kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #98153
[Bug 453335] Re: apparmor complains about write access to a readonly file
I think this is actually causing a moderately serious regression with
snapshots.
If you look at the contents of an apparmor define for an example VM the
deny that silences the error here also prevents snapshot commits from
working and because the error is hidden makes this extra difficult to
debug.
"/var/log/libvirt/**/OpenWRT.log" w,
"/var/lib/libvirt/**/OpenWRT.monitor" rw,
"/var/run/libvirt/**/OpenWRT.pid" rwk,
"/run/libvirt/**/OpenWRT.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw,
"/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw,
"/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4-zfs-1.qcow2" rw,
"/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" r,
# don't audit writes to readonly files
deny "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" w,
/dev/vhost-net rw,
"/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" rw,
The bug number for the snapshot bug is #453335
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/453335
Title:
apparmor complains about write access to a readonly file
Status in libvirt package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in libvirt source package in Lucid:
Fix Released
Status in linux source package in Lucid:
Fix Released
Status in libvirt source package in Karmic:
Fix Released
Status in linux source package in Karmic:
Fix Released
Bug description:
When doing libvirt/apparmor ISO testing, I noticed that if I try to create a VM via an ISO image, I get the following apparmor denied message:
type=APPARMOR_DENIED msg=audit(1255714703.311:56): operation="open" pid=31330 parent=1 profile="libvirt-7e7f916e-ff5a-c997-e9f6-c379793fd5be" requested_mask="::rw" denied_mask="::w" fsuid=0 ouid=1000 name="/home/jamie/vms/isos/karmic/karmic-desktop-i386.iso"
What is happening is that libvirt is for some reason trying to write to this file, but it shouldn't. virt-manager shows this device as readonly and the XML for the VM shows it too:
<disk type='file' device='cdrom'>
<source file='/home/jamie/vms/isos/karmic/karmic-desktop-i386.iso'/>
<target dev='hdc' bus='ide'/>
<readonly/>
</disk>
The installation proceeds just fine and this isn't a regression, but
libvirt should not try to write to installation media like this. I
encountered this when installing via virt-manager using the following:
local ISO, os type: generic/generic, kvm/i686, 512, 1 vcpu, 8GB disk,
don't allocate now
ProblemType: Bug
Architecture: amd64
Date: Fri Oct 16 12:47:32 2009
DistroRelease: Ubuntu 9.10
Package: libvirt-bin 0.7.0-1ubuntu11
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.47-generic
SourcePackage: libvirt
Uname: Linux 2.6.31-14-generic x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/453335/+subscriptions