group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1686324] Re: usb hostdev passthrough generates the wrong apparmor rules

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Christian Ehrhardt  <1686324@xxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Nov 2021 10:54:05 -0000
Reply-to: Bug 1686324 <1686324@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

While clearing old bugs I found this one and priority for Xenila/Zesty
backports never was important to anyone. Nowadays those are on ESM
support and since there is a workaround (rule overrides) and this isn't
a security issue I'll set Won't Fix for those.

** Changed in: libvirt (Ubuntu Xenial)
       Status: New => Won't Fix

** Changed in: libvirt (Ubuntu Zesty)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1686324

Title:
  usb hostdev passthrough generates the wrong apparmor rules

Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Xenial:
  Won't Fix
Status in libvirt source package in Zesty:
  Won't Fix
Status in libvirt source package in Artful:
  Fix Released

Bug description:
  [Impact]

   * USB Host devices fail to add statically

   * The reason is that libvirt has not yet initialized usb devices

   * Fix by back-porting small upstream change

  [Test Case]

   * Create a VM Guest (e.g. via uvtool)
   * Shut down the guest
   * virsh edit <guestname>
   * Add a usb hostdev from your System (check lsusb for IDs)
   * See the original description below for XML examples
   * Starting the guest will create a wrong rule
       "/dev/bus/usb/000/000" rw,
     And due to that fails to start.

  [Regression Potential]

   * The change is small and only makes certain values available to
  libvirt

   * The only thing I could think of regressing is if that 
     virHostdevFindUSBDevice would crash on some systems, but then it would 
     fail later on in the lifecycle even without the patch - so we should be 
     safe IMHO.

  [Other Info]
   
   * I waited to be accepted upstream to be more confident which is 
     partially why this took so long but provides some extra confidence.

  
  ---

  
  Libvirt-aa-helper seems to have a bug when adding usb passthrough devices statically.

  On hotplug with:
  $ cat sandisk-usb.xml
  <hostdev mode='subsystem' type='usb' managed='yes'>
      <source>
          <!--
            idVendor           0x0781 SanDisk Corp.
            idProduct          0x5580 SDCZ80 Flash Drive
          -->
          <vendor id='0x0781'/>
          <product id='0x5580'/>
      </source>
  </hostdev>

  $ virsh attach-device z-test1 sandisk-usb.xml

  It generates correctly:
  "/dev/bus/usb/003/003" rw,

  But if adding the same XML part to the guest xml itself it generates:
  "/dev/bus/usb/000/000" rw,

  And as a follow on issue the guest start fails with:
  libusb: error [_get_usbfs_fd] libusb couldn't open USB device /dev/bus/usb/003/003: Permission denied
  Due to:
  apparmor="DENIED" operation="open" profile="libvirt-adc578cb-905f-41fc-9be2-9fb81f6a6073" name="/dev/bus/usb/003/003" pid=22879 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=123 ouid=123

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1686324/+subscriptions