Re: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs fixing

Robert Dinse Thu, 04 Jun 2020 23:11:12 -0700

I will be rebooting one of the physical hosts in a little more than an
hour, I'll disable auto-start and try it.


-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
  Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
    Knowledgeable human assistance, not telephone trees or script readers.
  See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 5 Jun 2020, Christian Ehrhardt  wrote:

> Date: Fri, 05 Jun 2020 05:34:26 -0000
> From: Christian Ehrhardt  <1881...@bugs.launchpad.net>
> To: nan...@eskimo.com
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
>     fixing
> 
> Hmm,
> virt-manager can still set up a lot of different guest configurations.
> I've been using virt-manager guests as well and they don't show this.
>
> You said you see these messages after a reboot on auto-start.
> Can you try to un-break this a bit.
>
> For example:
> a) disable auto-starting the guests, does the libvirtd daemon still trigger 
> the denial at reboot?
> b) if (a) didn't trigger it, then does it happen once you start the guests?
> c) did you made any changes to /etc/libvirt/*?
> d) if (b) is true does it happen for all the guests?
> e) since the other bug report mentions scsi disks, does your host or guest 
> setup use scsi (or other less common disks)?
> f) if you find a particular guest that triggers it, could you share the guest 
> xml definition?
> ...
>
> -- 
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1881969
>
> Title:
>  apparmor profile for libvirtd/libvirt-daemon needs fixing
>
> Status in libvirt package in Ubuntu:
>  Incomplete
> Status in libvirt package in Debian:
>  Incomplete
>
> Bug description:
>  Libvirtd is trying to use a capability being denied it by apparmor.
>
>  [474656.842239] audit: type=1400 audit(1591211959.677:101):
>  apparmor="DENIED" operation="capable" profile="libvirtd" pid=3393444
>  comm="libvirtd" capability=17  capname="sys_rawio"
>
>  ProblemType: Bug
>  DistroRelease: Ubuntu 20.04
>  Package: libvirt-daemon 6.0.0-0ubuntu8.1
>  Uname: Linux 5.6.0 x86_64
>  ApportVersion: 2.20.11-0ubuntu27.2
>  Architecture: amd64
>  CasperMD5CheckResult: skip
>  CurrentDesktop: MATE
>  Date: Wed Jun  3 14:01:30 2020
>  InstallationDate: Installed on 2017-05-27 (1103 days ago)
>  InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412)
>  SourcePackage: libvirt
>  UpgradeStatus: Upgraded to focal on 2020-04-26 (38 days ago)
>  modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [modified]
>  modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: 
> [modified]
>  modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [modified]
>  modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified]
>  mtime.conffile..etc.libvirt.nwfilter.allow-arp.xml: 
> 2017-05-27T04:38:59.454073
>  mtime.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: 
> 2017-05-27T04:38:58.894071
>  mtime.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: 
> 2017-05-27T04:38:58.990072
>  mtime.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: 
> 2017-05-27T04:38:59.714073
>  mtime.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: 
> 2017-05-27T04:38:59.522073
>  mtime.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: 
> 2018-10-27T01:48:21.872648
>  mtime.conffile..etc.libvirt.nwfilter.clean-traffic.xml: 
> 2017-05-27T04:38:59.582073
>  mtime.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: 
> 2017-05-27T04:38:58.942071
>  mtime.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: 
> 2017-05-27T04:38:59.870074
>  mtime.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: 
> 2017-05-27T04:38:59.818074
>  mtime.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: 
> 2017-05-27T04:38:59.110072
>  mtime.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: 
> 2017-05-27T04:38:59.178072
>  mtime.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: 
> 2017-05-27T04:38:59.774074
>  mtime.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: 
> 2017-05-27T04:38:59.254072
>  mtime.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: 
> 2017-05-27T04:38:59.394073
>  mtime.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: 
> 2017-05-27T04:38:59.646073
>  mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: 
> 2017-05-27T04:38:59.050072
>  mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: 
> 2017-05-27T04:38:59.322073
>  mtime.conffile..etc.libvirt.qemu.networks.default.xml: 
> 2017-05-27T04:38:58.478070
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969

Title:
  apparmor profile for libvirtd/libvirt-daemon needs fixing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs fixing

Reply via email to