Ubuntu
libvirt package

  1. Bug #1815452
  2. Comment #21

Comment 21 for bug 1815452

Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: [Bug 1815452] Re: more apparmor denials for opengl usage

> I tried getting this working on my nVidia card, but wasn't able to.

Hi Brian, thanks for the test.
The gl features are still new and I enable them one by one (i915, mdev
usage, nvidia).
It is good to know that there are more issues lurking, I'll at some
point do the same tests and then try to fix them up.

I assume you added the apparmor rules since you hit denies.
Would you mind filing a new bug listing exactly what config (guest
xml) you have used and what apparmor dnies (dmesg) you have hit.
That usually is enough confirmation to then check with the security
Team if it is enough.

> Error starting domain: internal error: qemu unexpectedly closed the
> monitor: qemu-system-x86_64:
> ../src/gallium/drivers/llvmpipe/lp_texture.c:499:
> llvmpipe_resource_get_handle: Assertion `lpr->dt' failed.

Interesting, haven't seen that yet with any of the combinations I had so far.
[...]

> On another note, for Disco+ should we be defaulting to settings that are closer to what is needed, for instance Virtio and no ports by default? I've reduced my graphical issues in VMs just by setting those.

That is a tricky discussion, libvirt naturally has an API contract of
giving the default that it has given all the time.
Also not all guests will have virtio graphics support, so you need
some insight libvirt as man-in-the middle can't have.
Users of libvirt are supposed to make that decision consciously
instead of being forced - you might see the discussion around q35 as
default machine type for the same.
But you are right - we should try to open and discuss bugs for uvtool,
multipass and probably even openstack to make their default model more
recent.
uvtool/multipass know they start Ubuntu and can make assumptions on
the version of it, Openstack I'll leave to the Openstack Team.
I have added a Trello card for this as other things are more urgent
right now - but I like the idea doing that in "E" to check how those
things work out.

Next steps:
- fix this issue around known apparmor denials (this bug)
- fix crash when using gl with some guest kernels (bug 1815889)
- once you reported the extra denials you have triggered lets tackle
those as well (BTW OS team will get HW for that which I hope to can
test as well)