[Bug 1633207] Re: VM fails to start with dac security driver added

Thu, 27 Oct 2016 07:59:49 -0700 

After a bit of twiddling I found a somewhat reasonable repro with the
virt-aa-helper tool.

diff -Naur yakkety-sec-dac.xml yakkety-sec-nodac.xml
--- yakkety-sec-dac.xml 2016-10-27 14:32:39.565995840 +0000
+++ yakkety-sec-nodac.xml       2016-10-27 14:32:45.097973456 +0000
@@ -60,6 +60,5 @@
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' 
function='0x0'/>
     </memballoon>
   </devices>
-  <seclabel type='dynamic' model='dac' relabel='yes'/>
 </domain>

So the only diff is if the dac seclabel is here or not.

$ sudo /usr/lib/libvirt/virt-aa-helper -d -r -p 0 -u 
libvirt-6e082f89-902c-413c-9d9e-f609089d3374 < yakkety-sec-dac.xml 
virt-aa-helper: error: could not parse XML
virt-aa-helper: error: could not get VM definition

$ sudo /usr/lib/libvirt/virt-aa-helper -d -r -p 0 -u 
libvirt-6e082f89-902c-413c-9d9e-f609089d3374 < yakkety-sec-nodac.xml 
virt-aa-helper:
/etc/apparmor.d/libvirt/libvirt-6e082f89-902c-413c-9d9e-f609089d3374.files
virt-aa-helper:
  "/var/log/libvirt/**/yakkety-sec-dac.log" w,
  "/var/lib/libvirt/qemu/domain-yakkety-sec-dac/monitor.sock" rw,
  "/var/lib/libvirt/qemu/domain--1-yakkety-sec-dac/*" rw,
  "/var/lib/libvirt/qemu/channel/target/domain--1-yakkety-sec-dac/*" rw,
  "/var/run/libvirt/**/yakkety-sec-dac.pid" rwk,
  "/run/libvirt/**/yakkety-sec-dac.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.yakkety-sec-dac" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.yakkety-sec-dac" rw,
  "/var/lib/uvtool/libvirt/images/yakkety-sec-dac.qcow" rw,
  
"/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTYuMTA6YW1kNjQgMjAxNjEwMjI="
 r,
  "/var/lib/uvtool/libvirt/images/yakkety-sec-dac-ds.qcow" rw,
  # for qemu guest agent channel
  owner "/var/lib/libvirt/qemu/channel/target/domain-yakkety-sec-dac/**" rw,
  /dev/vhost-net rw,

New running debuild locally on xenial and yakkety libvirt to have the
packaged aa-helper in a debuggable and recompilable fashion.

** Changed in: libvirt (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1633207

Title:
  VM fails to start with dac security driver added

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1633207/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to