[Bug 1324251] [NEW] AppArmor denies guest from create/modify 9pfs files
Steven Leung
stvleung at gmail.com
Wed May 28 20:39:05 UTC 2014
Public bug reported:
When I tried to create a file or directory in a 9pfs mount in the guest
host, I was denied in AppArmor. This is the error message:
May 28 12:26:10 sleungmini kernel: [54257.224886] type=1400
audit(1401305170.938:390): apparmor="DENIED" operation="capable" profile
="libvirt-865a1f4b-f7ab-428f-aa56-f30631565191" pid=28533 comm="pool"
capability=3 capname="fowner"
Upon adding "capability fowner," to /etc/apparmor.d/abstractions
/libvirt-qemu, I was able to create files, however still got this in
/var/log/syslog:
May 28 12:29:03 sleungmini kernel: [54429.795090] type=1400
audit(1401305343.314:415): apparmor="DENIED" operation="capable" profile
="libvirt-865a1f4b-f7ab-428f-aa56-f30631565191" pid=29097 comm="pool"
capability=4 capname="fsetid"
So I added "capability fsetid," to /etc/apparmor.d/abstractions/libvirt-
qemu as well.
I believe the correct fix is in my included patch.
I've looked through bug #1285995 and see that I have a version that
includes that fix/patch. I've also verified that I no longer get the
same DENIED message. I believe this is a different bug.
I'm currently running:
$ lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04
This is my version of libvirt-bin:
apt-cache policy libvirt-bin
libvirt-bin:
Installed: 1.2.2-0ubuntu13.1
Candidate: 1.2.2-0ubuntu13.1
Version table:
*** 1.2.2-0ubuntu13.1 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
100 /var/lib/dpkg/status
1.2.2-0ubuntu13 0
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
Let me know if you have any requests for additional information,
questions or suggestions. This is my first time submitting a bug report
and patch for Ubuntu so I'm not familiar with the conventions here.
Thanks!
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: patch
** Patch added: "libvirt-qemu-aa-allow-capability-fowner-fsetid.patch"
https://bugs.launchpad.net/bugs/1324251/+attachment/4121640/+files/libvirt-qemu-aa-allow-capability-fowner-fsetid.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1324251
Title:
AppArmor denies guest from create/modify 9pfs files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251/+subscriptions
More information about the Ubuntu-server-bugs
mailing list