Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:lp-1927519-profile-recreate-focal into ubuntu/+source/libvirt:ubuntu/focal-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/libvirt
  3. lp-1927519-profile-recreate-focal
  4. Merge into ubuntu/focal-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: cb46ebe54004d46d45c2978742a0a8286bf8e82e
Proposed branch: ~paelzer/ubuntu/+source/libvirt:lp-1927519-profile-recreate-focal
Merge into: ubuntu/+source/libvirt:ubuntu/focal-devel
Diff against target: 106 lines (+84/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch (+76/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server packageset reviewers Pending
git-ubuntu import Pending
Review via email: mp+412065@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4717

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Christian.

This one LGTM; it's pretty similar to the MP you filed for Jammy (and which I also approved). autopkgtest still hasn't run for the PPA, so this approval is conditional to the tests passing.

LGTM, +1.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_6.0.0-0ubuntu8.15.dsc: done.
  Uploading libvirt_6.0.0-0ubuntu8.15.debian.tar.xz: done.
  Uploading libvirt_6.0.0-0ubuntu8.15_source.buildinfo: done.
  Uploading libvirt_6.0.0-0ubuntu8.15_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 0831f55..799cf79 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+libvirt (6.0.0-0ubuntu8.15) focal; urgency=medium
7+
8+ * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
9+ avoid issues due to corrupted apparmor profiles (LP: #1927519)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Nov 2021 10:23:11 +0100
12+
13 libvirt (6.0.0-0ubuntu8.14) focal; urgency=medium
14
15 * Fixup backport of "util: Add phys_port_name support on virPCIGetNetName"
16diff --git a/debian/patches/series b/debian/patches/series
17index 2b4f3a6..fe6c059 100644
18--- a/debian/patches/series
19+++ b/debian/patches/series
20@@ -169,3 +169,4 @@ ubuntu/lp-1929202-qemuMigrationCookieAddNBD-Remove-ret-variable-and-cl.patch
21 ubuntu/lp-1929202-qemuMigrationCookieAddNBD-Fix-filling-of-capacity-wh.patch
22 ubuntu/lp-1892132-add-virNetDevGetPhysPortName.patch
23 ubuntu/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch
24+ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
25diff --git a/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
26new file mode 100644
27index 0000000..4a4ee3f
28--- /dev/null
29+++ b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
30@@ -0,0 +1,76 @@
31+From 4ab33415db31d0e77015bb852cab4a08dd0efd40 Mon Sep 17 00:00:00 2001
32+From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
33+Date: Tue, 2 Nov 2021 16:04:45 +0200
34+Subject: [PATCH] virt-aa-helper: Purge profile if corrupted
35+MIME-Version: 1.0
36+Content-Type: text/plain; charset=UTF-8
37+Content-Transfer-Encoding: 8bit
38+
39+This commit aims to address the bug reported in [1] and [2].
40+If the profile is corrupted (0-size) the VM cannot be launched.
41+To overcome this, check if the profile exists and if it has 0 size
42+remove it.
43+
44+[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
45+[2] https://bugs.launchpad.net/bugs/1927519
46+
47+Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
48+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
49+Reviewed-by: Ján Tomko <jtomko@redhat.com>
50+
51+Origin: upstream, https://libvirt.org/git/?p=libvirt.git;a=commit;h=4ab33415db
52+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927519
53+Last-Update: 2021-11-18
54+
55+---
56+ src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
57+ 1 file changed, 19 insertions(+), 1 deletion(-)
58+
59+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
60+index 7c21ab9515..218e07bfb0 100644
61+--- a/src/security/virt-aa-helper.c
62++++ b/src/security/virt-aa-helper.c
63+@@ -1437,6 +1437,8 @@ main(int argc, char **argv)
64+ int rc = -1;
65+ char *profile = NULL;
66+ char *include_file = NULL;
67++ off_t size;
68++ bool purged = 0;
69+
70+ if (virGettextInitialize() < 0 ||
71+ virErrorInitialize() < 0) {
72+@@ -1484,6 +1486,22 @@ main(int argc, char **argv)
73+ if (ctl->cmd == 'c' && virFileExists(profile))
74+ vah_error(ctl, 1, _("profile exists"));
75+
76++ /*
77++ * Rare cases can leave corrupted empty files behind breaking
78++ * the guest. An empty file is never correct as virt-aa-helper
79++ * would at least add the basic rules, therefore clean this up
80++ * for a proper refresh.
81++ */
82++ if (virFileExists(profile)) {
83++ size = virFileLength(profile, -1);
84++ if (size == 0) {
85++ vah_warning(_("Profile of 0 size detected, will attempt to remove it"));
86++ if ((rc = parserRemove(ctl->uuid) != 0))
87++ vah_error(ctl, 1, _("could not remove profile"));
88++ unlink(profile);
89++ purged = true;
90++ }
91++ }
92+ if (ctl->append && ctl->newfile) {
93+ if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
94+ goto cleanup;
95+@@ -1523,7 +1541,7 @@ main(int argc, char **argv)
96+
97+
98+ /* create the profile from TEMPLATE */
99+- if (ctl->cmd == 'c') {
100++ if (ctl->cmd == 'c' || purged) {
101+ char *tmp = NULL;
102+ tmp = g_strdup_printf(" #include <libvirt/%s.files>\n", ctl->uuid);
103+
104+--
105+2.34.0
106+

Subscribers

People subscribed via source and target branches