[Pkg-libvirt-maintainers] Bug#924418: libvirt-daemon-system: apparmor prevents libvirtd from spawning VMs

Zrin zrin+launchpad at ziborski.net
Tue Oct 6 00:22:31 BST 2020 

Package: libvirt-daemon-system
Version: 6.6.0-2
Followup-For: Bug #924418

Dear Maintainer,

I've just hit the bug with a similar cause:
virt-aa-helper fails to create a parasble apparmor profile due to regex
meta characters in the path.

How to reproduce:
Try to, in the VM definition, attach an .iso file that contains e.g. {}
charaters in the name to the virtual CDROM.
apparmor_parser will fail to parse the profile because {} are regex
meta-characters.

Anyway, virt-aa-helper needs better error message propagation.

Best regards,
Zrin

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.8.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser                        3.118
ii  debconf [debconf-2.0]          1.5.74
ii  gettext-base                   0.19.8.1-10
ii  iptables                       1.8.5-3
ii  libc6                          2.31-3
ii  libgcc-s1                      10.2.0-9
ii  libglib2.0-0                   2.66.0-2
ii  libvirt-clients                6.6.0-2
ii  libvirt-daemon                 6.6.0-2
ii  libvirt-daemon-system-systemd  6.6.0-2
ii  libvirt0                       6.6.0-2
ii  libxml2                        2.9.10+dfsg-6
ii  logrotate                      3.16.0-3
ii  policykit-1                    0.105-29

Versions of packages libvirt-daemon-system recommends:
ii  dmidecode                    3.2-4
ii  dnsmasq-base [dnsmasq-base]  2.82-1
ii  iproute2                     5.8.0-1
ii  mdevctl                      0.69-1
ii  parted                       3.3-4

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    2.13.4-3
pn  auditd      <none>
pn  nfs-common  <none>
pn  open-iscsi  <none>
pn  pm-utils    <none>
pn  radvd       <none>
ii  systemd     246.6-1
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper changed [not included]
[Access to other files that would be listed here was not possible -
permision denied]

-- debconf information:
  libvirt-daemon-system/id_warning: true

More information about the Pkg-libvirt-maintainers mailing list