[Bug 723361] [NEW] Apparmor security unavailable

Alex Stark 723361 at bugs.launchpad.net
Tue Feb 22 20:29:45 UTC 2011


Public bug reported:

System: basic Lucid, with installation in accordance exactly with Ubuntu
website instructions, etc, etc.  Everything is basically default Lucid
setup with up-to-date packages.

KVM, installed XP Pro successfully.

Runs well except for complete inability to make USB devices, etc,
available.


Description:	Ubuntu 10.04.2 LTS
Release:	10.04


qemu-kvm:
  Installed: 0.12.3+noroms-0ubuntu9.4
  Candidate: 0.12.3+noroms-0ubuntu9.4
  Version table:
 *** 0.12.3+noroms-0ubuntu9.4 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
        100 /var/lib/dpkg/status
     0.12.3+noroms-0ubuntu9 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid/main Packages
libvirt-bin:
  Installed: 0.7.5-5ubuntu27.8
  Candidate: 0.7.5-5ubuntu27.8
  Version table:
 *** 0.7.5-5ubuntu27.8 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
     0.7.5-5ubuntu27.7 0
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
     0.7.5-5ubuntu27 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid/main Packages
ubuntu-vm-builder:
  Installed: 0.12.4-0ubuntu0.2
  Candidate: 0.12.4-0ubuntu0.2
  Version table:
 *** 0.12.4-0ubuntu0.2 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid-updates/universe Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/universe Packages
        100 /var/lib/dpkg/status
     0.12.3-0ubuntu1 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid/universe Packages
bridge-utils:
  Installed: 1.4-5ubuntu2
  Candidate: 1.4-5ubuntu2
  Version table:
 *** 1.4-5ubuntu2 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status
virt-manager:
  Installed: 0.8.2-2ubuntu8
  Candidate: 0.8.2-2ubuntu8
  Version table:
 *** 0.8.2-2ubuntu8 0
        500 http://mirrors.us.kernel.org/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status


USB devices become available with very dangerous chown -R of
/dev/devices/...usb

Dangerous edits, as per other filed bugs, to
/etc/apparmor.d/abstractions/libvirt-qemu do not work.

In Virtual machine manager, and in virsh, security "model" is not
enabled / available / listed.  No security is listed in the domain XML
file.

Changing /etc/apparamor/abstractions/libvirtd does not work.

Rebooting dozens of times does not work.

This is in many ways the opposite of bug #588369.

I am filing as a bug because all the utilities and their docs mention
apparmor, but fail completely and _silently_ when this problem occurs,
and there is not even howto assistance.  For example, the virtual
manager GUI leaves the security model under "overview" as unselectable,
and leaves the user completely in the dark.

qemu.conf has the line:
  # security_driver = "selinux"

The only file in /etc/apparmor.d/libvirt is the TEMPLATE file.  No UUID-
suffixed files exist.

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/723361

Title:
  Apparmor security unavailable



More information about the Ubuntu-server-bugs mailing list