Ubuntu
libvirt package

  1. Bug #545795
  2. Comment #20

Comment 20 for bug 545795

Revision history for this message
Andreas Ntaflos (daff) wrote : Re: apparmor driver blocks access to hostdev and pcidev devices

Jamie, yes this fixes it. thank you!

I notice however some redundancies between abstractions/libvirt-qemu and usr.lib.libvirt.virt-aa-helper? At least the line "/sys/bus/usb/devices/ r," appears in both, don't know if that matters any, though. So that's good :)

But now I have discovered something else. When booting a VM that has a USB device included in its XML definition (like here: https://daff.pseudoterminal.org/files/vm-usb.txt) now thanks to this fix works fine. *However* trying to attach a USB device while the VM is running (using virt-manager in my case) results in these messages in /var/log/libvirt/qemu/vm.log:

usb_create: no bus specified, using "usb.0" for "usb-host"
husb: open device 5.2
/dev/bus/usb/005/002: Permission denied
husb: open device 5.2
/dev/bus/usb/005/002: Permission denied
husb: open device 5.2

And in /var/log/kern.log:

May 4 17:01:19 TESTHOST kernel: [79029.932635] type=1503 audit(1272985279.341:1009): operation="open" pid=23782 parent=1 profile="libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e" requested_mask="rw::" denied_mask="rw::" fsuid=0 ouid=0 name="/dev/bus/usb/005/002"

So it seems that access to "/dev/bus/usb/**" is needed as well?