broken postinst test for uvtool-libvirt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Confirmed
|
Undecided
|
Unassigned | ||
openstack-installer |
Confirmed
|
Undecided
|
Unassigned | ||
uvtool |
Invalid
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Installing uvtool-libvirt *inside an lxc container* on utopic fails due to a test in the postinst script.
It uses socat on the libvirt socket, which fails, despite libvirt being installed correctly.
ubuntu@
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libfreetype6 os-prober
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 19 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up uvtool-libvirt (0~bzr92-0ubuntu2) ...
2015/01/08 13:01:34 socat[10184] E read(3, 0x13b2a30, 8192): Permission denied
libvirtd does not appear to be listening on "/var/run/
On Ubuntu, libvirtd is managed with the "libvirt-bin" upstart job.
Repair libvirtd, then reconfigure uvtool-libvirt with:
sudo apt-get -f install
dpkg: error processing package uvtool-libvirt (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
uvtool-libvirt
E: Sub-process /usr/bin/dpkg returned an error code (1)
ubuntu@
libvirt+ 9556 1 0 09:52 ? 00:00:00 /usr/sbin/dnsmasq --conf-
root 9557 9556 0 09:52 ? 00:00:00 /usr/sbin/dnsmasq --conf-
root 9854 1 0 10:24 ? 00:00:00 /usr/sbin/libvirtd -d
ubuntu 10155 10120 0 12:56 pts/0 00:00:00 grep libvirt
ubuntu@
ubuntu adm dialout cdrom floppy sudo audio dip video plugdev netdev libvirtd
ubuntu@
Id Name State
-------
for a little more context, there are notes here:
https:/
tags: | added: cloud-installer |
Changed in linux (Ubuntu Utopic): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
tags: |
added: verification-done-utopic removed: verification-needed-utopic |
Changed in linux (Ubuntu): | |
status: | Invalid → Fix Committed |
tags: | added: aa-kernel |
uvtool could work around this issue by not using socat to verify that libvirt is running.
apparmor doesn't appear to be reporting any denials, even in complain mode. So i don't know what is actually causing the denial. However, running the container with lxc.aa_profile = unconfined does allow it to succeed, so it does appear to be apparmor causing it.
Once libvirt is installed in the container, you can test by hand by simply doing:
sudo socat UNIX-CONNECT: /var/run/ libvirt/ libvirt- sock -
Until uvtool or apparmor packages are updated, you can edit the postinst file to remove the socat check by hand to work around this, or put the container into unconfined mode.