apparmor does not allow to run qemu-dm executable

There is a typo in the line to be added to /etc/apparmor.d/usr.sbin.libvirtd:

     /usr/lib/xen-*/bin/pygrub PUx,
+ /usr/lib/xen-*/bin/qemu-dm PUx,

Hi James,

the kilo libvirt package (which I assume this is?) does indeed not have a rule for qemu-dm, which does exist in xen-utils-4.4 in trusty (and there is no xen-utils in kilo archive).

Note this bug is not valid against the xenial libvirt package, as there is no qemu-dm binary in xen-utils-4.6 there. I also can't fix it in vivid since that is no longer valid. It is valid in 14.04 though so I'll mark it as affecting that.

I guess as the binary is still there it has to be enabled in apparmor. Though on the other hand, qemu-dm is the old device-model which would/should only be used when the old xm/xend toolstack is used. And Trusty was the last release that had that code in at all and I tried hard to get users switched over to xl/libxl (which would use the standard qemu-system-i386 instead).
So I am maybe a little hesitant here...

Hi Stefan,

Ok so for 14.04 this should be added. But if trusty was the last release which had
that, and kilo cloud archive for trusty has libvirt from vivid, does that mean the
vivid xen should be included in the kilo cloud archive?

It does not necessarily need to as the Trusty version of Xen has everything needed to run in libxl mode. We even have attempted to provide tools to convert the old configurations over from handled by xend into handled by libvirt. There is really no "excuse" to run the old toolstack.
That said it could be a bonus to have a Xen version matching the release of the libvirt used. And I think James has done some backport for the Xen version for Xenial (but not sure which cloud-archive silo for).

Hello Pablo, or anyone else affected,

Accepted libvirt into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.19 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The fix for this bug has been awaiting testing feedback in the -proposed repository for trusty for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

Overriding the verification because the change related to this bug report is one additional rule in the apparmor profile (low regression risk) and the problem itself was reported for a combination of packages with the cloud-archive involved. So not really verifiable in the release/updates.

The version of libvirt in the proposed pocket of Trusty that was purported to fix this bug report has been removed because the bugs that were to be fixed by the upload were not verified in a timely (105 days) fashion.