qcow base image apparmor rule missing in artful
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Undecided
|
Christian Ehrhardt |
Bug Description
Our automated tests spotted an issue with the last libvirt upload.
In uvtool the setup is using a qcow with a base device:
So the (generated) aa profiles for the guests used to have an entry like:
"/var/
This is the base device referenced "from" the qcow device owned by the guest.
This rule is missing and thereby causing an issue like:
uvt-kvm create --template /root/guesttemp
Warning: using --password from the command line is not secure and should be used for debugging only.
Warning: '/home/
uvt-kvm: error: libvirt: internal error: process exited while connecting to monitor: 2017-07-
Changed in libvirt (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → ChristianEhrhardt (paelzer) |
So an apparmor issue that seems to have started with Artful (working before).
Could be a 3.5 issue as the older errors were different.
Generated rules have: lib/uvtool/ libvirt/ images/ kvmguest- artful- normal. qcow" rw, lib/uvtool/ libvirt/ images/ kvmguest- artful- normal- ds.qcow" rw,
"/var/
"/var/
The offending path is the base file qcow that makes the main disk.
Working on zesty with libvirt 2-5 lib/uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZC5kYWlseT pzZXJ2ZXI6MTcuM TA6cHBjNjRlbCAy MDE3MDcxMw= =" r,
- as expected no such deny message
- in addition has:
"/var/
So the new libvirt no more generates that line.
We had no own change in that area.