aims team mailing list archive

Thread
Date
[Bug 1393842] Re: libvirt does not grant qemu-guest-agent channel perms

To: aims@xxxxxxxxxxxxxxxxxxx
From: ChristianEhrhardt <1393842@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Aug 2017 11:23:49 -0000
Reply-to: Bug 1393842 <1393842@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
There actually is the common virt-aa-helper on channels even back then in Trusty.
This was changed a few times and the special tweak that generates the rule was dropped later as along the new namespacing there are now valid rules per entry.

Anyway for trusty backporting all those complex changes would be not in
the SRU mindset, so stick to the proposal I made above.

Please - at least one of the affected users, test the ppa in [1].
If that is successful for you as well and you are willing to also help me verify the eventual SRU we could go forward with that.

My Testing from ppa seems good - log below:

#1 clean env (dir not pre-existing)
#1.1 dir exists after install - ok
#1.2 right ownership - ok
#1.3 socket created - ok
     /var/lib/libvirt/qemu/channel/target/kvmguest-testgachannel.org.qemu.guest_agent.0=
#1.4 apparmor rule - ok
     owner "/var/lib/libvirt/qemu/channel/target/kvmguest-testgachannel.**" rw,
#1.5 Guest working - ok

#2 dir pre-existing but under right ownership/perm
#2.1 - #2.5 as in #1 - ok
#2.6 - no error/conflict due to existing dir

#3 dir pre-existing but under other ownership/perm
#3.1 dir exists after install - ok
#3.2 ownership preserved from before install - ok
#3.3 - apparmor rule creates correctly - ok
#3 fails due to ownership not allowing qemu to create our example guest, but we want to preserve what a user has set up - so ok

[1]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2923

-- 
You received this bug notification because you are a member of AIMS,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1393842

Title:
  libvirt does not grant qemu-guest-agent channel perms

Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Trusty:
  Incomplete

Bug description:
  =======================================
  1. Impact: cannot create a default RHEL7 vm in virt-manager
  2. fix: allow use of qemu-guest-agent channel
  3. test case: see in description below.  Create a VM in virt-manager specifying
     Linux os and RHEL7.
  4. Regression potential: there should be none.  We are only adding an
     apparmor permission for unix sockets which libvirt creates when needed
     for kvm vms.
  =======================================

  Create a new VM, choose Linux for OS type and Red Hat Enterprise Linux
  7 (or later) for Version. Proceed through the wizard leaving all other
  options unchanged. On clicking Finish, the following error is
  displayed:

  Unable to complete install: 'internal error: process exited while connecting to monitor: 2014-11-18T16:00:11.802430Z qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rhel7.org.qemu.guest_agent.0,server,nowait: Failed to bind socket: No such file or directory
  2014-11-18T16:00:11.802483Z qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rhel7.org.qemu.guest_agent.0,server,nowait: chardev: opening backend "socket" failed
  '

  Traceback (most recent call last):
    File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in cb_wrapper
      callback(asyncjob, *args, **kwargs)
    File "/usr/share/virt-manager/virtManager/create.py", line 1820, in do_install
      guest.start_install(meter=meter)
    File "/usr/share/virt-manager/virtinst/guest.py", line 403, in start_install
      noboot)
    File "/usr/share/virt-manager/virtinst/guest.py", line 467, in _create_guest
      dom = self.conn.createLinux(start_xml or final_xml, 0)
    File "/usr/lib/python2.7/dist-packages/libvirt.py", line 3398, in createLinux
      if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
  libvirtError: internal error: process exited while connecting to monitor: 2014-11-18T16:00:11.802430Z qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rhel7.org.qemu.guest_agent.0,server,nowait: Failed to bind socket: No such file or directory
  2014-11-18T16:00:11.802483Z qemu-system-x86_64: -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rhel7.org.qemu.guest_agent.0,server,nowait: chardev: opening backend "socket" failed

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: virt-manager 1:1.0.1-0ubuntu2
  ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4
  Uname: Linux 3.16.0-24-generic x86_64
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: amd64
  CurrentDesktop: KDE
  Date: Tue Nov 18 15:55:59 2014
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-11-07 (11 days ago)
  InstallationMedia: Kubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
  PackageArchitecture: all
  SourcePackage: virt-manager
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842/+subscriptions