[Pkg-libvirt-maintainers] Bug#786652: fails to include TEMPLATE.kvm, preventing creation of domains with KVM under apparmor
Guido Günther
agx at sigxcpu.org
Fri Jun 12 12:05:09 UTC 2015
On Sun, May 24, 2015 at 09:56:50AM +0200, Guido Günther wrote:
> Hi,
>
> Thanks for the report
>
> On Sun, May 24, 2015 at 01:00:52AM +0000, Luke Faraone wrote:
> > Package: libvirt-daemon-system
> > Version: 1.2.9-9
> > Severity: normal
> > File: /etc/apparmor.d/libvirt/TEMPLATE.qemu
> >
> > May 24 00:07:47 aqua libvirtd[1130]: internal error: Child process
> > (/usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-a8588abe-9d3b-4772-a95e-
> > 0e312decc03a) unexpected exit status 1: virt-aa-helper.real: error: template
> > does not exist
> >
> > This can be resolved by copying /etc/apparmor.d/libvirt/TEMPALTE.qemu to
> > /etc/apparmor.d/libvirt/TEMPALTE.kvm
>
> Could you check if the attached patch fixes your problem as well?
Could you please check if the packages at:
http://honk.sigxcpu.org/projects/libvirt/snapshots/
make these copies superfluous. You should be able to remove the
TEMPLATE.kvm with these installed. Feedback would be appreciated so we
could squeeze this into a point release.
Cheers,
-- Guido
> Cheers,
> -- Guido
> >From 16d2bc8b98563f801f111795250515fcbd39ab46 Mon Sep 17 00:00:00 2001
> Message-Id: <16d2bc8b98563f801f111795250515fcbd39ab46.1432454102.git.agx at sigxcpu.org>
> From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat at suse.com>
> Date: Tue, 28 Oct 2014 14:42:34 -0600
> Subject: [PATCH] Teach virt-aa-helper to use TEMPLATE.qemu if the domain is
> kvm or kqemu
> To: libvir-list at redhat.com
> Status: RO
> Content-Length: 1123
> Lines: 37
>
> ---
> src/security/virt-aa-helper.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 9afc8db..1f299a0 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
> int tlen, plen;
> int fd;
> int rc = -1;
> + const char *driver_name = NULL;
>
> if (virFileExists(profile)) {
> vah_error(NULL, 0, _("profile exists"));
> goto end;
> }
>
> + switch (virtType) {
> + case VIR_DOMAIN_VIRT_QEMU:
> + case VIR_DOMAIN_VIRT_KQEMU:
> + case VIR_DOMAIN_VIRT_KVM:
> + driver_name = "qemu";
> + break;
> + default:
> + driver_name = virDomainVirtTypeToString(virtType);
> + }
>
> if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
> - virDomainVirtTypeToString(virtType)) < 0) {
> + driver_name) < 0) {
> vah_error(NULL, 0, _("template name exceeds maximum length"));
> goto end;
> }
> --
> 2.1.4
>
More information about the Pkg-libvirt-maintainers
mailing list