Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:lp-1927519-corrupted-1948880-swtpm-JAMMY into ubuntu/+source/libvirt:ubuntu/jammy-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/libvirt
  3. lp-1927519-corrupted-1948880-swtpm-JAMMY
  4. Merge into ubuntu/jammy-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merged at revision: e7e14293232b18bd68a8610e51590e9dc5312788
Proposed branch: ~paelzer/ubuntu/+source/libvirt:lp-1927519-corrupted-1948880-swtpm-JAMMY
Merge into: ubuntu/+source/libvirt:ubuntu/jammy-devel
Diff against target: 197 lines (+140/-0)
6 files modified
debian/changelog (+13/-0)
debian/control (+1/-0)
debian/libvirt-daemon-system.postinst (+8/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch (+76/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server packageset reviewers Pending
git-ubuntu import Pending
Review via email: mp+411755@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4710/+packages

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Testing of swtpm finished, see comment 8-12 in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1948880

The profile handling change matches upstream was created by Ioanna.

Ready for review & upload now.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for the MP, Christian.

I was going to start reviewing it, but I noticed that the arm64 build has failed on the PPA:

Summary of Failures:

 90/167 virdrivermoduletest FAIL 0.17s exit status 1
134/167 storagepoolxml2argvtest FAIL 0.12s exit status 1
135/167 storagepoolxml2xmltest FAIL 0.14s exit status 1
138/167 virstoragetest FAIL 0.16s exit status 1

I couldn't find any mentions to this failure in the bug, so I'm thinking this is unexpected. Either way, I took the liberty to retry the build; let's see if it succeeds now. If it does (and if I'm still working at the time), I can review the MP.

Thanks.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Ah, the rebuild worked :-). I had the impression that the failures were flaky, and apparently they are. Also, I noticed that you've faced the same failures on s390x. Interesting...

Anyway, here's the review I promised.

I'm OK with the patch to address the apparmor issue.

As for the swtpm thing, I read the entire bug and I am also a bit uncomfortable with the scenario #2 (upgrade) that you described there, specifically about the problem with permissions and the implications this will have for SRUs. But as you said there, this looks fine for Jammy and I don't really have anything bad to say for this specific MP.

I found a bunch of small nits here and there; I'm leaving inline comments for them.

Otherwise, this LGTM with those fixed, so I'm approving it in advance.

Thanks!

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The arm issue was https://bugs.launchpad.net/ubuntu/+source/glusterfs/+bug/1950777 which apparently seemed to take longer to publish on arm and therefore appeared to be flaky.

