[Bug 1757150] [NEW] libvirtd apparmor profile disallows guestfwd commands

agmt Tue, 20 Mar 2018 07:31:38 -0700

Public bug reported:

Qemu netdev user config:
"
<qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-net-pci,netdev=net0'/>
    <qemu:arg value='-netdev'/>
    <qemu:arg value='user,id=net0,restrict=on,guestfwd=tcp:10.0.2.1:80-cmd:nc 
127.0.0.1 80'/>
</qemu:commandline>
"


Guest:
"
user@virt:~$ telnet 10.0.2.1 80
Trying 10.0.2.1...
Connected to 10.0.2.1.
Escape character is '^]'.
Error: execvp of nc failed: Permission denied
Connection closed by foreign host.
"

Host syslog: kernel: [ 3304.734625] audit: type=1400
audit(1521555265.758:307): apparmor="DENIED" operation="exec" profile
="libvirt-a5cd32fb-9e91-4a13-8f48-6cd724b84a00" name="/bin/nc.openbsd"
pid=8022 comm="qemu-system-x86" requested_mask="x" denied_mask="x"
fsuid=64055 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libvirt0 4.0.0-1ubuntu5
ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7
Uname: Linux 4.15.0-12-generic x86_64
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Mar 20 17:09:31 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-10-05 (166 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apparmor apport-bug bionic

** Attachment removed: "JournalErrors.txt"
   
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757150/+attachment/5084933/+files/JournalErrors.txt

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1757150

Title:
  libvirtd apparmor profile disallows guestfwd commands

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757150/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1757150] [NEW] libvirtd apparmor profile disallows guestfwd commands

Reply via email to