[Bug 1756394] Re: Upgrading libvirt from 4.0.0-1ubuntu4 to 4.0.0-1ubuntu5 introduced a permission denied on device error

Mon, 19 Mar 2018 01:31:22 -0700 

Tried to recreate this while waiting on input:
# Get ZFS Device
 $ sudo zpool create zfsmirrortest mirror /dev/sda1 /dev/sdb1
 $ sudo zfs create -V 10G zfsmirrortest/vol1
# That gives me:
  /dev/zvol/zfsmirrortest/vol1 -> ../../zd0

# Get LVM Device
 $ sudo pvcreate /dev/sda2
 $ sudo pvcreate /dev/sdb2
 $ sudo vgcreate testlvm /dev/sda2 /dev/sdb2
 $ sudo lvcreate -n testvol1 -L 5g testlvm
# That gives me
  /dev/mapper/testlvm-testvol1 -> ../dm-0

We knoow that pools are broken with apparmor (which made me think this is  a 
dup to a known feature request bug at first), but lets use these devices as 
direct block devices.
That means:
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/zvol/zfsmirrortest/vol1'/>
      <target dev='vdc' bus='virtio'/>
    </disk>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/mapper/testlvm-testvol1'/>
      <target dev='vdd' bus='virtio'/>
    </disk>

I see for ZFS:
  Output: Could not open '/dev/zvol/zfsmirrortest/vol1': Permission denied
  Dmesg: apparmor="DENIED" ... name="/dev/zd0"

I see for LVM:
  Could not open '/dev/mapper/testlvm-testvol1': Permission denied
  Dmesg: apparmor="DENIED" ... name="/dev/dm-0"

For both I get unresolved rules with the latest libvirt:
$ /usr/lib/libvirt/virt-aa-helper -u 
libvirt-62298b25-ae68-408a-87be-835677d46c89 -r --dryrun < /tmp/test.xml
[...]
  "/dev/zvol/zfsmirrortest/vol1" rwk,
  "/dev/mapper/testlvm-testvol1" rwk,

Well I know why this breaks, this is just what the mentioned change should 
avoid.
Mabye there is an interaction how zfs/lvm are added and the fix that inverts it 
for those?

Further you don't need to fully install test versions for this.
I picked a .deb of an older build extracted with dpkg -x and then ran directly 
against this virt-aa-helper.
I got the expected:
  "/dev/zd0" rwk,
  "/dev/dm-0" rwk,

On the good side, I can recreate the issue and go on my own.

Never the less for completeness the data as asked comment #10 can still
help to find if you really face "the same".

** Changed in: libvirt (Ubuntu)
       Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1756394

Title:
  Upgrading libvirt from 4.0.0-1ubuntu4 to 4.0.0-1ubuntu5 introduced a
  permission denied on device error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1756394/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to