 500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64
Packages
+ 100 /var/lib/dpkg/status
+ 1.1.1-0ubuntu8 0
+ 500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1250216
Title:
apparmor policy prevents using hugepages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1250216/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
