[Bug 656173] [NEW] libbirt apparmor profiles is incomplete with multiple backing files and prevent the VM to start
Id2ndR
fabien_id at imap-mail.com
Thu Oct 7 09:26:27 BST 2010
Public bug reported:
System : Ubuntu 10.10
Case : Multiple backing file
Result :
$ cat /etc/apparmor.d/libvirt/libvirt-c05e04f2-fe2e-b8de-c129-bd074c908476.files
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/trifyl-obm23-lenny.log" w,
"/var/lib/libvirt/**/trifyl-obm23-lenny.monitor" rw,
"/var/run/libvirt/**/trifyl-obm23-lenny.pid" rwk,
"/U/libvirt-image/trifyl-obm23-lenny.qcow2" rw,
"/U/libvirt-image/trifyl-obm23-lenny_base.qcow2" r,
# don't audit writes to readonly files
deny "/U/libvirt-image/trifyl-obm23-lenny_base.qcow2" w,
In /var/log/syslog :
Oct 7 10:15:32 kiwi kernel: [ 2176.864213] type=1400 audit(1286439332.386:47): apparmor="DENIED" operation="open" parent=1 profile="libvirt-c05e04f2-fe2e-b8de-c129-bd074c908476" name="/U/libvirt-image/base/lenny_compressed.qcow2" pid=6054 comm="kvm" requested_mask="r" denied_mask="r" fsuid=114 ouid=114
Backing file chain :
$ kvm-img info trifyl-obm23-lenny.qcow2
image: trifyl-obm23-lenny.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 136K
cluster_size: 65536
backing file: trifyl-obm23-lenny_base.qcow2 (actual path: trifyl-obm23-lenny_base.qcow2)
$ kvm-img info trifyl-obm23-lenny_base.qcow2
image: trifyl-obm23-lenny_base.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 2.1G
cluster_size: 65536
backing file: base/lenny.qcow2 (actual path: base/lenny.qcow2)
$ ls -l base/lenny.qcow2
lrwxrwxrwx 1 fabiena utilisateur 22 2010-09-27 13:50 base/lenny.qcow2 -> lenny_compressed.qcow2
It worked just before I added the trifyl-obm23-lenny_base.qcow2 backing
file. And adding a second level prevent it to work.
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
libbirt apparmor profiles is incomplete with multiple backing files and prevent the VM to start
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list