[Pkg-libvirt-maintainers] Bug#870626: libvirt-daemon-system: AppArmor blocks access to qcow2 volumes when backingStore != image
intrigeri at debian.org
intrigeri at debian.org
Thu Aug 3 15:01:30 UTC 2017
Package: libvirt-daemon-system
Version: 3.5.0-1
Severity: important
Tags: fixed-upstream
Control: forwarded -1 https://www.redhat.com/archives/libvir-list/2017-July/msg00604.html
Hi,
Debian is affected by a regression that affects how virt-aa-helper
can update the .files AppArmor profile:
https://www.redhat.com/archives/libvir-list/2017-July/msg00604.html
This is supposedly fixed upstream in commit
5e515b542d7f0940396c74bf8f6cb337d5d0dcc5,
that is included in 3.6.0.
I'm reporting this here so that affected Debian users know what's
going on. I'm happy to try again once 3.6.0 is uploaded to sid,
feel free to close this bug in the 3.6.0-1 upload :)
In my case, qemu-img info says:
image: /var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_default.img
backing file: /var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img
The Journal says:
AVC apparmor="DENIED" operation="open"
profile="libvirt-f756c536-c6c3-4b5c-be95-2a7c2e39b06e"
name="/var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img"
pid=22439 comm="qemu-system-x86" requested_mask="r" denied_mask="r"
fsuid=119 ouid=119
And indeed
/etc/apparmor.d/libvirt/libvirt-f756c536-c6c3-4b5c-be95-2a7c2e39b06e.files
has nothing about tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img.
Cheers,
--
intrigeri
More information about the Pkg-libvirt-maintainers
mailing list