[Pkg-libvirt-maintainers] Bug#798975: Bug#798975: Bug#798975: libvirt-daemon-system: AppArmor profile breaks startup of QEMU VM with type=pty serial port

Guido Günther agx at sigxcpu.org
Sat Sep 19 13:08:45 UTC 2015 

On Sat, Sep 19, 2015 at 02:39:17PM +0200, Guido Günther wrote:
> Hi,
> On Mon, Sep 14, 2015 at 05:39:40PM +0200, intrigeri at debian.org wrote:
> > Package: libvirt-daemon-system
> > Severity: normal
> > Version: 1.2.19-1
> > 
> > I have a VM with:
> > 
> >     <serial type='pty'>
> >       <target port='0'/>
> >     </serial>
> >     <console type='pty'>
> >       <target type='serial' port='0'/>
> >     </console>
> > 
> > Trying to start it results in:
> > 
> >   error: Failed to start domain tails-builder
> >   error: internal error: process exited while connecting to monitor:
> >   2015-09-14T15:34:09.219162Z qemu-system-x86_64: -chardev
> >   pty,id=charserial0: Failed to create chardev
> > 
> > And my logs say:
> > 
> >   apparmor="DENIED" operation="open" profile="libvirt-6da57234-587c-4119-3c3a-f064574cb3dc" name="/proc/30031/fd/" pid=30031 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=119 ouid=119
> >   apparmor="DENIED" operation="exec" profile="libvirt-6da57234-587c-4119-3c3a-f064574cb3dc" name="/usr/lib/pt_chown" pid=30031 comm="qemu-system-x86" requested_mask="x" denied_mask="x" fsuid=119 ouid=0
> > 
> > If I remove the <serial> and <console> sections quoted above, that VM
> > starts just fine.
> 
> I'm having a VM which also has these elements but starts nicely. Could
> that be related to a newer QEMU? I'm running 1:2.1+dfsg-12+deb8u2 here
> with apparmor here. This needs a fix nevertheless but it might make
> sense to dig out _when_ it broke so we know if we have to backport to
> Jessie.

(just to make this complete as I won't be able to work on this during
the next days):

There seems to be an Ubuntu bug about this:

    https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1342083

while

    https://www.redhat.com/archives/libvir-list/2013-March/msg00546.html

states that we shouldn't need pt_chown.
Cheers
 -- Guido

More information about the Pkg-libvirt-maintainers mailing list