Ubuntu
libvirt package

virt-aa-helper restricts arm64 QEMU_EFI.fd binary

Bug #1538882 reported by Ali
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
William Grant

Bug Description

Attempting to use libvirt to start a VM on arm64 with the installed path of the qemu-efi package fails

$ /usr/lib/libvirt/virt-aa-helper -c -u libvirt-b9da2c01-cbd0-4ede-a026-f9f35ff5e9ba < template.xml
virt-aa-helper: error: /usr/share/qemu-efi/QEMU_EFI.fd
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition

This is because /usr/share/ is a restricted path in virt-aa-helper.c and an exception isn't made in restricted_rw for /usr/share/qemu-efi like it is for other firmware images like /usr/share/ovmf/

Also, although I haven't directly run into it /etc/apparmor.d/abstractions/libvirt-qemu should probably have entries for aarch64 as well to match the x86 counterparts:
/usr/lib/aarch64-linux-gnu/qemu/block-curl.so rm,
 /usr/lib/aarch64-linux-gnu/qemu/block-rbd.so rm,

William Grant (wgrant)
Changed in libvirt (Ubuntu):
assignee: nobody → William Grant (wgrant)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 1.3.1-1ubuntu10

---------------
libvirt (1.3.1-1ubuntu10) xenial; urgency=medium

  * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
    access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
    (LP: #1538882)

 -- William Grant <email address hidden> Fri, 15 Apr 2016 12:08:21 +1000

Changed in libvirt (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.