Thanks for the review, going through inline comments now ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you so much for all the little Hints Sergio.
All resolved now, uploading ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_7.6.0-0ubuntu2.dsc: done.
  Uploading libvirt_7.6.0-0ubuntu2.debian.tar.xz: done.
  Uploading libvirt_7.6.0-0ubuntu2_source.buildinfo: done.
  Uploading libvirt_7.6.0-0ubuntu2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 01f0460..1dee69f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
1libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
2
3 * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
4 issues due to corrupted apparmor profiles (LP: #1927519)
5 * libvirt should not use user/group tss for swtpm (LP: #1948880)
6 - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
7 - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
8 to user swtpm
9 - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
10 - d/control: suggest swtpm-tools
11
12 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Nov 2021 12:11:38 +0100
13
1libvirt (7.6.0-0ubuntu1) impish; urgency=medium14libvirt (7.6.0-0ubuntu1) impish; urgency=medium
215
3 * Merge v7.6.0 from upstream and unreleased changes from Debian git.16 * Merge v7.6.0 from upstream and unreleased changes from Debian git.
diff --git a/debian/control b/debian/control
index a95e480..7fa21dd 100644
--- a/debian/control
+++ b/debian/control
@@ -355,6 +355,7 @@ Suggests:
355 systemd,355 systemd,
356 systemtap,356 systemtap,
357 zfsutils,357 zfsutils,
358 swtpm-tools,
358Breaks:359Breaks:
359 systemd-sysv (<< 224-1~),360 systemd-sysv (<< 224-1~),
360Description: Libvirt daemon configuration files361Description: Libvirt daemon configuration files
diff --git a/debian/libvirt-daemon-system.postinst b/debian/libvirt-daemon-system.postinst
index ad55c75..71fe46e 100644
--- a/debian/libvirt-daemon-system.postinst
+++ b/debian/libvirt-daemon-system.postinst
@@ -172,6 +172,8 @@ add_statoverrides()
172172
173 QEMU_CONF="/etc/libvirt/qemu.conf"173 QEMU_CONF="/etc/libvirt/qemu.conf"
174174
175 SWTPM_DIR="/var/log/swtpm/libvirt/qemu"
176
175 for dir in ${ROOT_DIRS}; do177 for dir in ${ROOT_DIRS}; do
176 if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then178 if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then
177 [ ! -e "${dir}" ] || chown root:root "${dir}"179 [ ! -e "${dir}" ] || chown root:root "${dir}"
@@ -195,6 +197,12 @@ add_statoverrides()
195 [ ! -e "${QEMU_CONF}" ] || chown root:root "${QEMU_CONF}"197 [ ! -e "${QEMU_CONF}" ] || chown root:root "${QEMU_CONF}"
196 [ ! -e "${QEMU_CONF}" ] || chmod 0600 "${QEMU_CONF}"198 [ ! -e "${QEMU_CONF}" ] || chmod 0600 "${QEMU_CONF}"
197 fi199 fi
200
201 # swtpm shall use user swtpm (LP: #1948880)
202 if ! dpkg-statoverride --list "${SWTPM_DIR}" >/dev/null 2>&1; then
203 [ ! -e "${SWTPM_DIR}" ] || chown swtpm:swtpm "${SWTPM_DIR}"
204 [ ! -e "${SWTPM_DIR}" ] || chmod 0700 "${SWTPM_DIR}"
205 fi
198}206}
199207
200case "$1" in208case "$1" in
diff --git a/debian/patches/series b/debian/patches/series
index 38bb8ca..3c60875 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,5 @@ ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
27ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch27ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch
28ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch28ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
29ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch29ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch
30ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
31ubuntu/swtpm-by-swtpm-user.patch
diff --git a/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
30new file mode 10064432new file mode 100644
index 0000000..7094217
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
@@ -0,0 +1,76 @@
1From 4ab33415db31d0e77015bb852cab4a08dd0efd40 Mon Sep 17 00:00:00 2001
2From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
3Date: Tue, 2 Nov 2021 16:04:45 +0200
4Subject: [PATCH] virt-aa-helper: Purge profile if corrupted
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9This commit aims to address the bug reported in [1] and [2].
10If the profile is corrupted (0-size) the VM cannot be launched.
11To overcome this, check if the profile exists and if it has 0 size
12remove it.
13
14[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
15[2] https://bugs.launchpad.net/bugs/1927519
16
17Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
18Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
19Reviewed-by: Ján Tomko <jtomko@redhat.com>
20
21Origin: upstream, https://libvirt.org/git/?p=libvirt.git;a=commit;h=4ab33415db
22Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927519
23Last-Update: 2021-11-11
24
25---
26 src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
27 1 file changed, 19 insertions(+), 1 deletion(-)
28
29diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
30index 7c21ab9515..218e07bfb0 100644
31--- a/src/security/virt-aa-helper.c
32+++ b/src/security/virt-aa-helper.c
33@@ -1437,6 +1437,8 @@ main(int argc, char **argv)
34 int rc = -1;
35 char *profile = NULL;
36 char *include_file = NULL;
37+ off_t size;
38+ bool purged = 0;
39
40 if (virGettextInitialize() < 0 ||
41 virErrorInitialize() < 0) {
42@@ -1484,6 +1486,22 @@ main(int argc, char **argv)
43 if (ctl->cmd == 'c' && virFileExists(profile))
44 vah_error(ctl, 1, _("profile exists"));
45
46+ /*
47+ * Rare cases can leave corrupted empty files behind breaking
48+ * the guest. An empty file is never correct as virt-aa-helper
49+ * would at least add the basic rules, therefore clean this up
50+ * for a proper refresh.
51+ */
52+ if (virFileExists(profile)) {
53+ size = virFileLength(profile, -1);
54+ if (size == 0) {
55+ vah_warning(_("Profile of 0 size detected, will attempt to remove it"));
56+ if ((rc = parserRemove(ctl->uuid) != 0))
57+ vah_error(ctl, 1, _("could not remove profile"));
58+ unlink(profile);
59+ purged = true;
60+ }
61+ }
62 if (ctl->append && ctl->newfile) {
63 if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
64 goto cleanup;
65@@ -1523,7 +1541,7 @@ main(int argc, char **argv)
66
67
68 /* create the profile from TEMPLATE */
69- if (ctl->cmd == 'c') {
70+ if (ctl->cmd == 'c' || purged) {
71 char *tmp = NULL;
72 tmp = g_strdup_printf(" #include <libvirt/%s.files>\n", ctl->uuid);
73
74--
752.33.1
76
diff --git a/debian/patches/ubuntu/swtpm-by-swtpm-user.patch b/debian/patches/ubuntu/swtpm-by-swtpm-user.patch
0new file mode 10064477new file mode 100644
index 0000000..8644a28
--- /dev/null
+++ b/debian/patches/ubuntu/swtpm-by-swtpm-user.patch
@@ -0,0 +1,40 @@
1Description: Have swtpm use the swtpm user by default
2 User 'tss' has more permissions than required and since tpm in some sense
3 is guest/host interface it shall be run under a more restrictive user.
4Forwarded: no-needed
5X-Not-Forwarded-Reason: swtpm user is ubuntu specific
6Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
7Bug-Ubuntu: https://bugs.launchpad.net/bugs/1948880
8Last-Update: 2021-11-11
9--- a/src/qemu/qemu.conf
10+++ b/src/qemu/qemu.conf
11@@ -922,11 +922,14 @@
12
13 # User for the swtpm TPM Emulator
14 #
15-# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
16-# and uses; alternative is 'root'
17+# Default is 'swtpm' as established by the swtpm-tools package.
18 #
19-#swtpm_user = "tss"
20-#swtpm_group = "tss"
21+# In the past this was 'tss' and that still would be the built-in default
22+# if nothing was configured here, but the 'tss' user also has TPM device
23+# access in the host which isn't needed for swtpm.
24+#
25+swtpm_user = "swtpm"
26+swtpm_group = "swtpm"
27
28 # For debugging and testing purposes it's sometimes useful to be able to disable
29 # libvirt behaviour based on the capabilities of the qemu process. This option
30--- a/src/qemu/test_libvirtd_qemu.aug.in
31+++ b/src/qemu/test_libvirtd_qemu.aug.in
32@@ -111,8 +111,6 @@ module Test_libvirtd_qemu =
33 { "pr_helper" = "/usr/bin/qemu-pr-helper" }
34 { "slirp_helper" = "/usr/bin/slirp-helper" }
35 { "dbus_daemon" = "/usr/bin/dbus-daemon" }
36-{ "swtpm_user" = "tss" }
37-{ "swtpm_group" = "tss" }
38 { "capability_filters"
39 { "1" = "capname" }
40 }

Subscribers

People subscribed via source and target branches