← Back to team overview

kernel-packages team mailing list archive

[Bug 1378434] IwConfig.txt

 

apport information

** Attachment added: "IwConfig.txt"
   https://bugs.launchpad.net/bugs/1378434/+attachment/4227593/+files/IwConfig.txt

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1378434

Title:
  14.04: libvirt-qemu/apparmor: missing permissions for 9p shares

Status in “linux” package in Ubuntu:
  New

Bug description:
  I have an asterisk server running in a KVM and give it access to the storage array of the host via 9p.
  /etc/apparmor.d/abstractions/libvirt-qemu was missing the permissions for capa fowner and capa fsetid which are necessary for full access to the shares and which I fixed myself. Now, additionally, it seems that the helper for the KVMs only sets r and w permissions for the 9p shares. For full access in this case, also the link permission is needed. Manually adding the l flag to /etc/apparmor.d/libvirt-qemu/<UUID>.files does NOT work. The permission structure seems to be hardcoded in the source of the helper. Typical log entry:

  Oct  7 19:04:14 nostromo kernel: [498751.395000] type=1400
  audit(1412697854.669:203): apparmor="DENIED" operation="link" profile
  ="libvirt-d2719da3-1869-9cee-b02f-8d86458bbea2"
  name="/storage/asterisk/spool/voicemail/default/1102/Old/.lock"
  pid=7775 comm="pool" requested_mask="l" denied_mask="l" fsuid=0 ouid=0
  target="/storage/asterisk/spool/voicemail/default/1102/Old/.lock-
  0fc30204"

  Possible solutions:
  a) Add l permission to the source of the helper
  b) Un-hardcode the permissions set by the helper and make them configurable through an /etc/default config or similar. This would be a preferable solution.
  --- 
  AlsaDevices:
   total 0
   crw-rw---- 1 root audio 116,  1 Oct  2 00:29 seq
   crw-rw---- 1 root audio 116, 33 Oct  2 00:29 timer
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.14.1-0ubuntu3.4
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: [Errno 2] No such file or directory
  DistroRelease: Ubuntu 14.04
  HibernationDevice: RESUME=UUID=28b31865-bf30-4c40-a9a6-32d44abec88b
  InstallationDate: Installed on 2014-08-17 (50 days ago)
  InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3)
  MachineType: ASUSTeK COMPUTER INC. P9D-V Series
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  Package: linux (not installed)
  PciMultimedia:
   
  ProcFB: 0 astdrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-36-generic root=UUID=c61299e4-1f7f-4807-aff6-0a3b4028b88c ro
  ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-36-generic N/A
   linux-backports-modules-3.13.0-36-generic  N/A
   linux-firmware                             1.127.7
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  trusty
  Uname: Linux 3.13.0-36-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  _MarkForUpload: True
  dmi.bios.date: 11/13/2013
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 0601
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: P9D-V Series
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: Rev 1.xx
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 17
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0601:bd11/13/2013:svnASUSTeKCOMPUTERINC.:pnP9D-VSeries:pvrRev1.xx:rvnASUSTeKCOMPUTERINC.:rnP9D-VSeries:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct17:cvrToBeFilledByO.E.M.:
  dmi.product.name: P9D-V Series
  dmi.product.version: Rev 1.xx
  dmi.sys.vendor: ASUSTeK COMPUTER INC.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1378434/+subscriptions


References