[Bug 1393548] [NEW] libvirt's apparmor profile denies access to sgabios.bin
Adam Gandelman
1393548 at bugs.launchpad.net
Mon Nov 17 20:24:46 UTC 2014
Public bug reported:
Attempting to use the sgabios ROM to capture early boot BIOS messages on
the serial console. Typically this can be done via libvirt domain
configuration:
<os>
<bios useserial='yes'/>
</os>
Resulting in the qemu process being launched with a '-device sga'
argument that should load the optional ROM.
The sgabios package installs the ROM @ /usr/share/misc/sgabios.bin and
symlinks to it from /usr/share/qemu/sgabios.bin
I noticed the expected serial output was missing and found that apparmor
is preventing sgabios from loading when spawning the VM:
[ 1378.106921] type=1400 audit(1416255684.049:23): apparmor="DENIED"
operation="open" profile="libvirt-c08c4756-2e2c-4c62-a519-0e3ac0cf643d"
name="/usr/share/misc/sgabios.bin" pid=13182 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Worked around by manually installing the sgabios.bin file directly to
/usr/share/qemu/sgabios.bin
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1393548
Title:
libvirt's apparmor profile denies access to sgabios.bin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393548/+subscriptions
More information about the Ubuntu-server-bugs
mailing list