yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1388132] [NEW] [compute] Ceph client key missing in libvirt apparmor profile

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Dr. Jens Rosenboom" <j.rosenboom@xxxxxxxx>
Date: Fri, 31 Oct 2014 15:12:28 -0000
Reply-to: Bug 1388132 <1388132@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

This happens when booting an instance while nova has ceph backend
enabled:

Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.770442] type=1400 audit(1414764419.818:29): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/tmp/" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.770454] type=1400 audit(1414764419.818:30): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/var/tmp/" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.776679] type=1400 audit(1414764419.826:31): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/etc/ceph/ceph.client.cindy.keyring" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=1000

The keyring should not be used at all, since the secret is defined as
virsh secret.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1388132

Title:
  [compute] Ceph client key missing in libvirt apparmor profile

Status in OpenStack Compute (Nova):
  New

Bug description:
  This happens when booting an instance while nova has ceph backend
  enabled:

  Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.770442] type=1400 audit(1414764419.818:29): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/tmp/" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
  Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.770454] type=1400 audit(1414764419.818:30): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/var/tmp/" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=0
  Oct 31 14:06:59 vagrant-ubuntu-trusty-64 kernel: [ 8264.776679] type=1400 audit(1414764419.826:31): apparmor="DENIED" operation="open" profile="libvirt-1550f42a-1b8b-4db5-9458-d5b9f496cc0c" name="/etc/ceph/ceph.client.cindy.keyring" pid=25660 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 ouid=1000

  The keyring should not be used at all, since the secret is defined as
  virsh secret.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1388132/+subscriptions

Follow ups

[Bug 1388132] Re: [compute] Ceph client key missing in libvirt apparmor profile
From: Sean Dague, 2015-04-01
[Bug 1388132] [NEW] [compute] Ceph client key missing in libvirt apparmor profile
From: Dr. Jens Rosenboom, 2014-10-31

References

[Bug 1388132] [NEW] [compute] Ceph client key missing in libvirt apparmor profile
From: Dr. Jens Rosenboom, 2014-10-31