[Bug 1515791] [NEW] apparmor for qemu is too restrictive for USB passthrough
Nahuel Greco
ngreco at gmail.com
Thu Nov 12 23:16:44 UTC 2015
Public bug reported:
When trying to use an USB printer from a QEMU guest (created with virt-
manager) I get many apparmor errors in /var/log/kern.log, like:
Nov 8 18:08:00 ombu kernel: [ 8603.301618] audit: type=1400 audit(1447016880.250:195): apparmor="DENIED" operation="open" profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" name="/dev/bus/usb/005/016" pid=10345 comm="qemu-system-x86" requested_mask="rw" denied_mask="rw" fsuid=122 ouid=122
Nov 12 20:01:35 ombu kernel: [360670.214358] audit: type=1400 audit(1447369295.810:1531): apparmor="DENIED" operation="open" profile="libvirt-3c21df5e-dfef-4cf5-8e24-aeaa47235205" name="/run/udev/data/c189:0" pid=8408 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=122 ouid=0
The guest can't see the USB device at all. I solved the problem by
editing /etc/apparmor.d/abstractions/libvirt-qemu changing this line:
/dev/bus/usb/ r,
to this:
/dev/bus/usb/ rw,
and adding these two lines:
/dev/bus/usb/*/[0-9]* rw,
/run/udev/** rw,
And then restarting apparmor and libvirtd. I think a similar
configuration must come included in /etc/apparmor.d/abstractions
/libvirt-qemu by default.
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: libvirt-bin 1.2.16-2ubuntu11
Uname: Linux 4.3.0-040300-generic x86_64
ApportVersion: 2.19.1-0ubuntu4
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Nov 12 20:10:16 2015
InstallationDate: Installed on 2015-10-30 (13 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apparmor.d.abstractions.libvirt.qemu: [modified]
modified.conffile..etc.libvirt.libvirtd.conf: [modified]
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml']
mtime.conffile..etc.apparmor.d.abstractions.libvirt.qemu: 2015-11-12T20:03:10.223851
mtime.conffile..etc.libvirt.libvirtd.conf: 2015-11-12T19:32:30.170352
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apparmor apport-bug wily
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1515791
Title:
apparmor for qemu is too restrictive for USB passthrough
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions
More information about the Ubuntu-server-bugs
mailing list