[Bug 579584] Re: setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu

s450r1 s450r1 at gmail.com
Fri May 28 20:02:15 BST 2010 

Jamie,

Attached, but it appears to be all comments.

Thanks,
Jeff

On Thu, May 27, 2010 at 9:41 AM, Jamie Strandboge <jamie at ubuntu.com> wrote:
> s450r1, can you attach your /etc/libvirt/qemu.conf file?
>
> --
> setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu
> https://bugs.launchpad.net/bugs/579584
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “libvirt” package in Ubuntu: Incomplete
>
> Bug description:
> I couldn't boot any guest VMs with virsh until I modified /etc/apparmor.d/abstractions/libvirt-qemu:
> jad at kvmhost:~$ sudo bzr diff /etc/apparmor.d/
> === modified file 'apparmor.d/abstractions/libvirt-qemu'
> --- apparmor.d/abstractions/libvirt-qemu        2010-04-30 15:33:20 +0000
> +++ apparmor.d/abstractions/libvirt-qemu        2010-05-12 17:26:56 +0000
> @@ -8,6 +8,8 @@
>   capability dac_override,
>   capability dac_read_search,
>   capability chown,
> +  capability setgid,
> +  capability setuid,
>
>   # this is needed with libcap-ng support, however it breaks a lot of things
>   # atm, so just silence the denial until libcap-ng works right. LP: #522845
>
> ... and restarted apparmor and libvirtd.
>
> Without `capability setgid`, the qemu guest log file contained:
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_
> AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -u
> uid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/li
> b/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive
>  file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> libvir: QEMU error : cannot change to '109' group: Operation not permitted
>
> Without `capability setuid`, the qemu guest log file contained:
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -uuid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> libvir: QEMU error : cannot change to '104' user: Operation not permitted
>
> I don't really know if these changes were the right thing to do, but it did allow me to boot the VMs with virsh.
>
> jad at kvmhost:~$ lsb_release -rd
> Description:    Ubuntu 10.04 LTS
> Release:        10.04
>
> jad at kvmhost:~$ apt-cache policy libvirt-bin kvm qemu-kvm
> libvirt-bin:
>  Installed: 0.7.5-5ubuntu27
>  Candidate: 0.7.5-5ubuntu27
>  Version table:
>  *** 0.7.5-5ubuntu27 0
>        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
>        100 /var/lib/dpkg/status
> kvm:
>  Installed: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9
>  Candidate: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9
>  Version table:
>  *** 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9 0
>        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
>        100 /var/lib/dpkg/status
> qemu-kvm:
>  Installed: 0.12.3+noroms-0ubuntu9
>  Candidate: 0.12.3+noroms-0ubuntu9
>  Version table:
>  *** 0.12.3+noroms-0ubuntu9 0
>        500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages
>        100 /var/lib/dpkg/status
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/579584/+subscribe
>


** Attachment added: "qemu.conf"
   http://launchpadlibrarian.net/49276652/qemu.conf

-- 
setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu
https://bugs.launchpad.net/bugs/579584
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

More information about the Ubuntu-server-bugs mailing list