touch-packages team mailing list archive

Thread
Date

[Bug 1307436] Re: cloudarchive-icehouse: virt-aa-helper: error: apparmor_parser exited with error

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Wed, 08 Oct 2014 21:50:02 -0000
Reply-to: Bug 1307436 <1307436@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I advise against backporting apparmor and suggest you simply adjust
debian/rules to filter out the offending rules or to ship a different
profile.

** Changed in: apparmor (Ubuntu)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1307436

Title:
  cloudarchive-icehouse: virt-aa-helper: error: apparmor_parser exited
  with error

Status in “apparmor” package in Ubuntu:
  Won't Fix
Status in “libvirt” package in Ubuntu:
  Confirmed

Bug description:
  With Ubuntu 12.04 Precise and Cloudarchive Icehouse libvirt
  1.2.2-0ubuntu11~cloud0 is not able to spawn a VM instance due to
  incompatible apparmor profile with apparmor 2.7.102-0ubuntu3.9
  (precise's version):

  2014-04-11 10:27:10.997+0000: 8616: error : virCommandWait:2399 :
  internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -c
  -u libvirt-d18f1dff-e275-4fcc-b712-2caf530aed74) unexpected exit
  status 1: virt-aa-helper: error: apparmor_parser exited with error

  Also starting apparmor with 1.2.2-0ubuntu11~cloud0 results in a
  apparmor_parser error:

  root@compute1:~# /etc/init.d/apparmor start
   * Starting AppArmor profiles
  AppArmor parser error for /etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 37: syntax error, unexpected TOK_CONDID, expecting TOK_MODE

  When OpenStack/Nova/libvirt tries to spawn an instance it fails due to
  following apparmor_parser issue:

  /etc/apparmor.d/libvirt/libvirt-3138433d-a124-40dd-9630-68a9e227b0bd
  in /etc/apparmor.d/abstractions/libvirt-qemu at line 143: syntax error, unexpected TOK_OPENPAREN, expecting TOK_MODE

  New offending profile entries for apparmor 2.7.102-0ubuntu3.9 seems to
  be:

  /etc/apparmor.d/usr.sbin.libvirtd:
    dbus bus=system,
    signal,
    ptrace,

  /etc/apparmor.d/abstractions/libvirt-qemu:
    signal (receive) peer=/usr/sbin/libvirtd,
    ptrace (tracedby) peer=/usr/sbin/libvirtd,

  Reverting those entries allows again to spawn a VM instance with
  OpenStack Icehouse RC2 from Cloudarchive-Ichouse on Ubuntu 12.04
  Precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1307436/+subscriptions