[Bug 545795] Re: apparmor driver blocks access to hostdev and pcidev devices
Andreas Ntaflos
daff at dword.org
Tue May 4 15:16:47 BST 2010
Interestingly, or perhaps not, merely running /etc/init.d/apparmor stop
isn't enough. I stop AppArmor, restart Libvirt and then start my VMs.
However upon starting a VM an AppArmor profile still gets loaded and
thus AppArmor denies access to the USB device I want to pass through. I
have to run /etc/init.d/apparmor stop again after the VM has been
started. Then access to the USB device is allowed.
Looks weird to me but I haven't yet fully understood how and when
AppArmor profiles are loaded. But I don't understand why it would deny
access to a directory structure that is explicitly permitted in the
profile:
May 4 15:56:27 TESTHOST kernel: [75138.174346] type=1503
audit(1272981387.661:879): operation="open" pid=8053 parent=1 profile
="libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e" requested_mask="r::"
denied_mask="r::" fsuid=0 ouid=0
name="/sys/devices/pci0000:00/0000:00:1e.0/0000:01:04.4/usb6/devnum"
Unfortunately this is quite the blocker for me.
--
apparmor driver blocks access to hostdev and pcidev devices
https://bugs.launchpad.net/bugs/545795
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list