group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1552241] Re: libvirt-bin apparmor settings for usb host device

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1552241@xxxxxxxxxxxxxxxxxx>
Date: Wed, 01 Nov 2017 00:27:49 -0000
Reply-to: Bug 1552241 <1552241@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package libvirt - 3.6.0-1ubuntu6

---------------
libvirt (3.6.0-1ubuntu6) artful; urgency=medium

  * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
    files (LP: #1726804)
  * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
    fix path generation for USB host devices (LP: #1552241)
  * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
    generate valid rules on usb passthrough (LP: #1686324)

 -- Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>  Tue, 24 Oct
2017 14:30:34 +0200

** Changed in: libvirt (Ubuntu Artful)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1552241

Title:
  libvirt-bin apparmor settings for usb host device

Status in libvirt package in Ubuntu:
  Fix Committed
Status in libvirt source package in Xenial:
  New
Status in libvirt source package in Zesty:
  New
Status in libvirt source package in Artful:
  Fix Released

Bug description:
  [Impact]

   * A while ago qemu switched to libusb, since then qemu fails to scan for 
     usb devices. Thereby it fails to use them for passthrough.

   * This

   * Fix by back-porting small upstream change

  [Test Case]

   * Create a VM Guest (e.g. via uvtool)
   * Create a XMl file desrcibing a usb hostdev from your System (check lsusb for IDs)
   * See the c#3 for XML examples
   * Then add that to your guest with
     $ virsh attach-device <guestname> <xml-describing-your-device>

   * Without the fix you'll see apparmor blocks and a fail to generate the rules
   * With the fix it works

  [Regression Potential]

   * The change "only" allows to access a few more files udev populates. In 
     those it is still restricted to just USB types - that seems safe to me.

   * If no USB devices are used in the guest config (or via hot-add) then it 
     is not initialized and thereby the rules not needed.

   * But if users use USB Host devices they now can work due to the fix. And 
     "suddenly working" is not a regression but a fix.

  [Other Info]
   
   * I waited to be accepted upstream to be more confident which is 
     partially why this took so long but provides some extra confidence.

   * This was long in discussion here since the suggestions always had a bit 
     of a very open blanket apparmor rule, but we now found a minimal one to 
     work and that was upstreamable.

  ---

  
  This fix is for Ubuntu Xenial

  The following file needs some fixes in order to work for usb host device access:
  /etc/apparmor.d/abstractions/libvirt-qemu

  The line is wrong:
    /sys/devices/**/usb[0-9]*/** r,
  correct is:
    /sys/devices/*/*/usb[0-9]*/** r,

  This line is missing:
    /run/udev/data/** r,

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1552241/+subscriptions