[Bug 1343245] [NEW] virt-aa-helper does not whitelist actual <source dev='...'> paths for domain <disk type='volume'>

Tero Marttila terom at fixme.fi
Thu Jul 17 11:34:45 UTC 2014 

Public bug reported:

Release:        14.04
Package:        libvirt-bin
Version:         1.2.2-0ubuntu13.1.1

For a normal block-based LVM disk definition

    <disk type='block' device='disk'>
      <driver name='qemu' type='raw'/>
      <source dev='/dev/host-vg/guest.img'/>
      <target dev='vda' bus='virtio'/>
    </disk>

virt-aa-helper will generate "/dev/dm-X rw" rules in the
/etc/apparmor.d/libvirt/libvirt-*.files

  "/dev/dm-10" rw,

However, using a storage pool:

<pool type='logical'>
  <name>lvm</name>
  <source>
    <name>host-vg</name>
  </source>
  <target>
    <path>/dev/host-vg</path>
  </target>
</pool>

to create the volume:

<volume>
    <name>guest.img</name>
    <capacity>....</capacity>
</volume>

and attempting to use the equivalent:

    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw'/>
      <source pool='lvm' volume='guest.img'/>
      <target dev='vda' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </disk>

Results in the following with `virsh start guest`

error: Failed to start domain guest
error: internal error: process exited while connecting to monitor: qemu-system-x86_64: -drive file=/dev/host-vg/guest.img,if=none,id=drive-virtio-disk0,format=raw: could not open disk image /dev/host-vg/guest.img: Could not open '/dev/host-vg/guest.img': Permission denied

And:

[164096.938448] type=1400 audit(1405596016.664:100): apparmor="DENIED" operation="open" profile="libvirt-fdd84027-cb8e-42d5-bca1-a662871d97bb" name="/dev/dm-10" pid=26835 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 ouid=109
[164096.938472] type=1400 audit(1405596016.664:101): apparmor="DENIED" operation="open" profile="libvirt-fdd84027-cb8e-42d5-bca1-a662871d97bb" name="/dev/dm-10" pid=26835 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 ouid=109
[164096.938515] type=1400 audit(1405596016.664:102): apparmor="DENIED" operation="open" profile="libvirt-fdd84027-cb8e-42d5-bca1-a662871d97bb" name="/dev/dm-10" pid=26835 comm="qemu-system-x86" requested_mask="rw" denied_mask="rw" fsuid=109 ouid=109

The apparmor libvirt-*.files does not contain any /dev/dm-* rules.

I'm not familar enough with the virAppArmorSecurityDriver code to know if the load_profile() call to virDomainDefFormat() will give the persistent or live xml config, but when testing with virt-aa-helper manually, feeding it the inactive config (i.e. `virsh dumpxml` while the domain is stopped) will cause get_files() to call virDomainDiskDefForeachPath() with a virDomainDiskDefPtr of type=VIR_DOMAIN_DISK_TYPE_VOLUME and src=NULL, so it never iters over the disk. I suspect that virt-aa-helper should instead be fed the active config, i.e. one where the <disk type='volume'> has been fed through 
qemuTranslateDiskSourcePool() to resolve it into the actual <disk type='block'><source dev='...' /></disk>?

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1343245

Title:
  virt-aa-helper does not whitelist actual <source dev='...'> paths for
  domain <disk type='volume'>

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1343245/+subscriptions

More information about the Ubuntu-server-bugs mailing list