Ubuntu
libvirt package

[karmic] libvirt/apparmor breaks non-default serial, console, kernel and initrd

Bug #432581 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
High
Jamie Strandboge
Ubuntu ubuntu-9.10-beta

Bug Description

This is related to bug #431090. Currently, the apparmor security driver updates the disks, pid, monitor file and log. It does not honor the following:
  <os>
    ...
    <kernel>/var/lib/eucalyptus/instances/admin/i-516E092C/kernel</kernel>
    <initrd>/var/lib/eucalyptus/instances/admin/i-516E092C/ramdisk</initrd>
    ...
  </os>

  ...
    <serial type='file'>
      <source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
      <target port='0'/>
    </serial>
    <console type='file'>
      <source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
      <target port='0'/>
    </console>
  ...

This is a regression over Jaunty. The fix is to make virt-aa-helper use the XML. This approach is recommended by upstream as well before they will accept the apparmor security driver. Once I get the patch approved upstream, I can rebase the Karmic patch and this bug can be closed.

Related branches

lp:ubuntu/karmic/libvirt
Jamie Strandboge (jdstrand)
Changed in libvirt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → High
milestone: none → ubuntu-9.10-beta
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 0.7.0-1ubuntu8

---------------
libvirt (0.7.0-1ubuntu8) karmic; urgency=low

  * debian/patches/9091-apparmor.patch: sync with upstream for maintenance,
    licensing compliance with upstream and bug fixes:
    - handle files with spaces in the name (LP: #432810)
    - add serial, console, kernel and initrd support (LP: #432581)
    - allow read only access to /boot, /vmlinuz and /initrd.img
    - allow access to character devices (eg USB devices)
    - have virt-aa-helper accept XML on stdin, which allows for adding
      other devices in the future and helps ensure we always have the most
      up to date definition
    - update profile on attach and detach of devices (LP: #435527)
    - add --dryrun option to virt-aa-helper, and greatly improve the
      virt-aa-helper-test script
  * revert workaround for LP: #431090 now that kernel, initrd, et al is
    properly supported
  * debian/apparmor/usr.sbin.libvirtd: add various capabilities
    recommended by upstream to prevent potential regressions

 -- Jamie Strandboge <email address hidden> Tue, 22 Sep 2009 20:04:58 -0500

Changed in libvirt (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.