Public bug reported:
When on ppc64el attaching a Virtual function there is an error seen in
dmesg.
[ 1124.853295] audit: type=1400 audit(1491468789.604:37):
apparmor="DENIED" operation="open" profile="libvirt-88b15add-b290-431d-
9e49-fa771588f2f5"
name="/sys/devices/pci0005:00/0005:00:00.0/0005:01:01.3/devspec"
pid=10779 comm="qemu-system-ppc" requested_mask="r" denied_mask="r"
fsuid=64055 ouid=0
This seems to be multiple levels of wrong, but good messages first - it
is non Fatal for the cases I've seen so far.
On ppc when attaching virtual functions it passes the function
spapr_phb_vfio_get_loc_code.
In there is the offending call:
g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
Host here is the pci device that is about to be attached.
I'm 98% convinced that even if would passing that the following call is broken
then still.
g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
IMHO should be
g_strdup_printf("/proc/device-tree/%s/ibm,loc-code", buf);
Assuming the likely bug above would be fixed along the commit the one
fixing it should also extend virt-aa-helper.c to generate entries for
the two paths that will be accessed:
So overall three todos:
1. fix device-tree path string
2. add device tree path to virt-aa-helper
3. add loc-code path to virt-aa-helper
Once that is upstream I'm happy to pick and backport if applicable.
So far this is non fatal since spapr_phb_get_loc_code has fallback code.
And IMHO - due to the latter issue even without the apparmor block so
far always the fallback code is used. If that is true and really working
everywhere one might consider dropping all the logic and only leaving
the fallback?
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1680386
Title:
virt-aa-helper to learn about VF devspec paths
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1680386/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
