[Bug 1573192] [NEW] apparmor prevents using SCSI hostdevs

Simon Déziel Thu, 21 Apr 2016 11:56:54 -0700

Public bug reported:

Trying to pass a SCSI device from the host to a VM with this XML
definition:


  <hostdev mode='subsystem' type='scsi' managed='no' sgio='filtered' rawio='no'>
    <source>
      <adapter name='scsi_host2'/>
      <address bus='0' target='0' unit='0'/>
    </source>
    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
  </hostdev>

Results in Apparmor denials like this during the VM startup:

apparmor="DENIED" operation="open" 
profile="libvirt-65e0d1b9-f6b1-4926-8648-dc685778555a" name="/dev/sg2" pid=7904 
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=111 ouid=111
apparmor="DENIED" operation="open" 
profile="libvirt-65e0d1b9-f6b1-4926-8648-dc685778555a" name="/dev/sg2" pid=7904 
comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=111


Workaround: add "owner /dev/sg2 rw," to 
/etc/apparmor.d/abstractions/libvirt-qemu

Additional information:

# lsb_release -rd
Description:    Ubuntu 16.04 LTS
Release:        16.04
# apt-cache policy libvirt-bin apparmor
libvirt-bin:
  Installed: 1.3.1-1ubuntu10
  Candidate: 1.3.1-1ubuntu10
  Version table:
 *** 1.3.1-1ubuntu10 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status
apparmor:
  Installed: 2.10.95-0ubuntu2
  Candidate: 2.10.95-0ubuntu2
  Version table:
 *** 2.10.95-0ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: libvirt-bin 1.3.1-1ubuntu10
ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6
Uname: Linux 4.4.0-21-generic x86_64
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Apr 21 14:34:10 2016
KernLog:
 
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission 
denied: '/etc/libvirt/qemu.conf']
modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted]

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug xenial

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1573192

Title:
  apparmor prevents using SCSI hostdevs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1573192/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1573192] [NEW] apparmor prevents using SCSI hostdevs

Reply via email to