[Pkg-libvirt-maintainers] Bug#905036: libvirt0: qemu sandbox option prevents built-in qemu smb server from working

Andrey Skvortsov andrej.skvortzov at gmail.com
Mon Jul 30 22:13:03 BST 2018 

Package: libvirt0
Version: 4.5.0-1
Severity: normal

Dear Maintainer,

some virtual machines uses built-in qemu samba to share directory with host.
This is done using 'qemu:commandline' tag in VM xml file.

<qemu:commandline>
    <qemu:arg value='-netdev'/>
    <qemu:arg value='user,id=hostnet0,smb=/home/user/KVM/shared'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-net-
pci,netdev=hostnet0,id=net0,bus=pci.0,addr=0x9'/>
</qemu:commandline>


After upgrading from 4.2.0-2 to 4.3.0-1 this does not work anymore. The reason
is that since 4.3.0-1
following command line options are added to qemu command line:
'-sandbox
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny'

elevateprivileges=deny causes corresponding qemu thread to be killed as soon as
samba share is accessed.

I don't think this is a major problem and it should be fixed. Sandbox is a good
thing.
This bug report just points that upgrading (for example, from stretch to
buster)
could cause problems in some cases.



-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt0 depends on:
ii  libacl1             2.2.52-3+b1
ii  libapparmor1        2.12-5
ii  libaudit1           1:2.8.3-1+b1
ii  libavahi-client3    0.7-4
ii  libavahi-common3    0.7-4
ii  libc6               2.27-5
ii  libcap-ng0          0.7.9-1
ii  libcurl3-gnutls     7.60.0-2
ii  libdbus-1-3         1.12.8-3
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libgnutls30         3.5.19-1
ii  libnl-3-200         3.4.0-1
ii  libnl-route-3-200   3.4.0-1
ii  libnuma1            2.0.11-2.2
ii  libsasl2-2          2.1.27~101-g0780600+dfsg-3.1
ii  libselinux1         2.8-1+b1
ii  libssh2-1           1.8.0-1
ii  libxml2             2.9.4+dfsg1-7+b1
ii  libyajl2            2.1.0-2+b3

Versions of packages libvirt0 recommends:
ii  lvm2  2.02.176-4.1

libvirt0 suggests no packages.

-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list