[Pkg-libvirt-maintainers] Bug#916587: Bug#916587: AppArmor breaks virtio-gpu + virgl

Guido Günther agx at sigxcpu.org
Sun Mar 31 18:21:55 BST 2019 

Hi,
On Sat, Mar 30, 2019 at 05:18:01PM +0100, intrigeri wrote:
> Control: severity -1 important
> Control: tag -1 + fixed-upstream
> 
> Hi,
> 
> bumping severity as this totally breaks an option offered to users via
> virt-manager.
> 
> Now, I've verified that virt-manager in current sid still creates new
> VMs with QXL graphics by default, so this bug only affects users who
> opt in for virtio + 3D acceleration. As such, I'm unsure how much of
> a stretch it would be to request a freeze exception — Guido, what do
> you think?

I had going through the open apparmor issues and especially the OpenGL
ones on my TODO list for buster but if you'd pick that up that would be
totally awesome.

Cheers,
 -- Guido

> 
> If it helps, I'd be happy to test the corresponding upstream patches:
> 
>    commit f2cbb94eabdd5e3422c45b1afa48eb4c951c09e0
>    Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>    Date:   Tue Mar 5 13:38:38 2019 +0100
>    
>        security: aa-helper: gl devices in sysfs at arbitrary depth
>    
>    commit 00fbb9e51678f76effa2d20e78a9be861ad5f484
>    Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>    Date:   Fri Mar 1 07:25:59 2019 +0100
>    
>        security: aa-helper: nvidia rules for gl devices
>    
>    commit 27a9ebf28183cb3c3c784fcab622e67e978eb3dc
>    Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>    Date:   Tue Feb 12 11:12:52 2019 +0100
>    
>        security: aa-helper: generate more rules for gl devices
>    
>    commit d85e8e400b48f1b4c1dfbf438dda83cd959eacf7
>    Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>    Date:   Tue Feb 12 10:33:23 2019 +0100
>    
>        security: aa-helper: allow virt-aa-helper to read /dev/dri
>    
>    commit fb01e1a44daea773cd53f275cad6f031506c20db
>    Author: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>    Date:   Mon Jan 14 15:15:06 2019 +0200
>    
>        virt-aa-helper: generate rules for gl enabled graphics devices
> 
> Cheers!
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers

More information about the Pkg-libvirt-maintainers mailing list