Use a guest XML that already combines the USB Hostdev in it.
# cat testguest.xml
<domain type='kvm'>
<name>testguest</name>
<uuid>deadbeef-dead-beef-dead-beefdeadbeef</uuid>
<memory unit='KiB'>1024</memory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-zesty'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu'/>
<source file='/var/lib/libvirt/images/A.img'/>
<target dev='vda'/>
</disk>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
<product id='0x0825'/>
</source>
</hostdev>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'/>
</domain>
root@ubuntu:~# virsh define testguest.xml
Domain testguest defined from testguest.xml
root@ubuntu:~# virsh start testguest
error: Failed to start domain testguest
error: internal error: process exited while connecting to monitor: warning:
host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2]
2017-10-25T10:31:34.412297Z qemu-system-x86_64: -device
usb-host,hostbus=2,hostaddr=10,id=hostdev0,bus=usb.0,port=1: failed to find
host usb device 2:10
Along that there are Apparmor denials:
[ 2260.676741] audit: type=1400 audit(1508927494.409:129): apparmor="DENIED"
operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef"
name="/run/udev/data/c189:133" pid=9571 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677046] audit: type=1400 audit(1508927494.409:132): apparmor="DENIED"
operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef"
name="/run/udev/data/c189:256" pid=9571 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677424] audit: type=1400 audit(1508927494.410:135): apparmor="DENIED"
operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef"
name="/run/udev/data/c189:129" pid=9571 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677733] audit: type=1400 audit(1508927494.410:137): apparmor="DENIED"
operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef"
name="/run/udev/data/c189:0" pid=9571 comm="qemu-system-x86" requested_mask="r"
denied_mask="r" fsuid=64055 ouid=0
The failed Profile for the guest has the wrong rule:
root@ubuntu:~# grep usb
/etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
"/dev/bus/usb/000/000" rw,
# After upgrading to proposed no more errors while doing that.
root@ubuntu:~# apt install libvirt-daemon-system=3.6.0-1ubuntu6
libvirt-clients=3.6.0-1ubuntu6 libvirt-daemon=3.6.0-1ubuntu6
libvirt0=3.6.0-1ubuntu6
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
numad radvd auditd systemtap nfs-common zfsutils pm-utils
The following packages will be upgraded:
libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0
4 upgraded, 0 newly installed, 0 to remove and 29 not upgraded.
Need to get 4058 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64
libvirt-daemon-system amd64 3.6.0-1ubuntu6 [78.5 kB]
Get:2 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64
libvirt-clients amd64 3.6.0-1ubuntu6 [587 kB]
Get:3 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64
libvirt-daemon amd64 3.6.0-1ubuntu6 [2149 kB]
Get:4 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt0
amd64 3.6.0-1ubuntu6 [1243 kB]
Fetched 4058 kB in 1s (3440 kB/s)
Preconfiguring packages ...
(Reading database ... 149517 files and directories currently installed.)
Preparing to unpack .../libvirt-daemon-system_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon-system (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-clients_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-clients (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-daemon_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt0_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt0:amd64 (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libvirt0:amd64 (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon (3.6.0-1ubuntu6) ...
Processing triggers for libc-bin (2.26-0ubuntu2) ...
Processing triggers for systemd (234-2ubuntu12) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libvirt-clients (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon-system (3.6.0-1ubuntu6) ...
Installing new version of config file /etc/apparmor.d/abstractions/libvirt-qemu
...
virtlockd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.
root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# virsh list --all
Id Name State
----------------------------------------------------
- testguest shut off
root@ubuntu:~# virsh start testguest
Domain testguest started
The rule is correct now:
root@ubuntu:~# grep usb
/etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
"/dev/bus/usb/002/010" rw,
=> Verified
Note: since you likely came here for having issues with USB passthrough. While
working on this I found related issues, please check the following bugs to be
sure you not just have to add a config or so:
- bug 1727311
- bug 1727313
** Tags removed: verification-needed verification-needed-artful
** Tags added: verification-done verification-done-artful
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1686324
Title:
usb hostdev passthrough generates the wrong apparmor rules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1686324/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
